How to open disks of virtual machines and download and upload files to them (SOLVED)
libguestfs for working with virtual machine disks
The libguestfs (libguestfs.org) package is required to work with virtual machine images.
libguestfs is a set of tools for accessing and modifying virtual machine (VM) disk images. You can use this for viewing and editing files inside guests, scripting changes to VMs, monitoring disk used/free statistics, creating guests, P2V, V2V, performing backups, cloning VMs, building VMs, formatting disks, resizing disks, and much more.
libguestfs can access almost any disk image imaginable. It can do it securely — without needing root and with multiple layers of defence against rogue disk images. It can access disk images on remote machines or on CDs/USB sticks. It can access proprietary systems like VMware and Hyper-V.
All this functionality is available through a scriptable shell called guestfish, or an interactive rescue shell virt-rescue.
libguestfs is a C library that can be linked with C and C++ management programs and has bindings for about a dozen other programming languages. Using our FUSE module you can also mount guest filesystems on the host.
The hivex subproject lets you merge changes into the Windows Registry in Windows guests. You can examine unknown disk images to find out what they contain.
libguestfs is a way to create, access and modify disk images. You can look inside disk images, modify the files they contain, create them from scratch, resize them, and much more. It’s especially useful from scripts and programs and from the command line.
To install on Debian, Kali Linux, Linux Minut, Ubuntu and their derivatives, type:
sudo apt install libguestfs-tools
To install on Arch Linux, Manjaro, BlackArch and their derivatives, type:
sudo pacman -S libguestfs
libguestfs utilities
This package includes numerous utilities:
- guestfs — main API documentation
- guestfish — interactive shell
- guestmount — mount guest filesystem in host
- guestunmount — unmount guest filesystem
- virt-alignment-scan — check alignment of virtual machine partitions
- virt-builder — quick image builder
- virt-builder-repository — create virt-builder repositories
- virt-cat — display a file
- virt-copy-in — copy files and directories into a VM
- virt-copy-out — copy files and directories out of a VM
- virt-customize — customize virtual machines
- virt-df — free space
- virt-dib — safe diskimage-builder
- virt-diff — differences
- virt-edit — edit a file
- virt-filesystems — display information about filesystems, devices, LVM
- virt-format — erase and make blank disks
- virt-get-kernel — get kernel from disk
- virt-inspector — inspect VM images
- virt-list-filesystems — list filesystems
- virt-list-partitions — list partitions
- virt-log — display log files
- virt-ls — list files
- virt-make-fs — make a filesystem
- virt-p2v — convert physical machine to run on KVM
- virt-p2v-make-disk — make P2V ISO
- virt-p2v-make-kickstart — make P2V kickstart
- virt-rescue — rescue shell
- virt-resize — resize virtual machines
- virt-sparsify — make virtual machines sparse (thin-provisioned)
- virt-sysprep — unconfigure a virtual machine before cloning
- virt-tail — follow log file
- virt-tar — archive and upload files
- virt-tar-in — archive and upload files
- virt-tar-out — archive and download files
- virt-v2v — convert guest to run on KVM
- virt-win-reg — export and merge Windows Registry keys
- libguestfs-test-tool — test libguestfs
- libguestfs-make-fixed-appliance — make libguestfs fixed appliance
- hivex — extract Windows Registry hive
- hivexregedit — merge and export Registry changes from regedit-format files
- hivexsh — Windows Registry hive shell
- hivexml — convert Windows Registry hive to XML
- hivexget — extract data from Windows Registry hive
- supermin — tool for building supermin appliances
- guestfsd — guestfs daemon
The key programs are:
- guestmount – it munts the guest filesystem to the host
- guestunmount – it unmounts a guest filesystem
The guestfish program (an interactive shell) requires a lot of learning, but will allow you to work with the contents of virtual disks interactively, or write scripts to automatically process a sequence of actions.
Many of the listed programs are scripts that automate actions. That is, they mount the virtual disk file, do the specified action, and unmount it.
How to mount virtual machine disks
A typical command to mount a virtual disk:
guestmount -a '/PATH/TO/VIRTUAL/DISK' -i --ro /MOUNT/POINT
After the -a option, you need to specify a virtual disk to mount.
Let's consider a few more options:
The -i (--inspector) option means use virt-inspector code to scan disks looking for an operating system and mount filesystems as if they were mounted on a real virtual machine.
The --live option allows you to connect to a running virtual machine, this option is experimental.
The -r (--ro) option adds the device and mounts everything read-only. Also, it disables writing and makes the disk read-only for FUSE. This is highly recommended unless you intend to edit the guest drive. If the guest is running, and this option is not specified, there is a high risk of disk corruption in the guest system.
The -w (--rw) option changes the -a, -d, and -m options so that disks are added and mount is read-write.
So, let's mount the disk of the Windows Server 2019 virtual machine.vdi.
