Adding a bunch of new VIM API auxiliary stuff
Work in progress.
This commit is contained in:
parent
25fbe1c7d0
commit
3f48e626a2
|
@ -0,0 +1,402 @@
|
||||||
|
module Msf
|
||||||
|
|
||||||
|
module Exploit::Remote::VIMSoap
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
|
||||||
|
|
||||||
|
def vim_get_session
|
||||||
|
soap_data =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveServiceContent xmlns="urn:vim25">
|
||||||
|
<_this type="ServiceInstance">ServiceInstance</_this>
|
||||||
|
</RetrieveServiceContent>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'data' => soap_data
|
||||||
|
}, 25)
|
||||||
|
@dc = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
|
||||||
|
print_status @dc.inspect
|
||||||
|
if res.headers['Set-Cookie']
|
||||||
|
@vim_cookie = res.headers['Set-Cookie']
|
||||||
|
return true
|
||||||
|
else
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_do_login(user, pass)
|
||||||
|
unless vim_get_session
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
soap_data =
|
||||||
|
%Q|<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
|
||||||
|
<SOAP-ENV:Body>
|
||||||
|
<Login xmlns="urn:vim25">
|
||||||
|
<_this type="SessionManager">#{@dc['sessionManager']}</_this>
|
||||||
|
<userName>#{user}</userName>
|
||||||
|
<password>#{pass}</password>
|
||||||
|
</Login>
|
||||||
|
</SOAP-ENV:Body>
|
||||||
|
</SOAP-ENV:Envelope>|
|
||||||
|
print_status "Soap Request: #{soap_data}"
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_data
|
||||||
|
}, 25)
|
||||||
|
print_status res.body
|
||||||
|
if res.code == 200
|
||||||
|
return :success
|
||||||
|
else
|
||||||
|
return :fail
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_get_dc
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveServiceContent xmlns="urn:vim25">
|
||||||
|
<_this type="ServiceInstance">ServiceInstance</_this>
|
||||||
|
</RetrieveServiceContent>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
|
||||||
|
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
|
||||||
|
@dc.merge!(hash)
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>ServiceInstance</type>
|
||||||
|
<pathSet>content</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="ServiceInstance">ServiceInstance</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
|
||||||
|
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||||
|
hash.delete('xsi:type')
|
||||||
|
@dc.merge!(hash)
|
||||||
|
|
||||||
|
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>Folder</type>
|
||||||
|
<pathSet>childEntity</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="Folder">#{@dc['rootFolder']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
print_status res.body
|
||||||
|
@dc['Datacenter'] = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_get_host
|
||||||
|
@host = {}
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>Datacenter</type>
|
||||||
|
<pathSet>hostFolder</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="Datacenter">#{@dc['Datacenter']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
@host['folderHost'] = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||||
|
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>Folder</type>
|
||||||
|
<pathSet>childEntity</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="Folder">#{@host['folderHost']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
@host['ComputeReference'] = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||||
|
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>ComputeResource</type>
|
||||||
|
<pathSet>host</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="ComputeResource">#{@host['ComputeReference']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
@host['HostSystem'] = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_get_host_hw
|
||||||
|
vim_setup_references
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>HostSystem</type>
|
||||||
|
<pathSet>hardware</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="HostSystem">#{@host['HostSystem']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||||
|
return hash
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_get_host_summary
|
||||||
|
vim_setup_references
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>HostSystem</type>
|
||||||
|
<pathSet>summary</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="HostSystem">#{@host['HostSystem']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||||
|
hash['runtime'].delete('healthSystemRuntime')
|
||||||
|
hash.delete('xsi:type')
|
||||||
|
hash.delete('host')
|
||||||
|
return hash
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_get_vms
|
||||||
|
vim_setup_references
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>Datacenter</type>
|
||||||
|
<pathSet>vmFolder</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="Datacenter">#{@dc['Datacenter']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
@dc['vmFolder'] = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||||
|
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>Folder</type>
|
||||||
|
<pathSet>childEntity</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="Folder">#{@dc['vmFolder']}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
vm_index_array = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||||
|
vms = []
|
||||||
|
vm_index_array.each{|i| vms << vim_get_vm_info(i)}
|
||||||
|
return vms
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_get_vm_info(vm_ref)
|
||||||
|
vim_setup_references
|
||||||
|
soap_req =
|
||||||
|
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<env:Body>
|
||||||
|
<RetrieveProperties xmlns="urn:vim25">
|
||||||
|
<_this type="PropertyCollector">#{@dc['propertyCollector']}</_this>
|
||||||
|
<specSet xsi:type="PropertyFilterSpec">
|
||||||
|
<propSet xsi:type="PropertySpec">
|
||||||
|
<type>VirtualMachine</type>
|
||||||
|
<pathSet>summary</pathSet>
|
||||||
|
</propSet>
|
||||||
|
<objectSet xsi:type="ObjectSpec">
|
||||||
|
<obj type="VirtualMachine">#{vm_ref}</obj>
|
||||||
|
</objectSet>
|
||||||
|
</specSet>
|
||||||
|
</RetrieveProperties>
|
||||||
|
</env:Body>
|
||||||
|
</env:Envelope>|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/sdk',
|
||||||
|
'method' => 'POST',
|
||||||
|
'agent' => 'VMware VI Client',
|
||||||
|
'cookie' => @vim_cookie,
|
||||||
|
'data' => soap_req
|
||||||
|
}, 25)
|
||||||
|
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||||
|
vm = hash['config']
|
||||||
|
vm['runtime'] = hash['runtime']
|
||||||
|
vm['guest'] = hash['guest']
|
||||||
|
vm['quickStats'] = hash['quickStats']
|
||||||
|
return vm
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_logged_in?
