Land #3146, @wchen-r7's flash version detection code
commit
577bd7c855
|
@ -46,6 +46,53 @@ window.misc_addons_detect.hasSilverlight = function () {
|
||||||
return found;
|
return found;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the Adobe Flash version
|
||||||
|
**/
|
||||||
|
window.misc_addons_detect.getFlashVersion = function () {
|
||||||
|
var foundVersion = null;
|
||||||
|
|
||||||
|
//
|
||||||
|
// Gets the Flash version by using the GetVariable function via ActiveX
|
||||||
|
//
|
||||||
|
try {
|
||||||
|
var ax = new ActiveXObject('ShockwaveFlash.ShockwaveFlash').GetVariable('$version').toString();
|
||||||
|
foundVersion = ax.match(/[\d,]+/g)[0].replace(/,/g, '.')
|
||||||
|
} catch (e) {}
|
||||||
|
|
||||||
|
//
|
||||||
|
// This should work fine for most non-IE browsers
|
||||||
|
//
|
||||||
|
if (foundVersion == null) {
|
||||||
|
var mimes = window.navigator.mimeTypes;
|
||||||
|
for (var i=0; i<mimes.length; i++) {
|
||||||
|
var pluginDesc = mimes[i].enabledPlugin.description.toString();
|
||||||
|
var m = pluginDesc.match(/Shockwave Flash [\d\.]+/g);
|
||||||
|
if (m != null) {
|
||||||
|
foundVersion = m[0].match(/\d.+/g)[0];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Detection for Windows + Firefox
|
||||||
|
//
|
||||||
|
if (foundVersion == null) {
|
||||||
|
var pluginsCount = navigator.plugins.length;
|
||||||
|
for (i=0; i < pluginsCount; i++) {
|
||||||
|
var pluginName = navigator.plugins[i].name;
|
||||||
|
var pluginVersion = navigator.plugins[i].version;
|
||||||
|
if (/Shockwave Flash/.test(pluginName) && pluginVersion != undefined) {
|
||||||
|
foundVersion = navigator.plugins[i].version;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return foundVersion;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the Java version
|
* Returns the Java version
|
||||||
**/
|
**/
|
||||||
|
|
|
@ -55,7 +55,8 @@ module Msf
|
||||||
:java => 'java', # Example: 1.6, 1.6.0.0
|
:java => 'java', # Example: 1.6, 1.6.0.0
|
||||||
:clsid => 'clsid', # ActiveX clsid. Also requires the :method key
|
:clsid => 'clsid', # ActiveX clsid. Also requires the :method key
|
||||||
:method => 'method', # ActiveX method. Also requires the :clsid key
|
:method => 'method', # ActiveX method. Also requires the :clsid key
|
||||||
:mshtml_build => 'mshtml_build' # mshtml build. Example: "65535"
|
:mshtml_build => 'mshtml_build', # mshtml build. Example: "65535"
|
||||||
|
:flash => 'flash' # Example: "12.0" (chrome/ff) or "12.0.0.77" (IE)
|
||||||
}
|
}
|
||||||
|
|
||||||
def initialize(info={})
|
def initialize(info={})
|
||||||
|
@ -225,6 +226,9 @@ module Msf
|
||||||
# 'office' : The version of Microsoft Office (IE only)
|
# 'office' : The version of Microsoft Office (IE only)
|
||||||
# 'activex' : Whether a specific method is available from an ActiveX control (IE only)
|
# 'activex' : Whether a specific method is available from an ActiveX control (IE only)
|
||||||
# 'java' : The Java version
|
# 'java' : The Java version
|
||||||
|
# 'mshtml_build' : The MSHTML build version
|
||||||
|
# 'flash' : The Flash version
|
||||||
|
# 'silverlight' : The Silverlight version
|
||||||
#
|
#
|
||||||
# @param tag [String] Either a cookie or IP + User-Agent
|
# @param tag [String] Either a cookie or IP + User-Agent
|
||||||
# @return [Hash] The profile found. If not found, returns nil
|
# @return [Hash] The profile found. If not found, returns nil
|
||||||
|
@ -375,7 +379,8 @@ module Msf
|
||||||
"<%=REQUIREMENT_KEY_SET[:ua_ver]%>" : osInfo.ua_version,
|
"<%=REQUIREMENT_KEY_SET[:ua_ver]%>" : osInfo.ua_version,
|
||||||
"<%=REQUIREMENT_KEY_SET[:arch]%>" : osInfo.arch,
|
"<%=REQUIREMENT_KEY_SET[:arch]%>" : osInfo.arch,
|
||||||
"<%=REQUIREMENT_KEY_SET[:java]%>" : window.misc_addons_detect.getJavaVersion(),
|
"<%=REQUIREMENT_KEY_SET[:java]%>" : window.misc_addons_detect.getJavaVersion(),
|
||||||
"<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight()
|
"<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight(),
|
||||||
|
"<%=REQUIREMENT_KEY_SET[:flash]%>" : window.misc_addons_detect.getFlashVersion()
|
||||||
};
|
};
|
||||||
|
|
||||||
<% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %>
|
<% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %>
|
||||||
|
|
|
@ -75,7 +75,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'BrowserRequirements' => {
|
'BrowserRequirements' => {
|
||||||
:source => 'script',
|
:source => 'script',
|
||||||
:ua_name => HttpClients::FF,
|
:ua_name => HttpClients::FF,
|
||||||
:ua_ver => /17\..*/
|
:ua_ver => /17\..*/,
|
||||||
|
:flash => /[\d.]+/
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue