innismir.net

One of my duties at my job is to the maintain the lab environment that we have to do our super 31337 skunk works projects in. As we all are quite lazy and don’t have room for gobs of hardware, we make good use of virtualized machines to do our projects. One of the annoying issues that keeps popping its head up every time we need to install a fresh desktop install is that Windows XP does not like to run within VMware ESX server. It’s frustrating and there is no real tutorial online with a definitive set of answers, just a bunch of forum posts with tidbits of info that if you arrange correctly, you can piece together what to do.

So, without further ado, here is how to make Windows XP install onto a VMware stock VM machine:

1. Download the VMware SCSI Disk image from VMware Drivers & Tools download page. Save the image somewhere where you can locate it easier.
2. Follow the normal procedure for creating a VMware machine for Windows XP.
3. Select the machine in the Virtual Infrastructure client and select “Edit Settings”
   
4. On the settings screen, select the SCSI controller, then in the upper right click “Change Type…”
   
5. On the “Change SCSI Controller Type” screen, “LSI Logic” should be selected. Change that to “BusLogic”. Click OK.
   
6. Click OK on the settings screen.
7. Open the console of the Virtual Machine and Power it On.
8. During the VMware POST, press Escape to access the Boot Menu.
9. Click the “Virtual Floppy 0″ button and select “Connect to Floppy Image…”
   
10. Select the floppy image that you downloaded from VMware in step 1.
11. Click the “Virtual CDROM” button and connect it to your install media
12. On the console select “CD-ROM Drive” and press Enter to boot from the CD-ROM
13. Immediately when the Windows installer boots, you will see the bottom of the screen “Press F6 if you need to install a third party SCSI or RAID driver.” Press F6. Windows will continue loading the installer.
    
14. Windows will eventually prompt you to load additional devices. Press “S”
    
15. There will be only one option: “VMware SCSI controller” Press Enter.
16. That will take you back to the previous screen. You are done. Press Enter.
    

Windows will continue loading and now pick up the hard drive that you specified during the Virtual Machine creation process. You’re all set.

I am a big fan of Prelude IDS to correlate reports from my honeypot/nepenthes/snort setup at my house. One of the things that was quite repetitive was finding the locations of IPs. So, I sat down and coded up a patch that grafted GeoIP onto Prelude’s Prewikka web interface. After a bit of effort figuring out Python and the template engine, I ended up with this:

Of course, my patch doesn’t blur out the names like the screenshot, but it does add the spiffy little flags to show you what countries are attacking you.

You will need:

• A working GeoIP installation
• The GeoIP Python module
• A set of flag icons in PNG format. I recommend FamFamFam’s icons
• My patch
• Prewikka 0.9.14 source tree.

The GeoIP libraries are available from the link above. Installing them is pretty straightforward. Once that is done, untar the Prewikka tarball and apply the patch for Prewikka in the source directory. Then install as normal.

Unzip the flags archive somewhere on your system. Move the contents “png” directory to your web root under the folder “/images/flags”. You may need to make an adjustment to your Apache installation if Prewikka is running in the root web directory like I had to. I made an alias in my Apache configuration pointing /images/ back over to /var/www/images.

Alias /images/ /var/www/images/

With any luck, it should work. As always, your mileage may vary.

Share and enjoy!