Security experts and fanboys can argue as long as they want upon the question of the most vulnerable (or secure) operating system in the world. But here, we have a clear winner. Damn Vulnerable Linux (DVL) is a Linux distribution that is riddled with security holes. It is everything a good Linux distribution isn't, the developers explain. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. That’s because DVL isn't built to run on your desktop - it's a learning tool for security students.
DVL’s creator Dr. Thorsten Schneider writes:
The main idea behind DVL was to build up a training system that I could use for my university lectures. My goal was to design a Linux system that was as vulnerable as possible, to teach topics such as reverse code engineering, buffer overflows, shellcode development, Web exploitation, and SQL injection.
Damn Vulnerable Linux is available as 1.8GB live CD. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.
Additionally tons of training material and exercises are included. Damn Vulnerable Linux works fine under Windows, Linux and Mac OSX using any virtual machine such as VMware, Qemu or KVM. You can let it run installed natively on a standard PC or even boot it from USB.