created fusemounts handler

cSploit · Nov 14, 2014 · e1c6189 · e1c6189
1 parent 25870eb
commit e1c6189
Show file tree

Hide file tree

Showing 11 changed files with 270 additions and 6 deletions.
diff --git a/cSploit/jni/cSploitClient/cache.c b/cSploit/jni/cSploitClient/cache.c
@@ -132,6 +132,7 @@ int init_csploit_events_cache(JNIEnv *env) {
     { "org/csploit/android/events/Login", "(ILjava/net/InetAddress;Ljava/lang/String;Ljava/lang/String;)V" },
     { "org/csploit/android/events/Attempts", "(JJJJJ)V" },
     { "org/csploit/android/events/Packet", "(Ljava/net/InetAddress;Ljava/net/InetAddress;S)V" },
+    { "org/csploit/android/events/FuseBind", "(Ljava/lang/String;Ljava/lang/String;)V" },
   };
   struct class_and_ctor_cache *ptr;
   register int i;

diff --git a/cSploit/jni/cSploitClient/cache.h b/cSploit/jni/cSploitClient/cache.h
@@ -43,7 +43,8 @@ struct events_cache {
         message,
         login,
         attempts,
-        packet;
+        packet,
+        fusebind;
 };
 
 struct core_chlidmanager_cache {

diff --git a/cSploit/jni/cSploitClient/event.c b/cSploit/jni/cSploitClient/event.c
@@ -31,6 +31,7 @@
 #include "ettercap.h"
 #include "arpspoof.h"
 #include "tcpdump.h"
+#include "fusemounts.h"
 
 #include "event.h"
 
@@ -110,7 +111,7 @@ jobject create_stderrnewline_event(JNIEnv *env, void *arg) {
 /**
  * @brief create an org.csploit.android.events.ChildEnd
  * @param arg a pointer to the exit status
- * @returns the jobject on success, NULLl on error.
+ * @returns the jobject on success, NULL on error.
  */
 jobject create_child_end_event(JNIEnv *env, void *arg) {
   jobject event;
@@ -133,7 +134,7 @@ jobject create_child_end_event(JNIEnv *env, void *arg) {
 /**
  * @brief create an org.csploit.android.events.ChildDied
  * @param arg a poitner to the signal that caused the death
- * @returns the jobject on success, NULLl on error.
+ * @returns the jobject on success, NULL on error.
  */
 jobject create_child_died_event(JNIEnv *env, void *arg) {
   jobject event;
@@ -185,7 +186,7 @@ jobject inaddr_to_inetaddress(JNIEnv *env, in_addr_t a) {
 /**
  * @brief create an org.csploit.android.events.Hop
  * @param arg a pointer to an ::nmap_hop_info
- * @returns the jobject on success, NULLl on error.
+ * @returns the jobject on success, NULL on error.
  */
 jobject create_hop_event(JNIEnv *env, void *arg) {
   jobject addr, res;
@@ -473,6 +474,12 @@ jobject create_message_event(JNIEnv *env, message *m) {
     (*env)->ExceptionClear(env);
   }
 
+  if(jseverity)
+    (*env)->DeleteLocalRef(env, jseverity);
+
+  if(jmessage)
+    (*env)->DeleteLocalRef(env, jmessage);
+
   return res;
 }
 
@@ -565,7 +572,7 @@ jobject create_login_event(JNIEnv *env, message *m) {
 /**
  * @brief create an org.csploit.android.events.Packet
  * @param m the received message
- * @returns the jobject on success, NULLl on error.
+ * @returns the jobject on success, NULL on error.
  */
 jobject create_packet_event(JNIEnv *env, message *m) {
   jobject src, dst, res;
@@ -595,6 +602,67 @@ jobject create_packet_event(JNIEnv *env, message *m) {
   return res;
 }
 
