Unleashing VASTO – A Virtualization Assesment Toolkit

VASTO is the first of its kind toolkit designed to asses the security of various Virtualization solutions including VMWare and Xen server.  It is implemented as set of modules which can be integrated into Metasploit , the popular penetration testing framework.  This makes it very easy for pen testers to directly integrate VASTO with their existing Metasploit framework and start using it on the fly without any or few changes.  It has been tested with latest Metasploit version 3.4.2 on Ubuntu Linux and it is expected to work on all other platforms supported by Metasploit.

The latest version of VASTO 0.3 which was showcased in the recent BlackHat 2010 promises a great deal on Virtualization front as there are very few tools available for penetration testing of these appliances

Here is the short video demonstration of fingerprinting VMware Server using VASTO’s “vmware_version.rb” module,


In this video it shows how one can directly launch the vmware version fingerprinting module through Metasploit to remotely detect the VMWare server version.   Armed with version of remote VMWare server, attacker can then execute right exploit against the vulnerable VMWare server to bring it down or pwn it completely.  You will find couple of other interesting videos on home page of VASTO which demonstrate the usage of other modules.
Here is the current list of modules available for pen testing as part of VASTO
  • abiquo_guest_stealer.rb => Exploits a path traversal in Abiquo up to version 1.5
  • abiquo_poison.rb => Serves evil VM if a MITM is performed.
  • eucalyptus_bouncer.rb => Turn Eucalyptus systems in proxy servers.
  • eucalyptus_poison.rb =>Serves evil VM if a MITM is performed.
  • vmware_guest_stealer.rb =>Exploits a path traversal in VMware products.
  • vmware_login.rb =>Brute forcing for VMware
  • vmware_session_rider.rb =>Local proxy to ride stolen SOAPID sessions with VI Client
  • vmware_sfcbd_exec.rb =>Command exec (authenticated) on Studio and Data Protection
  • vmware_studio_upload.rb =>Arbitrary file upload on Studio 2.0 beta
  • vmware_updatemanager_traversal.rb  => Jetty path traversal
  • vmware_version.rb => Fingerprints VMware products
  • vmware_vilurker.rb => MITM code execution against VI Client
  • vmware_webaccess_portscan.rb =>Turn VMware WebAccess into a portscanner (or a proxy)
  • vmware_autopwn.rb  => Automatizes exploiting the updatemanager traversal to ride a session
  • xen_login.rb =>Brute forcer for XEN server
Though VASTO currently showcases modules mainly against VMWare (and few against XEN) ,  hopefully in the near future we will be able to see more against other Virtualization appliances too.
With Virtualization taking high off across the computer industry, there is bulging need for scrutinizing  Virtualization security.  In this direction,  tools like VASTO looks more promising.
Similar posts
  • Microsoft MCSE Certification: Your Ne... Microsoft MCSE is the most in-demand certification for all those professionals who work in the Information Technology industry. Most IT companies prefer hiring those workers who carry the Microsoft MCSE certificate. That is why most of the IT job applicants today try to get certified by Microsoft. In the competitive job market, MCSE helps an [...]
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]

Leave a Reply