Re: Any caveats for linux under VMware, pen testing?

From: Hans Porter (infosecprofessional@gmail.com)
Date: Sat Sep 04 2004 - 05:48:47 EDT


Shannon,

   VMWare, (AFAIK) currently does not support Wireless networking, so
I don't even think it is possible to bridge to a wireless NIC that
exists in the host OS, much less have all the wifi utilities work
under the guest OS. The bridging may be possible, but even so, the
guest OS will still see the NIC as the AMD PCNet32 wired NIC, so no
love for kismet, airsnort, and the like. I have used VMWare for using
Nessus during pentests and have found that it works fine. I use the
Windows client (Nessus-WX) and connect back to the VMWare machine and
it works fine. I don't know if you have installed SP2 to your XP
laptop, but since they disable support for "raw sockets", I am curious
if this affects raw packet support in bridging mode under VMWare? If
so, this could affect some of the packets sent from Nessus and Nmap.
Another alternative is to take a lab machine and boot from one of the
Knoppix distros and use that. My personal favorite is Knoppix-STD
(0.1 - not 0.1b) and running Nessus from there is fine after you make
a user and so forth - just keep in mind, you do not want to start
Nessus via the Fluxbox menu, as it restricts client connections to
127.0.0.1. I just run the normal stuff from the CLI (nessus-mkcert,
nessus-adduser, nessusd -D) and then run my nessus client from Windows
and connect. Going the bootable CD route would definitely cut down on
prep time for switching over a lab machine. Just my thoughts. Good
luck.

   --- Hans

On 3 Sep 2004 17:59:47 -0000, shannon@areawidetech.com
<shannon@areawidetech.com> wrote:
>
>
> I'm considering running Linux from my XP pro laptop under a VMWare (workstation edition) session. Anyone out there w/ experience using this setup that might have any tips / warnings / encouraging advice? This machine would be for pen testing, and is definitely beefy enough to handle the load, if this is a good solution. I'd be running Nessus, and doing probing w/ nmap.
>
> My other alternative is to repurpose a machine from our lab, but the physical setup and reloading would take far more time than the VMWare option, and would obviously be less flexible.
>
> So is anyone out there using this setup...? I heard rumors of problems related to direct hardware access (the NIC) for wardiving purposes...?
>
> Thanks!
>
> -Shannon Kelley
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:03 EDT