From a34531ba5d57a8a0bb15ca2300005dd82d71c5e2 Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Wed, 29 Apr 2015 23:14:52 -0500 Subject: [PATCH] Msgpack cannot handle symbols, so we're forced to strings --- lib/msf/core/exploit/browserautopwnv2.rb | 1 - .../exploit/remote/browser_exploit_server.rb | 34 +++++++++---------- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/lib/msf/core/exploit/browserautopwnv2.rb b/lib/msf/core/exploit/browserautopwnv2.rb index 2a29010954..7d639d6ceb 100644 --- a/lib/msf/core/exploit/browserautopwnv2.rb +++ b/lib/msf/core/exploit/browserautopwnv2.rb @@ -302,7 +302,6 @@ module Msf print_status("Searching BES exploits, please wait...") init_exploits sort_bap_exploits - print_status("#{@bap_exploits.length} BES exploits found.") print_status("Starting exploit modules...") start_exploits diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb index f2757aa68f..dec4295d38 100644 --- a/lib/msf/core/exploit/remote/browser_exploit_server.rb +++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb @@ -51,22 +51,22 @@ module Msf # Requirements a browser module can define in either BrowserRequirements or in targets REQUIREMENT_KEY_SET = Set.new([ - :source, # Return either 'script' or 'headers' - :ua_name, # Example: Returns 'MSIE' - :ua_ver, # Example: Returns '8.0', '9.0' - :os_name, # Example: Returns 'Windows 7', 'Linux' - :os_device, # Example: Returns 'iPad', 'iPhone', etc - :os_vendor, # Example: Returns 'Microsoft', 'Ubuntu', 'Apple', etc - :os_sp, # Example: Returns 'SP2' - :language, # Example: Returns 'en-us' - :arch, # Example: Returns 'x86' - :proxy, # Returns 'true' or 'false' - :silverlight, # Returns 'true' or 'false' - :office, # Example: Returns "2007", "2010" - :java, # Example: Return '1.6', or maybe '1.6.0.0' (depends) - :mshtml_build, # mshtml build. Example: Returns "65535" - :flash, # Example: Returns "12.0" (chrome/ff) or "12.0.0.77" (IE) - :vuln_test, # Example: "if(window.MyComponentIsInstalled)return true;", + 'source', # Return either 'script' or 'headers' + 'ua_name', # Example: Returns 'MSIE' + 'ua_ver', # Example: Returns '8.0', '9.0' + 'os_name', # Example: Returns 'Windows 7', 'Linux' + 'os_device', # Example: Returns 'iPad', 'iPhone', etc + 'os_vendor', # Example: Returns 'Microsoft', 'Ubuntu', 'Apple', etc + 'os_sp', # Example: Returns 'SP2' + 'language', # Example: Returns 'en-us' + 'arch', # Example: Returns 'x86' + 'proxy', # Returns 'true' or 'false' + 'silverlight', # Returns 'true' or 'false' + 'office', # Example: Returns "2007", "2010" + 'java', # Example: Return '1.6', or maybe '1.6.0.0' (depends) + 'mshtml_build', # mshtml build. Example: Returns "65535" + 'flash', # Example: Returns "12.0" (chrome/ff) or "12.0.0.77" (IE) + 'vuln_test', # Example: "if(window.MyComponentIsInstalled)return true;", # :activex is a special case. # When you set this requirement in your module, this is how it should be: # [{:clsid=>'String', :method=>'String'}] @@ -74,7 +74,7 @@ module Msf # But when BES receives this information, the JavaScript will return this format: # "{CLSID}=>Method=>Boolean;" # Also see: #has_bad_activex? - :activex + 'activex' ]) def initialize(info={})