|
||||||
|
return true if @vim_cookie
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_instance_vars_set?
|
||||||
|
return false if @dc.nil? or @dc.empty?
|
||||||
|
return false if @host.nil? or @host.empty?
|
||||||
|
return false unless @dc['propertyCollector']
|
||||||
|
return false unless @dc['Datacenter']
|
||||||
|
return false unless @dc['rootFolder']
|
||||||
|
return false unless @host['folderHost']
|
||||||
|
return false unless @host['HostSystem']
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
def vim_setup_references
|
||||||
|
unless vim_instance_vars_set?
|
||||||
|
vim_get_dc
|
||||||
|
vim_get_host
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,67 @@
|
||||||
|
##
|
||||||
|
# $Id$
|
||||||
|
##
|
||||||
|
|
||||||
|
##
|
||||||
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
# Framework web site for more information on licensing and terms of use.
|
||||||
|
# http://metasploit.com/framework/
|
||||||
|
##
|
||||||
|
|
||||||
|
|
||||||
|
require 'msf/core'
|
||||||
|
require 'msf/core/exploit/vim_soap'
|
||||||
|
|
||||||
|
|
||||||
|
class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
include Msf::Auxiliary::Report
|
||||||
|
include Msf::Exploit::Remote::VIMSoap
|
||||||
|
include Msf::Auxiliary::Scanner
|
||||||
|
|
||||||
|
def initialize
|
||||||
|
super(
|
||||||
|
'Name' => 'VMWare Enumerate Host Details',
|
||||||
|
'Version' => '$Revision$',
|
||||||
|
'Description' => %Q{This module attempts to enumerate information about the host systems through the VMWare web API.},
|
||||||
|
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
|
||||||
|
'License' => MSF_LICENSE
|
||||||
|
)
|
||||||
|
|
||||||
|
register_options(
|
||||||
|
[
|
||||||
|
Opt::RPORT(443),
|
||||||
|
OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),
|
||||||
|
OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),
|
||||||
|
OptBool.new('HW_DETAILS', [true, "Enumerate the Hardware on the system as well?", false])
|
||||||
|
], self.class)
|
||||||
|
end
|
||||||
|
|
||||||
|
def run_host(ip)
|
||||||
|
|
||||||
|
if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
|
||||||
|
output = "VMWare Host at #{ip} details\n"
|
||||||
|
output << "-----------------------------\n"
|
||||||
|
host_summary = vim_get_host_summary
|
||||||
|
output << YAML.dump(host_summary)
|
||||||
|
if datastore['HW_DETAILS']
|
||||||
|
output << "\n--------HARDWARE----------\n"
|
||||||
|
hw_details = vim_get_host_hw
|
||||||
|
output << YAML.dump(hw_details)
|
||||||
|
end
|
||||||
|
print_good output
|
||||||
|
store_loot('vmware_host_details', "text/plain", datastore['RHOST'], output, "#{datastore['RHOST']}_vmware_host.txt", "VMWare Host Details")
|
||||||
|
else
|
||||||
|
print_error "Login Failure on #{ip}"
|
||||||
|
return
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
end
|
||||||
|
|
|
@ -0,0 +1,70 @@
|
||||||
|
##
|
||||||
|
# $Id$
|
||||||
|
##
|
||||||
|
|
||||||
|
##
|
||||||
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
# Framework web site for more information on licensing and terms of use.
|
||||||
|
# http://metasploit.com/framework/
|
||||||
|
##
|
||||||
|
|
||||||
|
|
||||||
|
require 'msf/core'
|
||||||
|
require 'msf/core/exploit/vim_soap'
|
||||||
|
|
||||||
|
|
||||||
|
class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
include Msf::Auxiliary::Report
|
||||||
|
include Msf::Exploit::Remote::VIMSoap
|
||||||
|
include Msf::Auxiliary::Scanner
|
||||||
|
|
||||||
|
def initialize
|
||||||
|
super(
|
||||||
|
'Name' => 'VMWare Enumerate Virtual Machines',
|
||||||
|
'Version' => '$Revision$',
|
||||||
|
'Description' => %Q{
|
||||||
|
This module attempts to discover virtual machines on any VMWare instance
|
||||||
|
running the web interface. This would include ESX/ESXi and VMWare Server.},
|
||||||
|
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
|
||||||
|
'License' => MSF_LICENSE
|
||||||
|
)
|
||||||
|
|
||||||
|
register_options(
|
||||||
|
[
|
||||||
|
Opt::RPORT(443),
|
||||||
|
OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),
|
||||||
|
OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ])
|
||||||
|
], self.class)
|
||||||
|
end
|
||||||
|
|
||||||
|
def run_host(ip)
|
||||||
|
|
||||||
|
if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
|
||||||
|
virtual_machines = vim_get_vms
|
||||||
|
virtual_machines.each do |vm|
|
||||||
|
print_good YAML.dump(vm)
|
||||||
|
report_note(
|
||||||
|
:host => rhost,
|
||||||
|
:type => "vmware.esx.vm",
|
||||||
|
:data => vm,
|
||||||
|
:port => rport,
|
||||||
|
:proto => 'tcp',
|
||||||
|
:update => :unique_data
|
||||||
|
)
|
||||||
|
end
|
||||||
|
store_loot('ESX_virtualmachines', "text/plain", datastore['RHOST'], YAML.dump(virtual_machines) , "#{datastore['RHOST']}_esx_vms.txt", "VMWare ESX Virtual Machines")
|
||||||
|
else
|
||||||
|
print_error "Login Failure on #{ip}"
|
||||||
|
return
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
end
|
||||||
|
|
Loading…
Reference in New Issue