From 4acb627d13c719703166e6b41480d6f5872b27a1 Mon Sep 17 00:00:00 2001 From: James Lee Date: Tue, 15 May 2012 14:55:12 -0600 Subject: [PATCH] Add more detections for newer Firefox Object detections are not extensively tested, but everything came from the "Firefox for developers" series of documents from developer.mozilla.org; thanks to Artur Szymczak for prompting this update. [Fixes #6860] --- lib/rex/exploitation/javascriptosdetect.js | 41 ++++++++++++++++++---- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/lib/rex/exploitation/javascriptosdetect.js b/lib/rex/exploitation/javascriptosdetect.js index 58147c2996..10603d0a7a 100644 --- a/lib/rex/exploitation/javascriptosdetect.js +++ b/lib/rex/exploitation/javascriptosdetect.js @@ -43,6 +43,7 @@ window.os_detect.getVersion = function(){ var ua_is_lying = false; var version = ""; + var unknown_fingerprint = null; //-- // Client @@ -116,9 +117,9 @@ window.os_detect.getVersion = function(){ // Opera 11.61 / Windows XP // Opera 11.61 / Debian 4.0 (Etch) break; - //default: - // document.write(opera.buildNumber('inconspicuous')); - // break; + default: + unknown_fingerprint = opera.buildNumber('inconspicuous'); + break; } } } else if (typeof window.onmousewheel != 'undefined') { @@ -187,7 +188,25 @@ window.os_detect.getVersion = function(){ // future. This works for multi/browser/mozilla_compareto against // Firefox and Mozilla, so it's probably good enough for now. ua_name = clients_ff; - if (document.readyState) { + // Thanks to developer.mozilla.org "Firefox for developers" series for most + // of these. + if ('mozConnection' in navigator) { + ua_version = "12.0"; + } else if ('mozVibrate' in navigator) { + ua_version = "11.0"; + } else if ('mozCancelFullScreen' in document) { + ua_version = "9.0"; + } else if ('insertAdjacentHTML' in document.body) { + ua_version = "8.0"; + } else if ('ondeviceorientation' in window && !('createEntityReference' in document)) { + ua_version = "7.0"; + } else if ('ondeviceorientation' in window) { + ua_version = "6.0"; + } else if ('isGenerator' in Function) { + ua_version = "5.0"; + } else if ('isArray' in Array) { + ua_version = "4.0"; + } else if (document.readyState) { ua_version = "3.6"; } else if (String.trimRight) { ua_version = "3.5"; @@ -599,6 +618,7 @@ window.os_detect.getVersion = function(){ break; case "20120314195616": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 12.0 / Debian 4.0 (Etch) case "20120423142301": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; + case "20120424151700": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Fedora"; break; default: version = this.searchVersion("Firefox", navigator.userAgent); // Verify whether the ua string is lying by checking if it contains @@ -754,10 +774,17 @@ window.os_detect.getVersion = function(){ os_flavor = "7"; os_sp = "SP1"; break; + case "9016443": + // IE 9.0.8112.16421, Windows 7 Polish + // Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) + ua_version = "9.0"; + os_flavor = "7"; + os_sp = "SP1"; + break; - //default: - // alert(version); - // break; + default: + unknown_fingerprint = version; + break; } if (!ua_version) {