Contribute with your Plugins!

DVL is designed as a Plugin Framework. This means that you are able to contribute your own plugins to the project. Any tools you want to have added? As source or binary? Or do you have developed new exciting challenges? Or found a vulnerable application which should be added? Extend DVL as you like and share your plugin with the DVL community!

I will publish the “DVL Plugin Guidelines” soon to make plugin development easier for you.

Submit your plugins or applications you like to have added directly to info (att) damnvulnerablelinux.org. We place it into our internal tracker and publish it as fast as we can.

Peace

Subproject “Ten Slides”

Now that DVL Strychnine is available it is time to concentrate of the training material. The subproject “Ten Slides” will publish frequently short eLectures consisting of 10 presentation slides giving background information on a specific topic.

Due our past tests slides will be done with CG speech which is dialect free and better understandable for non-native english speakers / listeners.

We will start with “Ten Slides on ASLR”, next slides depend on interest or ad-hoc decisions. If everything runs fine we will integrate specific community members to produce frequently short lessons.

Stay tuned…

DVL and the ASLR

Address Space Layout Randomization (ASLR) is a method to prevent attacks like shellcode injection. DVL is now based on a 2.6 kernel which has ASLR enabled (since 2.6.20). This means that it is more complicated to train buffer overflows than with DVL 1.0 or 1.1 based on DSL with a Kernel 2.4. This makes it more realistic but not easier for newbies. But I believe that this forces trainees to think more instead of just to transcribe ready made material.

I will prepare an eLecture on the topic of ASLR combined with a real life example as video training as soon as possible.

As I believe DVL (BT 2.0) has PaX integrated but I am not sure about this - I missed to investigate this. So this is my Call for Contribution to the community: help to solve this problem ;)
BTW: If you are interested in how to bypass e.g. the PaX ASLR protection you should have a look at Phrack 59-0×09.

Seeds…

After some minor problems on how to publish a Torrent (never published before), the Torrent starts to get seeded! Some community members help to seed, so thanks to them.

DVL is now my no. 1 project with an amazing rate of visitors.

One week of rest, then first videos will follow on how to play with DVL and its tools.

This is a call to the community: please provide training videos (swf format) to let this community project grow. It is not necessary to provide sound but would be better to have i!

It is your project, so make it to the best!

Damn Vulnerable Linux Strychnine - Success Story during two university lectures!

Damn Vulnerable Linux has been succesfuly used during two university lectures (University of Hannover and University of Applied Sciences and Arts Hannover).

DVL Strychnine final! Available very soon via BitTorrent (following via mirrors)

DVL Strychnine is finally final. The last pre-compilation is running at the moment, then the final compilation of the remaster will follow. Some nasty bugs fixed such as permissions problems of the pre-installed MySQL database containing first vulnerabe web examples. Click on the link below to see the current changelog. This shows you which additions have been added to the “classic” BT 2.0 release to build the base of the new era of Damn Vulnerable Linux. Some more minor unimportant features are left to install, however I believe it is time to go with the release to concentrate finally on the production of the most important: training lessons!

DVL Strychnine will be available via BitTorrent this weekend (never published before using BitTorrent… let’s see if I run into problems…) - Later I place it on the mirrors. File size at the moment 822 MB, sorry for that but let the community decide what to kill!

A short intro video will follow soon, maybe I can make it this weekend.

Read more

step mode on in GDB (by Stingduk)

I stepped halfway through the scanf function until I tried “finish” (which also failed to stop when it was outside the call once and just ended the run after my text was entered.)

use set step mode on

Read more

DVL Strychnine Cheat Codes

DVL Strychnine is based on BT2. These are the cheat codes which you can use to enable specific features in DVL Strychnine:

Useful Commands:

DVL Strychnine Beta (non-public) ready to go…

DVL Strychnine Beta is now finished. The beta will be available for the beta testers (please do not ask for beta testing) and the ISO will be tested and shown during 2 university lectures next week. ISO size now at 800 MB, without removing KDE there is few chance only to reduce the size significant. Let the community decide how to decrease size… I am sure we will release before June 10th!

DVL Strychnine - Timeline

After solving nearly all problems - some few less important tools still have broken dependencies - it is time to set the new release dates:

20.05.2007 - finalization DVL Strychnine Beta (non-public)
27.05.2007 - last bug fixes done
First week of june - DVL Strychnine goes public, mirrors will be setup

what is done this weekend:
documentation will be added and the size will be reduced

with release I will publish a new introductionary video.

what will happen next? The next DVL (E605) will contain some few more tools and tool updates. With E605 we will have our focus - finally - on the training part, which means tutorials and training videos explaining tools and methods. I like a complete ISO but with videos included we might move to DVD size…

Next Page →