From 36dc0fee507ac9851bee4806c11fc6da892d0de4 Mon Sep 17 00:00:00 2001
From: David Maloney <David_Maloney@rapid7.com>
Date: Sat, 18 Feb 2012 18:29:46 -0600
Subject: [PATCH] Better dynamic soap generation for all the vmware stuff

---
 lib/msf/core/exploit/vim_soap.rb              | 1343 ++++++-----------
 modules/auxiliary/admin/vmware/poweroff_vm.rb |   10 +-
 modules/auxiliary/admin/vmware/poweron_vm.rb  |    9 +-
 modules/auxiliary/admin/vmware/tag_vm.rb      |   11 +-
 4 files changed, 493 insertions(+), 880 deletions(-)

diff --git a/lib/msf/core/exploit/vim_soap.rb b/lib/msf/core/exploit/vim_soap.rb
index 94d19ce567..28e8759926 100644
--- a/lib/msf/core/exploit/vim_soap.rb
+++ b/lib/msf/core/exploit/vim_soap.rb
@@ -3,46 +3,205 @@ module Msf
 module Exploit::Remote::VIMSoap
 	include Msf::Exploit::Remote::HttpClient
 
-	def vim_get_session
-		soap_data = 
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveServiceContent xmlns="urn:vim25">
-				<_this type="ServiceInstance">ServiceInstance</_this>
-			</RetrieveServiceContent>
-			</env:Body>
-			</env:Envelope>|
-			res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'data' => soap_data
-				}, 25)
-			return false unless res and res.code == 200
-			 @server_objects = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
-			 @soap_action = "urn:vim25/#{@server_objects['about']['apiVersion']}"
-			if res.headers['Set-Cookie']
-				@vim_cookie = res.headers['Set-Cookie']
-				return true
-			else
-				return false
-			end
+	def vim_soap_envelope(body)
+		soap_data = '<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'
+		soap_data << '<env:Body>'
+		soap_data << body
+		soap_data <<  '</env:Body></env:Envelope>'
 	end
 
