From f349f85a701f2672cbf639e760cc899550bff363 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 23 Mar 2014 07:26:11 -0700 Subject: [PATCH 01/43] Reimplement HTTP fingerprinting, backwards compatible This commit changes the internals of HTTP fingerprinting to store a whole trove of data about the HTTP response using a hash. The current API is backwards compatible and has been tested with a number of modules that depend on HttpFingerprint being sent. In addition, this change paves the way for advanced fingerprints that take advantage of the HTTP body and other headers. This is a requested addition documented across various module comments. Finally, this commit completes the closed loop for OS identification by connecting MSF to MDM to Recog and applying Recog databases for HTTP Servers, HTTP Cookies, and HTTP Authentication headers to the results of HTTP fingerprinting runs. For example, with the appropriate version of MDM/Recog in place, a http_version scan of Microsoft-IIS/7.0 server will update the host.os_name field to 'Windows 2008'. --- lib/msf/core/exploit/http/client.rb | 126 +++++++++++++++++++++++----- 1 file changed, 103 insertions(+), 23 deletions(-) diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb index d3cf4e46f0..47bf591d79 100644 --- a/lib/msf/core/exploit/http/client.rb +++ b/lib/msf/core/exploit/http/client.rb @@ -439,6 +439,43 @@ module Exploit::Remote::HttpClient datastore['Proxies'] end + + # + # Lookup HTTP fingerprints from the database that match the current + # destination host and port. This method falls back to using the old + # service.info field to represent the HTTP Server header. + # + # Options: + # :uri an HTTP URI to request in order to generate a fingerprint + # :method an HTTP method to use in the fingerprint request + # + def lookup_http_fingerprints(opts={}) + uri = opts[:uri] || '/' + method = opts[:method] || 'GET' + fprints = [] + + return fprints unless framework.db.active + + ::ActiveRecord::Base.connection_pool.with_connection { + wspace = datastore['WORKSPACE'] ? + framework.db.find_workspace(datastore['WORKSPACE']) : framework.db.workspace + + service = framework.db.get_service(wspace, rhost, 'tcp', rport) + return fprints unless service + + # Order by note_id descending so the first value is the most recent + service.notes.where(:ntype => 'http.fingerprint').order("notes.id DESC").each do |n| + next unless n.data and n.data.kind_of?(::Hash) + next unless n.data[:uri] == uri and n.data[:method] == method + + # Append additional fingerprints to the results as found + fprints.unshift n.data.dup + end + } + + fprints + end + # # Record various things about an HTTP server that we can glean from the # response to a single request. If this method is passed a response, it @@ -447,33 +484,38 @@ module Exploit::Remote::HttpClient # # Options: # :response an Http::Packet as returned from any of the send_* methods + # :uri an HTTP URI to request in order to generate a fingerprint + # :method an HTTP method to use in the fingerprint request + # :full request the full HTTP fingerprint, not just the signature # # Other options are passed directly to +connect+ if :response is not given # def http_fingerprint(opts={}) + res = nil + uri = opts[:uri] || '/' + method = opts[:method] || 'GET' - if (opts[:response]) + # Short-circuit the fingerprint lookup and HTTP request if a response has + # already been provided by the caller. + if opts[:response] res = opts[:response] else - # Check to see if we already have a fingerprint before going out to - # the network. - if (framework.db.active) - ::ActiveRecord::Base.connection_pool.with_connection { - wspace = framework.db.workspace - if datastore['WORKSPACE'] - wspace = framework.db.find_workspace(datastore['WORKSPACE']) - end + fprints = lookup_http_fingerprints(opts) - s = framework.db.get_service(wspace, rhost, 'tcp', rport) - if (s and s.info) - return s.info - end - } + if fprints.length > 0 + + # Grab the most recent fingerprint available for this service, uri, and method + fprint = fprints.last + + # Return the full HTTP fingerprint if requested by the caller + return fprint if opts[:full] + + # Otherwise just return