Re: Any caveats for linux under VMware, pen testing?

From: Marc (reply.to.newsgroup@mozilla.org)
Date: Thu Sep 09 2004 - 10:07:21 EDT


Been using this setup for 3 years now without a flaw. I have a XP host
with 768 MB RAM and 2 Vmware setups: 1 with XP *without* SP2 and 1 with
a SuSE 8.0 Linux updated to all current versions of the tools I use
(kernel 2.4.27, nmap 3.70, etc.)... not much of the original SuSE 8.0
but I don't want to install a new version and have to reinstall all my
tools.

Installing SP2 on the Windows host does NOT prevent you from ARP
spoofing in VMware. I tried this in both my VMware machines (XP and Linux).

The one caveat is exactly the one you mention. You cannot do war driving
using this setup. I am still using VMware 3.21 which doesn't support
PCMCIA cards and can't use any wireless device on these setups. However,
since I do very little WiFi pen tests, I have a dedicated Linux disk
that I use for such activities.

-- 
Marc
shannon@areawidetech.com wrote:
> 
> I'm considering running Linux from my XP pro laptop under a VMWare (workstation edition) session. Anyone out there w/ experience using this setup that might have any tips / warnings / encouraging advice? This machine would be for pen testing, and is definitely beefy enough to handle the load, if this is a good solution. I'd be running Nessus, and doing probing w/ nmap.
> 
> My other alternative is to repurpose a machine from our lab, but the physical setup and reloading would take far more time than the VMWare option, and would obviously be less flexible.
> 
> So is anyone out there using this setup...? I heard rumors of problems related to direct hardware access (the NIC) for wardiving purposes...?
> 
> Thanks!
> 
> 
> -Shannon Kelley
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:04 EDT