+/**
+ * @brief create an org.csploit.android.events.FuseBind
+ * @param m the received message
+ * @returns the jobject on success, NULL on error.
+ */
+jobject create_fusebind_event(JNIEnv *env, message *m) {
+  jobject res;
+  char *src, *mnt;
+  jstring *jsrc, *jmnt;
+  struct fusemount_bind_info *bind_info;
+
+  bind_info = (struct fusemount_bind_info *) m->data;
+  jsrc = jmnt = NULL;
+
+  src = string_array_next(m, bind_info->data, NULL);
+
+  if(!src) {
+    LOGE("%s: source not found", __func__);
+    return NULL;
+  }
+
+  mnt = string_array_next(m, bind_info->data, src);
+
+  if(!mnt) {
+    LOGE("%s: mountpoint not found", __func__);
+    return NULL;
+  }
+
+  jsrc = (*env)->NewStringUTF(env, src);
+
+  if(!jsrc) goto jni_error;
+
+  jmnt = (*env)->NewStringUTF(env, mnt);
+
+  if(!jmnt) goto jni_error;
+
+  res = (*env)->NewObject(env,
+                          cache.csploit.events.fusebind.class,
+                          cache.csploit.events.fusebind.ctor,
+                          jsrc, jmnt);
+
+  goto cleanup;
+
+  jni_error:
+
+  if((*env)->ExceptionCheck(env)) {
+    (*env)->ExceptionDescribe(env);
+    (*env)->ExceptionClear(env);
+  }
+
+  cleanup:
+
+  if(jsrc)
+    (*env)->DeleteLocalRef(env, jsrc);
+
+  if(jmnt)
+    (*env)->DeleteLocalRef(env, jmnt);
+
+  return res;
+}
+
 /**
  * @brief send an event to java.
  * @param c the child that generate this event

diff --git a/cSploit/jni/cSploitClient/event.h b/cSploit/jni/cSploitClient/event.h
@@ -36,6 +36,7 @@ jobject create_message_event(JNIEnv *, message *);
 jobject create_login_event(JNIEnv *, message *);
 jobject create_attempts_event(JNIEnv *, message *);
 jobject create_packet_event(JNIEnv *, message *);
+jobject create_fusebind_event(JNIEnv *, message *);
 int send_event(JNIEnv *, child_node *, jobject);
 
 #endif
diff --git a/cSploit/jni/cSploitClient/handler.c b/cSploit/jni/cSploitClient/handler.c
@@ -195,6 +195,8 @@ int on_handler_list(message *m) {
       handlers.by_name.arpspoof = h;
     } else if(!handlers.by_name.tcpdump && !strncmp(h->name, "tcpdump", 8)) {
       handlers.by_name.tcpdump = h;
+    } else if(!handlers.by_name.fusemounts && !strncmp(h->name, "fusemounts", 11)) {
+      handlers.by_name.fusemounts = h;
     }
 
     h->id = handler_info->id;

diff --git a/cSploit/jni/cSploitClient/handler.h b/cSploit/jni/cSploitClient/handler.h
@@ -53,6 +53,7 @@ extern struct handlers_list {
     handler *hydra;
     handler *arpspoof;
     handler *tcpdump;
+    handler *fusemounts;
   } by_name;              ///< access handlers by name
   enum handlers_loading_status status;
 } handlers;

diff --git a/cSploit/jni/cSploitClient/notifier.c b/cSploit/jni/cSploitClient/notifier.c
@@ -37,6 +37,7 @@
 #include "hydra.h"
 #include "arpspoof.h"
 #include "tcpdump.h"
+#include "fusemounts.h"
 
 #include "notifier.h"
 
@@ -229,6 +230,35 @@ int on_tcpdump(JNIEnv *env, child_node *c, message *m) {
   return ret;
 }
 
+int on_fusemounts(JNIEnv *env, child_node *c, message *m) {
+  jobject event;
+  int ret;
+
+  ret = -1;
+
+  switch(m->data[0]) {
+    case FUSEMOUNT_BIND:
+      event = create_fusebind_event(env, m);
+      break;
+    default:
+      LOGW("%s: unkown fusemount action: %02hhX", __func__, m->data[0]);
+      return -1;
+  }
+
+  if(!event) {
+    LOGE("%s: cannot create event", __func__);
+  } else if(send_event(env, c, event)) {
+    LOGE("%s: cannot send event", __func__);
+  } else {
+    ret = 0;
+  }
+
+  if(event)
+    (*env)->DeleteLocalRef(env, event);
+
+  return ret;
+}
+
 int on_message(JNIEnv *env, message *m) {
   child_node *c;
   int ret;
@@ -263,6 +293,8 @@ int on_message(JNIEnv *env, message *m) {
     ret = on_arpspoof(env, c, m);
   } else if( c->handler == handlers.by_name.tcpdump) {
     ret = on_tcpdump(env, c, m);
+  } else if( c->handler == handlers.by_name.fusemounts) {
+    ret = on_fusemounts(env, c, m);
   } else {
     LOGW("%s: unkown handler: \"%s\" ( #%u )", __func__, c->handler->name, c->handler->id);
   }

