Land #15096, Add shell support for win checkvm
This commit is contained in:
commit
00131a666c
|
@ -34,22 +34,7 @@ module Msf::Post::Common
|
|||
# Checks if the remote system has a process with ID +pid+
|
||||
#
|
||||
def has_pid?(pid)
|
||||
pid_list = []
|
||||
case client.type
|
||||
when /meterpreter/
|
||||
pid_list = client.sys.process.processes.collect {|e| e['pid']}
|
||||
when /shell/
|
||||
if client.platform == 'windows'
|
||||
o = cmd_exec('tasklist /FO LIST')
|
||||
pid_list = o.scan(/^PID:\s+(\d+)/).flatten
|
||||
else
|
||||
o = cmd_exec('ps ax')
|
||||
pid_list = o.scan(/^\s*(\d+)/).flatten
|
||||
end
|
||||
|
||||
pid_list = pid_list.collect {|e| e.to_i}
|
||||
end
|
||||
|
||||
pid_list = get_processes.collect { |e| e['pid'] }
|
||||
pid_list.include?(pid)
|
||||
end
|
||||
|
||||
|
@ -251,4 +236,35 @@ module Msf::Post::Common
|
|||
raise "Unable to check if command `#{cmd}' exists"
|
||||
end
|
||||
|
||||
def get_processes
|
||||
if session.type == 'meterpreter'
|
||||
return session.sys.process.get_processes.map {|p| p.slice('name', 'pid')}
|
||||
end
|
||||
processes = []
|
||||
if session.platform == 'windows'
|
||||
tasklist = cmd_exec('tasklist').split("\n")
|
||||
4.times { tasklist.delete_at(0) }
|
||||
tasklist.each do |p|
|
||||
properties = p.split
|
||||
process = {}
|
||||
process['name'] = properties[0]
|
||||
process['pid'] = properties[1].to_i
|
||||
processes.push(process)
|
||||
end
|
||||
# adding manually because this is common for all windows I think and splitting for this was causing problem for other processes.
|
||||
processes.prepend({ 'name' => '[System Process]', 'pid' => 0 })
|
||||
else
|
||||
ps_aux = cmd_exec('ps aux').split("\n")
|
||||
ps_aux.delete_at(0)
|
||||
ps_aux.each do |p|
|
||||
properties = p.split
|
||||
process = {}
|
||||
process['name'] = properties[10].gsub(/\[|\]/,"")
|
||||
process['pid'] = properties[1].to_i
|
||||
processes.push(process)
|
||||
end
|
||||
end
|
||||
return processes
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
class MetasploitModule < Msf::Post
|
||||
include Msf::Post::Windows::Registry
|
||||
include Msf::Auxiliary::Report
|
||||
|
@ -25,7 +24,7 @@ class MetasploitModule < Msf::Post
|
|||
'Aaron Soto <aaron_soto[at]rapid7.com>'
|
||||
],
|
||||
'Platform' => [ 'win' ],
|
||||
'SessionTypes' => [ 'meterpreter' ]
|
||||
'SessionTypes' => [ 'meterpreter', 'shell' ]
|
||||
)
|
||||
)
|
||||
end
|
||||
|
@ -35,11 +34,6 @@ class MetasploitModule < Msf::Post
|
|||
@services
|
||||
end
|
||||
|
||||
def get_processes
|
||||
@processes ||= session.sys.process.get_processes
|
||||
@processes
|
||||
end
|
||||
|
||||
def service_exists?(service)
|
||||
get_services && get_services.include?(service)
|
||||
end
|
||||
|
@ -75,7 +69,7 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
key_path = 'HKLM\HARDWARE\DESCRIPTION\System'
|
||||
system_bios_version = registry_getvaldata(key_path, 'SystemBiosVersion')
|
||||
return true if system_bios_version && system_bios_version.unpack('s<*').reduce('', :<<).include?('Hyper-V')
|
||||
return true if system_bios_version && system_bios_version.include?('Hyper-V')
|
||||
|
||||
key_path = 'HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0'
|
||||
return true if registry_getvaldata(key_path, 'Identifier') =~ /Msft Virtual Disk 1.0/i
|
||||
|
@ -202,7 +196,7 @@ class MetasploitModule < Msf::Post
|
|||
end
|
||||
|
||||
def run
|
||||
print_status("Checking if #{sysinfo['Computer']} is a Virtual Machine ...")
|
||||
print_status('Checking if the target is a Virtual Machine ...')
|
||||
|
||||
if hyperv?
|
||||
report_vm('Hyper-V')
|
||||
|
@ -217,7 +211,7 @@ class MetasploitModule < Msf::Post
|
|||
elsif qemu?
|
||||
report_vm('Qemu')
|
||||
else
|
||||
print_status("#{sysinfo['Computer']} appears to be a Physical Machine")
|
||||
print_status('The target appears to be a Physical Machine')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue