tag:blogger.com,1999:blog-8539880144347728238.post4506024684965675274..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Detecting VMware with JavaScript (or how to waste your time with pointless exercises)Unknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-8539880144347728238.post-2720211700387181522014-05-30T03:38:12.304-04:002014-05-30T03:38:12.304-04:00Is the VM used to detect JS malware a Windows or L...Is the VM used to detect JS malware a Windows or Linux system ?begueradjhttp://www.begueradj.comnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-17220179414059657462009-05-03T19:32:00.000-04:002009-05-03T19:32:00.000-04:002dean de beer
hey, it can be some dumb question, ...2dean de beer<br /><br />hey, it can be some dumb question, i didnt quite understood the post :) *not native english speaker* <br /><br />so u say that if i enter some site it can detect if im currently in vmware or not? is there 99% secure way to protect myself from detection? not only this kind of detection... :) and what other scripts webmaster can use to detect if visitors came from vmware? tnxAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-72485700077463458542009-04-14T07:31:00.000-04:002009-04-14T07:31:00.000-04:00@Julien Bernard,
Thanks, I use similar methods in...@Julien Bernard,<br /><br />Thanks, I use similar methods in some organizations for 3rd party software and plugins, etc... where I correlate the results between web-based malware/exploits and versions of software running to determine infected systems. Not ideal but great if the systems are unmanaged.<br /><br />I really was only saying it was pointless from a malware authors perspective as it's done client-side and at that point does not have much value.<br /><br />@mszafran, yea, I know. I'm lazy. :) I figured if anyone used it they could just add the remaining ones themselves. I really just wanted to see if JS could be used to detect vmware simply. I think I have the .NET snippets lying around somewhere. I'd forgotten about those. Thanks for the reminder. Cheers.dean de beerhttps://www.blogger.com/profile/13744345182407258839noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-43738094498688098262009-04-14T06:43:00.000-04:002009-04-14T06:43:00.000-04:00You've missed a couple of the VM MAC ranges. They ...You've missed a couple of the VM MAC ranges. They have:<br />"00-05-69"<br />"00-0C-29"<br />"00-50-56"<br /><br />For a couple of other simple checks you can also see if there are any 'vmware' services running or vmtools installed.<br /><br />Didn't I send you some .Net code a while back to do these?mszafrannoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-913929952706755042009-04-14T01:11:00.000-04:002009-04-14T01:11:00.000-04:00Hi,
This is not silly at all! In some organization...Hi,<br />This is not silly at all! In some organizations, you may have some policies forbidding installation and usage of virtual machines. Adding your code in the company's intranet front page can be used as one tool to detect such installations.Julien Bernardhttps://www.blogger.com/profile/13918142679906255417noreply@blogger.com