infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #11675, add android app api commands

master
Tim W 2019-04-12 23:21:00 +08:00
parent 73ad312dbf 6e9698f13b
commit 7b09947551
No known key found for this signature in database
GPG Key ID: 217FBA50ABBAABEF
6 changed files with 284 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Gemfile.lock
View File

@ -21,7 +21,7 @@ PATH
metasploit-concern
metasploit-credential
metasploit-model
metasploit-payloads (= 1.3.65)
metasploit-payloads (= 1.3.66)
metasploit_data_models
metasploit_payloads-mettle (= 0.5.10)
mqtt
@ -177,7 +177,7 @@ GEM
activemodel (~> 4.2.6)
activesupport (~> 4.2.6)
railties (~> 4.2.6)
metasploit-payloads (1.3.65)
metasploit-payloads (1.3.66)
metasploit_data_models (3.0.8)
activerecord (~> 4.2.6)
activesupport (~> 4.2.6)

1
lib/msf/base/sessions/meterpreter_android.rb
View File

@ -24,6 +24,7 @@ class Meterpreter_Java_Android < Msf::Sessions::Meterpreter_Java_Java
original = console.disable_output
console.disable_output = true
console.run_single('load android')
console.run_single('load appapi')
console.disable_output = original
end

84
lib/rex/post/meterpreter/extensions/appapi/appapi.rb Normal file
View File

@ -0,0 +1,84 @@
# -*- coding: binary -*-
require 'rex/post/meterpreter/extensions/appapi/tlv'
module Rex
module Post
module Meterpreter
module Extensions
module AppApi
###
#
# Application interface to control Applications on the device
#
###
class AppApi < Extension
#
# Typical extension initialization routine.
#
# @param client (see Extension#initialize)
def initialize(client)
super(client, 'appapi')
client.register_extension_aliases(
[
{
'name' => 'appapi',
'ext' => self
}
])
end
#
# Get list of installed applications
#
def app_list(app_opt)
request = Packet.create_request('appapi_app_list')
request.add_tlv(TLV_TYPE_APPS_LIST_OPT, app_opt)
response = client.send_request(request)
names = []
response.get_tlvs(TLV_TYPE_APPS_LIST).each do |tlv|
names << tlv.value
end
names
end
#
# Uninstall application
#
def app_uninstall(packagename)
request = Packet.create_request('appapi_app_uninstall')
request.add_tlv(TLV_TYPE_APP_PACKAGE_NAME, packagename)
response = client.send_request(request)
response.get_tlv(TLV_TYPE_APP_ENUM).value
end
#
# Install application
#
def app_install(apk_path)
request = Packet.create_request('appapi_app_install')
request.add_tlv(TLV_TYPE_APP_APK_PATH, apk_path)
response = client.send_request(request)
response.get_tlv(TLV_TYPE_APP_ENUM).value
end
#
# Start Main Activity for installed application by Package name
#
def app_run(packagename)
request = Packet.create_request('appapi_app_run')
request.add_tlv(TLV_TYPE_APP_PACKAGE_NAME, packagename)
response = client.send_request(request)
response.get_tlv(TLV_TYPE_APP_RUN_ENUM).value
end
end
end; end; end; end; end

27
lib/rex/post/meterpreter/extensions/appapi/tlv.rb Normal file
View File

@ -0,0 +1,27 @@
# -*- coding: binary -*-
# CorrM @ fb.me/IslamNofl
module Rex
module Post
module Meterpreter
module Extensions
module AppApi
##
#
# Apps
#
##
TLV_TYPE_APPS_LIST = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2911)
TLV_TYPE_APPS_LIST_OPT = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 2912)
TLV_TYPE_APP_PACKAGE_NAME = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2913)
TLV_TYPE_APP_APK_PATH = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2914)
TLV_TYPE_APP_ENUM = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 2915)
TLV_TYPE_APP_RUN_ENUM = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 2916)
end; end; end; end; end

169
lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb Normal file
View File

