Re: Any caveats for linux under VMware, pen testing?

From: Marc (reply.to.newsgroup_at_mozilla.org)
Date: 09/09/04

  • Next message: Omar Herrera: "RE: Help understanding a trace of an nmap scan"
    Date: Thu, 09 Sep 2004 16:07:21 +0200
    To: shannon@areawidetech.com, pen-test@securityfocus.com
    
    

    Been using this setup for 3 years now without a flaw. I have a XP host
    with 768 MB RAM and 2 Vmware setups: 1 with XP *without* SP2 and 1 with
    a SuSE 8.0 Linux updated to all current versions of the tools I use
    (kernel 2.4.27, nmap 3.70, etc.)... not much of the original SuSE 8.0
    but I don't want to install a new version and have to reinstall all my
    tools.

    Installing SP2 on the Windows host does NOT prevent you from ARP
    spoofing in VMware. I tried this in both my VMware machines (XP and Linux).

    The one caveat is exactly the one you mention. You cannot do war driving
    using this setup. I am still using VMware 3.21 which doesn't support
    PCMCIA cards and can't use any wireless device on these setups. However,
    since I do very little WiFi pen tests, I have a dedicated Linux disk
    that I use for such activities.

    -- 
    Marc
    shannon@areawidetech.com wrote:
    > 
    > I'm considering running Linux from my XP pro laptop under a VMWare (workstation edition) session. Anyone out there w/ experience using this setup that might have any tips / warnings / encouraging advice? This machine would be for pen testing, and is definitely beefy enough to handle the load, if this is a good solution. I'd be running Nessus, and doing probing w/ nmap.
    > 
    > My other alternative is to repurpose a machine from our lab, but the physical setup and reloading would take far more time than the VMWare option, and would obviously be less flexible.
    > 
    > So is anyone out there using this setup...? I heard rumors of problems related to direct hardware access (the NIC) for wardiving purposes...?
    > 
    > Thanks!
    > 
    > 
    > -Shannon Kelley
    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------
    

  • Next message: Omar Herrera: "RE: Help understanding a trace of an nmap scan"