Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Any caveats for linux under VMware, pen testing?
From: grutz () jingojango net
Date: Mon, 6 Sep 2004 13:39:57 -0700

On Fri, Sep 03, 2004 at 05:59:47PM -0000, shannon () areawidetech com brazenly wrote:
I'm considering running Linux from my XP pro laptop under a VMWare (workstation edition) session. Anyone out there w/ 
experience using this setup that might have any tips / warnings / encouraging advice? This machine would be for pen 
testing, and is definitely beefy enough to handle the load, if this is a good solution. I'd be running Nessus, and 
doing probing w/ nmap.

The few times I've run NESSUS from within a VM session I found it took a
little while longer to finish than running from within a native OS. Many
factors could have been party to the slowdown but a co-worker experienced
a similar problem with different hardware (IBM T30 vs Dell C400, both stock
systems running WinXP Pro + latest VMWare at the time). Of course he was
running FreeBSD and I was running Gentoo.

Effectively there was no difference. Run the interface in bridged mode to
bypass whatever funkyness XP will do (ICF returns SYN/ACK on all TCP/21
SYNs...grrr) and have at it. When you get more comfortable with it switch
the OS purposes (Unix base, XP vm image). Unfortunately for pen testing
many of the functions and applications for Windows testing require a full
WinOS running. :(

Even samba-tng can't do everything. . . .

-- 
When little kids ask where rain comes from, I think a cute thing to tell him
is "God is crying." And if he asks why God is crying, another cute things to
tell him is "Probably because of something you did."            - Jack Handy

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]