判断是否为虚拟机

2020年11月6日 作者 C0isini

前言

有时候在进行渗透的时候,如果要做虚拟机逃逸等操作,就必须得先知道本机是不是虚拟机,是什么虚拟机,所以在这进行简单的记录一下如何去判断一台设备是否为虚拟主机。

Linux

dmidecode -s system-product-name

[root@110 ~]# dmidecode -s system-product-name 
Alibaba Cloud ECS 

[root@k8s-master ~]# dmidecode -s system-product-name 
VMware Virtual Platform 

[root@120 /]# dmidecode -s system-product-name 
KVM

dmesg | grep -i virtual

虚拟机会有记录、非虚拟机没有记录

[root@k8s-master ~]# dmesg | grep -i virtual
[    0.000000] DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/29/2019
[    0.000000] Booting paravirtualized kernel on VMware hypervisor
[    3.047920] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input2
[    3.048149] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input3
[    3.059098] systemd[1]: Detected virtualization vmware.
[    3.107240] systemd[1]: Starting Setup Virtual Console...
[    3.266790] systemd[1]: Started Setup Virtual Console.
[    3.479347] usb 2-1: Product: VMware Virtual USB Mouse
[    3.492334] input: VMware VMware Virtual USB Mouse as /devices/pci0000:00/0000:00:11.0/0000:02:00.0/usb2/2-1/2-1:1.0/input/input4
[    3.492551] hid-generic 0003:0E0F:0003.0001: input,hidraw0: USB HID v1.10 Mouse [VMware VMware Virtual USB Mouse] on usb-0000:02:00.0-1/input0
[    3.916193] usb 2-2: Product: VMware Virtual USB Hub
[    4.141488] scsi 0:0:0:0: Direct-Access     VMware,  VMware Virtual S 1.0  PQ: 0 ANSI: 2
[    4.329771] ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33

lshw

查看硬件信息工具,需要进行安装,默认不会安装

安装:
yum install lshw

lshw -class system

[root@k8s-master log]# lshw -class system
k8s-master                  
    description: Computer
    product: VMware Virtual Platform
    vendor: VMware, Inc.
    version: None
    serial: VMware-56 4d 42 78 57 e1 b9 c6-e9 ff 89 18 72 ef 9b 88
    width: 64 bits
    capabilities: smbios-2.7 dmi-2.7 vsyscall32
    configuration: administrator_password=enabled boot=normal frontpanel_password=unknown keyboard_password=unknown power-on_password=disabled uuid=564D4278-57E1-B9C6-E9FF-891872EF9B88
*-pnp00:00
   product: PnP device PNP0c02
   physical id: 3
   capabilities: pnp
   configuration: driver=system
*-pnp00:01
   product: PnP device PNP0b00
   physical id: 4
   capabilities: pnp
   configuration: driver=rtc_cmos
*-pnp00:04
   product: PnP device PNP0103
   physical id: 85
   capabilities: pnp
   configuration: driver=system
*-pnp00:06
   product: PnP device PNP0c02
   physical id: 87
   capabilities: pnp
   configuration: driver=system
*-remoteaccess UNCLAIMED
   vendor: Intel
   physical id: 1
   capabilities: inbound
   
阿里云

[root@110 ~]# lshw -class system
110                         
    description: Computer
    product: Alibaba Cloud ECS
    vendor: Alibaba Cloud
    version: pc-i440fx-2.1
    serial: d6353e4a-3879-40af-8552-da650b929026
    width: 64 bits
    capabilities: smbios-2.8 dmi-2.8 smp vsyscall32
    configuration: boot=normal uuid=4A3E35D6-7938-AF40-8552-DA650B929026
*-pnp00:00
    product: PnP device PNP0b00
    physical id: 1
    capabilities: pnp
    configuration: driver=rtc_cmos

Windows

CMD 命令

systeminfo | findstr /i "System Model"
systeminfo | findstr /i "系统型号"
C:\Users\admin>systeminfo | findstr /i "系统型号"
系统型号:         VMware Virtual Platform

C:\Users>systeminfo | findstr /i "系统型号"
系统型号:         IBM SystemX X3550 M3 -[7944ONT]-

POWERSHELL 命令

get-wmiobject win32_computersystem | fl model
PS C:\Users\admin> get-wmiobject win32_computersystem | fl model


model : VMware Virtual Platform


PS C:\Users> get-wmiobject win32_computersystem | fl model


model : IBM SystemX X3550 M3 -[7944ONT]-