1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Linux::Priv
9
  include Msf::Post::Linux::System
10
  include Msf::Post::Process
11

12
  def initialize(info = {})
13
    super(
14
      update_info(
15
        info,
16
        'Name' => 'Linux Gather Virtual Environment Detection',
17
        'Description' => %q{
18
          This module attempts to determine whether the system is running
19
          inside of a virtual environment and if so, which one. This
20
          module supports detection of Hyper-V, VMWare, VirtualBox, Xen,
21
          Bhyve and QEMU/KVM.
22
        },
23
        'License' => MSF_LICENSE,
24
        'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
25
        'Platform' => [ 'linux' ],
26
        'SessionTypes' => [ 'shell', 'meterpreter' ],
27
        'Notes' => {
28
          'Stability' => [CRASH_SAFE],
29
          'SideEffects' => [],
30
          'Reliability' => []
31
        }
32
      )
33
    )
34
  end
35

36
  # Run Method for when run command is issued
37
  def run
38
    print_status('Gathering System info ....')
39
    vm = nil
40
    dmi_info = nil
41

42
    if is_root?
43
      dmi_info = cmd_exec('/usr/sbin/dmidecode')
44
    end
45

46
    # Check DMi Info
47
    if dmi_info
48
      case dmi_info
49
      when /microsoft corporation/i
50
        vm = 'MS Hyper-V'
51
      when /vmware/i
52
        vm = 'VMware'
53
      when /virtualbox/i
54
        vm = 'VirtualBox'
55
      when /qemu/i
56
        vm = 'Qemu/KVM'
57
      when /domu/i
58
        vm = 'Xen'
59
      end
60
    end
61

62
    # Check kernel modules
63
    if !vm
64
      loaded_modules = read_file('/proc/modules')
65
      if !loaded_modules
66
        loaded_modules = cmd_exec('/sbin/lsmod').to_s
67
      end
68

69
      case loaded_modules.gsub("\n", ' ')
70
      when /vboxsf|vboxguest|vboxvideo|vboxvideo_drv|vboxdrv/i
71
        vm = 'VirtualBox'
72
      when /vmw_ballon|vmxnet|vmw/i
73
        vm = 'VMware'
74
      when /xen-vbd|xen-vnif|xen_netfront|xen_blkfront/
75
        vm = 'Xen'
76
      when /virtio_pci|virtio_net|virtio_blk|virtio_console|virtio_scsi|virtio_balloon|virtio_input|virtio-gpu|virtio-rng|virtio_dma_buf|virtio_mmio|virtio_pmem|virtio_snd/
77
        vm = 'Qemu/KVM'
78
      when /hv_vmbus|hv_blkvsc|hv_netvsc|hv_utils|hv_storvsc|hv_boot|hv_balloon|hyperv_keyboard|hid_hyperv|hyperv_fb/
79
        vm = 'MS Hyper-V'
80
      end
81
    end
82

83
    # Check SCSI Driver
84
    if !vm
85
      proc_scsi = read_file('/proc/scsi/scsi')
86
      if proc_scsi
87
        case proc_scsi.gsub("\n", ' ')
88
        when /vmware/i
89
          vm = 'VMware'
90
        when /vbox/i
91
          vm = 'VirtualBox'
92
        end
93
      end
94
    end
95

96
    # Check IDE Devices
97
    if !vm
98
      case cmd_exec('cat /proc/ide/hd*/model')
99
      when /vbox/i
100
        vm = 'VirtualBox'
101
      when /vmware/i
102
        vm = 'VMware'
103
      when /qemu/i
104
        vm = 'Qemu/KVM'
105
      when /virtual [vc]d/i
106
        vm = 'Hyper-V/Virtual PC'
107
      end
108
    end
109

110
    # identity Xen block Device Root
111
    if !vm
112
      proc_mounts = read_file('/proc/mounts')
113
      if proc_mounts
114
        case proc_mounts
115
        when %r{/dev/xvd.* / }
116
          vm = 'Xen'
117
        end
118
      end
119
    end
120

121
    # Check system vendor
122
    if !vm
123
      sys_vendor = read_file('/sys/class/dmi/id/sys_vendor')
124
      if sys_vendor
125
        case sys_vendor.gsub("\n", ' ')
126
        when /qemu/i
127
          vm = 'Qemu'
128
        when /vmware/i
129
          vm = 'VMWare'
130
        when /xen/i
131
          vm = 'Xen'
132
        when /microsoft/i
133
          vm = 'Hyper-V'
134
        end
135
      end
136
    end
137

