Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Any caveats for linux under VMware, pen testing?
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Wed, 8 Sep 2004 07:34:29 -0700

I found an issue or caveat this weekend.  If you leave a Linux VM in
suspend mode for long periods of time, it could cause the pcap process
to become corrupt and therefore anything using pcap will not work.  This
could have been caused by something else that was not apparent such as
patches and upgrades, however the suspension  of the VM (AKA pause of)
was the most prevalent circumstance. 

A simple reboot fixed this issue and nmap 3.5 plus other tools worked
just fine.

I am running SUSE Linux 9.1 (up-to-date) guest OS or VM on a 2.8 GHz P4
LGA775 running Windows XP SP2 (up-to-date) host OS.  No, SP2 was not a
contributing factor since VM nmap worked directly after SP2 RC-1 install
and started to work after the recent Linux VM reboot.

"Unfortunately for pen testing many of the functions and applications
for Windows testing require a full WinOS running. :("  -- yes, I found
that out too.

Greg DeGennaro Jr., CISSP, CCNP
Systems Engineer

-----Original Message-----
From: grutz () jingojango net [mailto:grutz () jingojango net] 
Sent: Monday, September 06, 2004 1:40 PM
To: pen-test () securityfocus com
Subject: Re: Any caveats for linux under VMware, pen testing?

The few times I've run NESSUS from within a VM session I found it took a
little while longer to finish than running from within a native OS. Many
factors could have been party to the slowdown but a co-worker
experienced a similar problem with different hardware (IBM T30 vs Dell
C400, both stock systems running WinXP Pro + latest VMWare at the time).
Of course he was running FreeBSD and I was running Gentoo.

Effectively there was no difference. Run the interface in bridged mode
to bypass whatever funkyness XP will do (ICF returns SYN/ACK on all
SYNs...grrr) and have at it. When you get more comfortable with it
switch the OS purposes (Unix base, XP vm image). Unfortunately for pen
testing many of the functions and applications for Windows testing
require a full WinOS running. :(

Even samba-tng can't do everything. . . .

Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]