22 October 2012: Alex Chapman, a Senior Security Consultant at Context Information Security, demonstrated weaknesses in the VMware ESXi binary protocol at Ruxcon, Australia’s leading computer security conference in Melbourne that took place on 20/21 October. By using the latest version of Canape, Context’s powerful protocol analysis tool, Chapman presented various live attack scenarios against vulnerabilities in the VMware protocol.
VMware ESXi is a complex multi-layered protocol that transitions between many protocol states throughout a connection lifetime and uses multiplexed frames, compression and encryption over a single TCP connection.
New features of Canape that were used against the ESXi protocol, include traffic interception and initial protocol dissection, data injection to brute force user credentials, fuzzing and full PoC exploitation. “Testing and exploiting binary network protocols can be complex and time consuming,” says Context’s Alex Chapman. “More often than not, custom software needs to be developed to proxy, parse and manipulate the target traffic. But rather than spending time creating a complete bespoke program, Canape offers a powerful network protocol analysis tool, which takes the existing paradigm of web application testing tools such as CAT, Burp or Fiddler and applies it to network protocol testing. It provides a user interface that facilitates the capture and replaying of binary network traffic, whilst providing a framework to develop parsers and fuzzers.”
More information can be found at: http://www.contextis.co.uk/research/blog/esxi/
