Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Pentesting using Vista?
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Sun, 23 Mar 2008 14:46:30 -0700

Vmware is a poor choice for hosting a pen/recon toolset.  I suspect that to be true of anything like QEMU or Virtual 
PC, too.  

Tools like nmap and hping give misleading results and horrible response, when piped through a virtual adaptor. In the 
case of Vmware, there are between 10 and 15 messages passed from the vm to the host and back - just to transmit a 
single packet/datagram.  

The vnetworking stack also works like a transparent layer 2 proxy - altering, normalising and 'optimising' network 
behavior for the expected workloads  I have wasted hours of mapping time this way in the past, and would save you the 
trouble of trying it...

Also, Vista as a host needs to have the firewall and IPsec filtering disabled. 

The OS is also subject to the connetion and pacet rate filtering that was introduced for XP SP2.  There are 
unauthorized binary patches that must be made to TCPIP.SYS, for either OS to function as a testers platform.  Otherwise 
scans crawl to zero, and usefull open SYN traffic waits for timeouts in a limiting queue, before new SYNs are sent. Add 
the message-passing latency of your VM stack, and this is intolerable.

This is one case where the addage "right tool for the right job" applies.  Vmware and Vista may have merits for certain 
applications.  In the pentest environment, these should remain as targets - where they will not impede the 
investigator, nor obscure  meaningful network information from examination.


This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]