Create a stable branch of vmware-api
Just to pick up the soap library and the esx_fingerprint stuff.
This commit is contained in:
parent
64cf8bb7ee
commit
95f54413d8
|
@ -64,6 +64,12 @@ module OperatingSystems
|
|||
FREEBSD = "FreeBSD"
|
||||
NETBSD = "NetBSD"
|
||||
OPENBSD = "OpenBSD"
|
||||
VMWARE = "VMware"
|
||||
|
||||
module VmwareVersions
|
||||
ESX = "ESX"
|
||||
ESXI = "ESXi"
|
||||
end
|
||||
|
||||
module WindowsVersions
|
||||
NT = "NT"
|
||||
|
|
|
@ -0,0 +1,955 @@
|
|||
module Msf
|
||||
|
||||
module Exploit::Remote::VIMSoap
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def vim_get_session
|
||||
soap_data =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveServiceContent xmlns="urn:vim25">
|
||||
<_this type="ServiceInstance">ServiceInstance</_this>
|
||||
</RetrieveServiceContent>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'data' => soap_data
|
||||
}, 25)
|
||||
return false unless res and res.code == 200
|
||||
@server_objects = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
|
||||
@soap_action = "urn:vim25/#{@server_objects['about']['apiVersion']}"
|
||||
if res.headers['Set-Cookie']
|
||||
@vim_cookie = res.headers['Set-Cookie']
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
def vim_do_login(user, pass)
|
||||
unless vim_get_session
|
||||
return false
|
||||
end
|
||||
soap_data =
|
||||
%Q|<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
|
||||
<SOAP-ENV:Body>
|
||||
<Login xmlns="urn:vim25">
|
||||
<_this type="SessionManager">#{@server_objects['sessionManager']}</_this>
|
||||
<userName>#{user}</userName>
|
||||
<password>#{pass}</password>
|
||||
</Login>
|
||||
</SOAP-ENV:Body>
|
||||
</SOAP-ENV:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_data,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
if res.code == 200
|
||||
return :success
|
||||
else
|
||||
return :fail
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
def vim_get_session_list
|
||||
vim_setup_references
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>SessionManager</type>
|
||||
<pathSet>sessionList</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="SessionManager">#{@server_objects['sessionManager']}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
return :noresponse unless res
|
||||
if res.body.include? "NotAuthenticatedFault"
|
||||
return :expired
|
||||
elsif res.body.include? "<faultstring>"
|
||||
return :error
|
||||
end
|
||||
session_list = []
|
||||
session_list << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['UserSession']
|
||||
return session_list.flatten.compact
|
||||
end
|
||||
|
||||
def vim_session_is_active(key, username)
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<SessionIsActive xmlns="urn:vim25">
|
||||
<_this type="SessionManager">#{@server_objects['sessionManager']}</_this>
|
||||
<sessionID>#{key}</sessionID>
|
||||
<userName>#{username}</userName>
|
||||
</SessionIsActive>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
return :noresponse unless res
|
||||
if res.body.include? "NotAuthenticatedFault"
|
||||
return :expired
|
||||
elsif res.body.include? "<faultstring>"
|
||||
return :error
|
||||
end
|
||||
active = Hash.from_xml(res.body)['Envelope']['Body']['SessionIsActiveResponse']['returnval']
|
||||
return active
|
||||
end
|
||||
|
||||
|
||||
def vim_terminate_session(key)
|
||||
vim_setup_references
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<TerminateSession xmlns="urn:vim25">
|
||||
<_this xsi:type="ManagedObjectReference" type="SessionManager" >#{@server_objects['sessionManager']}</_this>
|
||||
<sessionId>#{key}</sessionId>
|
||||
</TerminateSession>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
return :noresponse unless res
|
||||
return :notfound if res.body.include? "NotFoundFault"
|
||||
if res.body.include? "NotAuthenticatedFault"
|
||||
return :expired
|
||||
elsif res.body.include? "<faultstring>"
|
||||
return :error
|
||||
end
|
||||
return :success
|
||||
end
|
||||
|
||||
|
||||
def vim_get_dc_name(dc)
|
||||
soap_req=
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Datacenter</type>
|
||||
<pathSet>name</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Datacenter">#{dc}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
name = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
return name
|
||||
end
|
||||
|
||||
|
||||
def vim_get_dcs
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveServiceContent xmlns="urn:vim25">
|
||||
<_this type="ServiceInstance">ServiceInstance</_this>
|
||||
</RetrieveServiceContent>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrieveServiceContentResponse']['returnval']
|
||||
@server_objects.merge!(hash)
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>ServiceInstance</type>
|
||||
<pathSet>content</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="ServiceInstance">ServiceInstance</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
hash.delete('xsi:type')
|
||||
@server_objects.merge!(hash)
|
||||
|
||||
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Folder</type>
|
||||
<pathSet>childEntity</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Folder">#{@server_objects['rootFolder']}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
tmp_dcs = []
|
||||
tmp_dcs << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||
tmp_dcs.flatten!
