2012-02-01 18:05:20 +00:00
##
2014-10-17 16:47:33 +00:00
# This module requires Metasploit: http://metasploit.com/download
2013-10-15 18:50:46 +00:00
# Current source: https://github.com/rapid7/metasploit-framework
2012-02-01 18:05:20 +00:00
##
require 'msf/core'
2016-03-08 13:02:44 +00:00
class MetasploitModule < Msf :: Auxiliary
2012-02-01 18:05:20 +00:00
2013-08-30 21:28:54 +00:00
include Msf :: Exploit :: Remote :: HttpClient
include Msf :: Auxiliary :: Report
include Msf :: Exploit :: Remote :: VIMSoap
include Msf :: Auxiliary :: Scanner
2012-02-01 18:05:20 +00:00
2013-08-30 21:28:54 +00:00
def initialize
super (
'Name' = > 'VMWare Enumerate Virtual Machines' ,
'Description' = > %Q{
This module attempts to discover virtual machines on any VMWare instance
running the web interface . This would include ESX / ESXi and VMWare Server .
} ,
'Author' = > [ 'theLightCosine' ] ,
2016-01-22 08:54:52 +00:00
'License' = > MSF_LICENSE ,
'DefaultOptions' = > { 'SSL' = > true }
2013-08-30 21:28:54 +00:00
)
2012-02-01 18:05:20 +00:00
2013-08-30 21:28:54 +00:00
register_options (
[
Opt :: RPORT ( 443 ) ,
OptString . new ( 'USERNAME' , [ true , " The username to Authenticate with. " , 'root' ] ) ,
OptString . new ( 'PASSWORD' , [ true , " The password to Authenticate with. " , 'password' ] ) ,
OptBool . new ( 'SCREENSHOT' , [ true , " Wheter or not to try to take a screenshot " , true ] )
] , self . class )
end
2012-02-01 18:05:20 +00:00
2013-08-30 21:28:54 +00:00
def run_host ( ip )
2012-02-01 18:05:20 +00:00
2013-08-30 21:28:54 +00:00
if vim_do_login ( datastore [ 'USERNAME' ] , datastore [ 'PASSWORD' ] ) == :success
virtual_machines = vim_get_vms
virtual_machines . each do | vm |
print_good YAML . dump ( vm )
report_note (
:host = > rhost ,
:type = > " vmware.esx.vm " ,
:data = > vm ,
:port = > rport ,
:proto = > 'tcp' ,
:update = > :unique_data
)
next unless datastore [ 'SCREENSHOT' ] and vm [ 'runtime' ] [ 'powerState' ] == 'poweredOn'
print_status " Attempting to take screenshot of #{ vm [ 'name' ] } .... "
screenshot = vim_take_screenshot ( vm , datastore [ 'USERNAME' ] , datastore [ 'PASSWORD' ] )
case screenshot
when :error
print_error " Screenshot failed "
next
when :expired
vim_do_login ( datastore [ 'USERNAME' ] , datastore [ 'PASSWORD' ] )
retry_result = vim_take_screenshot ( vm , datastore [ 'USERNAME' ] , datastore [ 'PASSWORD' ] )
if retry_result == :error or retry_result == :expired
print_error " Screenshot failed "
else
ss_path = store_loot ( " host.vmware.screenshot " , " image/png " , datastore [ 'RHOST' ] , retry_result , " #{ vm [ 'name' ] } _screenshot.png " , " Screenshot of VM #{ vm [ 'name' ] } " )
print_good " Screenshot Saved to #{ ss_path } "
end
else
ss_path = store_loot ( " host.vmware.screenshot " , " image/png " , datastore [ 'RHOST' ] , screenshot , " screenshot.png " , " Screenshot of VM #{ vm [ 'name' ] } " )
print_good " Screenshot Saved to #{ ss_path } "
end
end
2013-08-19 20:02:15 +00:00
2013-08-30 21:28:54 +00:00
f = store_loot ( 'host.vmware.vms' , " text/plain " , datastore [ 'RHOST' ] , YAML . dump ( virtual_machines ) , " #{ datastore [ 'RHOST' ] } _esx_vms.txt " , " VMWare ESX Virtual Machines " )
vprint_status ( " VM info stored in: #{ f } " )
else
print_error " Login Failure on #{ ip } "
return
end
end
2012-02-01 18:05:20 +00:00
end