Land #15096, Add shell support for win checkvm

lib/msf/core/post/common.rb

@@ -34,22 +34,7 @@ module Msf::Post::Common
   # Checks if the remote system has a process with ID +pid+
   #
   def has_pid?(pid)
-    pid_list = []
-    case client.type
-    when /meterpreter/
-      pid_list = client.sys.process.processes.collect {|e| e['pid']}
-    when /shell/
-      if client.platform == 'windows'
-        o = cmd_exec('tasklist /FO LIST')
-        pid_list = o.scan(/^PID:\s+(\d+)/).flatten
-      else
-        o = cmd_exec('ps ax')
-        pid_list = o.scan(/^\s*(\d+)/).flatten
-      end
-
-      pid_list = pid_list.collect {|e| e.to_i}
-    end
-
+    pid_list = get_processes.collect { |e| e['pid'] }
     pid_list.include?(pid)
   end
 
@@ -251,4 +236,35 @@ module Msf::Post::Common
     raise "Unable to check if command `#{cmd}' exists"
   end
 
+  def get_processes
+    if session.type == 'meterpreter'
+      return session.sys.process.get_processes.map {|p| p.slice('name', 'pid')}
+    end
+    processes = []
+    if session.platform == 'windows'
+      tasklist = cmd_exec('tasklist').split("\n")
+      4.times { tasklist.delete_at(0) }
+      tasklist.each do |p|
+        properties = p.split
+        process = {}
+        process['name'] = properties[0]
+        process['pid'] = properties[1].to_i
+        processes.push(process)
+      end
+      # adding manually because this is common for all windows I think and splitting for this was causing problem for other processes.
+      processes.prepend({ 'name' => '[System Process]', 'pid' => 0 })
+    else
+      ps_aux = cmd_exec('ps aux').split("\n")
+      ps_aux.delete_at(0)
+      ps_aux.each do |p|
+        properties = p.split
+        process = {}
+        process['name'] = properties[10].gsub(/\[|\]/,"")
+        process['pid'] = properties[1].to_i
+        processes.push(process)
+      end
+    end
+    return processes
+  end
+
 end

modules/post/windows/gather/checkvm.rb

@@ -3,7 +3,6 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-
 class MetasploitModule < Msf::Post
   include Msf::Post::Windows::Registry
   include Msf::Auxiliary::Report
@@ -25,7 +24,7 @@ class MetasploitModule < Msf::Post
           'Aaron Soto <aaron_soto[at]rapid7.com>'
         ],
         'Platform' => [ 'win' ],
-        'SessionTypes' => [ 'meterpreter' ]
+        'SessionTypes' => [ 'meterpreter', 'shell' ]
       )
     )
   end
@@ -35,11 +34,6 @@ class MetasploitModule < Msf::Post
     @services
   end
 
-  def get_processes
-    @processes ||= session.sys.process.get_processes
-    @processes
-  end
-
   def service_exists?(service)
     get_services && get_services.include?(service)
   end
@@ -75,7 +69,7 @@ class MetasploitModule < Msf::Post
 
     key_path = 'HKLM\HARDWARE\DESCRIPTION\System'
     system_bios_version = registry_getvaldata(key_path, 'SystemBiosVersion')
-    return true if system_bios_version && system_bios_version.unpack('s<*').reduce('', :<<).include?('Hyper-V')
+    return true if system_bios_version && system_bios_version.include?('Hyper-V')
 
     key_path = 'HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0'
     return true if registry_getvaldata(key_path, 'Identifier') =~ /Msft    Virtual Disk    1.0/i
@@ -202,7 +196,7 @@ class MetasploitModule < Msf::Post
   end
 
   def run
-    print_status("Checking if #{sysinfo['Computer']} is a Virtual Machine ...")
+    print_status('Checking if the target is a Virtual Machine ...')
 
     if hyperv?
       report_vm('Hyper-V')
@@ -217,7 +211,7 @@ class MetasploitModule < Msf::Post
     elsif qemu?
       report_vm('Qemu')
     else
-      print_status("#{sysinfo['Computer']} appears to be a Physical Machine")
+      print_status('The target appears to be a Physical Machine')
     end
   end
 end