metasploit-framework/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##


require 'msf/core'


class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::HttpClient
	include Msf::Auxiliary::Report
	include Msf::Exploit::Remote::VIMSoap
	include Msf::Auxiliary::Scanner

	def initialize
		super(
			'Name'           => 'VMWare Enumerate Virtual Machines',
			'Description'    => %Q{
				This module attempts to discover virtual machines on any VMWare instance
				running the web interface. This would include ESX/ESXi and VMWare Server.
			},
			'Author'         => ['theLightCosine'],
			'License'        => MSF_LICENSE
		)

		register_options(
			[
				Opt::RPORT(443),
				OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),
				OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),
				OptBool.new('SCREENSHOT', [true, "Wheter or not to try to take a screenshot", true])
			], self.class)

		register_advanced_options([OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', true]),])
	end

	def run_host(ip)

		if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
			virtual_machines = vim_get_vms
			virtual_machines.each do |vm|
				print_good YAML.dump(vm)
				report_note(
					:host  => rhost,
					:type  => "vmware.esx.vm",
					:data  => vm,
					:port  => rport,
					:proto => 'tcp',
					:update => :unique_data
				)
				next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'
				print_status "Attempting to take screenshot of #{vm['name']}...."
				screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )
				case screenshot
				when :error
					print_error "Screenshot failed"
					next
				when :expired
					vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])
					retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )
					if retry_result == :error or retry_result == :expired
						print_error "Screenshot failed"
					else
						ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], retry_result, "#{vm['name']}_screenshot.png", "Screenshot of VM #{vm['name']}")
						print_good "Screenshot Saved to #{ss_path}"
					end
				else
					ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], screenshot, "screenshot.png", "Screenshot of VM #{vm['name']}")
					print_good "Screenshot Saved to #{ss_path}"
				end
			end
			store_loot('host.vmware.vms', "text/plain", datastore['RHOST'], YAML.dump(virtual_machines) , "#{datastore['RHOST']}_esx_vms.txt", "VMWare ESX Virtual Machines")
		else
			print_error "Login Failure on #{ip}"
			return
		end
	end

end
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
Fix up the boilerplate comment to use a better url 2012-02-21 01:40:50 +00:00			`# web site for more information on licensing and terms of use.`
			`# http://metasploit.com/`
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`##`


			`require 'msf/core'`


			`class Metasploit3 < Msf::Auxiliary`

			`include Msf::Exploit::Remote::HttpClient`
			`include Msf::Auxiliary::Report`
			`include Msf::Exploit::Remote::VIMSoap`
			`include Msf::Auxiliary::Scanner`

			`def initialize`
			`super(`
			`'Name' => 'VMWare Enumerate Virtual Machines',`
			`'Description' => %Q{`
Massive whitespace cleanup 2012-03-18 05:07:27 +00:00			`This module attempts to discover virtual machines on any VMWare instance`
			`running the web interface. This would include ESX/ESXi and VMWare Server.`
			`},`
updated all my authour refs to use an alias 2012-09-20 02:46:14 +00:00			`'Author' => ['theLightCosine'],`
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`'License' => MSF_LICENSE`
			`)`

			`register_options(`
			`[`
			`Opt::RPORT(443),`
			`OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),`
Working Screenshot capability! 2012-02-11 09:51:18 +00:00			`OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),`
			`OptBool.new('SCREENSHOT', [true, "Wheter or not to try to take a screenshot", true])`
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`], self.class)`
Massive whitespace cleanup 2012-03-18 05:07:27 +00:00
More Virtualisation SSL fixes 2012-03-16 00:06:48 +00:00			`register_advanced_options([OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', true]),])`
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`end`

			`def run_host(ip)`

			`if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success`
			`virtual_machines = vim_get_vms`
Comply with msftidy Knock, knock! Who's there? Me, the msftidy nazi! 2012-08-07 20:59:01 +00:00			`virtual_machines.each do \|vm\|`
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`print_good YAML.dump(vm)`
			`report_note(`
			`:host => rhost,`
			`:type => "vmware.esx.vm",`
			`:data => vm,`
			`:port => rport,`
			`:proto => 'tcp',`
			`:update => :unique_data`
			`)`
Improved vmware enumerate vm modules now with screenshots! 2012-02-13 18:07:28 +00:00			`next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'`
			`print_status "Attempting to take screenshot of #{vm['name']}...."`
			`screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )`
			`case screenshot`
			`when :error`
			`print_error "Screenshot failed"`
			`next`
			`when :expired`
			`vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])`
			`retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )`
			`if retry_result == :error or retry_result == :expired`
			`print_error "Screenshot failed"`
			`else`
Permissions scanner for vmware Fixed the way loot was getting stored to set a propper type 2012-02-16 08:19:33 +00:00			`ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], retry_result, "#{vm['name']}_screenshot.png", "Screenshot of VM #{vm['name']}")`
Improved vmware enumerate vm modules now with screenshots! 2012-02-13 18:07:28 +00:00			`print_good "Screenshot Saved to #{ss_path}"`
			`end`
			`else`
Permissions scanner for vmware Fixed the way loot was getting stored to set a propper type 2012-02-16 08:19:33 +00:00			`ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], screenshot, "screenshot.png", "Screenshot of VM #{vm['name']}")`
Improved vmware enumerate vm modules now with screenshots! 2012-02-13 18:07:28 +00:00			`print_good "Screenshot Saved to #{ss_path}"`
			`end`
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`end`
Permissions scanner for vmware Fixed the way loot was getting stored to set a propper type 2012-02-16 08:19:33 +00:00			`store_loot('host.vmware.vms', "text/plain", datastore['RHOST'], YAML.dump(virtual_machines) , "#{datastore['RHOST']}_esx_vms.txt", "VMWare ESX Virtual Machines")`
Adding a bunch of new VIM API auxiliary stuff Work in progress. 2012-02-01 18:05:20 +00:00			`else`
			`print_error "Login Failure on #{ip}"`
			`return`
			`end`
			`end`

			`end`