+
+
+	def vim_soap_propset(type,path,all = false)
+		soap_data = '<propSet xsi:type="PropertySpec">'
+		soap_data << '<type>' + type + '</type>'
+		if all
+			soap_data << '<all>true</all>'
+		else
+			soap_data << '<pathSet>' + path + '</pathSet>'
+		end
+		soap_data << '</propSet>'
+	end
+
+
+
+	def vim_soap_objset(type, ref)
+		soap_data = '<objectSet>'
+		soap_data << '<obj type="' + type + '">' + ref + '</obj>'
+		soap_data << '</objectSet>'
+	end
+
+
+
+	def vim_soap_specset(path,type,ref,all=false)
+		soap_data = '<specSet>'
+		soap_data << vim_soap_propset(type,path,all)
+		soap_data << vim_soap_objset(type,ref)
+		soap_data << '</specSet>'
+	end
+
+
+
+	def vim_soap_retrieve_properties(path,type,ref,all=false)
+		soap_data = '<RetrieveProperties xmlns="urn:vim25">'
+		soap_data << '<_this type="PropertyCollector">' + @server_objects['propertyCollector'] + '</_this>'
+		soap_data << vim_soap_specset(path,type,ref,all)
+		soap_data << '</RetrieveProperties>'
+	end
+
+
+
+	def vim_soap_retrieve_service_content
+		soap_data = '<RetrieveServiceContent xmlns="urn:vim25">'
+		soap_data << '<_this type="ServiceInstance">ServiceInstance</_this>'
+		soap_data << '</RetrieveServiceContent>'
+	end
+
+
+
+	def vim_soap_login(user,pass)
+		soap_data = '<Login xmlns="urn:vim25">'
+		soap_data << '<_this type="SessionManager">' + @server_objects['sessionManager'] + '</_this>'
+		soap_data << '<userName>' + user + '</userName>'
+		soap_data << '<password>' + pass + '</password>'
+		soap_data << '</Login>'
+	end
+
+
+
+	def vim_soap_session_active?(key, user)
+		soap_data = '<SessionIsActive xmlns="urn:vim25">'
+		soap_data << '<_this type="SessionManager">' + @server_objects['sessionManager'] + '</_this>'
+		soap_data << '<sessionID>' + key+ '</sessionID>'
+		soap_data << '<userName>' + user + '</userName>'
+		soap_data << '</SessionIsActive>'
+	end
+
+
+
+
+	def vim_soap_terminate_session(key)
+		soap_data = '<TerminateSession xmlns="urn:vim25">'
+		soap_data << '<_this xsi:type="ManagedObjectReference" type="SessionManager" >' + @server_objects['sessionManager'] + '</_this>'
+		soap_data << '<sessionId>' + key + '</sessionId>'
+		soap_data << '</TerminateSession>'
+	end
+
+
+
+	def vim_soap_retrieve_usergroups(domain=nil)
+		soap_data = '<RetrieveUserGroups xmlns="urn:internalvim25">'
+		soap_data << '<_this xsi:type="ManagedObjectReference" type="UserDirectory">' + @server_objects['userDirectory'] + '</_this>'
+		soap_data << '<domain>' + domain + '</domain>' if domain
+		soap_data << '<searchStr></searchStr><exactMatch>false</exactMatch><findUsers>true</findUsers><findGroups>true</findGroups>'
+		soap_data << '</RetrieveUserGroups>'
+	end
+
+
+
+	def vim_soap_log_user_event_vm(vm_ref,msg)
+		soap_data = '<LogUserEvent xmlns="urn:vim25">'
+		soap_data << '<_this type="EventManager">' + @server_objects['eventManager'] + '</_this>'
+		soap_data << '<entity type="VirtualMachine">' + vm_ref + '</entity>'
+		soap_data << '<msg>' + msg + '</msg>'
+		soap_data << '</LogUserEvent>'
+	end
+
+
+
+	def vim_soap_retrieve_all_permissions
+		soap_data = '<RetrieveAllPermissions xmlns="urn:vim25">'
+		soap_data << '<_this type="AuthorizationManager">' + @server_objects['authorizationManager'] + '</_this>'
+		soap_data << '</RetrieveAllPermissions>'
+	end
+
+
+
+	def vim_soap_find_child_byname(type,entity,name)
+		soap_data = '<FindChild xmlns="urn:vim25">'
+		soap_data << '<_this type="SearchIndex">' + @server_objects['searchIndex'] + '</_this>'
+		soap_data << '<entity type="' + type + '">' + entity + '</entity>'
+		soap_data << '<name>' + name + '</name>'
+		soap_data << '</FindChild>'
+	end
+
+
+
+	def vim_soap_power_on_vm(vm_ref)
+		soap_data = '<PowerOnVM_Task xmlns="urn:vim25">'
+		soap_data << '<_this type="VirtualMachine">' + vm_ref + '</_this>'
+		soap_data << '</PowerOnVM_Task>'
+	end
+
+
+
+	def vim_soap_power_off_vm(vm_ref)
+		soap_data = '<PowerOffVM_Task xmlns="urn:vim25">'
+		soap_data << '<_this type="VirtualMachine">' + vm_ref + '</_this>'
+		soap_data << '</PowerOffVM_Task>'
+	end
+
+
+
+	def vim_soap_create_screenshot(vm_ref)
+		soap_data = '<CreateScreenshot_Task xmlns="urn:vim25">'
+		soap_data << '<_this type="VirtualMachine">' + vm_ref + '</_this>'
+		soap_data << '</CreateScreenshot_Task>'
+	end
+
+
+
+	def vim_send_soap_request(soap_data)
+		res = send_request_cgi({
+			'uri'     => '/sdk',
+			'method'  => 'POST',
+			'agent'   => 'VMware VI Client',
+			'cookie'  => @vim_cookie,
+			'data' => soap_data,
+			'headers' => { 'SOAPAction' => @soap_action}
+		}, 25)
+		return :noresponse unless res
+		if res.body.include? "NotAuthenticatedFault"
+			return :expired
+		elsif res.body.include? "<faultstring>" 
+			@vim_soap_error = res.body.match(/<faultstring>([^\c ]+?)<\/faultstring>/)[1]
+			return :error
+		elsif res.code != 200
+			@vim_soap_error = "An unknown error was encountered"
+			return :error
+		else
+			return Hash.from_xml(res.body)['Envelope']['Body']
+		end
+	end
+
+
+
+	def vim_get_session
+		soap_data = vim_soap_envelope(vim_soap_retrieve_service_content)
+		res = send_request_cgi({
+			'uri'     => '/sdk',
+			'method'  => 'POST',
+			'agent'   => 'VMware VI Client',
+			'data' => soap_data
+		}, 25)
+		return false unless res and res.code == 200
+		 @server_objects = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
+		 @soap_action = "urn:vim25/#{@server_objects['about']['apiVersion']}"
+		if res.headers['Set-Cookie']
+			@vim_cookie = res.headers['Set-Cookie']
+			return true
+		else
+			return false
+		end
+	end
+
+
+
 	def vim_do_login(user, pass)
 		unless vim_get_session
 			return false
 		end
-		soap_data = 
-%Q|<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
-    <SOAP-ENV:Body>
-        <Login xmlns="urn:vim25">
-            <_this type="SessionManager">#{@server_objects['sessionManager']}</_this>
-            <userName>#{user}</userName>
-            <password>#{pass}</password>
-        </Login>
-    </SOAP-ENV:Body>
-</SOAP-ENV:Envelope>|
+		soap_data = vim_soap_envelope(vim_soap_login(user,pass))
 		res = send_request_cgi({
 				'uri'     => '/sdk',
 				'method'  => 'POST',
@@ -59,530 +218,217 @@ module Exploit::Remote::VIMSoap
 	end
 
 
-	def vim_get_session_list
-		vim_setup_references
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>SessionManager</type>
-						<pathSet>sessionList</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="SessionManager">#{@server_objects['sessionManager']}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>|
 
-		res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-				}, 25)
-		return :noresponse unless res
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+	def vim_get_session_list
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('sessionList','SessionManager', @server_objects['sessionManager']))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			session_list = []
+			session_list << res['RetrievePropertiesResponse']['returnval']['propSet']['val']['UserSession']
+			return session_list.flatten.compact
+		else
+			return res
 		end
-		session_list = []
-		session_list << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['UserSession']
-		return session_list.flatten.compact
 	end
 
+
+
 	def vim_session_is_active(key, username)
-		soap_req =
-		%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<SessionIsActive xmlns="urn:vim25">
-				<_this type="SessionManager">#{@server_objects['sessionManager']}</_this>
-				<sessionID>#{key}</sessionID>
-				<userName>#{username}</userName>
-			</SessionIsActive>
-			</env:Body>
-			</env:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		return :noresponse unless res
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+		soap_data = vim_soap_envelope(vim_soap_session_active?(key,username))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			active = res['SessionIsActiveResponse']['returnval']
+			return active
+		else
+			return res
 		end
-		active = Hash.from_xml(res.body)['Envelope']['Body']['SessionIsActiveResponse']['returnval']
-		return active
 	end
 
 
+
 	def vim_terminate_session(key)
-		vim_setup_references
-		soap_req =
-		%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<TerminateSession xmlns="urn:vim25">
-				<_this xsi:type="ManagedObjectReference" type="SessionManager" >#{@server_objects['sessionManager']}</_this>
-				<sessionId>#{key}</sessionId>
-			</TerminateSession>
-			</env:Body>
-			</env:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		return :noresponse unless res
-		return :notfound if res.body.include? "NotFoundFault"
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+		soap_data = vim_soap_envelope(vim_soap_terminate_session(key))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			return :success
+		else 
+			return res
 		end
-		return :success
 	end
 
 
+
 	def vim_get_domains
-		vim_setup_references
-		soap_req=
-			%Q|
-			<soap:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
-			<soap:Body>
-			<RetrieveProperties xmlns="urn:internalvim25">
-				<_this xsi:type="ManagedObjectReference" type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet>
-					<propSet>
-						<type>UserDirectory</type>
-						<all>false</all>
-						<pathSet>domainList</pathSet>
-					</propSet>
-					<objectSet>
-						<obj xsi:type="ManagedObjectReference" type="UserDirectory">#{@server_objects['userDirectory']}</obj>
-						<skip>false</skip>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</soap:Body>
-			</soap:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		return :noresponse unless res
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('domainList', 'UserDirectory', @server_objects['userDirectory']))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			domains = []
+			domains << res['RetrievePropertiesResponse']['returnval']['propSet']['val']['string']
+			return domains.flatten.compact
+		else 
+			return res
 		end
-		domains = []
-		domains << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['string']
-		return domains.flatten.compact
 	end
 
+
+
 	def vim_get_user_list(domain=nil)
-		soap_req = 
-			%Q|
-			<soap:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
-			<soap:Body>
-			<RetrieveUserGroups xmlns="urn:internalvim25">
-				<_this xsi:type="ManagedObjectReference" type="UserDirectory">#{@server_objects['userDirectory']}</_this>|
-		soap_req << "\n" + %Q|<domain>#{domain}</domain>| + "\n" if domain
-		soap_req << %Q|
-				<searchStr></searchStr>
-				<exactMatch>false</exactMatch>
-				<findUsers>true</findUsers>
-				<findGroups>true</findGroups>
-			</RetrieveUserGroups>
-			</soap:Body>
-			</soap:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		return :noresponse unless res
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+		soap_data = vim_soap_envelope(vim_soap_retrieve_usergroups(domain))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			return nil unless res['RetrieveUserGroupsResponse']['returnval']
+			user_list = []
+			user_list <<  res['RetrieveUserGroupsResponse']['returnval']
+			return user_list.flatten.compact
+		else
+			return res
 		end
-		tmp_hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveUserGroupsResponse']
-		return nil unless tmp_hash['returnval']
-		user_list = []
-		user_list <<  tmp_hash['returnval']
-		return user_list.flatten.compact
 	end
 
+
+
 	def vim_log_event_vm(vm_ref, msg)
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<LogUserEvent xmlns="urn:vim25">
-				<_this type="EventManager">#{@server_objects['eventManager']}</_this>
-				<entity type="VirtualMachine">#{vm_ref}</entity>
-				<msg>#{msg}</msg>
-			</LogUserEvent>
-			</env:Body>
-			</env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		return :noresponse unless res
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
-		else
+		soap_data = vim_soap_envelope(vim_soap_log_user_event_vm(vm_ref,msg))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
 			return :success
+		else
+			return res
 		end
 	end
 
+
+
 	def vim_get_all_permissions
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveAllPermissions xmlns="urn:vim25">
-				<_this type="AuthorizationManager">#{@server_objects['authorizationManager']}</_this>
-			</RetrieveAllPermissions>
-			</env:Body>
-			</env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		return :noresponse unless res
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
-		else
+		soap_data = vim_soap_envelope(vim_soap_retrieve_all_permissions)
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
 			permissions = []
-			permissions << Hash.from_xml(res.body)['Envelope']['Body']['RetrieveAllPermissionsResponse']['returnval']
+			permissions << res['RetrieveAllPermissionsResponse']['returnval']
 			return permissions.flatten.compact
+		else
+			return res
 		end
 	end
 
+
+
 	def vim_get_roles
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>AuthorizationManager</type>
-						<pathSet>roleList</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="AuthorizationManager">#{@server_objects['authorizationManager']}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		return :noresponse unless res
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
-		else
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('roleList', 'AuthorizationManager', @server_objects['authorizationManager']))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
 			roles = []
-			roles << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['AuthorizationRole']
+			roles << res['RetrievePropertiesResponse']['returnval']['propSet']['val']['AuthorizationRole']
 			return roles.flatten.compact
+		else
+			return res
 		end
 	end
 
+
+
 	def vim_get_dc_name(dc)
-		soap_req=
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>Datacenter</type>
-						<pathSet>name</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="Datacenter">#{dc}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		name = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-		return name
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('name','Datacenter',dc))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			return res['RetrievePropertiesResponse']['returnval']['propSet']['val']
+		else
+			return res
+		end
 	end
 
 
 	def vim_get_dcs
-			soap_req = 
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-					<env:Body>
-						<RetrieveServiceContent xmlns="urn:vim25">
-							<_this type="ServiceInstance">ServiceInstance</_this>
-						</RetrieveServiceContent>
-					</env:Body>
-				</env:Envelope>|
+		soap_data = vim_soap_envelope(vim_soap_retrieve_service_content)
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			@server_objects.merge!(res['RetrieveServiceContentResponse']['returnval'])
+		else
+			return res
+		end
 
-			res = send_request_cgi({
-					'uri'     => '/sdk',
-					'method'  => 'POST',
-					'agent'   => 'VMware VI Client',
-					'cookie'  => @vim_cookie,
-					'data'    => soap_req,
-					'headers' => { 'SOAPAction' => @soap_action}
-					}, 25)
-		
-			hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
-			@server_objects.merge!(hash)
-			soap_req =
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-					<env:Body>
-						<RetrieveProperties xmlns="urn:vim25">
-							<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-							<specSet xsi:type="PropertyFilterSpec">
-								<propSet xsi:type="PropertySpec">
-									<type>ServiceInstance</type>
-									<pathSet>content</pathSet>
-								</propSet>
-								<objectSet xsi:type="ObjectSpec">
-									<obj type="ServiceInstance">ServiceInstance</obj>
-								</objectSet>
-							</specSet>
-						</RetrieveProperties>
-					</env:Body>
-				</env:Envelope>| 
-
-			res = send_request_cgi({
-					'uri'     => '/sdk',
-					'method'  => 'POST',
-					'agent'   => 'VMware VI Client',
-					'cookie'  => @vim_cookie,
-					'data'    => soap_req,
-					'headers' => { 'SOAPAction' => @soap_action}
-					}, 25)
-
-			hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('content', 'ServiceInstance', 'ServiceInstance'))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			hash = res['RetrievePropertiesResponse']['returnval']['propSet']['val']
 			hash.delete('xsi:type')
 			@server_objects.merge!(hash)
+		else
+			return res
+		end
 
-
-			soap_req = 
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Folder</type>
-							<pathSet>childEntity</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Folder">#{@server_objects['rootFolder']}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>| 
-
-			res = send_request_cgi({
-					'uri'     => '/sdk',
-					'method'  => 'POST',
-					'agent'   => 'VMware VI Client',
-					'cookie'  => @vim_cookie,
-					'data'    => soap_req,
-					'headers' => { 'SOAPAction' => @soap_action}
-					}, 25)
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('childEntity', 'Folder', @server_objects['rootFolder']))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
 			tmp_dcs = []
-			tmp_dcs << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
+			tmp_dcs << res['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
 			tmp_dcs.flatten!
 			tmp_dcs.each{|dc| @dcs << { 'name' => vim_get_dc_name(dc) , 'ref' => dc}}
+		else
+			return res
+		end
 	end
 
