There is surprisingly not much to write, just some configuration stuff and a script. I tried a similar project, using an pixiebooting older esxi 3.5 hypervisor and vmotioning the original host OS to a rogue hypervisor over wifi in the parking lot ... then driving away. Biggest problem I had was getting a beacon right (I kept purple-screening with nested hypervisors, as the esxi guest would boot before trying the vmdk shim to physical drive).
Both attacks work but some studying needs done to tweak PXE and any needed TFTP to be as fast as possible. In the real world, konboot less useful here than doing something like a tinycore, mounting the NTFS, pilfering, then rebooting to non-PXE. An attacker won't always know which system he's attacked with PXE (could make it beacon or phone home), but credential or other pilfering plus covert egress makes more sense, in my opinion. I think a thin OS style PXE attack is very interesting, but so far hasn't been interesting enough to land a talk at any conference. Regards, James Shewmaker
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
