VASTO is the first of its kind toolkit designed to asses the security of various Virtualization solutions including VMWare and Xen server. It is implemented as set of modules which can be integrated into Metasploit , the popular penetration testing framework. This makes it very easy for pen testers to directly integrate VASTO with their existing Metasploit framework and start using it on the fly without any or few changes. It has been tested with latest Metasploit version 3.4.2 on Ubuntu Linux and it is expected to work on all other platforms supported by Metasploit.
The latest version of VASTO 0.3 which was showcased in the recent BlackHat 2010 promises a great deal on Virtualization front as there are very few tools available for penetration testing of these appliances
Here is the short video demonstration of fingerprinting VMware Server using VASTO’s “vmware_version.rb” module,
- abiquo_guest_stealer.rb => Exploits a path traversal in Abiquo up to version 1.5
- abiquo_poison.rb => Serves evil VM if a MITM is performed.
- eucalyptus_bouncer.rb => Turn Eucalyptus systems in proxy servers.
- eucalyptus_poison.rb =>Serves evil VM if a MITM is performed.
- vmware_guest_stealer.rb =>Exploits a path traversal in VMware products.
- vmware_login.rb =>Brute forcing for VMware
- vmware_session_rider.rb =>Local proxy to ride stolen SOAPID sessions with VI Client
- vmware_sfcbd_exec.rb =>Command exec (authenticated) on Studio and Data Protection
- vmware_studio_upload.rb =>Arbitrary file upload on Studio 2.0 beta
- vmware_updatemanager_traversal.rb => Jetty path traversal
- vmware_version.rb => Fingerprints VMware products
- vmware_vilurker.rb => MITM code execution against VI Client
- vmware_webaccess_portscan.rb =>Turn VMware WebAccess into a portscanner (or a proxy)
- vmware_autopwn.rb => Automatizes exploiting the updatemanager traversal to ride a session
- xen_login.rb =>Brute forcer for XEN server
With Virtualization taking high off across the computer industry, there is bulging need for scrutinizing Virtualization security. In this direction, tools like VASTO looks more promising.