|
||||
tmp_dcs.each{|dc| @dcs << { 'name' => vim_get_dc_name(dc) , 'ref' => dc}}
|
||||
end
|
||||
|
||||
def vim_get_hosts(datacenter)
|
||||
dc_hosts = []
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Datacenter</type>
|
||||
<pathSet>hostFolder</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Datacenter">#{datacenter}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
host_folders = []
|
||||
host_folders << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
host_folders.flatten!
|
||||
|
||||
compute_refs = []
|
||||
host_folders.each do |folder|
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Folder</type>
|
||||
<pathSet>childEntity</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Folder">#{folder}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
ref = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||
if ref.nil? or ref.empty?
|
||||
return nil
|
||||
else
|
||||
compute_refs << ref
|
||||
end
|
||||
end
|
||||
compute_refs.flatten!
|
||||
|
||||
|
||||
compute_refs.each do |ref|
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>ComputeResource</type>
|
||||
<pathSet>host</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="ComputeResource">#{ref}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
next if res.body.include? "<faultstring>"
|
||||
dc_hosts << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||
end
|
||||
dc_hosts.flatten!
|
||||
return dc_hosts
|
||||
end
|
||||
|
||||
def vim_get_all_hosts
|
||||
@dcs.each{|dc| @hosts << vim_get_hosts(dc['ref'])}
|
||||
@hosts.flatten!
|
||||
end
|
||||
|
||||
def vim_get_host_hw(host)
|
||||
vim_setup_references
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>HostSystem</type>
|
||||
<pathSet>hardware</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="HostSystem">#{host}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
return hash
|
||||
end
|
||||
|
||||
def vim_get_all_host_summary(hw=false)
|
||||
vim_setup_references
|
||||
summaries = []
|
||||
@hosts.each do |host|
|
||||
details = {}
|
||||
details[host] = vim_get_host_summary(host)
|
||||
if details and hw
|
||||
details.merge!(vim_get_host_hw(host))
|
||||
end
|
||||
summaries << details
|
||||
end
|
||||
return summaries.flatten.compact
|
||||
end
|
||||
|
||||
def vim_get_vm_datastore(vm)
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>VirtualMachine</type>
|
||||
<pathSet>datastore</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="VirtualMachine">#{vm}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body
|
||||
></env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
datastore_refs = []
|
||||
datastore_refs << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||
datastore_refs.flatten!
|
||||
datastore_refs.compact!
|
||||
datastores = []
|
||||
|
||||
datastore_refs.each do |datastore_ref|
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Datastore</type>
|
||||
<pathSet>info</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Datastore">#{datastore_ref}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
datastore_name = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['name']
|
||||
datastore = { 'name' => datastore_name, 'ref' => datastore_ref}
|
||||
datastores << datastore
|
||||
end
|
||||
return datastores
|
||||
|
||||
end
|
||||
|
||||
def vim_find_vm_by_name(name)
|
||||
vim_setup_references
|
||||
@dcs.each do |dc|
|
||||
soap_req =
|
||||
%Q| <env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Datacenter</type>
|
||||
<pathSet>vmFolder</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Datacenter">#{dc['ref']}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
next unless res and res.code == 200
|
||||
vm_folders = []
|
||||
vm_folders << Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
vm_folders.flatten!
|
||||
vm_folders.compact!
