Droping a VM during pentesting

[dninja at gmail.com (Robin Wood)]

2009/3/10 Jim Halfpenny <jim.halfpenny at gmail.com>:
> Hi all,
> I've spent a few cycles thinking about the idea from a previous of
> installing a virtual machine as a drop-box and I just wanted to dump my
> ideas and get some feedback. It has some distinct? The idea is to install
> virtualisation software and a virtual machine on a target system for example
> by gaining physical access or by abusing autorun on a removable medium.
> Being a VM may shield it from anti-malware scanners so nefarious tools can
> be loaded an run on the target without detection.
>
> One possible stack to use would be Qemu and a damn small Linux derivative.
> It would be self contained and easy to install and remove and not require
> any changes to the networking on the host system. Once installed I would
> envision that the VM would perform reconnaissance against the target network
> and deliver the data over a covert channel.
>
> What do you think? Ideas and suggestions most welcome.
I love it and wish I had time to build it.

I've just done some googling on qemu on windows and found this from
the olpc group on how to get it working:

http://wiki.laptop.org/go/Using_QEMU_on_Windows_XP

Having not used qemu it may be really easy and I'm just pointing out
something obvious!

Something I did notice was this comment:
"It is a 190MB download that will then use about 1.5G of your disk
after it is unzipped and installed."
If this is right then copying 1.5G off the thumbdrive onto a pc may
draw attention on older machines with limited disk space but probably
not on newer ones.

Robin