Red Teaming Experiments
linkedin
github
@spotheplanet
patreon
Search…
What is ired.team?
Pinned
Pentesting Cheatsheets
Active Directory & Kerberos Abuse
offensive security
Red Team Infrastructure
Initial Access
Code Execution
Code & Process Injection
Defense Evasion
Enumeration and Discovery
Privilege Escalation
Credential Access & Dumping
Lateral Movement
Persistence
Exfiltration
reversing, forensics & misc
Internals
Cloud
Neo4j
Dump Virtual Box Memory
AES Encryption Using Crypto++ .lib in Visual Studio C++
Reversing Password Checking Routine
Powered By
GitBook
Dump Virtual Box Memory
A quick reminder of one of the ways of how to dump memory of a VM running on VirtualBox in Linux environment.
List Available VMs
1
cd
"
C
:
\
Program
Files
\
Oracle
\
VirtualBox
\"
2
.
\
VBoxManage
.
exe
list
vms
3
​
4
...
5
"win1002 debugee"
{
5
f176ebb
-
a0cc
-
4
dc7
-
9
c6f
-
988
fcbcca867
}
6
...
Copied!
Enable Debug Mode
linux host
1
[email protected]
~: virtualbox --startvm
'yourVMName or VM UUID'
--dbg
Copied!
Dump VM Memory
Launch the VirtualBox debug console by navigating to "Debug" menu an select "Command Line":
Once you select "Command Line", you will be presented with a console that looks like this:
memory dump will be a raw file dumped to /home/youruser directory
To create a memory dump, issue the below command (also highlighted in the above graphic):
[email protected]
1
VBoxDbg> .pgmphystofile 'w7-nc-shell.bin'
Copied!
Persistence
If you want the debug options to be always available, you can:
export
VBOX_GUI_DBG_ENABLED=true
before launching the VM or
put export
VBOX_GUI_DBG_ENABLED=true
in your
.bashrc
or
/etc/environment
reversing, forensics & misc - Previous
Neo4j
Next - reversing, forensics & misc
AES Encryption Using Crypto++ .lib in Visual Studio C++
Last modified
2yr ago
Copy link
Contents
List Available VMs
Enable Debug Mode
Dump VM Memory
Persistence