CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/enum_devices.rb
Views: 11655
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Windows::Registry

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Windows Gather Hardware Enumeration',

14
        'Description' => %q{

15
          Enumerate PCI hardware information from the registry. Please note this script

16
          will run through registry subkeys such as: 'PCI', 'ACPI', 'ACPI_HAL', 'FDC', 'HID',

17
          'HTREE', 'IDE', 'ISAPNP', 'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW',

18
          and 'USB'; it will take time to finish. It is recommended to run this module as a

19
          background job.

20
        },

21
        'License' => MSF_LICENSE,

22
        'Author' => [ 'Brandon Perry <bperry.volatile[at]gmail.com>' ],

23
        'Platform' => [ 'win' ],

24
        'SessionTypes' => [ 'meterpreter' ]

25
      )

26
    )

27
  end

28


29
  def list

30
    tbl = Rex::Text::Table.new(

31
      'Header' => 'Device Information',

32
      'Indent' => 1,

33
      'Columns' =>

34
      [

35
        'Device Description',

36
        'Driver Version',

37
        'Class',

38
        'Manufacturer',

39
        'Extra',

40
      ]

41
    )

42


43
    keys = [

44
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\PCI\\',

45
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\ACPI\\',

46
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\ACPI_HAL\\',

47
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\FDC\\',

48
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\HID\\',

49
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\HTREE\\',

50
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\IDE\\',

51
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\ISAPNP\\',

52
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\LEGACY\\',

53
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\LPTENUM\\',

54
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\PCIIDE\\',

55
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\Root\\',

56
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\SCSI\\',

57
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\STORAGE\\',

58
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\SW\\',

59
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\USB\\',

60
    ]

61


62
    keys.each do |key|

63
      devices = registry_enumkeys(key)

64


65
      t = []

66


67
      while (!devices.nil? && !devices.empty?)

68
        1.upto(3) do

69
          t << framework.threads.spawn("Module(#{refname})", false, devices.shift) do |device|

70
            next if device.nil?

71


72
            vprint_status("Enumerating #{device}")

73


74
            infos = registry_enumkeys(key + '\\' + device)

75
            next if infos.nil?

76


77
            infos.each do |info|

78
              next if info.nil?

79


80
              info_key = key + '\\' + device + '\\' + info

81


82
              desc = registry_getvaldata(info_key, 'DeviceDesc')

83
              mfg = registry_getvaldata(info_key, 'Mfg')

84
              device_class = registry_getvaldata(info_key, 'Class')

85
              driver_guid = registry_getvaldata(info_key, 'Driver')

86
              extra = ''

87


88
              if key =~ (/USB/) || key =~ (/LPTENUM/)

89
                extra = registry_getvaldata(info_key, 'LocationInformation')

90
              end

91


92
              if key =~ (/SCSI/) || key =~ (/\\IDE/) || key =~ (/ACPI\\/)

93
                extra = registry_getvaldata(info_key, 'FriendlyName')

94
              end

95


96
              desc = desc.split(';')[1] if desc =~ /^@/

97
              mfg = mfg.split(';')[1] if mfg =~ /^@/

98


99
              desc = '' if desc.nil?

100
              mfg = '' if mfg.nil?

101
              device_class = '' if device_class.nil?

102
              driver_guid = '' if driver_guid.nil?

103
              extra = '' if extra.nil?

104


105
              next if desc.empty? && mfg.empty?

106


107
              driver_version = ''

108


109
              if (!driver_guid.nil? || !driver_guid.empty?) && (driver_guid =~ /\\/)

110
                k = 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\' + driver_guid

111
                d = registry_getvaldata(k, 'DriverVersion')

112
                driver_version << d if !d.nil?

113
              end

114


115
              done = false

116


117
              tbl.rows.each do |row|

118
                next unless (row[0] == desc) &&

119
                            (row[1] == driver_version) &&

120
                            (row[2] == device_class) &&

121
                            (row[3] == mfg) &&

122
                            (row[4] == extra)

123


124
                done = true

125
                break

126
              end

127


128
              tbl << [desc, driver_version, device_class, mfg, extra] if !done

129
            end

130
          end

131
          t.map(&:join)

132
        end

133
      end

134
    end

135


136
    results = tbl.to_s

137
    vprint_line("\n" + results)

138


139
    path = store_loot('host.hardware', 'text/plain', session, results, 'hardware.txt', 'Host Hardware')

140
    print_good("Results saved in: #{path}")

141
  end

142


143
  def run

144
    print_status("Enumerating hardware on #{sysinfo['Computer']}")

145
    begin

146
      list

147
    rescue ::Exception => e

148
      if e.to_s =~ /execution expired/i

149
        print_error('Sorry, execution expired. Module could not finish running.')

150
      else

151
        print_error("An unexpected error has occurred: #{e}:\n#{e.backtrace}")

152
      end

153
    end

154
  end

155
end

156


157