Flag: Tornado!
Hurricane!
|
|
Topic created on: April 26, 2007 10:47 CDT by rman  .
Hi all. Looking for some good resources on scripting VMs to do various things, such as load, run something, then revert back to snapshot and repeat.
Does anyone have any good links to information on that?
Doing all that is reasonably straight forward but does require two separate but coordinated 'processes'.
One operates on the host side and controls the virtual machine, start/stop/restore snapshot, etc. using the vmrun command (as drew mentioned).
The other operates within the guest and is responsible for fetching and/or running the 'something'. A simple way of doing this is to use wget and a suitable script.
If you are planning to use this for some form of automated malware analysis then I recommend you use Java to build your host control and monitoring programs. C++ is vunlerable to buffer overflows even if you are very careful.
|
I've seen Vmware server (free edition) comes along with SDK, which has APIs to start, suspend, stop, revert a snapshot and can run process, copy files from host to guest and vice versa.
The next release is expected to have more APIs (which means more control).
HTH,
neox
|
VMware Workstation 6 comes with the VIX interface, and even adds to this (functions such as KillProcessInGuest(), RunScriptInGuest(), FileExistsInGuest()). New shapshot functions include GetChild(), GetParent(), and some of the older: ListProcessesInGuest(), CreateSnapshot(), GetCurrentSnapshot(), RevertToSnapshot(). You can download the Beta for free from VMware's own site.
The API is in C, but you can download a python wrapper from SourceForge called pyVIX, if you plan on using Python.
I have a hunger for info on this subject as well, so plz feel free to pm me if you have any luck q:]
|
|
These new features do sound very good for 'normal uses' but might reduce host/guest isolation. That would be a potential problem for more sensitive uses such as malware analysis.
|
I knew about VIX and was considering writing a Python wrapper, thanks for pointing out that one already exists called PyVIX!
Here are the relevant portions of a Python servlet I wrote that wraps around the VMRun command:
def vmcommand (self, command):
'''
Execute the specified command, keep trying in the event of a failure.
@type command: String
@param command: VMRun command to execute
'''
while 1:
self.log("executing: %s" % command, 5)
pipe = os.popen(command)
out = pipe.readlines()
pipe.close()
if not out:
break
elif not out[0].lower().startswith("close failed"):
break
self.log("failed executing command '%s' (%s). will try again." % (command, out))
time.sleep(1)
return "".join(out)
###
### VMRUN COMMAND WRAPPERS
###
def delete_snapshot (self, snap_name=None):
if not snap_name:
snap_name = self.snap_name
self.log("deleting snapshot: %s" % snap_name, 2)
return self.vmcommand("%s deleteSnapshot %s \"%s\"" % (self.vmrun, self.vmx, snap_name))
def list (self):
self.log("listing running images", 2)
return self.vmcommand("%s list" % self.vmrun)
def list_snapshots (self):
self.log("listing snapshots", 2)
return self.vmcommand("%s listSnapshots %s" % (self.vmrun, self.vmx))
def reset (self):
self.log("resetting image", 2)
return self.vmcommand("%s reset %s" % (self.vmrun, self.vmx))
def revert_to_snapshot (self, snap_name=None):
if not snap_name:
snap_name = self.snap_name
self.log("reverting to snapshot: %s" % snap_name, 2)
return self.vmcommand("%s revertToSnapshot %s \"%s\"" % (self.vmrun, self.vmx, snap_name))
def snapshot (self, snap_name=None):
if not snap_name:
snap_name = self.snap_name
self.log("taking snapshot: %s" % snap_name, 2)
return self.vmcommand("%s snapshot %s \"%s\"" % (self.vmrun, self.vmx, snap_name))
def start (self):
self.log("starting image", 2)
return self.vmcommand("%s start %s" % (self.vmrun, self.vmx))
def stop (self):
self.log("stopping image", 2)
return self.vmcommand("%s stop %s" % (self.vmrun, self.vmx))
def suspend (self):
self.log("suspending image", 2)
return self.vmcommand("%s suspend %s" % (self.vmrun, self.vmx))
###
### EXTENDED COMMANDS
###
def restart_target (self):
self.log("restarting virtual machine...")
# revert to the specified snapshot and start the image.
self.revert_to_snapshot()
self.start()
# wait for the snapshot to come alive.
self.wait()
def is_target_running (self):
return self.vmx.lower() in self.list().lower()
def wait (self):
self.log("waiting for vmx to come up: %s" % self.vmx)
while 1:
if self.is_target_running():
break
This servlet is part of a fuzzing framework I have been working on called Sulley. It'll be released at some point in the near future possibly at BlackHat and along side a book I co-authored called Fuzzing: Brute Force Vulnerability Discovery.
|
|
I have a Ruby wrapper around the vmrun command in VMWare Workstation 5, very similar to the Python code above. To control the OS inside the VM I used the Meterpreter from Metasploit. I wrote a simple Windows service that loads the Meterpreter DLL from disk and listens on a port. The Ruby code on the host connects to the Meterpreter and uses its functions to list processes, trasnfer files, start new applications, etc.
|
|
why dont you share this code with us ? ;-)
|
Here's the code for my VMrun wrapper in Ruby and the Meterpreter service. They are released under a BSD license:
http://www.determina.com/security.research/utilities/
Enjoy!
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}