Land #10732, add api key for android wlan_geolocate

4.x
Brent Cook 2018-10-02 05:09:10 -05:00 committed by Metasploit
parent d340eeecf9
commit 3ad5bd429a
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
3 changed files with 43 additions and 13 deletions

View File

@ -8,6 +8,7 @@
- Linux: `iwlist scanning` - Linux: `iwlist scanning`
- Solaris: `dladm scan-wifi` - Solaris: `dladm scan-wifi`
- BSD: `dmesg | grep -i wlan | cut -d ':' -f1 | uniq"` - BSD: `dmesg | grep -i wlan | cut -d ':' -f1 | uniq"`
- Android: [WifiManager](https://developer.android.com/reference/android/net/wifi/WifiManager)
If `GEOLOCATE` is set to true, Google's [GeoLocation APIs](https://developers.google.com/maps/documentation/geolocation/intro) are utilized. If `GEOLOCATE` is set to true, Google's [GeoLocation APIs](https://developers.google.com/maps/documentation/geolocation/intro) are utilized.
These APIs require a Google [API key](https://developers.google.com/maps/documentation/geolocation/get-api-key) to use them. The original These APIs require a Google [API key](https://developers.google.com/maps/documentation/geolocation/get-api-key) to use them. The original

View File

@ -385,7 +385,6 @@ class Console::CommandDispatcher::Android
end end
def cmd_geolocate(*args) def cmd_geolocate(*args)
generate_map = false generate_map = false
geolocate_opts = Rex::Parser::Arguments.new( geolocate_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ], '-h' => [ false, 'Help Banner' ],
@ -423,10 +422,8 @@ class Console::CommandDispatcher::Android
def cmd_dump_calllog(*args) def cmd_dump_calllog(*args)
path = "calllog_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt" path = "calllog_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
dump_calllog_opts = Rex::Parser::Arguments.new( dump_calllog_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ], '-h' => [ false, 'Help Banner' ],
'-o' => [ true, 'Output path for call log'] '-o' => [ true, 'Output path for call log']
) )
dump_calllog_opts.parse(args) do |opt, _idx, val| dump_calllog_opts.parse(args) do |opt, _idx, val|
@ -565,19 +562,30 @@ class Console::CommandDispatcher::Android
def cmd_wlan_geolocate(*args) def cmd_wlan_geolocate(*args)
wlan_geolocate_opts = Rex::Parser::Arguments.new( wlan_geolocate_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ] '-h' => [ false, 'Help Banner' ],
'-a' => [ true, 'API key' ],
) )
wlan_geolocate_opts.parse(args) do |opt, _idx, _val| api_key = ''
wlan_geolocate_opts.parse(args) do |opt, _idx, val|
case opt case opt
when '-h' when '-h'
print_line('Usage: wlan_geolocate') print_line('Usage: wlan_geolocate')
print_line('Tries to get device geolocation from WLAN information and Google\'s API') print_line('Tries to get device geolocation from WLAN information and Google\'s API')
print_line(wlan_geolocate_opts.usage) print_line(wlan_geolocate_opts.usage)
return return
when '-a'
api_key = val
end end
end end
if api_key.blank?
print_error("You must enter an api_key")
print_error("e.g. wlan_geolocate -a YOUR_API_KEY")
print_line(wlan_geolocate_opts.usage)
return
end
log = client.android.wlan_geolocate log = client.android.wlan_geolocate
wlan_list = [] wlan_list = []
log.each do |x| log.each do |x|
@ -592,9 +600,10 @@ class Console::CommandDispatcher::Android
return return
end end
g = Rex::Google::Geolocation.new g = Rex::Google::Geolocation.new
g.set_api_key(api_key)
wlan_list.each do |wlan| wlan_list.each do |wlan|
g.add_wlan(*wlan) g.add_wlan(wlan[0], wlan[2]) # bssid, signalstrength
end end
begin begin
g.fetch! g.fetch!

View File

@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
performing a lookup against Google APIs.}, performing a lookup against Google APIs.},
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => [ 'Tom Sellers <tom[at]fadedcode.net>'], 'Author' => [ 'Tom Sellers <tom[at]fadedcode.net>'],
'Platform' => %w{ osx win linux bsd solaris }, 'Platform' => %w{ android osx win linux bsd solaris },
'SessionTypes' => [ 'meterpreter', 'shell' ], 'SessionTypes' => [ 'meterpreter', 'shell' ],
)) ))
@ -104,10 +104,8 @@ class MetasploitModule < Msf::Post
print_status(g.to_s) print_status(g.to_s)
print_status("Google Maps URL: #{g.google_maps_url}") print_status("Google Maps URL: #{g.google_maps_url}")
end end
end end
# Run Method for when run command is issued # Run Method for when run command is issued
def run def run
case session.platform case session.platform
@ -185,9 +183,31 @@ class MetasploitModule < Msf::Post
print_error("Geolocation is not supported on this platform.\n\n") if datastore['GEOLOCATE'] print_error("Geolocation is not supported on this platform.\n\n") if datastore['GEOLOCATE']
return return
end end
when 'android'
log = client.android.wlan_geolocate
listing = ''
wlan_list = []
log.each do |x|
mac = x['bssid']
ssid = x['ssid']
ss = x['level'].to_s
listing += "BSSID: #{mac}\n"
listing += "SSID: #{ssid}\n"
listing += "Strength: #{ss}\n\n"
wlan_list << [mac, ssid, ss]
end
if listing.blank?
print_error("Unable to generate wireless listing.")
return nil
end
store_loot("host.android.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
print_good("Target's wireless networks:\n\n#{listing}\n")
if datastore['GEOLOCATE']
perform_geolocation(wlan_list)
return
end
else else
print_error("The target's platform, #{platform}, is not supported at this time.") print_error("The target's platform, #{session.platform}, is not supported at this time.")
return nil return nil
end end