diff --git a/cSploit/jni/cSploitHandlers/fusemounts.c b/cSploit/jni/cSploitHandlers/fusemounts.c
@@ -0,0 +1,94 @@
+/* cSploit - a simple penetration testing suite
+ * Copyright (C) 2014  Massimo Dragano aka tux_mind <[email protected]>
+ * 
+ * cSploit is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * cSploit is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with cSploit.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <regex.h>
+
+#include "handler.h"
+#include "logger.h"
+#include "fusemounts.h"
+#include "message.h"
+#include "str_array.h"
+
+handler handler_info = {
+  NULL,                           // next
+  7,                              // handler id
+  0,                              // have_stdin
+  1,                              // have_stdout
+  1,                              // enabled
+  NULL,                           // raw_output_parser
+  &fusemounts_output_parser,      // output_parser
+  NULL,                           // input_parser
+  "tools/fusemounts/fusemounts",  // argv[0]
+  NULL,                           // workdir
+  "fusemounts"                    // handler name
+};
+
+/**
+ * @brief extract fusemount source and destination from fusemounts output
+ * @param line the line to parse
+ * @returns a message to send or NULL
+ */
+message *fusemounts_output_parser(char *line) {
+  message *m;
+  char *dst, *ptr;
+
+  if(!*line) {
+    return NULL;
+  }
+
+  for(dst=line;*dst!=' ' && *dst!='\0';dst++);
+
+  if(*dst) {
+    *dst='\0';
+    dst++;
+  }
+
+  for(;*dst==' ';dst++);
+
+  if(!*dst)
+    return NULL;
+
+  for(ptr=dst;*ptr!=' ' && *ptr!='\0';ptr++);
+  *ptr='\0';
+
+  m = create_message(0, sizeof(struct fusemount_bind_info), 0);
+
+  if(!m) {
+    print(ERROR, "cannot create messages");
+    return NULL;
+  }
+
+  m->data[0] = FUSEMOUNT_BIND;
+
+  if(string_array_add(m, offsetof(struct fusemount_bind_info, data), line)) {
+    print( ERROR, "cannot append string to message" );
+    goto error;
+  }
+
+  if(string_array_add(m, offsetof(struct fusemount_bind_info, data), dst)) {
+    print( ERROR, "cannot append string to message" );
+    goto error;
+  }
+
+  return m;
+
+  error:
+  free_message(m);
+
+  return NULL;
+}
diff --git a/cSploit/jni/cSploitHandlers/fusemounts.h b/cSploit/jni/cSploitHandlers/fusemounts.h
@@ -0,0 +1,39 @@
+/* cSploit - a simple penetration testing suite
+ * Copyright (C) 2014  Massimo Dragano aka tux_mind <[email protected]>
+ * 
+ * cSploit is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * cSploit is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with cSploit.  If not, see <http://www.gnu.org/licenses/>.
+ * 
+ * 
+ */
+#ifndef HANDLERS_FUSEMOUNTS_H
+#define HANDLERS_FUSEMOUNTS_H
+
+enum fusemount_action {
+  FUSEMOUNT_BIND
+};
+
+struct fusemount_bind_info {
+  char          fusemount_action;  ///< must be set to ::FUSEMOUNT_BIND
+  /**
+   * @brief string array containing mount source and destination
+   * 
+   * data[0] is the source path
+   * data[1] is the destination path
+   */
+  char          data[];
+};
+
+message *fusemounts_output_parser(char *);
+
+#endif
diff --git a/cSploit/src/org/csploit/android/events/FuseBind.java b/cSploit/src/org/csploit/android/events/FuseBind.java
@@ -0,0 +1,18 @@
+package org.csploit.android.events;
+
+/**
+ * a new fuse mountpoint has been found
+ */
+public class FuseBind implements Event {
+  public final String source, mountpoint;
+
+  public FuseBind(String source, String mountpoint) {
+    this.source = source;
+    this.mountpoint = mountpoint;
+  }
+
+  @Override
+  public String toString() {
+    return String.format("FuseBind: { source='%s', mountpoint='%s' }", this.source, this.mountpoint);
+  }
+}