Virtual Machine / Virtual Box Guide?

by Amato Masaki

Amato Masaki
Bank robber
JP
Posts: 83
Threads: 5
Joined: Jul 2016
Reputation: 0
10-12-2016, 06:45 AM
#61206 (1)
I want to ask about using a virtual machine.
(im using VirtualBox)
I have a problem when starting the machine
ss : https://u.pomf.is/dapjwt.JPG
its always (0x1)

Log file can be founded here : Log file

Anyway the detail is
Host : Windows 7 Ultimate(64 bit)
Guest : Kali linux amd64

Any solution?

Thanks

LET DE_BASS KIK
jOOOOO ~~~

RX14
Chibi Hentai Master
Optimist
Posts: 494
Threads: 5
Joined: Nov 2015
Reputation: 1
10-12-2016, 07:31 AM
#61207 (2)
Probably your custom theme messing with SHELL32.dll. Unfortunately there doesn't seem to be a way to disable Virtualbox's DLL verification, so you're going to have to either uninstall your themes and restore backups of your patched DLLs, or manually sign your DLLs. Signing your patched DLLs is going to be a bit of a pain though because you're going to have to create a certificate pair.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
Amato Masaki
Bank robber
JP
Posts: 83
Threads: 5
Joined: Jul 2016
Reputation: 0
10-12-2016, 08:26 AM
#61216 (3)
(10-12-2016, 07:31 AM)RX14 Wrote: Probably your custom theme messing with SHELL32.dll. Unfortunately there doesn't seem to be a way to disable Virtualbox's DLL verification, so you're going to have to either uninstall your themes and restore backups of your patched DLLs, or manually sign your DLLs. Signing your patched DLLs is going to be a bit of a pain though because you're going to have to create a certificate pair.

Just the Theme Patched dll's right?

i think i got the restore point..
thanks.xd

LET DE_BASS KIK
jOOOOO ~~~

malmon
nya?
Torrents
Posts: 1,080
Threads: 18
Joined: Nov 2015
Reputation: 12
10-12-2016, 11:24 AM
#61226 (4)
(10-12-2016, 07:31 AM)RX14 Wrote: Probably your custom theme messing with SHELL32.dll. Unfortunately there doesn't seem to be a way to disable Virtualbox's DLL verification, so you're going to have to either uninstall your themes and restore backups of your patched DLLs, or manually sign your DLLs. Signing your patched DLLs is going to be a bit of a pain though because you're going to have to create a certificate pair.

Why does VB even care about this?

[Image: 68747470733a2f2f752e6e79612e69732f77757466626d2e6a7067]
RX14
Chibi Hentai Master
Optimist
Posts: 494
Threads: 5
Joined: Nov 2015
Reputation: 1
10-12-2016, 12:03 PM
#61228 (5)
@malmon It's to protect againt DLL injection exploits

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
malmon
nya?
Torrents
Posts: 1,080
Threads: 18
Joined: Nov 2015
Reputation: 12
10-12-2016, 12:38 PM
#61233 (6)
(10-12-2016, 12:03 PM)RX14 Wrote: @malmon It's to protect againt DLL injection exploits

So if you run a modded Windows installation VB won't work?

[Image: 68747470733a2f2f752e6e79612e69732f77757466626d2e6a7067]
RX14
Chibi Hentai Master
Optimist
Posts: 494
Threads: 5
Joined: Nov 2015
Reputation: 1
10-12-2016, 01:30 PM
#61236 (7)
@malmon, yes

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
malmon
nya?
Torrents
Posts: 1,080
Threads: 18
Joined: Nov 2015
Reputation: 12
10-12-2016, 01:47 PM
#61237 (8)
(10-12-2016, 01:30 PM)RX14 Wrote: @malmon, yes

Guess the Microsoft shills did their job well. How the hell does an open source project fuck up so badly?

[Image: 68747470733a2f2f752e6e79612e69732f77757466626d2e6a7067]
RX14
Chibi Hentai Master
Optimist
Posts: 494
Threads: 5
Joined: Nov 2015
Reputation: 1
10-12-2016, 02:11 PM
#61239 (9)
@malmon, no, I said it was to stop exploits. There were known exploits in virtualbox, and they fixed them. If you're oracle, what do you do? Not fix a massive explot just so that some people can mod their windows? Seems like a terrible idea to me.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
malmon
nya?
Torrents
Posts: 1,080
Threads: 18
Joined: Nov 2015
Reputation: 12
10-12-2016, 02:30 PM
#61246 (10)
(10-12-2016, 02:11 PM)RX14 Wrote: @malmon, no, I said it was to stop exploits. There were known exploits in virtualbox, and they fixed them. If you're oracle, what do you do? Not fix a massive explot just so that some people can mod their windows? Seems like a terrible idea to me.