+
+
 	def vim_get_hosts(datacenter)
 		dc_hosts = []
-		soap_req = 
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Datacenter</type>
-							<pathSet>hostFolder</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Datacenter">#{datacenter}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-		host_folders = []
-		host_folders << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-		host_folders.flatten!
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('hostFolder', 'Datacenter' , datacenter))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			host_folders = []
+			host_folders << res['RetrievePropertiesResponse']['returnval']['propSet']['val']
+			host_folders.flatten!
+		else
+			return res
+		end
 
 		compute_refs = []
 		host_folders.each do |folder|
-			soap_req = 
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Folder</type>
-							<pathSet>childEntity</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Folder">#{folder}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>| 
-			res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-			ref = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
-			if ref.nil? or ref.empty?
-				return nil
+			soap_data = vim_soap_envelope(vim_soap_retrieve_properties('childEntity', 'Folder' , folder))
+			res = vim_send_soap_request(soap_data)
+			if res.class == Hash
+				ref = res['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
+				unless ref.nil?
+					compute_refs << ref
+				end
 			else
-				compute_refs << ref
+				return res
 			end
 		end
 		compute_refs.flatten!
 
-
 		compute_refs.each do |ref|
-			soap_req =
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>ComputeResource</type>
-							<pathSet>host</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="ComputeResource">#{ref}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>|
-			res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-			next if res.body.include? "<faultstring>"
-			dc_hosts << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
+			next if ref.start_with? "group-"
+			soap_data = vim_soap_envelope(vim_soap_retrieve_properties('host', 'ComputeResource' , ref))
+			res = vim_send_soap_request(soap_data)
+			if res.class == Hash
+				dc_hosts << res['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
+			else
+				return res
+			end
 		end
 		dc_hosts.flatten!
 		return dc_hosts
 	end
 
+
+
 	def vim_get_all_hosts
 		@dcs.each{|dc| @hosts << vim_get_hosts(dc['ref'])}
 		@hosts.flatten!
 	end
 
+
+
 	def vim_get_host_hw(host)
-		vim_setup_references
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>HostSystem</type>
-						<pathSet>hardware</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="HostSystem">#{host}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>|
-		 res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-		return hash
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('hardware', 'HostSystem' , host))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			return res['RetrievePropertiesResponse']['returnval']['propSet']['val']
+		else
+			return res
+		end
 	end
 
 	def vim_get_all_host_summary(hw=false)
@@ -600,66 +446,28 @@ module Exploit::Remote::VIMSoap
 	end
 
 	def vim_get_vm_datastore(vm)
-		soap_req = 
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>VirtualMachine</type>
-						<pathSet>datastore</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="VirtualMachine">#{vm}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body
-			></env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		datastore_refs = []
-		datastore_refs << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
-		datastore_refs.flatten!
-		datastore_refs.compact!
-		datastores = []
-
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('datastore', 'VirtualMachine' , vm))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			datastore_refs = []
+			datastore_refs << res['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
+			datastore_refs.flatten!
+			datastore_refs.compact!
+			datastores = []
+		else
+			return res
+		end
+		
 		datastore_refs.each do |datastore_ref|
-			soap_req = 
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Datastore</type>
-							<pathSet>info</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Datastore">#{datastore_ref}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>|
-				res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-			datastore_name = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['name']
-			datastore = { 'name' => datastore_name, 'ref' => datastore_ref}
-			datastores << datastore
+			soap_data = vim_soap_envelope(vim_soap_retrieve_properties('info', 'Datastore' , datastore_ref))
+			res = vim_send_soap_request(soap_data)
+			if res.class == Hash
+				datastore_name = res['RetrievePropertiesResponse']['returnval']['propSet']['val']['name']
+				datastore = { 'name' => datastore_name, 'ref' => datastore_ref}
+				datastores << datastore
+			else
+				return res
+			end
 		end
 		return datastores
 
