Questions? Call 877-752-7170 or

GuestStealer Wrapup

By Tony Flick | March 1, 2010

In addition to the previously mentioned Nmap script, GuestStealer has now made its way into a [Nessus plugin] ( and a Metasploit module. Nessus Plugin 44646 was released by Tenable a few weeks ago and the Metasploit module was pushed up to the trunk last week.

GuestStealer has been mentioned in several articles and blog posts recently, including [DarkReading – Tech Insight: Securing The Virtualized Server Environment] ( and The Hacker News Network. While most have been accurate, several early blogs stated that GuestStealer used a cross site scripting attack to steal the guests. So to clarify and avoid any confusion, GuestStealer exploits the directory traversal vulnerability described in [CVE-2009-3733] ( For further information, check out the [presentation slides] (