VIRTUAL PC | Anti-Hacker Tool Kit, Third Edition

Virtual PC is quite similar to VMware Workstation. It provides a virtual hardware environment based on an Intel platform. What distinguishes it, though, is its support for the Mac OS X platform. Microsoft recently acquired the software, so Virtual PC is supported on Windows as well as OS X platforms. It is a commercial product, so you'll have to shell out some money to take advantage of its capability. This section highlights the Mac edition.

Configuration

Virtual machines are prepared with the help of a wizard, shown in Figure 3-5. Virtual PC does not support direct disk access. Any guest system you create will be a large file on the order of several gigabytes, depending on the operating system.

Figure 3-5: Virtual PC configuration wizard

Devices are added, removed, and managed via a simple, clear interface common with the Apple applications. Figure 3-6 shows a device list for a Windows 2003 guest system.

Figure 3-6: Virtual PC device management

A virtual machine can be networked as a peer system on the network (Virtual Switch) or by using Network Address Translation (NAT). If you have a Windows-based guest system, then you have the additional options of integrating the Start menu into the OS X dock and sharing folders between the guest and the host. If all you will be doing is setting up virtual machines for testing, then you'll probably just be focusing on the choice of disk space, RAM, and networking options.

Implementation

An operating system is installed in a virtual machine in the identical way you would install it on real hardware. You needn't worry about BIOS settings or devices. Virtual PC handles this for you. Plus, you can add devices to the operating system at a later time. Like VMware, Virtual PC allows you to assign floppy images and CD, DVD, or ISO images to a virtual machine as if it were a physical disk.

Disks are mounted and unmounted by using the appropriate icon on the bottom bar of the virtual machine. For example, Figure 3-7 shows a virtual machine in which OpenBSD 3.7 is to be installed. The floppy disk icon was used to capture the floppy37.fs file that contains the boot image for new OpenBSD installs .

Figure 3-7: Using a floppy image with Virtual PC

From this point on the installation process follows the standard OpenBSD procedure.

Case Study: Creating Practice Targets

If you perform many penetration tests or you administer a network with many different systems, having a suite of virtual machines at your disposal is a valuable asset. Virtual machines provide quick, easy access for testing patches, new software, or configuration changes. It's simple to roll back or undo configuration changes, or just copy an image for modification.

Shown here is a list of guest systems in Virtual PC, three of which are currently running.

Imagine you're conducting a penetration test and you come across a Mandrake 9.2 system that you suspect to be vulnerable to an exploit in your testing tool kit. Rather than blindly trying the exploit, which might have nasty side effects like crashing the system, you could try it out on the virtual machine first. It also enables you to customize the exploit for your target. An OpenSSH exploit designed for a RedHat system will probably work against an SSH daemon running on Mandrake, but you might have to tweak offset values or other properties of the exploit. It's best to do such work in a lab rather than against a live system.

Creating an image of the target also helps you determine what information to retrieve from the system and perhaps even automate the attack. Of course, a fresh installation will not have the same user accounts or the exact number of patches, but it will let you know command paths, location of configuration files, and even likely security measures available by default. Thus, you can verify that a Python or Perl information collection script will execute in the specific target environment.

The same can be said from a Windows perspective. While most penetration tests can be done from a BSD, Linux, or OS X platform, there are occasional needs for a Windows-based client or utility. You could install this utility in a virtual machine and have a complete attack platform at your disposal. Additionally, all of the profiling and testing steps described in the previous paragraph apply to Windows targets as well. Exploits may behave differently between Windows XP with and without Service Pack 2. In the end, the best exploits work against the largest possible set of targets, but you need to develop this some wayvirtual machines help immensely.

Tip	Hold down the Apple key and move the mouse to release its focus from a virtual machine.