Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved checkvm module: Hyper-V checks and documentation #9430

Merged
merged 3 commits into from
Jan 23, 2018
Merged

Improved checkvm module: Hyper-V checks and documentation #9430

merged 3 commits into from
Jan 23, 2018

Conversation

asoto-r7
Copy link
Contributor

@asoto-r7 asoto-r7 commented Jan 17, 2018
edited
Loading

All Win10 machines, physical and virtual, were being reported as 'Hyper-V' (false positives). This PR is to rework existing checks, remove false positives, and add functionality to extract the hostname of physical hypervisor from VM registry.

Also, documentation!

Verification

  • Start msfconsole
  • Get a meterpreter on a physical Win10 workstation
  • run post/windows/gather/checkvm
  • Observe the following output:
[*] Checking if DESKTOP-Q05UKIU is a Virtual Machine .....
[*] DESKTOP-Q05UKIU appears to be a Physical Machine
  • Get a meterpreter on a VMware-based VM (I used Fusion with a Win10 VM with VMtools installed)
  • run post/windows/gather/checkvm
  • Observe the following output:
[*] Checking if DESKTOP-Q05UKIU is a Virtual Machine .....
[+] This is a VMware Virtual Machine
  • Get a meterpreter on a HyperV-based VM (I used Win2k8 R2 Enterprise with a Win7 VM)
  • run post/windows/gather/checkvm
  • Observe the following output:
[*] Checking if DESKTOP-Q05UKIU is a Virtual Machine .....
[+] This is a Hyper-V Virtual Machine running on physical host ASOTO-HYPERV-SERVER
  • Ogle the documentation and point out typos.

@asoto-r7
Improve Hyper-V tests in checkvm
10cf327 
All Win10 machines, physical and virtual, were being reported as 'Hyper-V' (false positives)

Added functionality to extract hostname of physical hypervisor from VM registry
@asoto-r7
Created checkvm documentation
fff1c16
@acammack-r7 acammack-r7 merged commit 9328374 into rapid7:master Jan 23, 2018
acammack-r7
acammack-r7 approved these changes Jan 23, 2018
View reviewed changes
Copy link
Contributor

@acammack-r7 acammack-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

acammack-r7 added a commit that referenced this pull request Jan 23, 2018
@acammack-r7
Land #9430, Improve Hyper-V checkvm checks
d81d50b
jmartin-tech pushed a commit to jmartin-tech/metasploit-framework that referenced this pull request Jan 24, 2018
@acammack-r7 @jmartin-tech
Land rapid7#9430, Improve Hyper-V checkvm checks
b28f983
jmartin-tech pushed a commit to jmartin-tech/metasploit-framework that referenced this pull request Jan 24, 2018
@acammack-r7 @jmartin-tech
Land rapid7#9430, Improve Hyper-V checkvm checks
a4022f7
@allrosenthal-r7
Copy link

@acammack-r7 can you please add release notes to this PR?

@acammack-r7
Copy link
Contributor

acammack-r7 commented Feb 6, 2018
edited by allrosenthal-r7
Loading

Release Notes

The post/windows/gather/checkvm module has been updated to remove false positive Hyper-V checks on new Windows versions.

@allrosenthal-r7 allrosenthal-r7 added the rn-enhancement release notes enhancement label Feb 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acammack-r7 acammack-r7 acammack-r7 approved these changes

Assignees

@acammack-r7 acammack-r7

Labels
module rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@asoto-r7 @allrosenthal-r7 @acammack-r7