DVL 1.5 has now left planning status. Bug Fixing started!
DVL 1.5 has now left planning status. Bug Fixing started!
Some new additions:
- Lazarus IDE
- ArgoUML
- BlueJ
- Firefox Plugins updated
DVL 1.5 has left planning status!
DVL 1.5 has left planning status! Beside that we have to fix several bugs we will release the first DVL Wargame as training material. Additionally the first video series is under development.
Damn Vulnerable Linux Strychnine+605 1.4 final
DVL 1.4 final is ready to go and is uploaded at the moment. We hit the 1.6 GB size, including all necessary to train software development, IT security and Reverse Code Engineering. During the next time the mirrors will be informed. After this we post the links. As well we do a short intro video to show all features and on how to use DVL.
DVL Strychnine+E605 1.4 release in January 2008!
DVL Strychnine+E605 1.4 will have its release in January 2008! Includes many new tools, such as the ERESI reverse engineering framework, the Eclipse IDE for Java and C/C++. With this release we close the tool addition part and move to training material only. Stay tuned!
Damn Vulnerable Linux Strychnine+E605 - version 1.4 under construction
I just have remastered the base of DVL Strychnine+E605 version 1.4. Beside more tool additions I have done some bug fixes as well. The status is now between alpha and beta, I will do now more testing within the next time.
New additions to Damn Vulnerable Linux 1.4
Just a sneak preview on current changes:
[Application Development] Add LogWatch (schneider)
[DVL Core] Add XEN (schneider)
[Reverse Code Engineering] Add Insight GDB Debugger (schneider)
[Tutorials] Add CPU Sim - An Interactive Java-based CPU Simulator (schneider)
[Reverse Code Engineering] Add JAD Java Decompiler (schneider)
[Tools] Add VLC Media Player (schneider)
[Documentation] Add TeTex (schneider)
[Documentation] Add JabRef (schneider)
[Application Development] Add Kile (schneider)
[Documentation] Add kDissert Mindmapper (schneider)
[Peneration Testing] Add JBroFuzz (schneider)
[Application Development] Add WebScarab (schneider)
[Peneration Testing] Add CAL9000 (schneider)
[Reverse Code Engineering] Add KDBG (schneider)
[Application Development] Add xchm (schneider)
[DVL Core] Add gtk libs (schneider)
[Tools] Add xvidcap (schneider)
[Tools] Add AcroRead (schneider)
[Tools] Add Scite (schneider)
DVL included Mplayer Buffer Overflow Vulnerability (CVE-2007-2948 and SAID 24302)
A stack overflow was found and reported by Stefan Cornelius of Secunia Research in the code used to handle cddb queries. Two other similar issues were found by Reimar Döffinger while fixing the issue.
Adding vulnerabilities can be so easy… just sit and wait 
Bug fixing for the next release of Damn Vulnerable Linux
Seems that the next release of Damn Vulnerable Linux will focus on two topics: (1) bug fixing and (2) adding more training material. Unfortunatly community is lazy by contributing tutorials.
At the moment I have encountered some minor bugs (e.g. menu items open a console but console closes immediatly) and some other bugs (SNORT is not running and makes trouble with the standard MySQL installation / .lock files).
More about the bugs during the next time, I will add the defects at the bug tracker.
New Multimedia Section Online at Damn Vulnerable Linux
New Multimedia Section Online at Damn Vulnerable Linux. OK, after some more time of non-blogging here we go with a new advantage of the DVL portal. The multimedia link in the top menu leads you to the new video section which is hopefully easier to handle
Check out the “Cracking 128 Bit WEP-Key in one minute” which has been submitted to DVL, it is excellent 
Hello World to the Boomerang Decompiler
I just have added a new short video at the DVL magazine (Tool usage) on how to use the Boomerang decompiler
This project is an attempt to develop a real decompiler for machine code programs through the open source community. A decompiler takes as input an executable file, and attempts to create a high level, compilable, possibly even maintainable source file that does the same thing. It is therefore the opposite of a compiler, which takes a source file and makes an executable. However, a general decompiler does not attempt to reverse every action of the decompiler, rather it transforms the input program repeatedly until the result is high level source code. It therefore won’t recreate the original source file; probably nothing like it. It does not matter if the executable file has symbols or not, or was compiled from any particular language. (However, declarative languages like ML are not considered.)
