Red Teaming Experiments
Red Teaming Experiments
linkedin
github
@spotheplanet
patreon
What is this?
Pinned
Pentesting Cheatsheets
Active Directory & Kerberos Abuse
offensive security
Red Team Infrastructure
Initial Access
Code Execution
Code & Process Injection
Defense Evasion
Enumeration and Discovery
Privilege Escalation
Credential Access & Dumping
Lateral Movement
Persistence
Exfiltration
reversing, forensics & misc
Windows Kernel / Internals
Exploring Process Environment Block
ETW: Event Tracing for Windows 101
Parsing PE File Headers with C++
Exploring Injected Threads
Dump Virtual Box Memory
AES Encryption Using Crypto++ .lib in Visual Studio C++
Reversing Password Checking Routine
Powered by GitBook

Dump Virtual Box Memory

A quick reminder of one of the ways of how to dump memory of a VM running on VirtualBox in Linux environment.

List Available VMs

cd "C:\Program Files\Oracle\VirtualBox\"
.\VBoxManage.exe list vms
​
...
"win1002 debugee" {5f176ebb-a0cc-4dc7-9c6f-988fcbcca867}
...

Enable Debug Mode

linux host
mantvydas@~: virtualbox --startvm 'yourVMName or VM UUID' --dbg

Dump VM Memory

Launch the VirtualBox debug console by navigating to "Debug" menu an select "Command Line":

Once you select "Command Line", you will be presented with a console that looks like this:

memory dump will be a raw file dumped to /home/youruser directory

To create a memory dump, issue the below command (also highlighted in the above graphic):

VM@virtualbox
VBoxDbg> .pgmphystofile 'w7-nc-shell.bin'

Persistence

If you want the debug options to be always available, you can:

  • export VBOX_GUI_DBG_ENABLED=true before launching the VM or

  • put export VBOX_GUI_DBG_ENABLED=true in your .bashrc or /etc/environment

reversing, forensics & misc - Previous
Exploring Injected Threads
Next - reversing, forensics & misc
AES Encryption Using Crypto++ .lib in Visual Studio C++
Last updated 11 months ago
Contents
List Available VMs
Enable Debug Mode
Dump VM Memory
Persistence