Nytro Posted January 1, 2013 Report Posted January 1, 2013 Esxi Beast Description: ESXI BEASTExploiting VMWARE ESXi Binary Protocols Using CANAPEThis presentation will cover a demonstration of the new version of the Canape protocol analysis tool being released for Ruxcon. During the course of the presentation various attack scenarios against the VMWare ESXi binary protocol will be demonstrated using Canape.The VMWare ESXi protocol is a complex multi-layered protocol which transitions between many protocol states throughout a connection lifetime. The protocol uses multiplexed frames, compression and encryption all over a single TCP connection. The talk will discuss and outline serious weaknesses within the ESXi protocol and how these can be leveraged from within Canape.During the talk, new features of Canape will be demonstrated live to show the audience how the tool can be used from traffic interception and initial protocol dissection through data injection and fuzzing and finally demonstrating full PoC exploitation all within Canape.Presentation outline:What is CanapeExamining the VMWare ESXi protocolDemonstrating ESXi protocol interceptionIntercepting the ESXi encryptionData injection to brute force user credentialsFuzzing ESXi0day demonstrationQuestionsTesting and exploiting binary network protocols can be both complex and time consuming. More often than not, custom software needs to be developed to proxy, parse and manipulate the target traffic.Canape is a network protocol analysis tool which takes the existing paradigm of Web Application testing tools (such as CAT, Burp or Fiddler) and applies that to network protocol testing. Canape provides a user interface that facilitates the capture and replaying of binary network traffic, whilst providing a framework to develop parsers and fuzzers. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Esxi Beast Quote
Cheater Posted January 2, 2013 Report Posted January 2, 2013 Foarte tare, mai ales faza cu injectatul comenzilor in guest os. Quote