Isn't it more of a Windows issue then? And not a VirtualBox issue? Surely it's Windows' responsibility to keep the integrity of it's DLLs in check?

[Image: 68747470733a2f2f752e6e79612e69732f77757466626d2e6a7067]
RX14
Chibi Hentai Master
Optimist
Posts: 494
Threads: 5
Joined: Nov 2015
Reputation: 1
10-12-2016, 03:10 PM
#61254 (11)
(10-12-2016, 02:30 PM)malmon Wrote:
(10-12-2016, 02:11 PM)RX14 Wrote: @malmon, no, I said it was to stop exploits. There were known exploits in virtualbox, and they fixed them. If you're oracle, what do you do? Not fix a massive explot just so that some people can mod their windows? Seems like a terrible idea to me.

Isn't it more of a Windows issue then? And not a VirtualBox issue? Surely it's Windows' responsibility to keep the integrity of it's DLLs in check?

Yes, it's a windows issue because windows loads DLLs from too many places, many of which don't need superadmin to access. So VirtualBox requires all loaded DLLs to be signed by a certificate trusted by windows. If you really really want to use a custom DLL, just create a custom certificate and sign it yourself. This is both supposedly secure if you do it right and customisable.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
malmon
nya?
Torrents
Posts: 1,080
Threads: 18
Joined: Nov 2015
Reputation: 12
10-12-2016, 05:33 PM
#61278 (12)
(10-12-2016, 03:10 PM)RX14 Wrote:
(10-12-2016, 02:30 PM)malmon Wrote:
(10-12-2016, 02:11 PM)RX14 Wrote: @malmon, no, I said it was to stop exploits. There were known exploits in virtualbox, and they fixed them. If you're oracle, what do you do? Not fix a massive explot just so that some people can mod their windows? Seems like a terrible idea to me.

Isn't it more of a Windows issue then? And not a VirtualBox issue? Surely it's Windows' responsibility to keep the integrity of it's DLLs in check?

Yes, it's a windows issue because windows loads DLLs from too many places, many of which don't need superadmin to access. So VirtualBox requires all loaded DLLs to be signed by a certificate trusted by windows. If you really really want to use a custom DLL, just create a custom certificate and sign it yourself. This is both supposedly secure if you do it right and customisable.

So how come Linux isn't vulnrable to this?

[Image: 68747470733a2f2f752e6e79612e69732f77757466626d2e6a7067]
Melancholy
すけべ
Admin
Posts: 3,862
Threads: 213
Joined: Jul 2014
Reputation: 60
10-12-2016, 08:36 PM
#61303 (13)
(10-12-2016, 05:33 PM)malmon Wrote:
(10-12-2016, 03:10 PM)RX14 Wrote:
(10-12-2016, 02:30 PM)malmon Wrote:
(10-12-2016, 02:11 PM)RX14 Wrote: @malmon, no, I said it was to stop exploits. There were known exploits in virtualbox, and they fixed them. If you're oracle, what do you do? Not fix a massive explot just so that some people can mod their windows? Seems like a terrible idea to me.

Isn't it more of a Windows issue then? And not a VirtualBox issue? Surely it's Windows' responsibility to keep the integrity of it's DLLs in check?

Yes, it's a windows issue because windows loads DLLs from too many places, many of which don't need superadmin to access. So VirtualBox requires all loaded DLLs to be signed by a certificate trusted by windows. If you really really want to use a custom DLL, just create a custom certificate and sign it yourself. This is both supposedly secure if you do it right and customisable.

So how come Linux isn't vulnrable to this?

it is, isn't it? like, isn't that how rootkits work? by injecting themselves into .so files?

RX14
Chibi Hentai Master
Optimist
Posts: 494
Threads: 5
Joined: Nov 2015
Reputation: 1
10-13-2016, 05:29 AM
#61337 (14)
(10-12-2016, 05:33 PM)malmon Wrote:
(10-12-2016, 03:10 PM)RX14 Wrote:
(10-12-2016, 02:30 PM)malmon Wrote:
(10-12-2016, 02:11 PM)RX14 Wrote: @malmon, no, I said it was to stop exploits. There were known exploits in virtualbox, and they fixed them. If you're oracle, what do you do? Not fix a massive explot just so that some people can mod their windows? Seems like a terrible idea to me.

Isn't it more of a Windows issue then? And not a VirtualBox issue? Surely it's Windows' responsibility to keep the integrity of it's DLLs in check?

