Not a real VmWare Advisory?

Do you have a virtual machine running a UNIX-like or Windows as guest OS, instead a physical one, as part of your organization network? Take CARE! Because it is more evil than it looks!

If you are thinking on using VMWare Workstation or similar you should test the issues I present below. They look to be fixed with the VMWare ACE version.

Have you ever tried to gain root access in one of your companies’ computer to sniff? Have you ever tried to crack someone’s else password? And you have spend hours, days surfing the web looking for an exploit ?

Now you don’t have to worry anymore if you use VmWare at work! With VmWare you will be able to read in plain text the password of the incoming ssh connections or even you could change your id to 0. And you only need to run VmWare nor even being superuser in the OS under VmWare. Does it sound good? Read ahead!

1) Looking for plain text password (I have tested it with OpenBSD & Linux + OpenSSH under VmWare):

Once someone has logged in your local OS you just need to suspend the VmWare machine (you know the [ | | ] symbol).
Afterwards, go straight to the directory of the Virtual Machine and edi, preferably with an hex editor, the “xyz.vmem” file.
Look for “ssh-connection”, you will find it several times before the password appear. The text sourrounding the password is like the following:

ssh-connection.....password....Cabronazo#####

Being Cabronazo the password and ### garbage.
2) Gaining root access:

Do you run an Unix-like OS under VmWare at work? Bad Idea!! (If it is not properly configured, obviously) You can gain root just with a few key-strokes and an hex editor. Look for "username:" and just change all the pid to 0.

It is easy! isn't it?