|
||||
vm_folders.each do |vm_folder|
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<FindChild xmlns="urn:vim25">
|
||||
<_this type="SearchIndex">#{@server_objects['searchIndex']}</_this>
|
||||
<entity type="Folder">#{vm_folder}</entity>
|
||||
<name>#{name}</name>
|
||||
</FindChild>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
next unless res and res.code == 200
|
||||
tmp_hash = Hash.from_xml(res.body)['Envelope']['Body']['FindChildResponse']
|
||||
if tmp_hash['returnval']
|
||||
return tmp_hash['returnval']
|
||||
end
|
||||
end
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
|
||||
|
||||
def vim_powerON_vm(vm_ref)
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<PowerOnVM_Task xmlns="urn:vim25">
|
||||
<_this type="VirtualMachine">#{vm_ref}</_this>
|
||||
</PowerOnVM_Task>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
if res.body.include? "NotAuthenticatedFault"
|
||||
return :expired
|
||||
elsif res.body.include? "<faultstring>"
|
||||
return :error
|
||||
end
|
||||
task_id = Hash.from_xml(res.body)['Envelope']['Body']['PowerOnVM_TaskResponse']['returnval']
|
||||
state= "running"
|
||||
while state == "running"
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Task</type>
|
||||
<pathSet>info</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Task">#{task_id}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
state = hash['state']
|
||||
case state
|
||||
when 'running'
|
||||
select(nil, nil, nil, 5)
|
||||
when 'error'
|
||||
if hash['error']['fault']['existingState'] == 'poweredOn'
|
||||
return 'alreadyON'
|
||||
end
|
||||
end
|
||||
end
|
||||
return state
|
||||
end
|
||||
|
||||
|
||||
|
||||
def vim_powerOFF_vm(vm_ref)
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<PowerOffVM_Task xmlns="urn:vim25">
|
||||
<_this type="VirtualMachine">#{vm_ref}</_this>
|
||||
</PowerOffVM_Task>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
if res.body.include? "NotAuthenticatedFault"
|
||||
return :expired
|
||||
elsif res.body.include? "<faultstring>"
|
||||
return :error
|
||||
end
|
||||
task_id = Hash.from_xml(res.body)['Envelope']['Body']['PowerOffVM_TaskResponse']['returnval']
|
||||
state= "running"
|
||||
while state == "running"
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Task</type>
|
||||
<pathSet>info</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Task">#{task_id}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
state = hash['state']
|
||||
case state
|
||||
when 'running'
|
||||
select(nil, nil, nil, 5)
|
||||
when 'error'
|
||||
if hash['error']['fault']['existingState'] == 'poweredOff'
|
||||
return 'alreadyOFF'
|
||||
end
|
||||
end
|
||||
end
|
||||
return state
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
def vim_take_screenshot(vm, user, pass)
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<CreateScreenshot_Task xmlns="urn:vim25">
|
||||
<_this type="VirtualMachine">#{vm['ref']}</_this>
|
||||
</CreateScreenshot_Task>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
if res.body.include? "NotAuthenticatedFault"
|
||||
return :expired
|
||||
elsif res.body.include? "<faultstring>"
|
||||
return :error
|
||||
end
|
||||
task_id = Hash.from_xml(res.body)['Envelope']['Body']['CreateScreenshot_TaskResponse']['returnval']
|
||||
|
||||
|
||||
state= "running"
|
||||
while state == "running"
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Task</type>
|
||||
<pathSet>info</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Task">#{task_id}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
state = hash['state']
|
||||
screenshot_file = hash['result']
|
||||
end
|
||||
unless screenshot_file
|
||||
return :error
|
||||
end
|
||||
(ss_folder, ss_file) = screenshot_file.split('/').last(2)
|
||||
ss_folder = Rex::Text.uri_encode(ss_folder)
|
||||
ss_file = Rex::Text.uri_encode(ss_file)
|
||||
ss_path = "#{ss_folder}/#{ss_file}"
|
||||
datastores = vim_get_vm_datastore(vm['ref'])
|
||||
user_pass = Rex::Text.encode_base64(user + ":" + pass)
|
||||
datastores.each do |datastore|
|
||||
ss_uri = "/folder/#{ss_path}?dcPath=#{vm['dc_name']}&dsName=#{datastore['name']}"
|
||||
res = send_request_cgi({
|
||||
'uri' => ss_uri,
|
||||
'method' => 'GET',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'headers' => { 'Authorization' => "Basic #{user_pass}"}
|
||||
}, 25)
|
||||
next unless res
|
||||
if res.code == 200
|
||||
return res.body
|
||||
elsif res.code == 404
|
||||
next
|
||||
end
|
||||
end
|
||||
return :error
|
||||
end
|
||||
|
||||
|
||||
def vim_get_host_summary(host)
|
||||
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>HostSystem</type>
|
||||
<pathSet>summary</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="HostSystem">#{host}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
hash['runtime'].delete('healthSystemRuntime')
|
||||
hash.delete('xsi:type')
|
||||
hash.delete('host')
|
||||
return hash
|
||||
end
|
||||
|
||||
def vim_get_vms
|
||||
vim_setup_references
|
||||
@vmrefs = []
|
||||
vmlist= []
|
||||
@dcs.each do |dc|
|
||||
dc_vm_refs = vim_get_dc_vms(dc['ref'])
|
||||
next if dc_vm_refs.nil? or dc_vm_refs.empty?
|
||||
dc_vm_refs.flatten!
