Metasploit mailing list archives
Metasploit Exploitation of VM Hosts
From: natronicus at gmail.com (natronicus)
Date: Tue, 24 Jul 2007 12:14:11 -0500
Gadi Evron posted a link on fuzzing virtual machines (http://advosys.ca/viewpoints/2007/04/fuzzing-virtual-machines/ ) to the fuzzing mailing list (fuzzing at whitestar.linuxbox.org) a few months ago, as well as some high-level thoughts on exploiting buggy hardware emulation. The paper discussed is titled "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments", and is located here: http://taviso.decsystem.org/virtsec.pdf. Is this an arena metasploit might one day move into? Currently, the metasploit framework does not know how to talk directly to hardware, but do libraries exist in ruby or elsewhere that could be used to inject code into a VM host? Metasploit could of course be used to deliver and execute a package created in C or you-name-the-language, but does anything exist in Ruby that would allow you to port in to metasploit for building exploits similar to the current ones? It's possible that the VM landscape is too unstandardized and complex for something like metasploit to directly tackle, though. I'm envisioning libraries having to be built to talk to every piece of emulated hardware, and possible specific to each VM tech. (Although, given that the VM host is designed to emulate some sort of standard hardware, you would expect the code for talking to that hardware to be fairly close across VMWare Server, QEMU, etc.) Thoughts? n
Current thread:
- Metasploit Exploitation of VM Hosts natronicus (Jul 24)
- Metasploit Exploitation of VM Hosts Rhys Kidd (Jul 25)