PaulDotCom mailing list archives
Droping a VM during pentesting
From: dninja at gmail.com (Robin Wood)
Date: Tue, 10 Mar 2009 15:17:19 +0000
2009/3/10 Jim Halfpenny <jim.halfpenny at gmail.com>:
Hi all, I've spent a few cycles thinking about the idea from a previous of installing a virtual machine as a drop-box and I just wanted to dump my ideas and get some feedback. It has some distinct? The idea is to install virtualisation software and a virtual machine on a target system for example by gaining physical access or by abusing autorun on a removable medium. Being a VM may shield it from anti-malware scanners so nefarious tools can be loaded an run on the target without detection. One possible stack to use would be Qemu and a damn small Linux derivative. It would be self contained and easy to install and remove and not require any changes to the networking on the host system. Once installed I would envision that the VM would perform reconnaissance against the target network and deliver the data over a covert channel. What do you think? Ideas and suggestions most welcome.
I love it and wish I had time to build it. I've just done some googling on qemu on windows and found this from the olpc group on how to get it working: http://wiki.laptop.org/go/Using_QEMU_on_Windows_XP Having not used qemu it may be really easy and I'm just pointing out something obvious! Something I did notice was this comment: "It is a 190MB download that will then use about 1.5G of your disk after it is unzipped and installed." If this is right then copying 1.5G off the thumbdrive onto a pc may draw attention on older machines with limited disk space but probably not on newer ones. Robin
Current thread:
- Droping a VM during pentesting Jim Halfpenny (Mar 10)
- Droping a VM during pentesting Robin Wood (Mar 10)
- Droping a VM during pentesting Jim Halfpenny (Mar 10)
- Droping a VM during pentesting John Sawyer (Mar 10)
- Droping a VM during pentesting johnemiller at gmail.com (Mar 10)
- Droping a VM during pentesting Jim Halfpenny (Mar 10)
- Droping a VM during pentesting johnemiller at gmail.com (Mar 10)
- Droping a VM during pentesting Robin Wood (Mar 10)