Hypervisor Internals TryHackMe Walkthrough
Brief Intro
Hypervisor Internals refers to the underlying mechanisms, architecture, and operational details of hypervisors, which are a critical component in virtualization technology. Hypervisors, also known as virtual machine monitors (VMMs), enable the creation, management, and execution of multiple virtual machines (VMs) on a single physical host.
Room Objectives + Learnings
- Understand how Hypervisors work, their types, and why they are used
- Discover the Hypervisor landscape
- The application of Hypervisors in a cyber security context
- Become familiar with the internal components of a Hypervisor, as well as how the guest additions that are used to add features to Hypervisors can pose a security risk
Difficulty
Easy
Room Type
Free Room. Anyone can deploy virtual machines in the room
(without being subscribed)!
Total Tasks : 7 ( 1 Practical Module )
KUDOS TO THE CREATORS
Special Thanks to the Creators of this room
Task 1
It’s always recommended to read the Task 1 Objectives briefly before proceeding
Task 1 Done !
Task 2
Task 2 — Question 1 : What type of Hypervisors have direct access to bare metal?
We can find the answer from the above snippet
Task 2 Question 1 Complete !
Task 2 : Question 2 — What type of Hypervisors do not have access to bare metal but run inside and through another Operating System?
After reading the above snippet we can find the answer .
Task 2 Complete !
Task 3
Task 3 — Question 1 : What is the name of the Hypervisor that can be found as both a type 1 and type 2 Hypervisor?
Task 3— Question 1 Done !
Task 3 — Question 2 : What is the name of the open-source Hypervisor developed by Oracle?
Task 3 Now Completed !
Task 4
Task 4 Question 1 : As of the time of writing, what is the maximum amount that Microsoft offers for disclosed Hyper-V vulnerabilities?
The Answer can be found in the snippet taken from a Module from Task 4
Task 4 Question 1 Done !
Task 4 Question 2 : What category of use do cyber security analysts use Hypervisors to analyse malicious code?
Task 4 Question 2 Complete !
Task 4 Question 3 : What is the name of one of the APT groups that has been identified as targeting ESXi Hypervisors?
Task 4 Question 3 Complete !
Task 4 Complete !
Task 5
Task 5 — Question 1 : What is the acronym for a virtual CPU?
Task 5 Question 1’s answer can be found in the snippet above
Task 5 — Question 2 : What is the acronym for a virtual network adapter?
Task 5 Question 3 : What virtualisation method allows for a Hypervisor to be ran within a virtual machine?
Task 5 is now Complete as well !
Task 6
Task 6 Question 1 : What is the full CVE of the vulnerability that allowed attackers to exploit guest additions to escape the guest environment? Format: CVE-XXXX-XXXX
So are now done with the Question 1 for Task 6
Task 6 Question 2 : What name does the VMware guest additions process show up as on the guest?
Now we are done with the Theory part of Task 6
Task 7
Task 7 is a practical Module
Let’s Start the Party !
Let’s start by clicking View Site
A new Split window has started
Instructions
Welcome to the Hypervisor Internals Game! Drag and drop the correct label into the correct box on the image.
Try hovering on the image to spot interactive areas. Labels can be dropped on these areas.
You have 2 Tasks and 8 Tries
We basically have to drag the correct option to the right Block
Reference can be taken from a Picture shared in Task 2 Module →
We are done with the First task after dragging the Blocks to the correct placeholders for showing the Correct Labels
Let’s Check the Second Task for Task 7
The Task 2 is almost the Similar as Task 1 from the Task 7 Module
After successfully Solving all the 2 Tasks within the Task 7 Module .
we Finally get our Flag for the Task 7 and Finish the Room Hypervisor Internals
