The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,977 other subscribers

Archive for the ‘Virtualization’ Category

Large (hundreds) CVE-2021-21974 ESXi VMware based ESXiArgs (Nevada?) ransomware attacks

Posted by jpluimers on 2023/02/04

Shodan.io results for query html:"We hacked your company successfully" title:"How to Restore Your Files"[Wayback/Archive] Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.
Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated threat actors in low-complexity attacks.
“As current investigations, these attack campaigns appear to be exploiting the vulnerability CVE-2021-21974, for which a patch has been available since 23 February 2021,” CERT-FR said.
“The systems currently targeted would be ESXi hypervisors in version 6.x and prior to 6.7.”
To block incoming attacks, admins have to disable the vulnerable Service Location Protocol (SLP) service on ESXi hypervisors that haven’t yet been updated.
CERT-FR strongly recommends applying the patch as soon as possible but adds that systems left unpatched should also be scanned to look for signs of compromise.
CVE-2021-21974 affects the following systems:
  • ESXi versions 7.x prior to ESXi70U1c-17325551
  • ESXi versions 6.7.x prior to ESXi670-202102401-SG
  • ESXi versions 6.5.x prior to ESXi650-202102101-SG

[Wayback/Archive] Esxi Ransomware Help and Support Topic (ESXiArgs / .args extension) – Page 2 – Ransomware Help & Tech Support (there are now 4 pages, most victims OVH, likely many more pages to follow)

[Wayback/Archive] How to Disable/Enable the SLP Service on VMware ESXi (76372)

[Wayback/Archive] html:”We hacked your company successfully” title:”How to Restore Your Files” – Shodan Search which resulted in the above image (I tweeted it at¬†[Wayback/Archive] Jeroen Wiert Pluimers @wiert@mastodon.social on Twitter: “@vmiss33”)

Commands used in [Wayback/Archive] Jeroen Wiert Pluimers @wiert@mastodon.social on Twitter: “@vmiss33 I did forget to disable SLP on a patched system, but doing that is easy as per kb.vmware.com/s/article/76372:

/etc/init.d/slpd status
/etc/init.d/slpd stop
esxcli system slp stats get
esxcli network firewall ruleset set -r CIMSLP -e 0
chkconfig slpd off
chkconfig --list | grep slpd

More links to follow, but I’m away from keyboard for most of the day.

–jeroen

Read the rest of this entry »

Posted in ESXi6, ESXi6.5, ESXi6.7, Power User, Ransomware, Security, Virtualization, VMware, VMware ESXi | Leave a Comment »

VMware ESXI: creating an eagerly zeroed thick disk

Posted by jpluimers on 2022/12/30

For my memory to create a 40 GiB (gibibytes, i.e. sizes in powers of 2 bytes):

# vmkfstools --createvirtualdisk 40G --diskformat eagerzeroedthick ./X9SRI-3F-W10P-EN-MEDIA-DATA.vmdk
Creating disk './X9SRI-3F-W10P-EN-MEDIA-DATA.vmdk' and zeroing it out...
Create: 100% done.

People tend to abbreviate it into what for me reads gibberish:

# vmkfstools -c 40G -d eagerzeroedthick ./X9SRI-3F-W10P-EN-MEDIA-DATA.vmdk
Creating disk './X9SRI-3F-W10P-EN-MEDIA-DATA.vmdk' and zeroing it out...
Create: 100% done.

It will create a descriptor file and flat data file, of which the last is exactly 40 gibibytes size (as 42949672960 / (1024 * 1024 * 1024) == 40):

# ls -l X9SRI-3F-W10P-EN-MEDIA-DATA*.vmdk
-rw-------    1 root     root     42949672960 Nov 16 16:54 X9SRI-3F-W10P-EN-MEDIA-DATA-flat.vmdk
-rw-------    1 root     root           471 Nov 16 16:54 X9SRI-3F-W10P-EN-MEDIA-DATA.vmdk

–jeroen

Posted in ESXi6, ESXi6.5, ESXi6.7, Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »

The only practical way of running x86 VMs on Apple M1 seems to be QEMU based UTM

Posted by jpluimers on 2022/07/01

Few articles exist on running x86 VMs on Apple M1 architecture.

This is the best I found, and clearly states that QEMU based UTM is the way to go, but notably lacks 3D support: [Wayback/Archive.is] Apple Silicon M1: How to run x86 and ARM Virtual Machines on it? | by Dmitry Yarygin | Mar, 2021 | Medium

Without VMs, but running Windows x86_64 code is already possible using Windows 10 for ARM via Parallels: [Wayback] Windows 10 on M1 Macs: What you can do (virtualization, sorta) and can’t (Boot Camp) | Macworld.

