Honeypots mailing list archives
Re: changing mac addresses of clients in vmware
From: Kostya Kortchinsky <kostya.kortchinsky () renater fr>
Date: Sat, 24 Apr 2004 18:41:08 +0200
Hi,There is an easy way to do that by patching the MAC generation routine and MAC verification routine. Here they are :
Version 4.5.0 build-7174 * Linux - adresse MAC (générée) vmware-vmx : génération .text:080B1EAD 66 C7 45 CC 00 00 mov [ebp+var_34], 0.text:080B1EB3 C6 45 C8 00 mov byte ptr [ebp+var_38], 0 .text:080B1EB7 C6 45 C9 0C mov byte ptr [ebp+var_38+1], 0Ch .text:080B1EBB C6 45 CA 29 mov byte ptr [ebp+var_38+2], 29h .text:080B1EBF 89 04 24 mov [esp+58h+var_58], eax
.text:080B1EC2 E8 29 74 FB FF call sub_80692F0 vmware-vmx : vérification.text:080B20C8 loc_80B20C8: ; CODE XREF: sub_80B1F80+112j
.text:080B20C8 80 3B 00 cmp byte ptr [ebx], 0 .text:080B20CB 75 06 jnz short loc_80B20D3.text:080B20CD 80 7B 01 0C cmp byte ptr [ebx+1], 0Ch
.text:080B20D1 74 10 jz short loc_80B20E3 .text:080B20D3.text:080B20D3 loc_80B20D3: ; CODE XREF: sub_80B1F80+14Bj .text:080B20D3 ; sub_80B1F80+167j .text:080B20D3 89 7C 24 04 mov [esp+28h+var_24], edi .text:080B20D7 C7 04 24 40 8F 25+ mov [esp+28h+var_28], offset a@@@Msg_mac_b_0 ; "@&!*@*@(msg.mac.badAddressOUI)%s is not"...
.text:080B20DE E9 0B FF FF FF jmp loc_80B1FEE.text:080B20E3 ; ---------------------------------------------------------------------------
.text:080B20E3.text:080B20E3 loc_80B20E3: ; CODE XREF: sub_80B1F80+151j .text:080B20E3 80 7B 02 29 cmp byte ptr [ebx+2], 29h
.text:080B20E7 75 EA jnz short loc_80B20D3 .text:080B20E9 E9 15 FF FF FF jmp loc_80B2003Changing the 0Ch and 29h to fit one's needs works perfectly, and generated addresses will fall in the good range of MAC addresses. If you use vmware-natd, then you'll have to enable the AllowAnyOUI option.
Only modify the binary if you know what your are doing. Regards, Kostya Kortchinsky CERT RENATER French Honeynet Project Joe Hickory wrote:
hi list, i am trying to set up a virtual honeynet within vmware. can i change the mac address for the clients to other than 00:50:56:XX:XX:XX ? i changed the mac entry inclient.vmx to static and tried an other mac address. i just want to set theaddresses to sth. like 00:60:94:XX:XX:XX which is AMD PCNET PCI. i dont want to get my guests nics fingerprinted as a vmware nic. anyone has a hint for me tia joe
Current thread:
- changing mac addresses of clients in vmware Joe Hickory (Apr 24)
- RE: changing mac addresses of clients in vmware Eric (Apr 24)
- Re: changing mac addresses of clients in vmware Niels Provos (Apr 25)
- Re: changing mac addresses of clients in vmware Jaap van Ginkel (Apr 25)
- Re: changing mac addresses of clients in vmware Joe Hickory (Apr 25)
- Re: changing mac addresses of clients in vmware Niels Provos (Apr 25)
- Re: changing mac addresses of clients in vmware Kostya Kortchinsky (Apr 24)
- RE: changing mac addresses of clients in vmware Eric (Apr 24)