Yes, it's a windows issue because windows loads DLLs from too many places, many of which don't need superadmin to access. So VirtualBox requires all loaded DLLs to be signed by a certificate trusted by windows. If you really really want to use a custom DLL, just create a custom certificate and sign it yourself. This is both supposedly secure if you do it right and customisable.

So how come Linux isn't vulnrable to this?

Because the paths where .so files are stored in are owned by root, so normal users can't modify them. You can do injection by modifying `LD_PRELOAD` env var then running a process, but thats not particularly exploitable.

DLL/shared library injection is a method of injecting code into a process which runs at a higher permission level than you. Virtualbox is one of the processes that has needs to run as a higher-level user so it protects itself from this. On linux, you would need to set LD_PRELOAD in the environment of a process that's run as root, which would usually require an exploit in the init scripts, which doesn't happen often.

Rootkits using shared libraries is different, simply a way of hiding the virus. To inject into the shared library files, you already need to be root, which is usually obtained through another exploit of week ssh. If someone is root on your linux box, there's 1000 ways they can hide their code, including inside the kernel itself, shared library injection is simply another techique.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester
[+] 2 users love RX14's post
malmon
nya?
Torrents
Posts: 1,080
Threads: 18
Joined: Nov 2015
Reputation: 12
10-13-2016, 10:00 AM
#61348 (15)
(10-13-2016, 05:29 AM)RX14 Wrote:
(10-12-2016, 05:33 PM)malmon Wrote:
(10-12-2016, 03:10 PM)RX14 Wrote:
(10-12-2016, 02:30 PM)malmon Wrote: Isn't it more of a Windows issue then? And not a VirtualBox issue? Surely it's Windows' responsibility to keep the integrity of it's DLLs in check?

Yes, it's a windows issue because windows loads DLLs from too many places, many of which don't need superadmin to access. So VirtualBox requires all loaded DLLs to be signed by a certificate trusted by windows. If you really really want to use a custom DLL, just create a custom certificate and sign it yourself. This is both supposedly secure if you do it right and customisable.

So how come Linux isn't vulnrable to this?

Because the paths where .so files are stored in are owned by root, so normal users can't modify them. You can do injection by modifying `LD_PRELOAD` env var then running a process, but thats not particularly exploitable.

DLL/shared library injection is a method of injecting code into a process which runs at a higher permission level than you. Virtualbox is one of the processes that has needs to run as a higher-level user so it protects itself from this. On linux, you would need to set LD_PRELOAD in the environment of a process that's run as root, which would usually require an exploit in the init scripts, which doesn't happen often.

Rootkits using shared libraries is different, simply a way of hiding the virus. To inject into the shared library files, you already need to be root, which is usually obtained through another exploit of week ssh. If someone is root on your linux box, there's 1000 ways they can hide their code, including inside the kernel itself, shared library injection is simply another techique.

Fair enough. Well, guess I'm stuck using Hyper-V for now

[Image: 68747470733a2f2f752e6e79612e69732f77757466626d2e6a7067]
RX14
Chibi Hentai Master
Optimist
Posts: 494
Threads: 5
Joined: Nov 2015
Reputation: 1
10-13-2016, 11:53 AM
#61354 (16)
(10-13-2016, 10:00 AM)malmon Wrote:
(10-13-2016, 05:29 AM)RX14 Wrote:
(10-12-2016, 05:33 PM)malmon Wrote:
(10-12-2016, 03:10 PM)RX14 Wrote: Yes, it's a windows issue because windows loads DLLs from too many places, many of which don't need superadmin to access. So VirtualBox requires all loaded DLLs to be signed by a certificate trusted by windows. If you really really want to use a custom DLL, just create a custom certificate and sign it yourself. This is both supposedly secure if you do it right and customisable.

So how come Linux isn't vulnrable to this?

Because the paths where .so files are stored in are owned by root, so normal users can't modify them. You can do injection by modifying `LD_PRELOAD` env var then running a process, but thats not particularly exploitable.

DLL/shared library injection is a method of injecting code into a process which runs at a higher permission level than you. Virtualbox is one of the processes that has needs to run as a higher-level user so it protects itself from this. On linux, you would need to set LD_PRELOAD in the environment of a process that's run as root, which would usually require an exploit in the init scripts, which doesn't happen often.

Rootkits using shared libraries is different, simply a way of hiding the virus. To inject into the shared library files, you already need to be root, which is usually obtained through another exploit of week ssh. If someone is root on your linux box, there's 1000 ways they can hide their code, including inside the kernel itself, shared library injection is simply another techique.

Fair enough. Well, guess I'm stuck using Hyper-V for now

Or sign the DLL yourself, of course. It shouldn't be too hard at all.

[Image: 68747470733a2f2f6177772e6d6f652f683731666e372e706e67]
English animemester