Unexpected Results From a backtrack attack on DVL live CD

[angelisonline at gmail.com (Mr Gabriel)]

2008/8/26 Juergen Fiedler <juergen.fiedler at gmail.com>:
> On Tue, Aug 26, 2008 at 11:04 AM, Mr Gabriel <angelisonline at gmail.com> wrote:
> > Dear All,
> [...]
> > I downloaded DVL, under the assumptions that it is intentionally left
> > with vulnerable services for the purpose of teaching lessons on
> > vulnerabilities. I downloaded it, ran in, and then ran the autoown
> > script, assuming that the box would be FUBAR! in seconds, but alas, no
> > such luck. I updated metasploit via SVN, and again, not one single
> > session was opened.
> >
> > I would be most happy, if someone was able to tell me that I am being
> > a complete and utter idiot, and have misunderstood the "how" when it
> > comes to exploiting a box to prove the existence of a vulnerability,
> > or if I completely missed the point, and have now embarrassed myself
> > by saying I failed to exploit a linux distro, that was designed to be
> > exploited :)
>
> If I remember correctly, DVL does not in fact run vulnerable services
> but puts emphasis on local exploits through software flaws. Basically,
> its purpose is to teach people how to spot things like buffer
> overflows in local software. Remote exploits are outside its scope.
>
> Thus sayeth the guy who tried the very same thing, with the very same
> results before taking a closer look at the distro :)
>
> Good luck!
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework

Thank you for this! At least I know I wasn't the only one! Well, it's
good to know that I misunderstood its purpose, but I have an original
windows XP install CD, I think we call that SP0 :) I think I'm spend
the evening rooting the CRAP out of it! Thank you to all who replied
in this thread.