github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-02 11:36:22 +01:00
Code Releases Activity

add android option parsing

Browse Source
This commit is contained in:
Tim 2017-10-24 18:24:01 +08:00 committed by Tim W
parent 6ea1e71e14
commit 23ee21ccc8
4 changed files with 89 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
java/androidpayload/app/src/com/metasploit/stage/Payload.java
View File

File diff suppressed because one or more lines are too long

18
java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java
View File

@ -9,6 +9,8 @@ import com.metasploit.meterpreter.android.*;
import com.metasploit.meterpreter.android.stdapi_ui_desktop_screenshot; import com.metasploit.meterpreter.android.stdapi_ui_desktop_screenshot;
import com.metasploit.meterpreter.stdapi.*; import com.metasploit.meterpreter.stdapi.*;
import com.metasploit.stage.Config;
import java.io.DataInputStream; import java.io.DataInputStream;
import java.io.File; import java.io.File;
import java.io.OutputStream; import java.io.OutputStream;
@ -76,12 +78,10 @@ public class AndroidMeterpreter extends Meterpreter {
super(in, rawOut, true, redirectErrors, false); super(in, rawOut, true, redirectErrors, false);
writeableDir = (String)parameters[0]; writeableDir = (String)parameters[0];
byte[] config = (byte[]) parameters[1]; byte[] config = (byte[]) parameters[1];
try {
findContext(); boolean stageless = (config != null && (config[0] & Config.FLAG_STAGELESS) != 0);
} catch (Exception e) {
e.printStackTrace(); if (stageless) {
}
if (config != null && config[0] != 0) {
loadConfiguration(in, rawOut, config); loadConfiguration(in, rawOut, config);
} else { } else {
int configLen = in.readInt(); int configLen = in.readInt();
@ -91,6 +91,12 @@ public class AndroidMeterpreter extends Meterpreter {
this.ignoreBlocks = in.readInt(); this.ignoreBlocks = in.readInt();
} }
try {
findContext();
} catch (Exception e) {
e.printStackTrace();
}
this.intervalCollectionManager = new IntervalCollectionManager(getContext()); this.intervalCollectionManager = new IntervalCollectionManager(getContext());
this.intervalCollectionManager.start(); this.intervalCollectionManager.start();
startExecuting(); startExecuting();

5
java/meterpreter/shared/src/main/java/com/metasploit/stage/Config.java
View File

@ -5,12 +5,17 @@ import java.util.List;
public class Config { public class Config {
public static final int FLAG_STAGELESS = 1;
public static final int FLAG_DEBUG = 2;
// See metasploit-framework/lib/rex/payloads/meterpreter/config.rb // See metasploit-framework/lib/rex/payloads/meterpreter/config.rb
public byte[] rawConfig; public byte[] rawConfig;
public int flags;
public long session_expiry; public long session_expiry;
public byte[] uuid; public byte[] uuid;
public byte[] session_guid; public byte[] session_guid;
public String stageless_class;
public List<TransportConfig> transportConfigList = new LinkedList<TransportConfig>(); public List<TransportConfig> transportConfigList = new LinkedList<TransportConfig>();

37
java/meterpreter/shared/src/main/java/com/metasploit/stage/ConfigParser.java
View File

