Land #3146, @wchen-r7's flash version detection code

bug/bundler_fix
jvazquez-r7 2014-04-02 15:13:41 -05:00
commit 577bd7c855
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
3 changed files with 72 additions and 19 deletions

View File

@ -46,6 +46,53 @@ window.misc_addons_detect.hasSilverlight = function () {
return found; return found;
} }
/**
* Returns the Adobe Flash version
**/
window.misc_addons_detect.getFlashVersion = function () {
var foundVersion = null;
//
// Gets the Flash version by using the GetVariable function via ActiveX
//
try {
var ax = new ActiveXObject('ShockwaveFlash.ShockwaveFlash').GetVariable('$version').toString();
foundVersion = ax.match(/[\d,]+/g)[0].replace(/,/g, '.')
} catch (e) {}
//
// This should work fine for most non-IE browsers
//
if (foundVersion == null) {
var mimes = window.navigator.mimeTypes;
for (var i=0; i<mimes.length; i++) {
var pluginDesc = mimes[i].enabledPlugin.description.toString();
var m = pluginDesc.match(/Shockwave Flash [\d\.]+/g);
if (m != null) {
foundVersion = m[0].match(/\d.+/g)[0];
break;
}
}
}
//
// Detection for Windows + Firefox
//
if (foundVersion == null) {
var pluginsCount = navigator.plugins.length;
for (i=0; i < pluginsCount; i++) {
var pluginName = navigator.plugins[i].name;
var pluginVersion = navigator.plugins[i].version;
if (/Shockwave Flash/.test(pluginName) && pluginVersion != undefined) {
foundVersion = navigator.plugins[i].version;
break;
}
}
}
return foundVersion;
}
/** /**
* Returns the Java version * Returns the Java version
**/ **/

View File

@ -55,7 +55,8 @@ module Msf
:java => 'java', # Example: 1.6, 1.6.0.0 :java => 'java', # Example: 1.6, 1.6.0.0
:clsid => 'clsid', # ActiveX clsid. Also requires the :method key :clsid => 'clsid', # ActiveX clsid. Also requires the :method key
:method => 'method', # ActiveX method. Also requires the :clsid key :method => 'method', # ActiveX method. Also requires the :clsid key
:mshtml_build => 'mshtml_build' # mshtml build. Example: "65535" :mshtml_build => 'mshtml_build', # mshtml build. Example: "65535"
:flash => 'flash' # Example: "12.0" (chrome/ff) or "12.0.0.77" (IE)
} }
def initialize(info={}) def initialize(info={})
@ -225,6 +226,9 @@ module Msf
# 'office' : The version of Microsoft Office (IE only) # 'office' : The version of Microsoft Office (IE only)
# 'activex' : Whether a specific method is available from an ActiveX control (IE only) # 'activex' : Whether a specific method is available from an ActiveX control (IE only)
# 'java' : The Java version # 'java' : The Java version
# 'mshtml_build' : The MSHTML build version
# 'flash' : The Flash version
# 'silverlight' : The Silverlight version
# #
# @param tag [String] Either a cookie or IP + User-Agent # @param tag [String] Either a cookie or IP + User-Agent
# @return [Hash] The profile found. If not found, returns nil # @return [Hash] The profile found. If not found, returns nil
@ -375,7 +379,8 @@ module Msf
"<%=REQUIREMENT_KEY_SET[:ua_ver]%>" : osInfo.ua_version, "<%=REQUIREMENT_KEY_SET[:ua_ver]%>" : osInfo.ua_version,
"<%=REQUIREMENT_KEY_SET[:arch]%>" : osInfo.arch, "<%=REQUIREMENT_KEY_SET[:arch]%>" : osInfo.arch,
"<%=REQUIREMENT_KEY_SET[:java]%>" : window.misc_addons_detect.getJavaVersion(), "<%=REQUIREMENT_KEY_SET[:java]%>" : window.misc_addons_detect.getJavaVersion(),
"<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight() "<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight(),
"<%=REQUIREMENT_KEY_SET[:flash]%>" : window.misc_addons_detect.getFlashVersion()
}; };
<% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %> <% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %>

View File

@ -75,7 +75,8 @@ class Metasploit3 < Msf::Exploit::Remote
'BrowserRequirements' => { 'BrowserRequirements' => {
:source => 'script', :source => 'script',
:ua_name => HttpClients::FF, :ua_name => HttpClients::FF,
:ua_ver => /17\..*/ :ua_ver => /17\..*/,
:flash => /[\d.]+/
} }
)) ))