modules/post/windows/gather/enum_hyperv_vms.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Powershell

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Hyper-V VM Enumeration',
        'Description' => %q{
          This module will check if the target machine is a Hyper-V host and, if it is, will return a list of all
          of the VMs running on the host, as well as stats such as their state, version, CPU Usage, uptime, and status.
        },
        'License' => MSF_LICENSE,
        'Platform' => ['win'],
        'SessionTypes' => ['meterpreter'],
        'Author' => [
          'gwillcox-r7' # Metasploit post module
        ],
        'Notes' => {
          'Stability' => [CRASH_SAFE],
          'Reliability' => [],
          'SideEffects' => []
        }
      )
      )
  end

  def run
    unless have_powershell?
      fail_with(Failure::NoAccess, "The target does not have PowerShell installed so we can't access the state of the Hyper-V VMs")
    end
    error_token = Rex::Text.rand_text_alpha(8)
    get_vm = "try { Get-VM } catch {echo #{error_token}; echo $Error[0]}"
    results = psh_exec(get_vm)
    if results.starts_with?(error_token)
      results = results.delete_prefix(error_token).strip
      print_error('Error running `Get-VM` command:')
      print_line(results)
      return
    end
    vprint_status(results)
    filtered_result = results.match(/^Name(?:.+\r\n){1,2000}/) # If your running more than 2000 VMs on a single host, you have my sincerest sympathy.
    if filtered_result.nil?
      print_error("Sorry, no results were found! Perhaps the target has Hyper-V installed but doesn't have any VMs set up?")
      return
    end
    print_status(filtered_result.to_s)
    loot_location = store_loot('host.hyperv_vms', 'text/plain', session, filtered_result.to_s, "#{session.session_host}.hyperv_vm_information.txt", "#{session.session_host} Hyper-V VM Information")
    print_good("Stored loot at #{loot_location}")
  end
end
Add in initial copy of module and documentation 2020-09-10 18:52:13 -05:00			`##`
			`# This module requires Metasploit: https://metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`class MetasploitModule < Msf::Post`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`include Msf::Post::Windows::Powershell`

			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
			`'Name' => 'Windows Hyper-V VM Enumeration',`
			`'Description' => %q{`
			`This module will check if the target machine is a Hyper-V host and, if it is, will return a list of all`
Add in initial copy of module and documentation 2020-09-10 18:52:13 -05:00			`of the VMs running on the host, as well as stats such as their state, version, CPU Usage, uptime, and status.`
			`},`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`'License' => MSF_LICENSE,`
			`'Platform' => ['win'],`
			`'SessionTypes' => ['meterpreter'],`
Run Rubocop layout rules on modules 2021-08-27 17:15:33 +01:00			`'Author' => [`
			`'gwillcox-r7' # Metasploit post module`
			`],`
fix new rubocop errors 2021-06-14 18:25:22 +05:30			`'Notes' => {`
			`'Stability' => [CRASH_SAFE],`
			`'Reliability' => [],`
			`'SideEffects' => []`
			`}`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`)`
			`)`
			`end`

			`def run`
			`unless have_powershell?`
			`fail_with(Failure::NoAccess, "The target does not have PowerShell installed so we can't access the state of the Hyper-V VMs")`
			`end`
define error_token as a random alphanumeric string 2021-06-14 23:32:44 +05:30			`error_token = Rex::Text.rand_text_alpha(8)`
add error_token in case the command fails and remove regexp from psh_exec 2021-06-14 15:02:39 +05:30			`get_vm = "try { Get-VM } catch {echo #{error_token}; echo $Error[0]}"`
fix localization issue in windows/enum_hyperv_vms and chomp extra data from psh_exec method 2021-06-09 22:51:05 +05:30			`results = psh_exec(get_vm)`
Update modules/post/windows/gather/enum_hyperv_vms.rb 2021-06-14 23:23:04 +05:30			`if results.starts_with?(error_token)`
			`results = results.delete_prefix(error_token).strip`
Update modules/post/windows/gather/enum_hyperv_vms.rb 2021-06-14 23:23:12 +05:30			print_error('Error running `Get-VM` command:')
			`print_line(results)`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`return`
Add in initial copy of module and documentation 2020-09-10 18:52:13 -05:00			`end`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`vprint_status(results)`
Fix up regex in module to address changes noted in review. Also update documentation to remove an extra line and to address review recommendtations 2020-09-16 16:02:54 -05:00			`filtered_result = results.match(/^Name(?:.+\r\n){1,2000}/) # If your running more than 2000 VMs on a single host, you have my sincerest sympathy.`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`if filtered_result.nil?`
			`print_error("Sorry, no results were found! Perhaps the target has Hyper-V installed but doesn't have any VMs set up?")`
			`return`
Add in initial copy of module and documentation 2020-09-10 18:52:13 -05:00			`end`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`print_status(filtered_result.to_s)`
			`loot_location = store_loot('host.hyperv_vms', 'text/plain', session, filtered_result.to_s, "#{session.session_host}.hyperv_vm_information.txt", "#{session.session_host} Hyper-V VM Information")`
			`print_good("Stored loot at #{loot_location}")`
Add in initial copy of module and documentation 2020-09-10 18:52:13 -05:00			`end`
Apply msftidy_docs.rb fixes and RuboCop the module 2020-09-11 09:40:37 -05:00			`end`