@@ -668,59 +476,30 @@ module Exploit::Remote::VIMSoap
 	def vim_find_vm_by_name(name)
 		vim_setup_references
 		@dcs.each do |dc|
-			soap_req = 
-				%Q| <env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Datacenter</type>
-							<pathSet>vmFolder</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Datacenter">#{dc['ref']}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>|
-			res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-			next unless res and res.code == 200
-			vm_folders = []
-			vm_folders << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-			vm_folders.flatten!
-			vm_folders.compact!
+			soap_data = vim_soap_envelope(vim_soap_retrieve_properties('vmFolder', 'Datacenter' , dc['ref']))
+			res = vim_send_soap_request(soap_data)
+			if res.class == Hash
+				vm_folders = []
+				vm_folders << res['RetrievePropertiesResponse']['returnval']['propSet']['val']
+				vm_folders.flatten!
+				vm_folders.compact!
+			else
+				return res
+			end
+
+
 			vm_folders.each do |vm_folder|
-				soap_req =
-					%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-					<env:Body>
-					<FindChild xmlns="urn:vim25">
-						<_this type="SearchIndex">#{@server_objects['searchIndex']}</_this>
-						<entity type="Folder">#{vm_folder}</entity>
-						<name>#{name}</name>
-					</FindChild>
-					</env:Body>
-					</env:Envelope>|
-				res = send_request_cgi({
-					'uri'     => '/sdk',
-					'method'  => 'POST',
-					'agent'   => 'VMware VI Client',
-					'cookie'  => @vim_cookie,
-					'data'    => soap_req,
-					'headers' => { 'SOAPAction' => @soap_action}
-				}, 25)
-				next unless res and res.code == 200
-				tmp_hash = Hash.from_xml(res.body)['Envelope']['Body']['FindChildResponse']
-				if tmp_hash['returnval']
-					return tmp_hash['returnval']
+				soap_data = vim_soap_envelope(vim_soap_find_child_byname('Folder', vm_folder, name))
+				res = vim_send_soap_request(soap_data)
+				if res.class == Hash
+					vmref = res['FindChildResponse']['returnval']
+					if vmref
+						return vmref
+					else
+						next
+					end
+				else
+					return res
 				end
 			end
 		end
@@ -730,64 +509,30 @@ module Exploit::Remote::VIMSoap
 
 
 	def vim_powerON_vm(vm_ref)
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<PowerOnVM_Task xmlns="urn:vim25">
-				<_this type="VirtualMachine">#{vm_ref}</_this>
-			</PowerOnVM_Task>
-			</env:Body>
-			</env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+		soap_data = vim_soap_envelope(vim_soap_power_on_vm(vm_ref))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			task_id = res['PowerOnVM_TaskResponse']['returnval']
+		else
+			return res
 		end
-		task_id = Hash.from_xml(res.body)['Envelope']['Body']['PowerOnVM_TaskResponse']['returnval']
+
 		state= "running"
 		while state == "running"
-			soap_req =
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Task</type>
-							<pathSet>info</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Task">#{task_id}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>| 
-			res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-			hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-			state = hash['state']
-			case state
-			when 'running'
-				select(nil, nil, nil, 5)
-			when 'error'
-				if hash['error']['fault']['existingState'] == 'poweredOn'
-					return 'alreadyON'
+			soap_data = vim_soap_envelope(vim_soap_retrieve_properties('info', 'Task', task_id))
+			res = vim_send_soap_request(soap_data)
+			if res.class == Hash
+				state = res['RetrievePropertiesResponse']['returnval']['propSet']['val']['state']
+				case state
+				when 'running'
+					select(nil, nil, nil, 5)
+				when 'error'
+					if res['RetrievePropertiesResponse']['returnval']['propSet']['val']['error']['fault']['existingState'] == 'poweredOn'
+						return 'alreadyON'
+					end
 				end
+			else
+				return res
 			end
 		end
 		return state
@@ -796,64 +541,30 @@ module Exploit::Remote::VIMSoap
 
 
 	def vim_powerOFF_vm(vm_ref)
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<PowerOffVM_Task xmlns="urn:vim25">
-				<_this type="VirtualMachine">#{vm_ref}</_this>
-			</PowerOffVM_Task>
-			</env:Body>
-			</env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+		soap_data = vim_soap_envelope(vim_soap_power_off_vm(vm_ref))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			task_id = res['PowerOffVM_TaskResponse']['returnval']
+		else
+			return res
 		end
-		task_id = Hash.from_xml(res.body)['Envelope']['Body']['PowerOffVM_TaskResponse']['returnval']
+
 		state= "running"
 		while state == "running"
-			soap_req =
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Task</type>
-							<pathSet>info</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Task">#{task_id}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>| 
-			res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-			hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-			state = hash['state']
-			case state
-			when 'running'
-				select(nil, nil, nil, 5)
-			when 'error'
-				if hash['error']['fault']['existingState'] == 'poweredOff'
-					return 'alreadyOFF'
+			soap_data = vim_soap_envelope(vim_soap_retrieve_properties('info', 'Task', task_id))
+			res = vim_send_soap_request(soap_data)
+			if res.class == Hash
+				state = res['RetrievePropertiesResponse']['returnval']['propSet']['val']['state']
+				case state
+				when 'running'
+					select(nil, nil, nil, 5)
+				when 'error'
+					if res['RetrievePropertiesResponse']['returnval']['propSet']['val']['error']['fault']['existingState'] == 'poweredOn'
+						return 'alreadyON'
+					end
 				end
+			else
+				return res
 			end
 		end
 		return state
@@ -861,62 +572,25 @@ module Exploit::Remote::VIMSoap
 
