Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fixed gitattribtes, added some postExploit
- Loading branch information
Showing
6 changed files
with
1,520 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,304 @@ | ||
# Taken from Nishang (https://github.com/samratashok/nishang) | ||
# Checks if host is a virtual machine | ||
# @Und3rf10w | ||
|
||
function Check-VM | ||
{ | ||
|
||
<# | ||
.SYNOPSIS | ||
Nishang script which detects whether it is in a known virtual machine. | ||
.DESCRIPTION | ||
This script uses known parameters or 'fingerprints' of Hyper-V, VMWare, Virtual PC, Virtual Box, | ||
Xen and QEMU for detecting the environment. | ||
.EXAMPLE | ||
PS > Check-VM | ||
.LINK | ||
http://www.labofapenetrationtester.com/2013/01/quick-post-check-if-your-payload-is.html | ||
https://github.com/samratashok/nishang | ||
.NOTES | ||
The script draws heavily from checkvm.rb post module from msf. | ||
https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/checkvm.rb | ||
#> | ||
[CmdletBinding()] Param() | ||
$ErrorActionPreference = "SilentlyContinue" | ||
#Hyper-V | ||
$hyperv = Get-ChildItem HKLM:\SOFTWARE\Microsoft | ||
if (($hyperv -match "Hyper-V") -or ($hyperv -match "VirtualMachine")) | ||
{ | ||
$hypervm = $true | ||
} | ||
|
||
if (!$hypervm) | ||
{ | ||
$hyperv = Get-ItemProperty hklm:\HARDWARE\DESCRIPTION\System -Name SystemBiosVersion | ||
if ($hyperv -match "vrtual") | ||
{ | ||
$hypervm = $true | ||
} | ||
} | ||
|
||
if (!$hypervm) | ||
{ | ||
$hyperv = Get-ChildItem HKLM:\HARDWARE\ACPI\FADT | ||
if ($hyperv -match "vrtual") | ||
{ | ||
$hypervm = $true | ||
} | ||
} | ||
|
||
if (!$hypervm) | ||
{ | ||
$hyperv = Get-ChildItem HKLM:\HARDWARE\ACPI\RSDT | ||
if ($hyperv -match "vrtual") | ||
{ | ||
$hypervm = $true | ||
} | ||
} | ||
|
||
if (!$hypervm) | ||
{ | ||
$hyperv = Get-ChildItem HKLM:\SYSTEM\ControlSet001\Services | ||
if (($hyperv -match "vmicheartbeat") -or ($hyperv -match "vmicvss") -or ($hyperv -match "vmicshutdown") -or ($hyperv -match "vmiexchange")) | ||
{ | ||
$hypervm = $true | ||
} | ||
} | ||
|
||
if ($hypervm) | ||
{ | ||
|
||
"This is a Hyper-V machine." | ||
|
||
} | ||
|
||
#VMWARE | ||
|
||
$vmware = Get-ChildItem HKLM:\SYSTEM\ControlSet001\Services | ||
if (($vmware -match "vmdebug") -or ($vmware -match "vmmouse") -or ($vmware -match "VMTools") -or ($vmware -match "VMMEMCTL")) | ||
{ | ||
$vmwarevm = $true | ||
} | ||
|
||
if (!$vmwarevm) | ||
{ | ||
$vmware = Get-ItemProperty hklm:\HARDWARE\DESCRIPTION\System\BIOS -Name SystemManufacturer | ||
if ($vmware -match "vmware") | ||
{ | ||
$vmwarevm = $true | ||
} | ||
} | ||
|
||
if (!$vmwarevm) | ||
{ | ||
$vmware = Get-Childitem hklm:\hardware\devicemap\scsi -recurse | gp -Name identifier | ||
if ($vmware -match "vmware") | ||
{ | ||
$vmwarevm = $true | ||
} | ||
} | ||
|
||
if (!$vmwarevm) | ||
{ | ||
$vmware = Get-Process | ||
if (($vmware -eq "vmwareuser.exe") -or ($vmware -match "vmwaretray.exe")) | ||
{ | ||
$vmwarevm = $true | ||
} | ||
} | ||
|
||
if ($vmwarevm) | ||
{ | ||
|
||
"This is a VMWare machine." | ||
|
||
} | ||
|
||
#Virtual PC | ||
|
||
$vpc = Get-Process | ||
