modules/auxiliary/scanner/vmware/vmware_enum_vms.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpClient
  include Msf::Auxiliary::Report
  include Msf::Exploit::Remote::VIMSoap
  include Msf::Auxiliary::Scanner

  def initialize
    super(
      'Name'           => 'VMWare Enumerate Virtual Machines',
      'Description'    => %Q{
        This module attempts to discover virtual machines on any VMWare instance
        running the web interface. This would include ESX/ESXi and VMWare Server.
      },
      'Author'         => ['theLightCosine'],
      'License'        => MSF_LICENSE,
      'DefaultOptions' => { 'SSL' => true }
    )

    register_options(
      [
        Opt::RPORT(443),
        OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),
        OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),
        OptBool.new('SCREENSHOT', [true, "Whether or not to try to take a screenshot", true])
      ])
  end

  def run_host(ip)

    if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
      virtual_machines = vim_get_vms
      virtual_machines.each do |vm|
        print_good YAML.dump(vm)
        report_note(
          :host  => rhost,
          :type  => "vmware.esx.vm",
          :data  => vm,
          :port  => rport,
          :proto => 'tcp',
          :update => :unique_data
        )
        next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'
        print_status "Attempting to take screenshot of #{vm['name']}...."
        screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )
        case screenshot
        when :error
          print_error "Screenshot failed"
          next
        when :expired
          vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])
          retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )
          if retry_result == :error or retry_result == :expired
            print_error "Screenshot failed"
          else
            ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], retry_result, "#{vm['name']}_screenshot.png", "Screenshot of VM #{vm['name']}")
            print_good "Screenshot Saved to #{ss_path}"
          end
        else
          ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], screenshot, "screenshot.png", "Screenshot of VM #{vm['name']}")
          print_good "Screenshot Saved to #{ss_path}"
        end
      end

      f = store_loot('host.vmware.vms', "text/plain", datastore['RHOST'], YAML.dump(virtual_machines) , "#{datastore['RHOST']}_esx_vms.txt", "VMWare ESX Virtual Machines")
      vprint_good("VM info stored in: #{f}")
    else
      print_error "Login Failure on #{ip}"
      return
    end
  end
end
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Auxiliary`
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`include Msf::Exploit::Remote::HttpClient`
			`include Msf::Auxiliary::Report`
			`include Msf::Exploit::Remote::VIMSoap`
			`include Msf::Auxiliary::Scanner`

			`def initialize`
			`super(`
			`'Name' => 'VMWare Enumerate Virtual Machines',`
			`'Description' => %Q{`
Massive whitespace cleanup 2012-03-18 00:07:27 -05:00			`This module attempts to discover virtual machines on any VMWare instance`
			`running the web interface. This would include ESX/ESXi and VMWare Server.`
			`},`
updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00			`'Author' => ['theLightCosine'],`
remove re-registered ssl options 2016-01-22 09:54:52 +01:00			`'License' => MSF_LICENSE,`
			`'DefaultOptions' => { 'SSL' => true }`
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`)`

			`register_options(`
			`[`
			`Opt::RPORT(443),`
			`OptString.new('USERNAME', [ true, "The username to Authenticate with.", 'root' ]),`
Working Screenshot capability! 2012-02-11 03:51:18 -06:00			`OptString.new('PASSWORD', [ true, "The password to Authenticate with.", 'password' ]),`
fix spelling in aux modules 2024-01-07 15:02:53 -05:00			`OptBool.new('SCREENSHOT', [true, "Whether or not to try to take a screenshot", true])`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`end`

			`def run_host(ip)`

			`if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success`
			`virtual_machines = vim_get_vms`
Comply with msftidy 2012-08-07 15:59:01 -05:00			`virtual_machines.each do \|vm\|`
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`print_good YAML.dump(vm)`
			`report_note(`
			`:host => rhost,`
			`:type => "vmware.esx.vm",`
			`:data => vm,`
			`:port => rport,`
			`:proto => 'tcp',`
			`:update => :unique_data`
			`)`
Improved vmware enumerate vm modules 2012-02-13 12:07:28 -06:00			`next unless datastore['SCREENSHOT'] and vm['runtime']['powerState'] == 'poweredOn'`
			`print_status "Attempting to take screenshot of #{vm['name']}...."`
			`screenshot = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )`
			`case screenshot`
			`when :error`
			`print_error "Screenshot failed"`
			`next`
			`when :expired`
			`vim_do_login(datastore['USERNAME'], datastore['PASSWORD'])`
			`retry_result = vim_take_screenshot(vm, datastore['USERNAME'], datastore['PASSWORD'] )`
			`if retry_result == :error or retry_result == :expired`
			`print_error "Screenshot failed"`
			`else`
Permissions scanner for vmware 2012-02-16 02:19:33 -06:00			`ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], retry_result, "#{vm['name']}_screenshot.png", "Screenshot of VM #{vm['name']}")`
Improved vmware enumerate vm modules 2012-02-13 12:07:28 -06:00			`print_good "Screenshot Saved to #{ss_path}"`
			`end`
			`else`
Permissions scanner for vmware 2012-02-16 02:19:33 -06:00			`ss_path = store_loot("host.vmware.screenshot", "image/png", datastore['RHOST'], screenshot, "screenshot.png", "Screenshot of VM #{vm['name']}")`
Improved vmware enumerate vm modules 2012-02-13 12:07:28 -06:00			`print_good "Screenshot Saved to #{ss_path}"`
			`end`
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`end`
[SeeRM #8313 ] - Print where files are stored 2013-08-19 15:02:15 -05:00
			`f = store_loot('host.vmware.vms', "text/plain", datastore['RHOST'], YAML.dump(virtual_machines) , "#{datastore['RHOST']}_esx_vms.txt", "VMWare ESX Virtual Machines")`
OCD - store_loot & print_good 2017-07-19 13:02:49 +01:00			`vprint_good("VM info stored in: #{f}")`
Adding a bunch of new VIM API auxiliary stuff 2012-02-01 12:05:20 -06:00			`else`
			`print_error "Login Failure on #{ip}"`
			`return`
			`end`
			`end`
			`end`