Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/enum_devices.rb
19534 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Windows::Registry

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Windows Gather Hardware Enumeration',

14
        'Description' => %q{

15
          Enumerate PCI hardware information from the registry. Please note this script

16
          will run through registry subkeys such as: 'PCI', 'ACPI', 'ACPI_HAL', 'FDC', 'HID',

17
          'HTREE', 'IDE', 'ISAPNP', 'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW',

18
          and 'USB'; it will take time to finish. It is recommended to run this module as a

19
          background job.

20
        },

21
        'License' => MSF_LICENSE,

22
        'Author' => [ 'Brandon Perry <bperry.volatile[at]gmail.com>' ],

23
        'Platform' => [ 'win' ],

24
        'SessionTypes' => [ 'meterpreter' ],

25
        'Notes' => {

26
          'Stability' => [CRASH_SAFE],

27
          'SideEffects' => [],

28
          'Reliability' => []

29
        }

30
      )

31
    )

32
  end

33


34
  def list

35
    tbl = Rex::Text::Table.new(

36
      'Header' => 'Device Information',

37
      'Indent' => 1,

38
      'Columns' =>

39
      [

40
        'Device Description',

41
        'Driver Version',

42
        'Class',

43
        'Manufacturer',

44
        'Extra',

45
      ]

46
    )

47


48
    keys = [

49
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\PCI\\',

50
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\ACPI\\',

51
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\ACPI_HAL\\',

52
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\FDC\\',

53
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\HID\\',

54
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\HTREE\\',

55
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\IDE\\',

56
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\ISAPNP\\',

57
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\LEGACY\\',

58
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\LPTENUM\\',

59
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\PCIIDE\\',

60
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\Root\\',

61
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\SCSI\\',

62
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\STORAGE\\',

63
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\SW\\',

64
      'HKLM\\SYSTEM\\ControlSet001\\Enum\\USB\\',

65
    ]

66


67
    keys.each do |key|

68
      devices = registry_enumkeys(key)

69


70
      t = []

71


72
      while !devices.nil? && !devices.empty?

73
        1.upto(3) do

74
          t << framework.threads.spawn("Module(#{refname})", false, devices.shift) do |device|

75
            next if device.nil?

76


77
            vprint_status("Enumerating #{device}")

78


79
            infos = registry_enumkeys(key + '\\' + device)

80
            next if infos.nil?

81


82
            infos.each do |info|

83
              next if info.nil?

84


85
              info_key = key + '\\' + device + '\\' + info

86


87
              desc = registry_getvaldata(info_key, 'DeviceDesc')

88
              mfg = registry_getvaldata(info_key, 'Mfg')

89
              device_class = registry_getvaldata(info_key, 'Class')

90
              driver_guid = registry_getvaldata(info_key, 'Driver')

91
              extra = ''

92


93
              if key =~ (/USB/) || key =~ (/LPTENUM/)

94
                extra = registry_getvaldata(info_key, 'LocationInformation')

95
              end

96


97
              if key =~ (/SCSI/) || key =~ (/\\IDE/) || key =~ (/ACPI\\/)

98
                extra = registry_getvaldata(info_key, 'FriendlyName')

99
              end

100


101
              desc = desc.split(';')[1] if desc =~ /^@/

102
              mfg = mfg.split(';')[1] if mfg =~ /^@/

103


104
              desc = '' if desc.nil?

105
              mfg = '' if mfg.nil?

106
              device_class = '' if device_class.nil?

107
              driver_guid = '' if driver_guid.nil?

108
              extra = '' if extra.nil?

109


110
              next if desc.empty? && mfg.empty?

111


112
              driver_version = ''

113


114
              if (!driver_guid.nil? || !driver_guid.empty?) && (driver_guid =~ /\\/)

115
                k = 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\' + driver_guid

116
                d = registry_getvaldata(k, 'DriverVersion')

117
                driver_version << d if !d.nil?

118
              end

119


120
              done = false

121


122
              tbl.rows.each do |row|

123
                next unless (row[0] == desc) &&

124
                            (row[1] == driver_version) &&

125
                            (row[2] == device_class) &&

126
                            (row[3] == mfg) &&

127
                            (row[4] == extra)

128


129
                done = true

130
                break

131
              end

132


133
              tbl << [desc, driver_version, device_class, mfg, extra] if !done

134
            end

135
          end

136
          t.map(&:join)

137
        end

138
      end

139
    end

140


141
    results = tbl.to_s

142
    vprint_line("\n" + results)

143


144
    path = store_loot('host.hardware', 'text/plain', session, results, 'hardware.txt', 'Host Hardware')

145
    print_good("Results saved in: #{path}")

146
  end

147


148
  def run

149
    print_status("Enumerating hardware on #{sysinfo['Computer']}")

150
    list

151
  rescue StandardError => e

152
    if e.to_s =~ /execution expired/i

153
      print_error('Sorry, execution expired. Module could not finish running.')

154
    else

155
      print_error("An unexpected error has occurred: #{e}:\n#{e.backtrace}")

156
    end

157
  end

158
end

159


160