VMware Fusion is not going to support x86_64 virtualisation anytime soon as per [Wayback/Archive.is] Fusion on Apple Silicon: Progress Update РVMware Fusion Blog РVMware Blogs

What about x86 emulation?

We get asked regularly about running x86 VMs on M1 Macs. It makes total sense… If Apple can emulate x86 with Rosetta 2, surely VMware can do something too, right?

Well, the short answer is that there isn’t exactly much business value relative to the engineering effort that is required, at least for the time being. For now, we’re laser focused on making Arm Linux VMs on Apple silicon a delight to use.

So, to be a bit blunt, running x86 operating systems on Apple silicon is not something we are planning to deliver with this project. Installing Windows or Linux from an x86 ISO, for example, will not work.

More on UTM, which is open source:

Now hopefully someone posts a Wiki of running x86_64 Windows on Apple M1 (:

This is a small start that it can be done [Wayback/Archive.is] Has anyone tried running Delphi on Windows ARM? РDelphi IDE and APIs РDelphi-PRAXiS [en]

It works well. I’ve managed to build and run my VCL and FMX projects on Android, iOS, Windows and Mac without any problems.
Note that both Windows ARM and the way it runs Delphi are still in preview so tread carefully!
On 4/18/2021 at 8:01 PM,¬†Der sch√∂ne G√ľnther¬†said:
Can you confirm it cannot only build projects but also debug them?
I can debug Windows and Android no problem. I’m having issues debugging iOS as it’s stopping in the IDE but showing the CPU rather than code views. I believe this might be a badly built component I need to re-install rather than an issue with the environment but can’t confirm either way at the moment.

An update on the debugging issues on iOS – it’s all working now. My VM just needed a restart and I can debug without problems now.

–jeroen

Posted in Apple, M1 Mac, Mac, Mac OS X / OS X / MacOS, Power User, Qemu, UTM, Virtualization, Windows, Windows 10 | Leave a Comment »

A twitter call to say nice things about technology sparked interesting threads

Posted by jpluimers on 2022/05/27

A while ago [Archive.is] Adam Jacob on Twitter: “Let’s say nice things about technology today. I’ll start. If it wasn’t for @lkanies and @puppetize, there is no way we would have been able to adapt as an industry to the rise of the cloud. Quote tweet me with your own.” sparked some interesting threads.

First posts are below; click on them to see the full threads.

Read the rest of this entry »

Posted in Chrome, Configuration Management, Development, DevOps, Firefox, History, IaC - Infrastructure as Code, Infocom and Z-machine, Infrastructure, KVM Kernel-based Virtual Machine, LSI/3ware, Open Source, PDP-11, Power User, PowerShell, Puppet, Python, Qemu, Rust, Safari, Scripting, Software Development, UCSD Pascal, Vagrant, Veewee, Virtualization, Web Browsers, Xen | Leave a Comment »

Converting an existing XP machine to a VMware ESXi¬† Virtual Machine and having boot issues?

Posted by jpluimers on 2022/05/02

A while ago I wrote about Stop 0x0000007B after converting an existing XP machine to a Virtual Machine (ESXi, Hyper-V, or other).

After this, the machine still had boot issues (a grey or black screen after boot, unless booted via Grub from a rescue CD).

The solution in retrospect was simple, but I only figured out after the fact what the solution had done.

Of course this gave me a facepalm moment, as back in the days, this was exactly the warning I gave everyone when installing Windows XP on ESXi anyway: use a SCSI buslogic based virtual disk, not an IDE or SATA virtual disk.

The reason is that Windows XP does not like the IDE/SATA disk that VMware provides. Windows Vista and up are less of a problem.

This is indeed what my practical solution did:

  • VMware Converter 4.x creates a VM with an IDE/SATA disk (as it cannot talk to the more recent ESXi versions at all because of API changes)
  • VMware Converter 6.x creates a VM with a buslogic SCSI base disk (and it can create it directly on your ESXi rig, though it will use a directory in the root of your data store, even if you prefer it somewhere deeper in the directory tree)

References:

–jeroen

Posted in ESXi6, ESXi6.5, ESXi6.7, Hardware, Power User, SAS/SATA, SCSI, Virtualization, VMware, VMware Converter, VMware ESXi, Windows, Windows XP | Leave a Comment »

 
%d bloggers like this: