VMware™ hypervisor fingerprinting by Pedro Silva

Author:Pedro Silva [Silva, Pedro]
Language: eng
Format: epub
Tags: Virtualization
Published: 2017-03-06T08:00:00+00:00

Other hypervisors

VirtualBox support

Hyper-V support

Xen support

Azure support

KDM/QEMU support

Nested Hypervisor detection

Cloud provider detection support

IPv6 support

Add more BIOS signatures for more versions and patch levels

References

[1] VMware™ Backdoor I/O Port - https://sites.google.com/site/chitchatvmback/backdoor

[2] VM Back - VMware™ Command Line Tools (Unofficial tools) - https://sites.google.com/site/chitchatvmback/vmtools

[3] Overview of VMware™ Tools (340) - https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=340

[4] Advanced VMware™ Tools, Pedro Mendes da Silva, 2016, Unpublished

[5] vSphere Guest SDK Documentation - https://www.vmware.com/support/developer/guest-sdk/index.html

[6] vSphere Guest and HA Application Monitoring SDK Documentation - http://pubs.vmware.com/vsphere-60/topic/com.vmware.sdk.doc/GUID-14451BD8-6FF5-4265-AC02-CEC7F5A78A3F.html

[7] “vmware_puppetfact” - https://github.com/wolfspyre/vmware_puppetfact/blob/origin/lib/facter/vmware.rb https://github.com/wolfspyre/vmware_puppetfact

[8] Which vSphere version is my VM running - http://virtwo.blogspot.be/2015/05/which-vsphere-version-is-my-vm-running.html

[9] Which esx version am I running on - http://virtwo.blogspot.pt/2010/10/which-esx-version-am-i-running-on.html

[10] VMware™ Guest SDK Guest Stats 5.6 - http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.guestsdk.pg.doc/guest_sdk_GuestStats.5.6.html?path=7_7_0_2_4_0#1006925

[11] vSphere 6.0 Administration - Virtual Machine Compatibility - https://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.vm_admin.doc/GUID-64D4B1C9-CD5D-4C68-8B50-585F6A87EBA0.html

[12] Virtual machine hardware versions (1003746) - VMware™ products and their virtual hardware version - https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003746

[13] vSphere 6.0 Administration - Hardware Features Available with Virtual Machine Compatibility Settings - https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc%2FGUID-789C3913-1053-4850-A0F0-E29C3D32B6DA.html

[14] Open VM tools backdoor code examples (useful to learn backdoor behavior) - https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/checkvm/checkvm.c + https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/lib/backdoor/backdoor.c

[15] What is the open-vm-tools project? - https://github.com/vmware/open-vm-tools/

[16] vmw - generic backdoor access program https://sites.google.com/site/chitchatvmback/vmtools#vmw https://sites.google.com/site/chitchatvmback/storage/vmw-060510.tar.gz

[17] dmidecode - http://www.nongnu.org/dmidecode/

[18] dmidecode (for Windows) http://gnuwin32.sourceforge.net/packages/dmidecode.htm

[19] CPUID - https://en.wikipedia.org/wiki/CPUID

[20] x86 virtualization - https://en.wikipedia.org/wiki/X86_virtualization

[21] What do the flags in /proc/cpuinfo mean? - http://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpuinfo-mean

[22] VMware™ is telling me: 'This virtual machine might have been moved or copied'. What should I do? - https://www.vulnhub.com/faq/

[23] Changing or keeping a UUID for a moved virtual machine (1541) https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1541

[24] vSockets Programming Guide, VMware, Inc, http://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/ws9_esx60_vmci_sockets.pdf

[25] VMCI Socket Performance,Performance Study, VMware, Inc, http://www.vmware.com/pdf/vsp_4_VMCI_socket_perf.pdf

[26] vsockets tools repository - https://bitbucket.org/tagido/vsockets-tools/downloads

[27] Very simple detection mechanisms can be cheated by closing the backdoor that is used by the VMware-Tools - http://faq.sanbarrow.com/index.php?action=artikel&cat=18&id=58

[28] monitor_control.virtual_rdtsc (VMX configuration option ) - «By default, VMware™ virtualizes RDTSC but "monitor_control.virtual_rdtsc" option allows to disable RDTSC interception to improve time measurement resolution in VM. » https://communities.vmware.com/thread/154838?start=0&tstart=0

[29] monitor_control (VMX configuration option ) - This class of parameters is used to configure theinteraction between host and guest. http://faq.sanbarrow.com/index.php?action=artikel&cat=14&id=59&artlang=en&highlight=mode

[30] Using: monitor_control.restrict_backdoor = "TRUE" - https://communities.vmware.com/message/2318988

[31] Configure virtual machine for nested ESX/ESXi with PowerCLI - http://enterpriseadmins.org/blog/scripting/configure-virtual-machine-for-nested-esxesxi-with-powercli/

[32] vSphere 4 ESX vCenter MAC Addresses generation https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp#com.vmware.vsphere.server_configclassic.doc_41/esx_server_config/advanced_networking/c_mac_addresses_generation.html

[33] vSphere 5.5 ESX Networking - https://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.vsphere.networking.doc/GUID-DC7478FF-DC44-4625-9AD7-38208C56A552.html

[34] NMAP http://nmap.org

[35] NMAP Network Scanning, Gordon “Fyodor” Lyon, http://nmap.org/book/

ISBN: 978-0-9799587-1-7

[36] Extracting SSL thumb print from esxi http://www.virtuallyghetto.com/2012/04/extracting-ssl-thumbprint-from-esxi.html

[37] VMware: Running Nested VMs - https://communities.vmware.com/docs/DOC-8970

[38] Detecting Hardware-assisted Hypervisor Rootkits within nested virtualized environments - http://www.dtic.mil/dtic/tr/fulltext/u2/a563168.pdf

[39] vmhost_report (package, open-source) - https://bitbucket.org/tagido/vsockets-tools/downloads/vmhost_report.0.53.tar.gz

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.