判断是否为虚拟机
2020年11月6日前言
有时候在进行渗透的时候,如果要做虚拟机逃逸等操作,就必须得先知道本机是不是虚拟机,是什么虚拟机,所以在这进行简单的记录一下如何去判断一台设备是否为虚拟主机。
Linux
dmidecode -s system-product-name
[root@110 ~]# dmidecode -s system-product-nameAlibaba Cloud ECS[root@k8s-master ~]# dmidecode -s system-product-nameVMware Virtual Platform[root@120 /]# dmidecode -s system-product-nameKVM
dmesg | grep -i virtual
虚拟机会有记录、非虚拟机没有记录
[root@k8s-master ~]# dmesg | grep -i virtual [ 0.000000] DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/29/2019 [ 0.000000] Booting paravirtualized kernel on VMware hypervisor [ 3.047920] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input2 [ 3.048149] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input3 [ 3.059098] systemd[1]: Detected virtualization vmware. [ 3.107240] systemd[1]: Starting Setup Virtual Console... [ 3.266790] systemd[1]: Started Setup Virtual Console. [ 3.479347] usb 2-1: Product: VMware Virtual USB Mouse [ 3.492334] input: VMware VMware Virtual USB Mouse as /devices/pci0000:00/0000:00:11.0/0000:02:00.0/usb2/2-1/2-1:1.0/input/input4 [ 3.492551] hid-generic 0003:0E0F:0003.0001: input,hidraw0: USB HID v1.10 Mouse [VMware VMware Virtual USB Mouse] on usb-0000:02:00.0-1/input0 [ 3.916193] usb 2-2: Product: VMware Virtual USB Hub [ 4.141488] scsi 0:0:0:0: Direct-Access VMware, VMware Virtual S 1.0 PQ: 0 ANSI: 2 [ 4.329771] ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33
lshw
查看硬件信息工具,需要进行安装,默认不会安装
安装: yum install lshw
lshw -class system
[root@k8s-master log]# lshw -class system
k8s-master
description: Computer
product: VMware Virtual Platform
vendor: VMware, Inc.
version: None
serial: VMware-56 4d 42 78 57 e1 b9 c6-e9 ff 89 18 72 ef 9b 88
width: 64 bits
capabilities: smbios-2.7 dmi-2.7 vsyscall32
configuration: administrator_password=enabled boot=normal frontpanel_password=unknown keyboard_password=unknown power-on_password=disabled uuid=564D4278-57E1-B9C6-E9FF-891872EF9B88
*-pnp00:00
product: PnP device PNP0c02
physical id: 3
capabilities: pnp
configuration: driver=system
*-pnp00:01
product: PnP device PNP0b00
physical id: 4
capabilities: pnp
configuration: driver=rtc_cmos
*-pnp00:04
product: PnP device PNP0103
physical id: 85
capabilities: pnp
configuration: driver=system
*-pnp00:06
product: PnP device PNP0c02
physical id: 87
capabilities: pnp
configuration: driver=system
*-remoteaccess UNCLAIMED
vendor: Intel
physical id: 1
capabilities: inbound
阿里云
[root@110 ~]# lshw -class system
110
description: Computer
product: Alibaba Cloud ECS
vendor: Alibaba Cloud
version: pc-i440fx-2.1
serial: d6353e4a-3879-40af-8552-da650b929026
width: 64 bits
capabilities: smbios-2.8 dmi-2.8 smp vsyscall32
configuration: boot=normal uuid=4A3E35D6-7938-AF40-8552-DA650B929026
*-pnp00:00
product: PnP device PNP0b00
physical id: 1
capabilities: pnp
configuration: driver=rtc_cmos
Windows
CMD 命令
systeminfo | findstr /i "System Model"
systeminfo | findstr /i "系统型号"
C:\Users\admin>systeminfo | findstr /i "系统型号" 系统型号: VMware Virtual Platform C:\Users>systeminfo | findstr /i "系统型号" 系统型号: IBM SystemX X3550 M3 -[7944ONT]-
POWERSHELL 命令
get-wmiobject win32_computersystem | fl model
PS C:\Users\admin> get-wmiobject win32_computersystem | fl model model : VMware Virtual Platform PS C:\Users> get-wmiobject win32_computersystem | fl model model : IBM SystemX X3550 M3 -[7944ONT]-