Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Honeypots
changing mac addresses of clients in vmware Apr 24 2004 08:26AM
Joe Hickory (J Hickory gmx net) (2 replies)
Re: changing mac addresses of clients in vmware Apr 24 2004 04:41PM
Kostya Kortchinsky (kostya kortchinsky renater fr)
Hi,

There is an easy way to do that by patching the MAC generation routine
and MAC verification routine. Here they are :

Version 4.5.0 build-7174

* Linux - adresse MAC (générée)

vmware-vmx : génération
.text:080B1EAD 66 C7 45 CC 00 00 mov [ebp+var_34], 0
.text:080B1EB3 C6 45 C8 00 mov byte ptr
[ebp+var_38], 0
.text:080B1EB7 C6 45 C9 0C mov byte ptr
[ebp+var_38+1], 0Ch
.text:080B1EBB C6 45 CA 29 mov byte ptr
[ebp+var_38+2], 29h
.text:080B1EBF 89 04 24 mov
[esp+58h+var_58], eax
.text:080B1EC2 E8 29 74 FB FF call sub_80692F0

vmware-vmx : vérification
.text:080B20C8 loc_80B20C8:
; CODE XREF: sub_80B1F80+112j
.text:080B20C8 80 3B 00 cmp byte ptr [ebx], 0
.text:080B20CB 75 06 jnz short loc_80B20D3
.text:080B20CD 80 7B 01 0C cmp byte ptr
[ebx+1], 0Ch
.text:080B20D1 74 10 jz short loc_80B20E3
.text:080B20D3
.text:080B20D3 loc_80B20D3:
; CODE XREF: sub_80B1F80+14Bj
.text:080B20D3
; sub_80B1F80+167j
.text:080B20D3 89 7C 24 04 mov
[esp+28h+var_24], edi
.text:080B20D7 C7 04 24 40 8F 25+ mov
[esp+28h+var_28], offset a@@@Msg_mac_b_0 ;
"@&!*@*@(msg.mac.badAddressOUI)%s is not"...
.text:080B20DE E9 0B FF FF FF jmp loc_80B1FEE
.text:080B20E3 ;
------------------------------------------------------------------------
---
.text:080B20E3
.text:080B20E3 loc_80B20E3:
; CODE XREF: sub_80B1F80+151j
.text:080B20E3 80 7B 02 29 cmp byte ptr
[ebx+2], 29h
.text:080B20E7 75 EA jnz short loc_80B20D3
.text:080B20E9 E9 15 FF FF FF jmp loc_80B2003

Changing the 0Ch and 29h to fit one's needs works perfectly, and
generated addresses will fall in the good range of MAC addresses. If you
use vmware-natd, then you'll have to enable the AllowAnyOUI option.

Only modify the binary if you know what your are doing.

Regards,

Kostya Kortchinsky
CERT RENATER
French Honeynet Project

Joe Hickory wrote:

> hi list,
> i am trying to set up a virtual honeynet within vmware. can i change the mac
> address
> for the clients to other than 00:50:56:XX:XX:XX ? i changed the mac entry in
>
> client.vmx to static and tried an other mac address. i just want to set the
> addresses
> to sth. like 00:60:94:XX:XX:XX which is AMD PCNET PCI. i dont want to get my
> guests
> nics fingerprinted as a vmware nic.
>
> anyone has a hint for me
> tia
> joe
>

[ reply ]
RE: changing mac addresses of clients in vmware Apr 24 2004 03:41PM
Eric (ericsecnews comcast net) (1 replies)
Re: changing mac addresses of clients in vmware Apr 25 2004 02:44AM
Niels Provos (provos citi umich edu) (2 replies)
Re: changing mac addresses of clients in vmware Apr 25 2004 06:04PM
Joe Hickory (J Hickory gmx net)
Re: changing mac addresses of clients in vmware Apr 25 2004 05:05PM
Jaap van Ginkel (J A vanGinkel uva nl)







 

Privacy Statement
Copyright 2009, SecurityFocus