 
 
-
 	def vim_take_screenshot(vm, user, pass)
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<CreateScreenshot_Task xmlns="urn:vim25">
-				<_this type="VirtualMachine">#{vm['ref']}</_this>
-			</CreateScreenshot_Task>
-			</env:Body>
-			</env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		if res.body.include? "NotAuthenticatedFault"
-			return :expired
-		elsif res.body.include? "<faultstring>"
-			return :error
+		soap_data = vim_soap_envelope(vim_soap_create_screenshot(vm['ref']))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			task_id = res['CreateScreenshot_TaskResponse']['returnval']
+		else
+			return res
 		end
-		task_id = Hash.from_xml(res.body)['Envelope']['Body']['CreateScreenshot_TaskResponse']['returnval']
-		
 
 		state= "running"
 		while state == "running"
-			soap_req =
-				%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-				<env:Body>
-				<RetrieveProperties xmlns="urn:vim25">
-					<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-					<specSet xsi:type="PropertyFilterSpec">
-						<propSet xsi:type="PropertySpec">
-							<type>Task</type>
-							<pathSet>info</pathSet>
-						</propSet>
-						<objectSet xsi:type="ObjectSpec">
-							<obj type="Task">#{task_id}</obj>
-						</objectSet>
-					</specSet>
-				</RetrieveProperties>
-				</env:Body>
-				</env:Envelope>| 
-			res = send_request_cgi({
-				'uri'     => '/sdk',
-				'method'  => 'POST',
-				'agent'   => 'VMware VI Client',
-				'cookie'  => @vim_cookie,
-				'data'    => soap_req,
-				'headers' => { 'SOAPAction' => @soap_action}
-			}, 25)
-			hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-			state = hash['state']
-			screenshot_file = hash['result'] 
+			soap_data = vim_soap_envelope(vim_soap_retrieve_properties('info', 'Task', task_id))
+			res = vim_send_soap_request(soap_data)
+			if res.class == Hash
+				state = res['RetrievePropertiesResponse']['returnval']['propSet']['val']['state']
+				screenshot_file = res['RetrievePropertiesResponse']['returnval']['propSet']['val']['result'] 
+			else
+				return res
+			end
 		end
 		unless screenshot_file
 			return :error
@@ -947,40 +621,23 @@ module Exploit::Remote::VIMSoap
 	end
 
 
-	def vim_get_host_summary(host)
 
-		soap_req = 
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>HostSystem</type>
-						<pathSet>summary</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="HostSystem">#{host}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-		hash['runtime'].delete('healthSystemRuntime')
-		hash.delete('xsi:type')
-		hash.delete('host')
-		return hash
+	def vim_get_host_summary(host)
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('summary', 'HostSystem', host))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			hash = res['RetrievePropertiesResponse']['returnval']['propSet']['val']
+			hash['runtime'].delete('healthSystemRuntime')
+			hash.delete('xsi:type')
+			hash.delete('host')
+			return hash
+		else
+			return res
+		end
 	end
 
+
+
 	def vim_get_vms
 		vim_setup_references
 		@vmrefs = []
@@ -1007,100 +664,42 @@ module Exploit::Remote::VIMSoap
 		return vmlist
 	end
 
+
+
 	def vim_get_dc_vms(datacenter)
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>Datacenter</type>
-						<pathSet>vmFolder</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="Datacenter">#{datacenter}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		vmfolder = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-		
-		soap_req = 
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>Folder</type>
-						<pathSet>childEntity</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="Folder">#{vmfolder}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>| 
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		vm_index_array = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
-		vm_index_array.delete_if{|ref| ref.start_with? "group"} unless vm_index_array.nil? or vm_index_array.empty?
-		return vm_index_array
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('vmFolder', 'Datacenter', datacenter))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			vmfolder = res['RetrievePropertiesResponse']['returnval']['propSet']['val']
+		else
+			return res
+		end
+
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('childEntity', 'Folder', vmfolder))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			vm_index_array = res['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
+			vm_index_array.delete_if{|ref| ref.start_with? "group"} unless vm_index_array.nil? or vm_index_array.empty?
+			return vm_index_array
+		else
+			return res
+		end
 	end
 
