Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop - it's a learning tool for security students.

The main idea behind DVL was to build up a training system that I could use for my university lectures. My goal was to design a Linux system that was as vulnerable as possible, to teach topics such as reverse code engineering, buffer overflows, shellcode development, Web exploitation, and SQL injection.

DVL is a live CD available as a 1,8 GB ISO. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.

DVL is made by people with significant black hat backgrounds, incorporating the community of www.Reverse-Engineering.net and Crackmes.de. It contains a huge amount of lessons, including lesson descriptions and solutions if the level has been solved by a community member at Crackmes.de.