Lucene search
K

Windows Gather Physical Drives and Logical Volumes

🗓️ 28 Aug 2011 22:38:59Reported by Wesley McGrew <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 32 Views

List physical drives and logical volumes on remote system

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

#
# List physical drives and logical volumes on the remote system
#
# R. Wesley McGrew [email protected]
#    http://mcgrewsecurity.com
# Mississippi State University National Forensics Training Center
#    http://msu-nftc.org

class MetasploitModule < Msf::Post
  include Msf::Post::File
  include Msf::Post::Windows::FileSystem

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Gather Physical Drives and Logical Volumes',
        'Description' => %q{This module will list physical drives and logical volumes},
        'License' => MSF_LICENSE,
        'Platform' => ['win'],
        'SessionTypes' => ['meterpreter'],
        'Author' => ['Wesley McGrew <wesley[at]mcgrewsecurity.com>'],
        'Compat' => {
          'Meterpreter' => {
            'Commands' => %w[
              stdapi_railgun_api
            ]
          }
        }
      )
    )
    register_options(
      [
        OptInt.new('MAXDRIVES', [false, 'Maximum physical drive number', 10])
      ]
    )
  end

  def print_device(devname)
    ioctl_disk_get_drive_geometry_ex = 0x000700A0
    ioctl_disk_get_partition_info = 0x00074004
    removable = 0x0b
    fixed = 0x0c
    invalid_handle_value = 0xFFFFFFFF
    result = client.railgun.kernel32.CreateFileA(devname, 'GENERIC_READ',
                                                 0x3, nil, 'OPEN_EXISTING', 'FILE_ATTRIBUTE_READONLY', 0)
    handle = result['return']
    if result['return'] != invalid_handle_value
      driveinfo = ''
      ioctl = client.railgun.kernel32.DeviceIoControl(handle, ioctl_disk_get_drive_geometry_ex,
                                                      '', 0, 200, 200, 4, '')
      if ioctl['GetLastError'] == 6
        ioctl = client.railgun.kernel32.DeviceIoControl(handle, ioctl_disk_get_drive_geometry_ex,
                                                        '', 0, 200, 200, 4, '')
      end
      geometry = ioctl['lpOutBuffer']
      if geometry[8] == removable
        type = 'Removable'
      elsif geometry[8] == fixed
        type = 'Fixed'
      else
        type = ''
      end

      size = geometry[24, 31].unpack('Q')
      if size.to_s == '4702111234474983745'
        size = 'N/A'
      end

      print_line('%-25s%12s%15i' % [devname, type, size[0]])
      client.railgun.kernel32.CloseHandle(handle)
    end
  end

  def run
    print_line('Device Name:                    Type:   Size (bytes):')
    print_line('------------                    -----   -------------')
    print_line('<Physical Drives:>')
    max_physical = datastore['MAXDRIVES']
    (0..max_physical).each do |i|
      devname = "\\\\.\\PhysicalDrive#{i}"
      print_device(devname)
    end

    print_line('<Logical Drives:>')
    get_drives.each do |i|
      devname = "\\\\.\\#{i}:"
      print_device(devname)
    end
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Feb 2023 13:47Current
0.3Low risk
Vulners AI Score0.3
32