|
||||
dc_vm_refs.compact!
|
||||
next if dc_vm_refs.nil? or dc_vm_refs.empty?
|
||||
print_status "#{datastore['RHOST']} - DataCenter: #{dc['name']} Found a Total of #{dc_vm_refs.length} VMs"
|
||||
print_status "#{datastore['RHOST']} - DataCenter: #{dc['name']} Estimated Time: #{((dc_vm_refs.length * 7) /60)} Minutes"
|
||||
dc_vm_refs.each do |ref|
|
||||
print_status "#{datastore['RHOST']} - DataCenter: #{dc['name']} - Getting Data for VM: #{ref}..."
|
||||
details = vim_get_vm_info(ref)
|
||||
if details
|
||||
details['ref'] = ref
|
||||
details['dc_ref'] = dc['ref']
|
||||
details['dc_name'] = dc['name']
|
||||
vmlist << details
|
||||
end
|
||||
end
|
||||
end
|
||||
return vmlist
|
||||
end
|
||||
|
||||
def vim_get_dc_vms(datacenter)
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Datacenter</type>
|
||||
<pathSet>vmFolder</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Datacenter">#{datacenter}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
vmfolder = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>Folder</type>
|
||||
<pathSet>childEntity</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="Folder">#{vmfolder}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
vm_index_array = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']['ManagedObjectReference']
|
||||
vm_index_array.delete_if{|ref| ref.start_with? "group"} unless vm_index_array.nil? or vm_index_array.empty?
|
||||
return vm_index_array
|
||||
end
|
||||
|
||||
def vim_get_vm_info(vm_ref)
|
||||
vim_setup_references
|
||||
soap_req =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveProperties xmlns="urn:vim25">
|
||||
<_this type="PropertyCollector">#{@server_objects['propertyCollector']}</_this>
|
||||
<specSet xsi:type="PropertyFilterSpec">
|
||||
<propSet xsi:type="PropertySpec">
|
||||
<type>VirtualMachine</type>
|
||||
<pathSet>summary</pathSet>
|
||||
</propSet>
|
||||
<objectSet xsi:type="ObjectSpec">
|
||||
<obj type="VirtualMachine">#{vm_ref}</obj>
|
||||
</objectSet>
|
||||
</specSet>
|
||||
</RetrieveProperties>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
res = send_request_cgi({
|
||||
'uri' => '/sdk',
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'cookie' => @vim_cookie,
|
||||
'data' => soap_req,
|
||||
'headers' => { 'SOAPAction' => @soap_action}
|
||||
}, 25)
|
||||
if res.body.include? "<faultstring>"
|
||||
return nil
|
||||
end
|
||||
hash = Hash.from_xml(res.body)['Envelope']['Body']['RetrievePropertiesResponse']['returnval']['propSet']['val']
|
||||
vm = hash['config']
|
||||
vm['runtime'] = hash['runtime']
|
||||
vm['guest'] = hash['guest']
|
||||
vm['quickStats'] = hash['quickStats']
|
||||
return vm
|
||||
end
|
||||
|
||||
def vim_logged_in?
|
||||
return true if @vim_cookie
|
||||
return false
|
||||
end
|
||||
|
||||
def vim_instance_vars_set?
|
||||
return false if @server_objects.nil? or @server_objects.empty?
|
||||
return false if @host.nil? or @host.empty?
|
||||
return true
|
||||
end
|
||||
|
||||
def vim_setup_references
|
||||
unless vim_instance_vars_set?
|
||||
@dcs = []
|
||||
@hosts = []
|
||||
vim_get_dcs
|
||||
vim_get_all_hosts
|
||||
@hosts.flatten!
|
||||
@hosts.compact!
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
|
@ -686,6 +686,16 @@ class Host < ActiveRecord::Base
|
|||
wtype['server'] = wtype['server'].to_i + points
|
||||
end # End of s.info for SMTP
|
||||
|
||||
when 'https'
|
||||
points = 101
|
||||
case s.info
|
||||
when /(VMware\s(ESXi?)).*\s([\d\.]+)/
|
||||
# Very reliable fingerprinting from our own esx_fingerprint module
|
||||
wname[$1] = wname[$1].to_i + (points * 5)
|
||||
wflav[$3] = wflav[$3].to_i + (points * 5)
|
||||
wtype['device'] = wtype['device'].to_i + points
|
||||
end # End of s.info for HTTPS
|
||||
|
||||
when 'netbios'
|
||||
points = 201
|
||||
case s.info
|
||||
|
@ -720,7 +730,7 @@ class Host < ActiveRecord::Base
|
|||
best_match[:name] = whost.keys.sort{|a,b| whost[b] <=> whost[a]}[0]
|
||||
best_match[:os_lang] = wlang.keys.sort{|a,b| wlang[b] <=> wlang[a]}[0]
|
||||
|
||||
best_match[:os_flavor] ||= ""
|
||||
best_match[:os_flavor] ||= host[:os_flavor] || ""
|
||||
if best_match[:os_name]
|
||||
# Handle cases where the flavor contains the base name
|
||||
# Don't use gsub!() here because the string was a hash key in a
|
||||
|
@ -728,7 +738,9 @@ class Host < ActiveRecord::Base
|
|||
best_match[:os_flavor] = best_match[:os_flavor].gsub(best_match[:os_name], '')
|
||||
end
|
||||
|
||||
best_match[:os_name] ||= 'Unknown'
