Why don't they just edit the password directly in the disk image (like this: <a href="http://libguestfs.org/virt-edit.1.html#non-interactive-editing" rel="nofollow">http://libguestfs.org/virt-edit.1.html#non-interactive-editi...</a> )?<p>I wrote a neat little tool called virt-dmesg which reads rather than writes kernel memory in VMs in order to pull out things like the kernel messages (dmesg): <a href="http://people.redhat.com/~rjones/virt-dmesg/" rel="nofollow">http://people.redhat.com/~rjones/virt-dmesg/</a><p>Also, since when is "Ubuntu" synonymous with Linux?
Remembering the "evil" discussion from not too long ago, these two statements are not compatible:<p>"This tool is for legal purposes only. The code is released under GPLv3 license."
I'm not sure why a penetration tester would bother to run this against a VM when they had already obtained a privilege level that allows memory modification of the hypervisor process. That level of access is already the equivalent of physical access.