The intent is to create a retargetable decompiler (i.e. one that can decompile different types of machine code files with modest effort, e.g. X86-windows, sparc-solaris, etc). It was also intended to be highly modular, so that different parts of the decompiler can be replaced with experimental modules. It was intended to eventually become interactive, a la IDA Pro, because some things (not just variable names and comments, though these are obviously very important) require expert intervention. Whether the interactivity belongs in the decompiler or in a separate tool remains unclear.
Running Damn Vulnerable Linux from USB stick… everything is working! Hell of 4.5 hours on my laptop!
I am currently running DVL from my 2GB USB stick and it works like hell. Yesterday I managed to run even the networking (this post is written from DVL USB). Using the USB stick only I am able to work with DVL 4.5 to 5 hours on my laptop, and I really mean work (OpenOffice, Acroread, Kismet, xvidcap and so on) and not just having the laptop idling around. This is absolutely cool. Normally the batterry is down after 1.5 hours. This is an excellent advantage against standard HD installation or running DVL in a virtual machine. With this DVL is running only in memory, not wasting any energy in the HD - resulting in enormous time to work with it.
As I mentioned I am working on the new release. For this I have added xvidcap (included in next release) - and hell, it is working even with sound. I just managed to produce the first training video with sound. Yes, now we can move to design the training videos - at least an advantage for me since I have to do this during my travels…
btw: If you want to change the resolution just type at the startup console xconf and then startx/flux. I have now 1280×1024 which is maximum on this laptop.
No time to rest… the next Damn Vulnerable Linux release under development…
I thought I could rest some weeks… but I could not resist. The next release of Damn Vulnerable Linux (1.4) is under development. I added some more tools such as KDBG, a CHM viewer for ebooks and Acroread (some pdf files need this), and Latex to provide better support for writing tutorials with a DVL tutorial template (especially students need this). With this I will stop efforts in adding tools. We have all we need. Now we move to the challenges part. Some WarGames will come, so stay tuned Ups, and yes, the training will come now!
QT Vulnerability - Free provided with DVL Strychnine+E605
Trolltech, producers of the Qt library, have released a source code patch for Qt3, which fixes a security vulnerability. Bugs may lead to execution of arbitrary code during processing of crafted strings by applications which use the cross-platform C++ framework. QTextEdit element contain format string vulnerabilities and integer overflows. These can be triggered when an application linked to Qt issues an error message which incorporates text provided by the user. The bugs affect versions of Qt3 up to and including version 3.3.8. Programs using this version of the library include the KDE Desktop. Read More 1 | Read More 2
DVL Strychnine + E605 is final!
DVL Strychnine + E605 is final! I just remastered the ISO and we land at 1050 MB size which fits perfectly on a 2 GB USB stick (and gives us more free space to add additional stuff). I will upload the ISO today and inform the mirrors. Finally after all this installation part I can play myself with it
DVL Strychnine+E605 fast progress
I just added the first package by Harry, some more vulnerable apps and a bunch of new tools such as Fenris. All we need now are around 5-10 more PHP apps and the same ammount of binary vulnerabilities.
Seems that we are faster than I thought. So we might release in September instead of October.
I currently stuck with a ISO size of 880 MB but still good to get installed on a USB stick (sorry for you CD freaks out there). At the moment no chance to reduce the size below 700 MB…
Finally we can start with the promised training videos as soon as possible.
DVL Strychnine + E605 now in size of 850 MB
Finally I have managed to reduce the DVL size from 1 GB to 850 MB. To reach CD format we still need 150 MB. Lets see what we do not need
DVL Strychnine+E605: 350 MB less!
I manage to reduce the DVL Strychnine+E605 by 350 MB. Free Pascal stays but the Lazarus frontend has gone, as well the Free Pascal sources. Result -165 MB. I identified an Oracle directory containing a client for Oracle. Result -100 MB. Some other parts and we have 350 in Live less. I remaster tomorrow to see which size we have now!
DVL E605 under work…
Damn Vulnerable Linux E605 is now under construction. I plan to release it around October since it shall include videos and they will take some more time. The DVL size exploded now to 1 GB - I am not lucky with such size. So we see how to reduce it. maybe we need to kick KDE, who knows. Overall some few more nice tools are installed including WebGoat, Boost, and FreePascal. With this we should be final with all these tools. The /pentest/ folder has a size of 230 MB size and without KDE we might hit 500 MB less in size. But I don’t want to drop the /pentest/ folder 
At least the last poll “Does size matters?” said: NO. Keep the size. So OK, we move to 1,5 to 2 GB DVD size.
Thanks to Vitor for providing the WebGoat plugin which I will release soon (oh, btw: it will NOT run under DVL Strychnine which has JRE and not JDK only! I provide a link to a JDK as well)