Let's create a mount point:
mkdir /tmp/guest
We mount the /mnt/disk_d/Виртуальные машины/Windows Server 2019.vdi disk to the /tmp/guest folder:
guestmount -a '/mnt/disk_d/Виртуальные машины/Windows Server 2019.vdi' -i --ro /tmp/guest
Let’s look at the contents of the mounted disk:
ls -l /tmp/guest
Now let's see the contents of the C:/Users/Администратор/Downloads/ folder:
ls -l /tmp/guest/Users/Администратор/Downloads/
To unmount, use a command of the form:
guestunmount /MOUNT/POINT
For instance:
guestunmount /tmp/guest
How to extract Windows Registry hives from virtual machines
virt-win-reg utility can be used to extract Windows registry hives, including those available only for the System account.
General form of the command:
virt-win-reg '/PATH/TO/VIRTUAL/DISK' 'HIVE\PATH'
By default, the content will be displayed on the screen, so you must use output redirection to save the data to a file.
For example, the command to extract the HKEY_LOCAL_MACHINE\SYSTEM hive from the Windows operating system, whose virtual disk is located in /mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi and save the resulting data to the SYSTEM.reg file:
virt-win-reg '/mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi' 'HKEY_LOCAL_MACHINE\SYSTEM' > SYSTEM.reg
Another example, extracting the HKEY_LOCAL_MACHINE\SAM registry hive from the disk image /mnt/disk_d/Виртуальные машины/Windows Server 2019.vdi and saving the data to the SAM.reg file:
virt-win-reg '/mnt/disk_d/Виртуальные машины/Windows Server 2019.vdi' 'HKEY_LOCAL_MACHINE\SAM' > SAM.reg
How to view free space on virtual disks
virt-df utility can show the disk partitions and the amount of free space on them.
General form of the command:
virt-df '/PATH/TO/VIRTUAL/DISK'
Example command:
virt-df '/mnt/disk_d/Виртуальные машины/Linux LMDE.vdi'
Sample output for Linux OS:
Файловая система Блоки 1К Использовано Доступно Использование, % Linux LMDE.vdi:/dev/sda1 292272 5220 287052 2% Linux LMDE.vdi:/dev/sda3 96241020 6280016 85029116 7%
Another command example:
virt-df '/mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi'
Sample output for Windows OS:
Файловая система Блоки 1К Использовано Доступно Использование, % Windows 10 (en).vdi:/dev/sda1 541692 436548 105144 81% Windows 10 (en).vdi:/dev/sda2 97280 27139 70141 28% Windows 10 (en).vdi:/dev/sda4 156624892 26634932 129989960 18%
Note that Windows partitions are named as Linux partitions.
How to analyze virtual disks
virt-inspector program can analyze filesystems and show installed programs, as well as some other information about operating systems.
General form of the command:
virt-inspector -a '/PATH/TO/VIRTUAL/DISK'
Examples of commands:
virt-inspector -a '/mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi' virt-inspector -a '/mnt/disk_d/Виртуальные машины/Linux LMDE.vdi'
How to list files of virtual disks
You can view the contents of any folder on a virtual disk using virt-ls.
General form of the command:
virt-ls -a '/PATH/TO/VIRTUAL/DISK' '/FOLDER'
Note that even on Windows, the path starts with / (indicating the root folder).
The following command will show the contents of the root of the C: drive for the virtual disk /mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi:
virt-ls -a '/mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi' '/'
Output example:
$Recycle.Bin $WinREAgent Documents and Settings DumpStack.log.tmp PerfLogs Program Files Program Files (x86) ProgramData Recovery System Volume Information Users Windows pagefile.sys swapfile.sys
How to view file content on virtual disks
virt-cat utility can show the contents of any file. The file will be printed directly to the screen (to standard output), so if it's a binary file then use output redirection to save it.
General form of the command:
virt-cat -a '/PATH/TO/VIRTUAL/DISK' '/FOLDER/FILE'
Note that even on Windows, the path starts with / (indicating the root folder).
The following command will show the contents of the C:\DumpStack.log.tmp file from the virtual disk /mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi:
virt-cat -a '/mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi' '/DumpStack.log.tmp'
How to view disk partitions of virtual disk
virt-filesystems program will display the number of disk partitions and their numbers.
General form of the command:
virt-filesystems -a '/PATH/TO/VIRTUAL/DISK'
Example command and output for Windows:
virt-filesystems -a '/mnt/disk_d/Виртуальные машины/Windows 10 (en).vdi' /dev/sda1 /dev/sda2 /dev/sda4
Example command and output for Linux:
virt-filesystems -a '/mnt/disk_d/Виртуальные машины/Linux LMDE.vdi' /dev/sda1 /dev/sda3
Related articles:
- Programs for extracting information from the Windows registry (79.2%)
- How to mount disk images for viewing and editing files (SOLVED) (61.2%)
- How to extract all web site passwords stored in web bowser (50%)
- How to find all passwords (web browsers, email programs, etc.) in Windows and Linux (50%)
- Indicators of Man-in-the-middle attacks (50%)
- How to upgrade Tails on an internal HDD (RANDOM - 1.8%)