mailing list archives
Re: [PEN-TEST] VMware
From: "Batten, Gerald" <GBatten () EXOCOM COM>
Date: Tue, 12 Sep 2000 10:47:12 -0400
Interesting, but the dual-homed theory won't work, at least not right now...
When you install the latest version of VMWare, it asks you which NIC you
want it mapped to (which you can't change after the fact, which is extremely
annoying). So, any virtual system you install will be limited to 1 NIC. A
possible exception would be a dial-up connection in addition to the NIC.
At least, this is my experience.
EXOCOM ENABLING TECHNOLOGIES CORP.
*Note: Views expressed in this e-mail are not necessarily those of my
**Note: Views expressed in this e-mail are not necessarily mine either.
From: Greg [mailto:g () HOOBIE NET]
Sent: Monday, September 11, 2000 12:46 PM
To: PEN-TEST () SECURITYFOCUS COM
To continue on the topic of VMware started by Mark Teicher:
VMware works great running Linux under NT (and vice versa no doubt),
allocating 32MB RAM to linux is more than enough to use most
of the Linux
specific testing tools providing you don't want X. I'm sure you could
probably run with less. I haven't yet encountered a Linux
tool that would
not run under VMWare, including all of the raw packet tools
like NMAP etc.
Another consideration is using VMware as an attack tool by creating a
virtual system on a compromised box. Imagine a situation
where an NT system
is compromised on a remote network but no further incursion
can be made into
the network due to a lack of suitable tools (which is
starting to change.)
If VMware is installed onto the compromised system and a
cheeky reboot is
performed, it is possible to load a preconfigured linux VM
disk image onto
the NT system.
The virtual Linux system can be assigned an address on the compromised
network (bridged) and hey presto, root and any tools you want
on a un*x box
in the target network. Taking this a stage further,
compromising a dual
homed NT system and installing a dual homed virtual Linux box
over it makes
for many interesting possibilities.
If VMware could be run as a non-interactive service (and thus
not a desktop
window) then it's use would be harder to detect to a local user. A new
system appearing on a network may raise eyebrows in some
ops departments but generally will go unnoticed. Any reboot
is always a bit
dodgy, if have authoritah and you think it won't affect
(too much) then go but beware, if the system does not come back up...
- Re: [PEN-TEST] VMware Batten, Gerald (Sep 12)