Re: Any caveats for linux under VMware, pen testing?

From: Troy Frost (gearsmithy@gmail.com)
Date: Thu Sep 09 2004 - 10:18:31 EDT

• Next message: Jeremy Junginger: "RE: Hacme Bank"
• Previous message: Steffen Kluge: "RE: Patch management tool"
• In reply to: Bob Davies: "RE: Any caveats for linux under VMware, pen testing?"
• Next in thread: Todd Towles: "RE: Any caveats for linux under VMware, pen testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I struggled with the same question for a long time. I've tried
everything from WindowsXP host with LinuxVM (and vice versa) to
maintaining my own remastered version of knoppix. Finally I just
caved in and got a second laptop. My pen-testing has become MUCH
easier with the dedicated Windows and Linux laptops. If you can afford
it I HIGHLY recommend getting a second laptop (or just make friends
with your procurement department).

Troy

On Wed, 8 Sep 2004 15:45:43 -0400, Bob Davies <bdavies@cinnabar.ca> wrote:
> As was stated before, there definitely are issues related to running
> wireless under VMWare. Basically, what it does is remap the interface to
> a generic ethernet card, so you can bridge through a wireless network,
> but you don't get any of the wireless functions in linux. Something to
> consider is to run it the other way around. To install VMWare for Linux
> onto a linux install, and run XP in the VM. Then you get the best of
> both worlds :)
>
> Also, I read some people recommending Knoppix. I also suggest Auditor
> from Moser Informatics (http://www.moser-informatik.ch/) it is the best
> security auditing bootable CD I've seen thus far.
> Hope that helps
> Bob
>
>
> -----Original Message-----
> From: shannon@areawidetech.com [mailto:shannon@areawidetech.com]
> Sent: Friday, September 03, 2004 7:46 PM
> To: pen-test@securityfocus.com
> Subject: Any caveats for linux under VMware, pen testing?
>
> I'm considering running Linux from my XP pro laptop under a VMWare
> (workstation edition) session. Anyone out there w/ experience using this
> setup that might have any tips / warnings / encouraging advice? This
> machine would be for pen testing, and is definitely beefy enough to
> handle the load, if this is a good solution. I'd be running Nessus, and
> doing probing w/ nmap.
>
> My other alternative is to repurpose a machine from our lab, but the
> physical setup and reloading would take far more time than the VMWare
> option, and would obviously be less flexible.
>
> So is anyone out there using this setup...? I heard rumors of problems
> related to direct hardware access (the NIC) for wardiving purposes...?
>
> Thanks!
>
> -Shannon Kelley
>
> ------------------------------------------------------------------------
> ------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Check out our Advanced
> Hacking course, learn to write exploits and attack security
> infrastructure. Attend a course taught by an expert instructor with
> years of in-the-field pen testing experience in our state of the art
> hacking lab. Master the skills of an Ethical Hacker to better assess the
> security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> -------
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Jeremy Junginger: "RE: Hacme Bank"
• Previous message: Steffen Kluge: "RE: Patch management tool"
• In reply to: Bob Davies: "RE: Any caveats for linux under VMware, pen testing?"
• Next in thread: Todd Towles: "RE: Any caveats for linux under VMware, pen testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:04 EDT