infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #2527, addonsdetect

bug/bundler_fix
James Lee 2013-10-16 16:15:31 -05:00
parent d13fa7e9a5 0081e186f7
commit ca2620f0f6
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
3 changed files with 81 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/msf/core/exploit/http/server.rb
View File

@ -4,6 +4,7 @@ require 'rex/exploitation/obfuscatejs'
require 'rex/exploitation/encryptjs'
require 'rex/exploitation/heaplib'
require 'rex/exploitation/javascriptosdetect'
require 'rex/exploitation/javascriptaddonsdetect'
module Msf

51
lib/rex/exploitation/javascriptaddonsdetect.js Normal file
View File

@ -0,0 +1,51 @@
window.addons_detect = { };
/**
* Returns the version of Microsoft Office. If not found, returns null.
**/
window.addons_detect.getMsOfficeVersion = function () {
var version;
var types = new Array();
for (var i=1; i <= 5; i++) {
try {
types[i-1] = typeof(new ActiveXObject("SharePoint.OpenDocuments." + i.toString()));
}
catch (e) {
types[i-1] = null;
}
}
if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == 'object' && types[4] == 'object')
{
version = "2012";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == 'object' && types[4] == null)
{
version = "2010";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == null && types[4] == null)
{
version = "2007";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == null &&
types[3] == null && types[4] == null)
{
version = "2003";
}
else if (types[0] == 'object' && types[1] == null && types[2] == null &&
types[3] == null && types[4] == null)
{
// If run for the first time, you must manullay allow the "Microsoft Office XP"
// add-on to run. However, this prompt won't show because the ActiveXObject statement
// is wrapped in an exception handler.
version = "xp";
}
else {
version = null;
}
return version;
}

29
lib/rex/exploitation/javascriptaddonsdetect.rb Normal file
View File

@ -0,0 +1,29 @@
# -*- coding: binary -*-
require 'msf/core'
require 'rex/text'
require 'rex/exploitation/jsobfu'
module Rex
module Exploitation
#
# Provides javascript functions to determine addon information.
#
# getMsOfficeVersion(): Returns the version for Microsoft Office
#
class JavascriptAddonsDetect < JSObfu
def initialize(custom_js = '', opts = {})
@js = custom_js
@js += ::File.read(::File.join(::File.dirname(__FILE__), "javascriptaddonsdetect.js"))
super @js
return @js
end
end
end
end