Home page logo

pen-test logo Penetration Testing mailing list archives

From: Greg <g () HOOBIE NET>
Date: Mon, 11 Sep 2000 19:45:55 +0100

To continue on the topic of VMware started by Mark Teicher:

VMware works great running Linux under NT (and vice versa no doubt),
allocating 32MB RAM to linux is more than enough to use most of the Linux
specific testing tools providing you don't want X. I'm sure you could
probably run with less. I haven't yet encountered a Linux tool that would
not run under VMWare, including all of the raw packet tools like NMAP etc.

Another consideration is using VMware as an attack tool by creating a
virtual system on a compromised box. Imagine a situation where an NT system
is compromised on a remote network but no further incursion can be made into
the network due to a lack of suitable tools (which is starting to change.)
If VMware is installed onto the compromised system and a cheeky reboot is
performed, it is possible to load a preconfigured linux VM disk image onto
the NT system.

The virtual Linux system can be assigned an address on the compromised
network (bridged) and hey presto, root and any tools you want on a un*x box
in the target network. Taking this a stage further, compromising a dual
homed NT system and installing a dual homed virtual Linux box over it makes
for many interesting possibilities.

If VMware could be run as a non-interactive service (and thus not a desktop
window) then it's use would be harder to detect to a local user. A new
system appearing on a network may raise eyebrows in some vigilant network
ops departments but generally will go unnoticed. Any reboot is always a bit
dodgy, if have authoritah and you think it won't affect production systems
(too much) then go but beware, if the system does not come back up...



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]