CiscoInTheSkyWithDiamonds

More documents

Recommendations

Info

VEMs register themselves with the VSM based on an ESXi host specific ID Uses the “Hardware UUID” Bad choice: VMware assigns this ID and apparently it’s not considered a secret linux# slptool findattrs service:VMwareInfrastructure://esxi5.foo.tld (product="VMware ESXi 5.0.0 build-702118"),(hardwareUuid="F49979D6-C5B3- C161-FC96-001999853110") Sending heartbeat messages with this UUID assigns the VEM to the attacker
Page 1: Observed by Greg & FX
Page 4 and 5: 1967: First systems with IBM CP-67
Page 6 and 7: 10 GigE Virtual Switch
Page 9 and 10: Cisco Nexus Operating System (NX-OS
Page 11 and 12: This being a VMware VM, we can boot
Page 13 and 14: The N1kV requires license files to
Page 15 and 16: Let‘s see what that function does
Page 17 and 18: Exploitation is a bit tricky though
Page 19 and 20: The jailbreak script adds a user to
Page 21 and 22: Why talk about licensing? CSCud0142
Page 23 and 24: 6 bytes (12 hex chars) “signature
Page 25 and 26: We could now exercise our 1337 reve
Page 28 and 29: CDP is everywhere in Cisco land VM
Page 30 and 31: The VSM stores a set of “opaque d
Page 32 and 33: Offset Size Meaning 0x0 8 Bit Proto
Page 36 and 37: The L3 form of VSM/VEM communicatio
Page 38 and 39: Being able to receive (decrypt) and
Page 41 and 42: Firmware 1.21.0 Linux / MDS based
Page 43: Cisco Prime LAN Management Solution

CiscoInTheSkyWithDiamonds

Create successful ePaper yourself

Delete template?

Save as template?