Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Any caveats for linux under VMware, pen testing?
From: Marc <reply.to.newsgroup () mozilla org>
Date: Thu, 09 Sep 2004 16:07:21 +0200

Been using this setup for 3 years now without a flaw. I have a XP host
with 768 MB RAM and 2 Vmware setups: 1 with XP *without* SP2 and 1 with
a SuSE 8.0 Linux updated to all current versions of the tools I use
(kernel 2.4.27, nmap 3.70, etc.)... not much of the original SuSE 8.0
but I don't want to install a new version and have to reinstall all my
tools.

Installing SP2 on the Windows host does NOT prevent you from ARP
spoofing in VMware. I tried this in both my VMware machines (XP and Linux).

The one caveat is exactly the one you mention. You cannot do war driving
using this setup. I am still using VMware 3.21 which doesn't support
PCMCIA cards and can't use any wireless device on these setups. However,
since I do very little WiFi pen tests, I have a dedicated Linux disk
that I use for such activities.


--
Marc


shannon () areawidetech com wrote:

I'm considering running Linux from my XP pro laptop under a VMWare (workstation edition) session. Anyone out there w/ 
experience using this setup that might have any tips / warnings / encouraging advice? This machine would be for pen testing, and 
is definitely beefy enough to handle the load, if this is a good solution. I'd be running Nessus, and doing probing w/ nmap.

My other alternative is to repurpose a machine from our lab, but the physical setup and reloading would take far more 
time than the VMWare option, and would obviously be less flexible.

So is anyone out there using this setup...? I heard rumors of problems related to direct hardware access (the NIC) for 
wardiving purposes...?

Thanks!


-Shannon Kelley


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault