There's a whole ecosystem around virtualization
All of them can be hacked!
SN-2009-02 - ToutVirtual VirtualIQ Pro
The attack surface is quite large
Integration & Plugins
MITM Against Clients?
With or without null byte
Requested every time VI client connects to a host
What if we change that XML?
Post-exploitation on the host
Just woke up?
Here's what's going on
VI Client looks for clients.xml
We do some MiTM
We use Burp because it rocks and it's easy
Change the clients.xml
in the castle
One pre-auth request to the HTTP interface will
result in Astaro doing a DNS query
We won't get the results, but it's a nice one-way
covert channel for any blind attack (tnx ikki)
What's most important, no IDS in the network will
detect any anomaly. It's all in-memory