@ -5,16 +5,16 @@ import java.util.concurrent.TimeUnit;
public class ConfigParser { public class ConfigParser {
public static final int SESSION_EXPIRY_START_LEN = 12; private static final int SESSION_EXPIRY_START_LEN = 12;
public static final int UUID_LEN = 16; private static final int UUID_LEN = 16;
public static final int GUID_LEN = 16; private static final int GUID_LEN = 16;
public static final int INT_LEN = 4; private static final int INT_LEN = 4;
public static final int URL_LEN = 512; private static final int URL_LEN = 512;
public static final int UA_LEN = 256; private static final int UA_LEN = 256;
public static final int PROXY_HOST_LEN = 128; private static final int PROXY_HOST_LEN = 128;
public static final int PROXY_USER_LEN = 64; private static final int PROXY_USER_LEN = 64;
public static final int PROXY_PASS_LEN = 64; private static final int PROXY_PASS_LEN = 64;
public static final int CERT_HASH_LEN = 20; private static final int CERT_HASH_LEN = 20;
private static final long MS = TimeUnit.SECONDS.toMillis(1); private static final long MS = TimeUnit.SECONDS.toMillis(1);
@ -22,13 +22,18 @@ public class ConfigParser {
Config config = new Config(); Config config = new Config();
config.rawConfig = configBytes; config.rawConfig = configBytes;
int csr = ConfigParser.SESSION_EXPIRY_START_LEN; int csr = 0;
config.flags = ConfigParser.unpack32(configBytes, 0);
csr += SESSION_EXPIRY_START_LEN;
config.session_expiry = MS * ConfigParser.unpack32(configBytes, csr); config.session_expiry = MS * ConfigParser.unpack32(configBytes, csr);
csr += INT_LEN; csr += INT_LEN;
config.uuid = ConfigParser.readBytes(configBytes, csr, ConfigParser.UUID_LEN); config.uuid = ConfigParser.readBytes(configBytes, csr, ConfigParser.UUID_LEN);
csr += ConfigParser.UUID_LEN; csr += ConfigParser.UUID_LEN;
config.session_guid = ConfigParser.readBytes(configBytes, csr, ConfigParser.GUID_LEN); config.session_guid = ConfigParser.readBytes(configBytes, csr, ConfigParser.GUID_LEN);
csr += ConfigParser.GUID_LEN; csr += ConfigParser.GUID_LEN;
if ((config.flags & Config.FLAG_STAGELESS) != 0) {
config.stageless_class = readString(configBytes, 8000, 100);
}
while (true) { while (true) {
if (configBytes[csr] == 0) { if (configBytes[csr] == 0) {
@ -79,7 +84,7 @@ public class ConfigParser {
return config; return config;
} }
public static String readString(byte[] bytes, int offset) { private static String readString(byte[] bytes, int offset) {
StringBuilder stringBuffer = new StringBuilder(); StringBuilder stringBuffer = new StringBuilder();
int byteEnd = bytes.length; int byteEnd = bytes.length;
for (int a=offset;a<byteEnd;a++) { for (int a=offset;a<byteEnd;a++) {
@ -92,7 +97,7 @@ public class ConfigParser {
return stringBuffer.toString(); return stringBuffer.toString();
} }
public static String readString(byte[] bytes, int offset, int size) { private static String readString(byte[] bytes, int offset, int size) {
byte[] bytesRead = readBytes(bytes, offset, size); byte[] bytesRead = readBytes(bytes, offset, size);
try { try {
return new String(bytesRead, "ISO-8859-1").trim(); return new String(bytesRead, "ISO-8859-1").trim();
@ -103,13 +108,13 @@ public class ConfigParser {
} }
} }
public static byte[] readBytes(byte[] bytes, int offset, int size) { private static byte[] readBytes(byte[] bytes, int offset, int size) {
byte[] buf = new byte[size]; byte[] buf = new byte[size];
System.arraycopy(bytes, offset, buf, 0, size); System.arraycopy(bytes, offset, buf, 0, size);
return buf; return buf;
} }
public static int unpack32(byte[] bytes, int offset) { private static int unpack32(byte[] bytes, int offset) {
int res = 0; int res = 0;
for (int i = 0; i < 4; i++) { for (int i = 0; i < 4; i++) {
res = res | (((int)bytes[i + offset]) & 0xFF) << (i * 8); res = res | (((int)bytes[i + offset]) & 0xFF) << (i * 8);
@ -117,7 +122,7 @@ public class ConfigParser {
return res; return res;
} }
public static long unpack64(byte[] bytes, int offset) { private static long unpack64(byte[] bytes, int offset) {
long res = 0; long res = 0;
for (int i = 0; i < 8; i++) { for (int i = 0; i < 8; i++) {
res = res | (((long)bytes[i + offset]) & 0xFF) << (i * 8); res = res | (((long)bytes[i + offset]) & 0xFF) << (i * 8);