modules/post/multi/gather/enum_vbox.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'yaml'

class MetasploitModule < Msf::Post
  include Msf::Post::File

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Multi Gather VirtualBox VM Enumeration',
        'Description' => %q{
          This module will attempt to enumerate any VirtualBox VMs on the target machine.
          Due to the nature of VirtualBox, this module can only enumerate VMs registered
          for the current user, therefore, this module needs to be invoked from a user context.
        },
        'License' => MSF_LICENSE,
        'Author' => ['theLightCosine'],
        'Platform' => %w[bsd linux osx unix win],
        'SessionTypes' => ['shell', 'meterpreter' ]
      )
    )
  end

  def run
    case session.platform
    when 'windows'
      if session.type == 'meterpreter'
        begin
          res = cmd_exec('c:\\Program Files\\Oracle\\VirtualBox\\vboxmanage', 'list -l vms')
        rescue ::Rex::Post::Meterpreter::RequestError
          print_error('VirtualBox does not appear to be installed on this machine')
          return nil
        end

        if res.empty?
          print_status('VirtualBox is installed but this user has no VMs registered. Try another user.')
          return nil
        end
      else
        res = cmd_exec('"c:\\Program Files\\Oracle\\VirtualBox\\vboxmanage" list -l vms')
        if res.empty?
          print_error('VirtualBox isn\'t installed or this user has no VMs registered')
          return nil
        end
      end
    when 'unix', 'linux', 'bsd', 'osx'
      res = cmd_exec('vboxmanage list -l vms')

      unless res.start_with?('Sun VirtualBox') || res.include?('Name:')
        print_error('VirtualBox isn\'t installed or this user has no VMs registered')
        return nil
      end
    end

    return nil unless res

    vprint_status(res)
    store_path = store_loot('virtualbox_vms', 'text/plain', session, res, 'virtualbox_vms.txt', 'Virtualbox Virtual Machines')
    print_good("#{peer} - File successfully retrieved and saved on #{store_path}")
  end

end
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`##`

			`require 'yaml'`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Post`
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`include Msf::Post::File`
Retab modules 2013-08-30 16:28:54 -05:00
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
			`'Name' => 'Multi Gather VirtualBox VM Enumeration',`
			`'Description' => %q{`
			`This module will attempt to enumerate any VirtualBox VMs on the target machine.`
			`Due to the nature of VirtualBox, this module can only enumerate VMs registered`
			`for the current user, therefore, this module needs to be invoked from a user context.`
			`},`
			`'License' => MSF_LICENSE,`
			`'Author' => ['theLightCosine'],`
			`'Platform' => %w[bsd linux osx unix win],`
			`'SessionTypes' => ['shell', 'meterpreter' ]`
			`)`
			`)`
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`def run`
Final pass of regex -> string checks 2016-10-29 14:59:05 +10:00			`case session.platform`
			`when 'windows'`
Update enum_vbox 2015-06-22 17:54:17 -05:00			`if session.type == 'meterpreter'`
			`begin`
			`res = cmd_exec('c:\\Program Files\\Oracle\\VirtualBox\\vboxmanage', 'list -l vms')`
			`rescue ::Rex::Post::Meterpreter::RequestError`
			`print_error('VirtualBox does not appear to be installed on this machine')`
			`return nil`
			`end`

			`if res.empty?`
			`print_status('VirtualBox is installed but this user has no VMs registered. Try another user.')`
			`return nil`
			`end`
			`else`
			`res = cmd_exec('"c:\\Program Files\\Oracle\\VirtualBox\\vboxmanage" list -l vms')`
			`if res.empty?`
			`print_error('VirtualBox isn\'t installed or this user has no VMs registered')`
			`return nil`
			`end`
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`end`
Final pass of regex -> string checks 2016-10-29 14:59:05 +10:00			`when 'unix', 'linux', 'bsd', 'osx'`
Update enum_vbox 2015-06-22 17:54:17 -05:00			`res = cmd_exec('vboxmanage list -l vms')`

			`unless res.start_with?('Sun VirtualBox') \|\| res.include?('Name:')`
			`print_error('VirtualBox isn\'t installed or this user has no VMs registered')`
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`return nil`
			`end`
			`end`
Update enum_vbox 2015-06-22 17:54:17 -05:00
fixes to more modules 2017-09-30 15:45:52 -04:00			`return nil unless res`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00
Update enum_vbox 2015-06-22 17:54:17 -05:00			`vprint_status(res)`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`store_path = store_loot('virtualbox_vms', 'text/plain', session, res, 'virtualbox_vms.txt', 'Virtualbox Virtual Machines')`
Update enum_vbox 2015-06-22 17:54:17 -05:00			`print_good("#{peer} - File successfully retrieved and saved on #{store_path}")`
Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00			`end`

			`end`