|
||||
# If we didn't get anything, use whatever the host already has.
|
||||
# Failing that, fallback to "Unknown"
|
||||
best_match[:os_name] ||= host[:os_name] || 'Unknown'
|
||||
best_match[:purpose] ||= 'device'
|
||||
|
||||
[:os_name, :purpose, :os_flavor, :os_sp, :arch, :name, :os_lang].each do |host_attr|
|
||||
|
|
|
@ -0,0 +1,99 @@
|
|||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
|
||||
require 'msf/core'
|
||||
require 'msf/core/exploit/vim_soap'
|
||||
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Exploit::Remote::VIMSoap
|
||||
include Msf::Auxiliary::Scanner
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'VMWare ESX/ESXi Fingerprint Scanner',
|
||||
'Version' => '$Revision$',
|
||||
'Description' => %Q{
|
||||
This module accesses the web API interfaces for VMware ESX/ESXi servers
|
||||
and attempts to identify version information for that server.},
|
||||
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
register_options([Opt::RPORT(443)], self.class)
|
||||
end
|
||||
|
||||
|
||||
def run_host(ip)
|
||||
soap_data =
|
||||
%Q|<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<env:Body>
|
||||
<RetrieveServiceContent xmlns="urn:vim25">
|
||||
<_this type="ServiceInstance">ServiceInstance</_this>
|
||||
</RetrieveServiceContent>
|
||||
</env:Body>
|
||||
</env:Envelope>|
|
||||
datastore['URI'] ||= "/sdk"
|
||||
res = nil
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => datastore['URI'],
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'data' => soap_data
|
||||
}, 25)
|
||||
rescue ::Rex::ConnectionError => e
|
||||
vprint_error("http://#{ip}:#{rport}#{datastore['URI']} - #{e}")
|
||||
return false
|
||||
rescue
|
||||
vprint_error("Skipping #{ip} due to error - #{e}")
|
||||
return false
|
||||
end
|
||||
fingerprint_vmware(ip,res)
|
||||
end
|
||||
|
||||
# Takes an ip address and a response, and just checks the response
|
||||
# to pull out version info. If it's ESX, report the OS as ESX (since
|
||||
# it's a hypervisor deal then). Otherwise, just report the service.
|
||||
# XXX: report_service is stomping on the report_host OS. This is le suck.
|
||||
def fingerprint_vmware(ip,res)
|
||||
unless res
|
||||
vprint_error("http://#{ip}:#{rport} - No response")
|
||||
return false
|
||||
end
|
||||
return false unless res.body.include?('<vendor>VMware, Inc.</vendor>')
|
||||
os_match = res.body.match(/<name>([\w\s]+)<\/name>/)
|
||||
ver_match = res.body.match(/<version>([\w\s\.]+)<\/version>/)
|
||||
build_match = res.body.match(/<build>([\w\s\.\-]+)<\/build>/)
|
||||
full_match = res.body.match(/<fullName>([\w\s\.\-]+)<\/fullName>/)
|
||||
this_host = nil
|
||||
if full_match
|
||||
print_good "Identified #{full_match[1]}"
|
||||
report_service(:host => (this_host || ip), :port => rport, :proto => 'tcp', :name => 'https', :info => full_match[1])
|
||||
end
|
||||
if os_match and ver_match and build_match
|
||||
if os_match[1] =~ /ESX/ or os_match[1] =~ /vCenter/
|
||||
this_host = report_host( :host => ip, :os_name => os_match[1], :os_flavor => ver_match[1], :os_sp => "Build #{build_match[1]}" )
|
||||
end
|
||||
return true
|
||||
else
|
||||
vprint_error("http://#{ip}:#{rport} - Could not identify as VMWare")
|
||||
return false
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
Loading…
Reference in New Issue