On 16 January 2012 16:24, James Shewmaker <[email protected]> wrote: > There is surprisingly not much to write, just some configuration stuff and a > script. I tried a similar project, using an pixiebooting older esxi 3.5 > hypervisor and vmotioning the original host OS to a rogue hypervisor over > wifi in the parking lot ... then driving away. Biggest problem I had was > getting a beacon right (I kept purple-screening with nested hypervisors, as > the esxi guest would boot before trying the vmdk shim to physical drive). > > Both attacks work but some studying needs done to tweak PXE and any needed > TFTP to be as fast as possible. In the real world, konboot less useful here > than doing something like a tinycore, mounting the NTFS, pilfering, then > rebooting to non-PXE. An attacker won't always know which system he's > attacked with PXE (could make it beacon or phone home), but credential or > other pilfering plus covert egress makes more sense, in my opinion.
That is a good alternative, the only problem would be stopping the attack from looping. The attack system would have to know which machines it has already grabbed things off and not server the attack up again to them. > I think a thin OS style PXE attack is very interesting, but so far hasn't > been interesting enough to land a talk at any conference. It has! I was passed this link earlier from John about a talk from Defcon: http://www.scriptjunkie.us/2011/08/network-nightmare/ I've had a quick read through it and it seems to cover what I was thinking of. Shows there are very few new ideas. Robin > Regards, > > James Shewmaker > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
