PaulDotCom mailing list archives
Re: pixieboot attack
From: James Shewmaker <james () bluenotch com>
Date: Mon, 16 Jan 2012 08:24:49 -0800
There is surprisingly not much to write, just some configuration stuff and a script. I tried a similar project, using an pixiebooting older esxi 3.5 hypervisor and vmotioning the original host OS to a rogue hypervisor over wifi in the parking lot ... then driving away. Biggest problem I had was getting a beacon right (I kept purple-screening with nested hypervisors, as the esxi guest would boot before trying the vmdk shim to physical drive). Both attacks work but some studying needs done to tweak PXE and any needed TFTP to be as fast as possible. In the real world, konboot less useful here than doing something like a tinycore, mounting the NTFS, pilfering, then rebooting to non-PXE. An attacker won't always know which system he's attacked with PXE (could make it beacon or phone home), but credential or other pilfering plus covert egress makes more sense, in my opinion. I think a thin OS style PXE attack is very interesting, but so far hasn't been interesting enough to land a talk at any conference. Regards, James Shewmaker
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack Jim Halfpenny (Jan 16)
- Re: pixieboot attack Mike Patterson (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack James Shewmaker (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack David Auclair (Jan 19)