Nat Probe


This little, but very usefull program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (“company’s”) network ( or others), for example hosts that allow p2p connections.

When we use a Gateway, we send the packets with IP dest of the target, but the dest mac on the Ethernet is the mac at the Gateway. If we send a packet to the different macs in the LAN, we can know who is the gateway when we receive an response from this mac.
Some times we can discover more than one box configured to be an gateway, generally, this is an wrong configuration, and the box will response with an ICMP-Redirect. This is the same, because the script only verify if the mac response.


HITB Malaysia 2009 and sandboxing

No time for details at the moment, but I'm just back from HITB Malaysia and a great time was had by all! The hospitality and warmth of the organizing crew surpassed anything I've ever encountered before.

I presented with my colleague Julien Tinnes. See awesome blog:

We presented on various intriguing aspects of sandboxing on Linux, covering vsftpd and Chromium as test cases. Our slides are located here:

Security in Depth for Linux Software

As per other presentations, I'll leave it at that for now and follow up with a mini series of posts for the more interesting points. I think vsftpd is well covered by previous posts, but Chromium on Linux is awesome and its built-in sandboxing deserves a few notes.

ESXi 3.5 and SSH


ESXi 3.5 does ship with the ability to run SSH, but this is disabled by default (and is not supported). If you just need to access the console of ESXi, then you only need to perform steps 1 – 3.

  1. At the console of the ESXi host, press ALT-F1 to access the console window.
  2. Enter unsupported in the console and then press Enter. You will not see the text you type in.
  3. If you typed in unsupported correctly, you will see the Tech Support Mode warning and a password prompt. Enter the password for the root login.
  4. You should then see the prompt of ~ #. Edit the file inetd.conf (enter the command vi /etc/inetd.conf).
  5. Find the line that begins with #ssh and remove the #. Then save the file. If you’re new to using vi, then move the cursor down to #ssh line and then press the Insert key. Move the cursor over one space and then hit backspace to delete the #. Then press ESC and type in :wq to save the file and exit vi. If you make a mistake, you can press the ESC key and then type it :q! to quit vi without saving the file.
  6. Once you’ve closed the vi editor, run the command /sbin/ restart to restart the management services. You’ll now be able to connect to the ESXi host with a SSH client.

Update for ESXi 3.5 Update 2 – With Update 2 the command no longer restarts the inetd process which enables SSH access. You can either restart your host or run ps | grep inetd to determine the process ID for the inetd process. The output of the command will be something like 1299 1299 busybox      inetd, and the process ID is 1299. Then run kill -HUP <process_id> (kill -HUP 1299 in this example) and you’ll then be able to access the host via SSH.

Using vimsh


List information about a VM
vimsh -n -e “vmsvc/getallvms”

See a summary of the current host configuration
vimsh -n -e “hostsvc/hostsummary”

Enter maintence mode
vimsh -n -e /hostsvc/maintenance_mode_enter

Exit maintence mode
vimsh -n -e /hostsvc/maintenance_mode_exit