@ -0,0 +1,169 @@
# -*- coding: binary -*-
require 'rex/post/meterpreter'
module Rex
module Post
module Meterpreter
module Ui
###
#
# Application controller - run, get app list, install and uninstall applications.
# Extension by Islam Nofl (@CorrM)
#
###
class Console::CommandDispatcher::AppApi
include Console::CommandDispatcher
#
# List of supported commands.
#
def commands
all = {
"app_list" => "List installed apps in the device",
"app_run" => "Start Main Activty for package name",
"app_install" => "Request to install apk file",
"app_uninstall" => "Request to uninstall application"
}
reqs = {
"app_list" => [ "appapi_app_list" ],
"app_run" => [ "appapi_app_run" ],
"app_install" => [ "appapi_app_install" ],
"app_uninstall" => [ "appapi_app_uninstall" ]
}
filter_commands(all, reqs)
end
#
# Name for this dispatcher
#
def name
"Application Controller"
end
#
# Get list of android device installed applications
#
def cmd_app_list(*args)
app_list_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help Banner" ],
"-u" => [ false, "Get User apps ONLY" ],
"-s" => [ false, "Get System apps ONLY" ]
)
ret = []
init = 0
app_list_opts.parse(args) do |opt, _idx, val|
case opt
when "-h"
print_line("Usage: app_list [options]")
print_line("List the installed applications.")
print_line(app_list_opts.usage)
return
when "-u"
init = 1
when "-s"
init = 2
end
end
ret = client.appapi.app_list(init)
print_line(to_table(ret).to_s)
end
#
# Request to unistall application (user mode => ask the use to uninstall)
#
def cmd_app_uninstall(*args)
if (args.length < 1)
print_error("[-] Usage: app_uninstall <packagename>")
print_error("[-] Request to uninstall application.")
print_error("[-] You can use 'app_list' to pick your packagename.")
print_status("ex. app_uninstall com.corrm.clac")
return
end
package_name = args[0]
# Send uninstall request
case client.appapi.app_uninstall(package_name)
when 1
print_good("Request Done.")
when 2
print_error("File Not Found.")
when 11
print_error("package '#{package_name}' not found.")
end
end
#
# Request to install application (user mode => ask the use to install)
#
def cmd_app_install(*args)
if (args.length < 1)
print_error("[-] Usage: app_install <filepath>")
print_error("[-] Request to install application.")
print_status("ex. app_install '/sdcard/Download/corrm.apk'")
return
end
full_path = args[0]
# Send install request
case client.appapi.app_install(full_path)
when 1
print_good("Request Done.")
when 2
print_error("File Not Found.")
when 3
print_error("Root access rejected.")
end
end
#
# Start Main Activty for installed application by Package name
#
def cmd_app_run(*args)
if (args.length < 1)
print_error("[-] Usage: app_run <package_name>")
print_error("[-] Start Main Activty for package name.")
print_error("[-] You can use 'app_list' to pick your packagename.")
print_status("ex. app_run com.corrm.clac")
return
end
package_name = args[0]
case client.appapi.app_run(package_name)
when 1
print_good("Main Activty for '#{package_name}' has started.")
when 2
print_error("'#{package_name}' Not Found.")
end
end
#
# Function to help printing list of informations
#
def to_table(data)
column_headers = [ "Name", "Package", "Running", "IsSystem" ]
opts = {
'Header' => 'Application List',
'Indent' => 2,
'Columns' => column_headers
}
tbl = Rex::Text::Table.new(opts)
(0 ... data.length).step(4).each do |index|
tbl << [data[index],
(data[index + 1] == nil ? "" : data[index + 1]),
(data[index + 2] == nil ? "" : data[index + 2]),
(data[index + 3] == nil ? "" : data[index + 3])]
end
tbl
end
end; end; end; end; end

2
metasploit-framework.gemspec
View File

@ -70,7 +70,7 @@ Gem::Specification.new do |spec|
# are needed when there's no database
spec.add_runtime_dependency 'metasploit-model'
# Needed for Meterpreter
spec.add_runtime_dependency 'metasploit-payloads', '1.3.65'
spec.add_runtime_dependency 'metasploit-payloads', '1.3.66'
# Needed for the next-generation POSIX Meterpreter
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.5.10'
# Needed by msfgui and other rpc components