PDA

View Full Version : Damn Vulnerable Linux


Neitsa
December 20th, 2006, 18:30
Hello

I just wanted to introduce a new distribution:

Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti-Security and Attack & Defense. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and Se - Secure Software Engineering in cooperation with the FRET [French Reverse Engineering Team].
Visit their websites at http://www.iitac.org, http://www.Secure-Software-Engineering.com , and http://www.binary-reverser.org/ .

Main authors are Univ.-Doz. Dr. Thorsten Schneider [IITAC, Se] and Kryshaam [French Reverse Engineering Team].

For more information about the project, the DVL website is located at this address:

http://damnvulnerablelinux.org/

You can get the brochure here :

http://www.damnvulnerablelinux.org/downloads/dvl_brochure.pdf

See also the video tutorials on the website.

You can download the ISO here (150 MB) :

http://damnvulnerablelinux.org/downloads/damnvulnerablelinux_1.0.iso

If you have any question, feel free to ask it here or just drop a mail to Kryshaam : kryshaam[at]resrever[dot]net

Thank you very much

Vrane
December 21st, 2006, 06:10
video tutorials

http://damnvulnerablelinux.org/index.php?option=com_content&task=view&id=23&Itemid=38

http://damnvulnerablelinux.org/index.php?option=com_content&task=view&id=22&Itemid=37

ZaiRoN
December 21st, 2006, 13:51
There are some DVL crackmes available at crackmes.de:

http://www.crackmes.de/users/zero/cesd_dvl_assessment_1/
http://www.crackmes.de/users/zero/cesd_dvl_assessment_2/
http://www.crackmes.de/users/zero/cesd_dvl_assessment_3/
http://www.crackmes.de/users/zero/cesd_dvl_assessment_4/
http://www.crackmes.de/users/zero/cesd_dvl_assessment_5/

Good luck!

Zero
March 16th, 2007, 05:39
The next release is under progess (Black Hat Edition). The we focus on the tutorials and videos

0xf001
March 29th, 2007, 10:36
hi zero,

interesting thing this dvl

just for my _personal_ use i'd like to have a bit a different version (if i could wish something), i am more interested in recent kernel+modules (laptopsssss), full development pallete, more RE tools, debuggers etc ...
which somehow would land at the idea i had long time ago
but that would then somehow not be a DVL, in its initial sense of course

i respect the efforts you do on training factor

i would like to see the "black hat" edition ! is this probably more "work" focussed?
for learning a vm is just perfect, but then for real work i personally would love to be able to start a cd on laptops, too which usually ends at discovering sata discs (since years same problem with most live cds).

anyways i want to test it a bit more and could send u a list of "stuff" you could include ...

btw did anyone yet get linice to run in vmware? (!!) proxy's debugger screams like a candidate, too ...

regards, 0xf001

owl
March 30th, 2007, 09:45
Quote:
[Originally Posted by Zero;64452]The next release is under progess (Black Hat Edition). The we focus on the tutorials and videos


Is this edition expected to be use in any of the classes for Black Hat this year? If not, why it will be the black Hat edition, what will be special about it?

Zero
March 31st, 2007, 04:14
Quote:
Is this edition expected to be use in any of the classes for Black Hat this year? If not, why it will be the black Hat edition, what will be special about it?

"Black Hat" Edition has nothing to do with the Black Hat Conference (Black Hat is a general term, not only in relation with the damn good conference ).
The Black Hat Edition is a special edition without any sources, only the necessary tools and the challenges. Take it as a "Let me see how good I am"-Edition. Another edition will contain the sources for those people who need the sources, documentation and tutorials during their training. This one is meant for the "newbies" in the community.

Quote:
ust for my _personal_ use i'd like to have a bit a different version (if i could wish something), i am more interested in recent kernel+modules (laptopsssss), full development pallete, more RE tools, debuggers etc ...

Yes, we will add more and more to the DVL ISO. But for this we need to think about the different distros. DVL should be as small as possible, but we might publish a full scaled release included tons of tools... which means we will land at a typical 650MB sized distro. Which RE tools are missing? With the next release we will add some more including Metasploit. Give us some time to evolve this distro. We first want to focus now on the tutorials.

Quote:
i would like to see the "black hat" edition ! is this probably more "work" focussed?

cough...

Quote:
anyways i want to test it a bit more and could send u a list of "stuff" you could include ...

Sure! Best would be to send the "stuff" as well!

Quote:
did anyone yet get linice to run in vmware?

I know some people who stated that they got it running, but there is no proof of it.

0xf001
March 31st, 2007, 10:38
thanks Zero to clear up, its very appreciated!

of course, I will do send you the stuff. a good list is found at my page which resurrected

ptth://www.woodmann.com/0xf001

from which i want to point out:

- linice (if that would work, i know its quite a challenge. i also didnt hear more than rumors. i try to work on it, first on knoppix)
- fenris (old but excellent. maybe difficult to include, too)
- biev
- khexedit (ok, no kde - no khexedit ) || hexedit
- irc client

optinal, strange ideas
- a copy of the filez folder of my page: documentations
- a copy of the phrack magazines
- why no solutions to the crackmes?

i am glad to see lida on there i admit its interesting to work with it, but its too limited and i did not reach my goals that time. i feel need to mention it, as when it possibly gets so much attention as side effect to your distro. i am working again on a serius replacement.

i looked more into dvl. my opinion is, you could do improvements on "integragtion". what i mean are for example the context menus. to click "rmb" on desktop offers your dvl menu. that is quite empty

i want to say what i like too: i find it very good, that a RE/hacking dedicated distro is appearing. and i like that there are crackmes included, and you try to set standards. of course they will not please everyone in the first place, but one should try to do something better, i know the efforts of creating a distro, and keeping it up to date.

i will for sure contribute. i want to try to write a crackme. i did not check them for a long time, i found them usually too easy. i try to protect in the way i see it in commercial products. also i will send u a DSL package of review soon.

, 0xf001

Zero
April 2nd, 2007, 13:18
fenris and the_dude will come (btw: the_dude link is dead, does anybody has a copy of it?)
And yes, a documentation package is under construction
The new release should come soon, I am currently collecting docs and more...

0xf001
April 3rd, 2007, 03:42
hi Zero,

the dude links:

http://sourceforge.net/projects/the-dude
http://the-dude.sourceforge.net/

you have to get it via CVS. you can browse it via
http://the-dude.cvs.sourceforge.net/the-dude/

or better use CVS pserver to download it.

Code:
CVS_RSH=ssh
export CVS_RSH
mkdir the_dude
cd the_dude
cvs -dusername@cvs.the-dude.sourceforge.net:/cvsroot/the-dude co .


you need a sourceforge user account to do this. If you want i can send you the files, too.

I am not too sure how usable the_dude really is. For a 2.4 kernel it should be not too hard to get it running.

regards,

0xf001

Zero
April 3rd, 2007, 11:50
yes, please mail me the_dude. We will see how good it is

0xf001
April 4th, 2007, 10:42
heya,

i just figured - u can d/l the_dude anonymously, too:

Code:
cvs -dserver:anonymous@the-dude.cvs.sourceforge.net:/cvsroot/the-dude login

password: none, just press <enter>

cvs -z3 -dserver:anonymous@the-dude.cvs.sourceforge.net:/cvsroot/the-dude co -P .


i have placed a current snapshot at:

http://www.woodmann.com/0xf001/filez/the_dude.tgz


cheers, 0xf001