VMware hypervisor fingerprinting Tool ( & Paper)

Just published a new tool vmhost_report.rb (and a paper about it) for VMware hypervisor fingerprinting. The tool is released with an open source license (GPL), you can use it freely.

In the paper, I show you how to determine hypervisor properties (such as hypervisor version or virtual CPU Limits) by running commands in the guest operating system, without any special privileges in the host machine running the hypervisor.

This can be useful for penetration testing, information gathering, determining the best software configuration for virtualization-sensitive and virtualization-aware software.

I have developed a reporting tool vmhost_report.rb that unifies all the presented methods, by running them all in sequence and gathering the information in a useful report that can be run from any guest system. Currently, Linux and Nested ESXi are supported.

You can run it as “ruby vmhost_report.rb“. It will return a lot of useful information in the vmhost_report.log file.

These reports can be used to learn a lot about VMware internals or a particular guest system or network. You can find report examples in the Paper’s “Annex A”.

Some of the described methods can be used even if the VMware Tools are disabled or not installed, or if some of the methods are disabled by host configuration. Some of the methods require “root” privileges, while others do not need it.

Downloads

Screenshots

 

Advertisements

“vsockets-tools” for VMware hypervisors

I have developed a new open source project: “vsockets-tools”

You may check it out at:

Source repository + pre-compiled binaries:

Paper:

Abstract:
VMware guest machines are able to communicate with their host using a special kind of sockets called “vsockets”. These sockets can be used even if the typical TCP/IP network protocols are not available at the guest. Since “vsockets” don’t use the TCP/IP protocol stack, they are not “visible” to common network testing and penetration testing tools.In this paper we present a set of tools designed to provide a bridge between TCP/IP tools and the “vsockets”. These tools can also be useful for learning “vsockets” behavior and concepts.

Paper Preview:

Screen Shot 06-29-16 at 12.00 PM.PNG