138
    # Check using lspci
139
    if !vm
140
      case get_sysinfo[:distro]
141
      when /oracle|centos|suse|redhat|mandrake|slackware|fedora/i
142
        lspci_data = cmd_exec('/sbin/lspci')
143
      when /debian|ubuntu/
144
        lspci_data = cmd_exec('/usr/bin/lspci')
145
      else
146
        lspci_data = cmd_exec('lspci')
147
      end
148

149
      case lspci_data.to_s.gsub("\n", ' ')
150
      when /vmware/i
151
        vm = 'VMware'
152
      when /virtualbox/i
153
        vm = 'VirtualBox'
154
      end
155
    end
156

157
    # Check Product Name
158
    if !vm
159
      product_name = read_file('/sys/class/dmi/id/product_name')
160
      if product_name
161
        case product_name.gsub("\n", ' ')
162
        when /bhyve/i
163
          vm = 'Bhyve'
164
        when /qemu/i
165
          vm = 'Qemu'
166
        when /vmware/i
167
          vm = 'VMware'
168
        when /virtualbox/i
169
          vm = 'VirtualBox'
170
        when /xen/i
171
          vm = 'Xen'
172
        when /KVM/i
173
          vm = 'KVM'
174
        when /oracle/i
175
          vm = 'Oracle Corporation'
176
        end
177
      end
178
    end
179

180
    # Check BIOS Name
181
    if !vm
182
      bios_vendor = read_file('/sys/devices/virtual/dmi/id/bios_vendor')
183
      if bios_vendor
184
        case bios_vendor.gsub("\n", ' ')
185
        when /^xen/i
186
          vm = 'Xen'
187
        when /innotek GmbH/i
188
          vm = 'VirtualBox'
189
        end
190
      end
191
    end
192

193
    # Check cpuinfo
194
    if !vm
195
      cpuinfo = read_file('/proc/cpuinfo')
196
      if cpuinfo
197
        case cpuinfo.gsub("\n", ' ')
198
        when /qemu virtual cpu|emulated by qemu|KVM processor/i
199
          vm = 'Qemu/KVM'
200
        end
201
      end
202
    end
203

204
    # Check Xen devices
205
    if !vm
206
      xen_capabilities = read_file('/sys/hypervisor/uuid')
207
      if xen_capabilities && !xen_capabilities.include?('00000000-0000-0000-0000-000000000000')
208
        vm = 'Xen'
209
      end
210
    end
211
    if !vm
212
      xen_type = read_file('/sys/hypervisor/type')
213
      if xen_type && xen_type == ('xen')
214
        vm = 'Xen'
215
      end
216
    end
217

218
    # Check device tree
219
    if !vm
220
      compatible = read_file('/proc/device-tree/compatible')
221
      if compatible && compatible.include?('qemu')
222
        vm = 'Qemu/KVM'
223
      end
224
    end
225
    if !vm
226
      compatible = read_file('/proc/device-tree/hypervisor/compatible')
227
      if compatible
228
        case compatible
229
        when /linux,kvm/i
230
          vm = 'Qemu/KVM'
231
        when /xen/i
232
          vm = 'Xen'
233
        when /vmware/i
234
          vm = 'VMware'
235
        end
236
      end
237
    end
238

239
    # Check Processes
240
    if !vm
241
      get_processes do |process|
242
        case process['name']
243
        when /hv_vss_daemon|hv_kvp_daemon|hv_fcopy_daemon/i
244
          vm = 'MS Hyper-V'
245
        end
246
      end
247
    end
248

249
    # Check dmesg Output
250
    if !vm
251
      dmesg = cmd_exec('dmesg')
252
      case dmesg
253
      when /vboxbios|vboxcput|vboxfacp|vboxxsdt|vbox cd-rom|vbox harddisk/i
254
        vm = 'VirtualBox'
255
      when /vmware virtual ide|vmware pvscsi|vmware virtual platform/i
256
        vm = 'VMware'
257
      when /xen_mem|xen-vbd/i
258
        vm = 'Xen'
259
      when /qemu virtual cpu version/i
260
        vm = 'Qemu/KVM'
261
      when %r{/dev/vmnet}
262
        vm = 'VMware'
263
      end
264
    end
265

266
    if vm
267
      print_good("This appears to be a '#{vm}' virtual machine")
268
      report_virtualization(vm)
269
    else
270
      print_status('This does not appear to be a virtual machine')
271
    end
272
  end
273
end
274

275