From debb01062dc501fcf15049778baa47e896689fdb Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 22 Aug 2024 23:19:09 +0200 Subject: [PATCH] Improve a bit modules/post/linux/gather/checkvm.rb Based on some old notes that I never bothered to upstream into metasploit. --- modules/post/linux/gather/checkvm.rb | 39 +++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/modules/post/linux/gather/checkvm.rb b/modules/post/linux/gather/checkvm.rb index 9ed69465d463..1da6a51b25d8 100644 --- a/modules/post/linux/gather/checkvm.rb +++ b/modules/post/linux/gather/checkvm.rb @@ -18,7 +18,7 @@ def initialize(info = {}) This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, - and QEMU/KVM. + Bhyve and QEMU/KVM. }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], @@ -154,6 +154,10 @@ def run product_name = read_file('/sys/class/dmi/id/product_name') if product_name case product_name.gsub("\n", ' ') + when /bhyve/i + vm = 'Bhyve' + when /qemu/i + vm = 'Qemu' when /vmware/i vm = 'VMware' when /virtualbox/i @@ -175,6 +179,8 @@ def run case bios_vendor.gsub("\n", ' ') when /^xen/i vm = 'Xen' + when /innotek GmbH/i + vm = 'VirtualBox' end end end @@ -199,6 +205,37 @@ def run end end end + if !vm + xen_type = read_file('/sys/hypervisor/type') + if xen_type + if xen_type == 'xen' + vm = 'Xen' + end + end + end + + # Check device tree + if !vm + compatible = read_file('/proc/device-tree/compatible') + if compatible + if compatible.include? 'qemu' + vm = 'Qemu/KVM' + end + end + end + if !vm + compatible = read_file('/proc/device-tree/hypervisor/compatible') + if compatible + case compatible + when /linux,kvm/i + vm = 'Qemu/KVM' + when /xen/i + vm = 'Xen' + when /vmware/i + vm = 'VMware' + end + end + end # Check Processes if !vm