Adds a power off vm aux module

2012-02-14 20:52:45 -06:00 · 2012-02-14 20:52:45 -06:00 · e67e9ab34f
parent a256a6fb0b
commit e67e9ab34f
2 changed files with 138 additions and 0 deletions
--- a/lib/msf/core/exploit/vim_soap.rb
+++ b/lib/msf/core/exploit/vim_soap.rb
@ -521,6 +521,74 @@ module Exploit::Remote::VIMSoap
 	end


+
+	def vim_powerOFF_vm(vm_ref)
+		soap_req =
+			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+			<env:Body>
+			<PowerOffVM_Task xmlns="urn:vim25">
+				<_this type="VirtualMachine">#{vm_ref}</_this>
+			</PowerOffVM_Task>
+			</env:Body>
+			</env:Envelope>| 
+		res = send_request_cgi({
+			'uri'     => '/sdk',
+			'method'  => 'POST',
+			'agent'   => 'VMware VI Client',
+			'cookie'  => @vim_cookie,
+			'data'    => soap_req,
+			'headers' => { 'SOAPAction' => @soap_action}
+		}, 25)
+		if res.body.include? "NotAuthenticatedFault"
+			return :expired
+		elsif res.body.include? "<faultstring>"
+			return :error
+		end
+		task_id = Hash.from_xml(res.body)['Envelope']['Body']['PowerOffVM_TaskResponse']['returnval']
+		state= "running"
+		while state == "running"
+			soap_req =
+				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+				<env:Body>
+				<RetrieveProperties xmlns="urn:vim25">
+					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
+					<specSet xsi:type="PropertyFilterSpec">
+						<propSet xsi:type="PropertySpec">
+							<type>Task</type>
+							<pathSet>info</pathSet>
+						</propSet>
+						<objectSet xsi:type="ObjectSpec">
+							<obj type="Task">#{task_id}</obj>
+						</objectSet>
+					</specSet>
+				</RetrieveProperties>
+				</env:Body>
+				</env:Envelope>| 
+			res = send_request_cgi({
+				'uri'     => '/sdk',
+				'method'  => 'POST',
+				'agent'   => 'VMware VI Client',
+				'cookie'  => @vim_cookie,
+				'data'    => soap_req,
+				'headers' => { 'SOAPAction' => @soap_action}
+			}, 25)
+			hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
+			state = hash['state']
+			case state
+			when 'running'
+				select(nil, nil, nil, 5)
+			when 'error'
+				if hash['error']['fault']['existingState'] == 'poweredOff'
+					return 'alreadyOFF'
+				end
+			end
+		end
+		return state
+	end
+
+
+
+
 	def vim_take_screenshot(vm, user, pass)
 		soap_req =
 			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
--- a/modules/auxiliary/admin/vmware/poweroff_vm.rb
+++ b/modules/auxiliary/admin/vmware/poweroff_vm.rb
@ -0,0 +1,70 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+require 'msf/core/exploit/vim_soap'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::Report
+	include Msf::Exploit::Remote::VIMSoap
+
+	def initialize
+		super(
+			'Name'           => 'VMWare Power Off Virtual Machine',
+			'Description'    => %Q{
+							This module will log into the Web API of VMWare and try to power off
+							a specified Virtual Machine.},
+			'Author'         => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
+			'License'        => MSF_LICENSE
+		)
+
+		register_options(
+			[
+				Opt::RPORT(443),
+				OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),
+				OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),
+				OptString.new('VM', [true, "The VM to try to Power Off"])
+			], self.class)
+	end
+
+	def run
+
+		if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
+			vm_ref = vim_find_vm_by_name(datastore['VM'])
+			if vm_ref 
+				return_state = vim_powerOFF_vm(vm_ref)
+				case return_state 
+				when 'success'
+					print_good "VM Powered Off Successfully"
+				when 'alreadyOFF'
+					print_status "The Server says that VM #{datastore['VM']} is already off."
+				else
+					print_error "The server returned an unexpected status #{return_state}"
+				end
+			else
+				print_error "Could not locate VM #{datastore['VM']}"
+			end
+		else
+			print_error "Login Failure on #{ip}"
+			return
+		end
+	end
+
+
+
+
+
+end
+