Archive for the GuestStealer Category

GuestStealer Wrapup

Posted in Cloud Computing, GuestStealer, Penetration Testing, ShmooCon, Virtualization Security, VMware, Vulnerability Assessment on March 1, 2010 by Tony Flick

In addition to the previously mentioned Nmap script, GuestStealer has now made its way into a Nessus plugin and a Metasploit module. Nessus Plugin 44646 was released by Tenable a few weeks ago and the Metasploit module was pushed up to the trunk last week.

GuestStealer has been mentioned in several articles and blog posts recently, including DarkReading – Tech Insight: Securing The Virtualized Server Environment and The Hacker News Network. While most have been accurate, several early blogs stated that GuestStealer used a cross site scripting attack to steal the guests. So to clarify and avoid any confusion, GuestStealer exploits the directory traversal vulnerability described in CVE-2009-3733. For further information, check out the presentation slides or presentation video.

Advertisements

GuestStealer 1.1 and PaulDotCom Webcast

Posted in Cloud Computing, Conferences, GuestStealer, ShmooCon, Virtualization Security, VMware, Vulnerability Assessment with tags , , , on February 18, 2010 by Tony Flick

Justin and I will be on the PaulDotCom podcast tonight to discuss the latest developments with GuestStealer and the Smart Grid book. For more information, check out tonight’s episode guide and join the live discussion tonight.

Also, GuestStealer v1.1 is now available for download. This is a bug fix release that improves the error handling and prevention of downloading the same vmdk file twice (when that vmdk self-references itself). Thanks to the efforts by Ron at Skull Security, the new version is available on the tools page.