Unexpected Results From a backtrack attack on DVL live CD

[angelisonline at gmail.com (Mr Gabriel)]

Dear All,

Just like to have your thoughts on this one. I'm fairly new(ish) to
the security auditing scene. I understand a lot of the theory, the
why, and possible to some degree the methodology - Find a vulnerable
service, send it some dodgy data in the hopes of causing a buffer
overflow, so that code you wish to be executed on the host, is
executed, and a connection back to yourself is the "best" course of
action to take, as it allows you to leverage that initial exploit - My
lacking of understanding, has been in the "how" to do this.

I downloaded DVL, under the assumptions that it is intentionally left
with vulnerable services for the purpose of teaching lessons on
vulnerabilities. I downloaded it, ran in, and then ran the autoown
script, assuming that the box would be FUBAR! in seconds, but alas, no
such luck. I updated metasploit via SVN, and again, not one single
session was opened.

I would be most happy, if someone was able to tell me that I am being
a complete and utter idiot, and have misunderstood the "how" when it
comes to exploiting a box to prove the existence of a vulnerability,
or if I completely missed the point, and have now embarrassed myself
by saying I failed to exploit a linux distro, that was designed to be
exploited :)