Add Terminate Session module and some extra goodness to enum sessions

2012-02-15 16:39:13 -06:00 · 2012-02-15 16:39:13 -06:00 · c9cf47bd4c
parent 67ba39cc3e
commit c9cf47bd4c
3 changed files with 123 additions and 0 deletions
--- a/lib/msf/core/exploit/vim_soap.rb
+++ b/lib/msf/core/exploit/vim_soap.rb
@ -98,6 +98,64 @@ module Exploit::Remote::VIMSoap
 		return session_list.flatten.compact
 	end
 	def vim_session_is_active(key, username)
 		soap_req =
 		%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 			<env:Body>
 			<SessionIsActive xmlns="urn:vim25">
 				<_this type="SessionManager">#{@server_objects['sessionManager']}</_this>
 				<sessionID>#{key}</sessionID>
 				<userName>#{username}</userName>
 			</SessionIsActive>
 			</env:Body>
 			</env:Envelope>|
 		res = send_request_cgi({
 			'uri'     => '/sdk',
 			'method'  => 'POST',
 			'agent'   => 'VMware VI Client',
 			'cookie'  => @vim_cookie,
 			'data'    => soap_req,
 			'headers' => { 'SOAPAction' => @soap_action}
 			}, 25)
 		return :noresponse unless res
 		if res.body.include? "NotAuthenticatedFault"
 			return :expired
 		elsif res.body.include? "<faultstring>"
 			return :error
 		end
 		active = Hash.from_xml(res.body)['Envelope']['Body']['SessionIsActiveResponse']['returnval']
 		return active
 	end
 	def vim_terminate_session(key)
 		vim_setup_references
 		soap_req =
 		%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 			<env:Body>
 			<TerminateSession xmlns="urn:vim25">
 				<_this xsi:type="ManagedObjectReference" type="SessionManager" >#{@server_objects['sessionManager']}</_this>
 				<sessionId>#{key}</sessionId>
 			</TerminateSession>
 			</env:Body>
 			</env:Envelope>|
 		res = send_request_cgi({
 			'uri'     => '/sdk',
 			'method'  => 'POST',
 			'agent'   => 'VMware VI Client',
 			'cookie'  => @vim_cookie,
 			'data'    => soap_req,
 			'headers' => { 'SOAPAction' => @soap_action}
 			}, 25)
 		return :noresponse unless res
 		return :notfound if res.body.include? "NotFoundFault"
 		if res.body.include? "NotAuthenticatedFault"
 			return :expired
 		elsif res.body.include? "<faultstring>"
 			return :error
 		end
 		return :success
 	end
 	def vim_get_dc_name(dc)
--- a/modules/auxiliary/admin/vmware/terminate_esx_session.rb
+++ b/modules/auxiliary/admin/vmware/terminate_esx_session.rb
@ -0,0 +1,64 @@
 ##
 # $Id$
 ##
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
 # http://metasploit.com/framework/
 ##
 require 'msf/core'
 require 'msf/core/exploit/vim_soap'
 class Metasploit3 < Msf::Auxiliary
 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Auxiliary::Report
 	include Msf::Exploit::Remote::VIMSoap
 	def initialize
 		super(
 			'Name'           => 'VMWare Terminate ESX Login Sessions',
 			'Description'    => %Q{
 							This module will log into the Web API of VMWare and try to terminate
 							a user's login session as specified by the session key.},
 			'Author'         => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
 			'License'        => MSF_LICENSE
 		)
 		register_options(
 			[
 				Opt::RPORT(443),
 				OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),
 				OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),
 				OptString.new('KEY', [true, "The session key to terminate"])
 			], self.class)
 	end
 	def run
 		if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
 			result = vim_terminate_session(datastore['KEY'])
 			case result
 			when :notfound
 				print_error "The specified Session was not found. Check your key"
 			when :success
 				print_good "The supplied session was terminated successfully."
 			when :error
 				print_error "There was an error encountered."
 			end
 		else
 			print_error "Login Failure on #{ip}"
 			return
 		end
 	end
 end
--- a/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb
+++ b/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb
@ -58,6 +58,7 @@ class Metasploit3 < Msf::Auxiliary
 				output = ''
 				vim_sessions.each do |vsession| 
 					tmp_line = "Name: #{vsession['fullName']} \n\t"
 					tmp_line << "Active: #{vim_session_is_active(vsession['key'],vsession['userName'])} \n\t"
 					tmp_line << "Username: #{vsession['userName']}\n\t"
 					tmp_line << "Session Key: #{vsession['key']}\n\t"
 					tmp_line << "Locale: #{vsession['locale']}\n\t"