Breaking into a Virtual Machine
Say you're running your business on a rented virtual private server. How secure is your setup? I wouldn't expect it to be more secure than the system your server runs on, and a simple experiment confirmed it.
I performed the experiment on a Linux system running VMware server software (the host). Inside a virtual machine I installed FreeBSD 6.2 (the client). I assumed an adversary had obtained full control of the host, and was attempting to gain access to the client. This could happen through a security hole on the host, or a malicious system administrator. In my case I had created the virtual machine, and therefore had full control over it and full access to its files. Here is how I used my access privileges on the host to gain access to the client as user jsmith.
- Locate the virtual disk file holding the
master.passwdfile.host$ cd /space/vm/client host$ grep :/home/jsmith:/usr/local/bin/bash * Binary file freeBSD.vmss matches Binary file istlab-s001.vmdk matches Binary file istlab-s002.vmdk matches
- Edit the file, emptying the password field of jsmith.
In order to keep the file exactly the same size, I space-filled the adjoining
user-id field.
Thus, I changed the record from
jsmith:0tOcWfiX8z7Qc:1042:20007::0:0:John Smith:/home/jsmith:/usr/local/bin/bash
intojsmith:: 1042:20007::0:0:John Smith:/home/jsmith:/usr/local/bin/bash
- Restart the client to flush its cache.
