infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More fixes to the vim soa[p libs 

Added the SoapAction header as this turns out to be pretty
important for the screenshot task creation method.
unstable
David Maloney 2012-02-03 22:11:21 -06:00
parent df401f4c94
commit 668e5f8c52
1 changed files with 54 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
lib/msf/core/exploit/vim_soap.rb
View File

@ -19,6 +19,7 @@ module Exploit::Remote::VIMSoap
'data' => soap_data
}, 25)
@server_objects = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
@soap_action = "urn:vim25/#{@server_objects['about']['apiVersion']}"
if res.headers['Set-Cookie']
@vim_cookie = res.headers['Set-Cookie']
return true
@ -46,7 +47,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_data
'data' => soap_data,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
if res.code == 200
return :success
@ -70,7 +72,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
@ -98,7 +101,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
@ -129,7 +133,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
@dcs << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
@dcs.flatten!
@ -159,7 +164,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
host_folders = []
host_folders << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
@ -189,7 +195,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
ref = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
if ref.nil? or ref.empty?
@ -224,7 +231,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
next if res.body.include? "<faultstring>"
dc_hosts << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
@ -262,7 +270,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
return hash
@ -283,6 +292,29 @@ module Exploit::Remote::VIMSoap
end
def vim_take_screenshot(vm)
soap_req =
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Body>
<CreateScreenshot_Task xmlns="urn:vim25">
<_this type="VirtualMachine">#{vm}</_this>
</CreateScreenshot_Task>
</env:Body>
</env:Envelope>|
print_status "Request: #{soap_req}"
res = send_request_cgi({
'uri' => '/sdk',
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
print_status res.body
end
def vim_get_host_summary(host)
soap_req =
@ -307,7 +339,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
hash['runtime'].delete('healthSystemRuntime')
@ -320,6 +353,7 @@ module Exploit::Remote::VIMSoap
vim_setup_references
@vmrefs = []
vmlist= []
print_status @dcs.inspect
@dcs.each{|dc| @vmrefs << vim_get_dc_vms(dc)}
unless @vmrefs.empty?
@vmrefs.flatten!
@ -328,7 +362,11 @@ module Exploit::Remote::VIMSoap
print_status "#{datastore['RHOST']} - Estimated Time: #{((@vmrefs.length * 7) /60)} Minutes"
@vmrefs.each do |ref|
print_status "#{datastore['RHOST']} - Getting Data for VM: #{ref}..."
vmlist << vim_get_vm_info(ref)
details = vim_get_vm_info(ref)
if details
details['ref'] = ref
vmlist << details
end
end
end
return vmlist
@ -357,7 +395,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
vmfolder = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
@ -383,7 +422,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
vm_index_array = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
vm_index_array.delete_if{|ref| ref.start_with? "group"} unless vm_index_array.nil? or vm_index_array.empty?
@ -414,7 +454,8 @@ module Exploit::Remote::VIMSoap
'method' => 'POST',
'agent' => 'VMware VI Client',
'cookie' => @vim_cookie,
'data' => soap_req
'data' => soap_req,
'headers' => { 'SOAPAction' => @soap_action}
}, 25)
if res.body.include? "<faultstring>"
return nil