if (($vpc -eq "vmusrvc.exe") -or ($vpc -match "vmsrvc.exe")) | ||
{ | ||
$vpcvm = $true | ||
} | ||
|
||
if (!$vpcvm) | ||
{ | ||
$vpc = Get-Process | ||
if (($vpc -eq "vmwareuser.exe") -or ($vpc -match "vmwaretray.exe")) | ||
{ | ||
$vpcvm = $true | ||
} | ||
} | ||
|
||
if (!$vpcvm) | ||
{ | ||
$vpc = Get-ChildItem HKLM:\SYSTEM\ControlSet001\Services | ||
if (($vpc -match "vpc-s3") -or ($vpc -match "vpcuhub") -or ($vpc -match "msvmmouf")) | ||
{ | ||
$vpcvm = $true | ||
} | ||
} | ||
|
||
if ($vpcvm) | ||
{ | ||
|
||
"This is a Virtual PC." | ||
|
||
} | ||
|
||
|
||
#Virtual Box | ||
|
||
$vb = Get-Process | ||
if (($vb -eq "vboxservice.exe") -or ($vb -match "vboxtray.exe")) | ||
{ | ||
|
||
$vbvm = $true | ||
|
||
} | ||
if (!$vbvm) | ||
{ | ||
$vb = Get-ChildItem HKLM:\HARDWARE\ACPI\FADT | ||
if ($vb -match "vbox_") | ||
{ | ||
$vbvm = $true | ||
} | ||
} | ||
|
||
if (!$vbvm) | ||
{ | ||
$vb = Get-ChildItem HKLM:\HARDWARE\ACPI\RSDT | ||
if ($vb -match "vbox_") | ||
{ | ||
$vbvm = $true | ||
} | ||
} | ||
|
||
|
||
if (!$vbvm) | ||
{ | ||
$vb = Get-Childitem hklm:\hardware\devicemap\scsi -recurse | gp -Name identifier | ||
if ($vb -match "vbox") | ||
{ | ||
$vbvm = $true | ||
} | ||
} | ||
|
||
|
||
|
||
if (!$vbvm) | ||
{ | ||
$vb = Get-ItemProperty hklm:\HARDWARE\DESCRIPTION\System -Name SystemBiosVersion | ||
if ($vb -match "vbox") | ||
{ | ||
$vbvm = $true | ||
} | ||
} | ||
|
||
|
||
if (!$vbvm) | ||
{ | ||
$vb = Get-ChildItem HKLM:\SYSTEM\ControlSet001\Services | ||
if (($vb -match "VBoxMouse") -or ($vb -match "VBoxGuest") -or ($vb -match "VBoxService") -or ($vb -match "VBoxSF")) | ||
{ | ||
$vbvm = $true | ||
} | ||
} | ||
|
||
if ($vbvm) | ||
{ | ||
|
||
"This is a Virtual Box." | ||
|
||
} | ||
|
||
|
||
|
||
#Xen | ||
|
||
$xen = Get-Process | ||
|
||
if ($xen -eq "xenservice.exe") | ||
{ | ||
|
||
$xenvm = $true | ||
|
||
} | ||
|
||
if (!$xenvm) | ||
{ | ||
$xen = Get-ChildItem HKLM:\HARDWARE\ACPI\FADT | ||
if ($xen -match "xen") | ||
{ | ||
$xenvm = $true | ||
} | ||
} | ||
|
||
if (!$xenvm) | ||
{ | ||
$xen = Get-ChildItem HKLM:\HARDWARE\ACPI\DSDT | ||
if ($xen -match "xen") | ||
{ | ||
$xenvm = $true | ||
} | ||
} | ||
|
||
if (!$xenvm) | ||
{ | ||
$xen = Get-ChildItem HKLM:\HARDWARE\ACPI\RSDT | ||
if ($xen -match "xen") | ||
{ | ||
$xenvm = $true | ||
} | ||
} | ||
|
||
|
||
if (!$xenvm) | ||
{ | ||
$xen = Get-ChildItem HKLM:\SYSTEM\ControlSet001\Services | ||
if (($xen -match "xenevtchn") -or ($xen -match "xennet") -or ($xen -match "xennet6") -or ($xen -match "xensvc") -or ($xen -match "xenvdb")) | ||
{ | ||
$xenvm = $true | ||
} | ||
} | ||
|
||
|
||
if ($xenvm) | ||
{ | ||
|
||
"This is a Xen Machine." | ||
|
||
} | ||
|
||
|
||
#QEMU | ||
|
||
$qemu = Get-Childitem hklm:\hardware\devicemap\scsi -recurse | gp -Name identifier | ||
if ($qemu -match "qemu") | ||
{ | ||
|
||
$qemuvm = $true | ||
|
||
} | ||
|
||
if (!$qemuvm) | ||
{ | ||
$qemu = Get-ItemProperty hklm:HARDWARE\DESCRIPTION\System\CentralProcessor\0 -Name ProcessorNameString | ||
if ($qemu -match "qemu") | ||
{ | ||
$qemuvm = $true | ||
} | ||
} | ||
|
||
if ($qemuvm) | ||
{ | ||
|
||
"This is a Qemu machine." | ||
|
||
} | ||
} |
Oops, something went wrong.