 	def vim_get_vm_info(vm_ref)
 		vim_setup_references
-		soap_req =
-			%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-			<env:Body>
-			<RetrieveProperties xmlns="urn:vim25">
-				<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
-				<specSet xsi:type="PropertyFilterSpec">
-					<propSet xsi:type="PropertySpec">
-						<type>VirtualMachine</type>
-						<pathSet>summary</pathSet>
-					</propSet>
-					<objectSet xsi:type="ObjectSpec">
-						<obj type="VirtualMachine">#{vm_ref}</obj>
-					</objectSet>
-				</specSet>
-			</RetrieveProperties>
-			</env:Body>
-			</env:Envelope>|
-		res = send_request_cgi({
-			'uri'     => '/sdk',
-			'method'  => 'POST',
-			'agent'   => 'VMware VI Client',
-			'cookie'  => @vim_cookie,
-			'data'    => soap_req,
-			'headers' => { 'SOAPAction' => @soap_action}
-		}, 25)
-		if res.body.include? "<faultstring>"
-			return nil
+		soap_data = vim_soap_envelope(vim_soap_retrieve_properties('summary', 'VirtualMachine', vm_ref))
+		res = vim_send_soap_request(soap_data)
+		if res.class == Hash
+			hash =  res['RetrievePropertiesResponse']['returnval']['propSet']['val']
+			vm = hash['config']
+			vm['runtime'] = hash['runtime']
+			vm['guest'] = hash['guest']
+			vm['quickStats'] = hash['quickStats']
+			return vm
+		else
+			return res
 		end
-		hash =  Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
-		vm = hash['config']
-		vm['runtime'] = hash['runtime']
-		vm['guest'] = hash['guest']
-		vm['quickStats'] = hash['quickStats']
-		return vm
 	end
 
 	def vim_logged_in?
diff --git a/modules/auxiliary/admin/vmware/poweroff_vm.rb b/modules/auxiliary/admin/vmware/poweroff_vm.rb
index 61b2199763..20149c3e27 100644
--- a/modules/auxiliary/admin/vmware/poweroff_vm.rb
+++ b/modules/auxiliary/admin/vmware/poweroff_vm.rb
@@ -40,10 +40,10 @@ class Metasploit3 < Msf::Auxiliary
 	end
 
 	def run
-
 		if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
 			vm_ref = vim_find_vm_by_name(datastore['VM'])
-			if vm_ref 
+			case vm_ref 
+			when String
 				return_state = vim_powerOFF_vm(vm_ref)
 				case return_state 
 				when 'success'
@@ -53,7 +53,11 @@ class Metasploit3 < Msf::Auxiliary
 				else
 					print_error "The server returned an unexpected status #{return_state}"
 				end
-			else
+			when :noresponse
+				print_error "The request timed out"
+			when :error
+				print_error @vim_soap_error
+			when nil
 				print_error "Could not locate VM #{datastore['VM']}"
 			end
 		else
diff --git a/modules/auxiliary/admin/vmware/poweron_vm.rb b/modules/auxiliary/admin/vmware/poweron_vm.rb
index affe036a67..c9a16d1e1a 100644
--- a/modules/auxiliary/admin/vmware/poweron_vm.rb
+++ b/modules/auxiliary/admin/vmware/poweron_vm.rb
@@ -43,7 +43,8 @@ class Metasploit3 < Msf::Auxiliary
 
 		if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
 			vm_ref = vim_find_vm_by_name(datastore['VM'])
-			if vm_ref 
+			case vm_ref 
+			when String
 				return_state = vim_powerON_vm(vm_ref)
 				case return_state 
 				when 'success'
@@ -53,7 +54,11 @@ class Metasploit3 < Msf::Auxiliary
 				else
 					print_error "The server returned an unexpected status #{return_state}"
 				end
-			else
+			when :noresponse
+				print_error "The request timed out"
+			when :error
+				print_error @vim_soap_error
+			when nil
 				print_error "Could not locate VM #{datastore['VM']}"
 			end
 		else
diff --git a/modules/auxiliary/admin/vmware/tag_vm.rb b/modules/auxiliary/admin/vmware/tag_vm.rb
index 7a3e30a384..5939b2e6d6 100644
--- a/modules/auxiliary/admin/vmware/tag_vm.rb
+++ b/modules/auxiliary/admin/vmware/tag_vm.rb
@@ -45,7 +45,8 @@ class Metasploit3 < Msf::Auxiliary
 
 		if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
 			vm_ref = vim_find_vm_by_name(datastore['VM'])
-			if vm_ref 
+			case vm_ref 
+			when String
 				result = vim_log_event_vm(vm_ref, datastore['MSG'])
 				case result
 				when :noresponse
@@ -57,8 +58,12 @@ class Metasploit3 < Msf::Auxiliary
 				else
 					print_good "User Event logged"
 				end
-			else
-				print_error "Could not locate VM #{datastore['VM']}"
+			when :noresponse
+				print_error "Recieved no Response"
+			when :expired
+				print_error "The login session appears to have expired"
+			when :error
+				print_error @vim_soap_error
 			end
 		else
 			print_error "Login Failure on #{datastore['RHOST']}"