the signature string for compatibility + fprint[:signature] end + # Go ahead and send a request to the target for fingerprinting connect(opts) - uri = opts[:uri] || '/' - method = opts[:method] || 'GET' res = send_request_raw( { 'uri' => uri, @@ -481,13 +523,15 @@ module Exploit::Remote::HttpClient }) end - # Bail if we don't have anything to fingerprint + # Bail if the request did not receive a readable response return if not res - # From here to the end simply does some pre-canned combining and custom matches - # to build a human-readable string to store in service.info + # This section handles a few simple cases of pattern matching and service + # classification. This logic should be deprecated in favor of Recog-based + # fingerprint databases, but has been left in place for backward compat. + extras = [] - + if res.headers['Set-Cookie'] =~ /^vmware_soap_session/ extras << "VMWare Web Services" end @@ -537,6 +581,11 @@ module Exploit::Remote::HttpClient end end + # + # This HTTP response code tracking is used by a few modules and the MSP logic + # to identify and bruteforce certain types of servers. In the long run we + # should deprecate this and use the http.fingerprint fields instead. + # case res.code when 301,302 extras << "#{res.code}-#{res.headers['Location']}" @@ -548,12 +597,43 @@ module Exploit::Remote::HttpClient extras << "#{res.code}-#{res.message}" end - info = "#{res.headers['Server']}" + # Build a human-readable string to store in service.info and http.fingerprint[:signature] + info = res.headers['Server'].to_s.dup info << " ( #{extras.join(", ")} )" if extras.length > 0 + + # Create a new fingerprint structure to track this response + fprint = { + :uri => uri, :method => method, + :code => res.code.to_s, :message => res.message.to_s, + :signature => info + } + + res.headers.each_pair do |k,v| + hname = k.to_s.downcase.gsub('-', '_').gsub(/[^a-z0-9_]+/, '') + next unless hname.length > 0 + + # Set-Cookie > :header_set_cookie => JSESSIONID=AAASD23423452 + # Server > :header_server => Apache/1.3.37 + # WWW-Authenticate > :header_www_authenticate => basic realm='www' + + fprint["header_#{hname}".intern] = v + end + + # Store the first 64k of the HTTP body as well + fprint[:content] = res.body.to_s[0,65535] + + # Report a new http.fingerprint note + report_note(:host => rhost, :port => rport, :ntype => 'http.fingerprint', :data => fprint, :update => :unique_data) + # Report here even if info is empty since the fact that we didn't # return early means we at least got a connection and the service is up report_web_site(:host => rhost, :port => rport, :ssl => ssl, :vhost => vhost, :info => info.dup) - info + + # Return the full HTTP fingerprint if requested by the caller + return fprint if opts[:full] + + # Otherwise just return the signature string for compatibility + fprint[:signature] end def make_cnonce @@ -566,4 +646,4 @@ protected end -end +end \ No newline at end of file From f80b9d50f0d473b33e3cf8f93a6491c8ddd67df9 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 23 Mar 2014 09:59:34 -0700 Subject: [PATCH 02/43] Prevent duplicate signatures by using http_fingerprint() without args --- modules/auxiliary/scanner/http/http_version.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/modules/auxiliary/scanner/http/http_version.rb b/modules/auxiliary/scanner/http/http_version.rb index 9fd4b7ce4e..ce6800a326 100644 --- a/modules/auxiliary/scanner/http/http_version.rb +++ b/modules/auxiliary/scanner/http/http_version.rb @@ -32,12 +32,7 @@ class Metasploit3 < Msf::Auxiliary # Fingerprint a single host def run_host(ip) begin - connect - - res = send_request_raw({'uri' => '/', 'method' => 'GET' }) - return if not res - - fp = http_fingerprint(:response => res) + fp = http_fingerprint print_status("#{ip}:#{rport} #{fp}") if fp rescue ::Timeout::Error, ::Errno::EPIPE end From 903af02e087a91170a7a8f9599b1234008ea8846 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 23 Mar 2014 10:42:20 -0700 Subject: [PATCH 03/43] Store at most one http.fingerprint per host/port, revert http_version --- lib/msf/core/exploit/http/client.rb | 13 ++++++++++--- modules/auxiliary/scanner/http/http_version.rb | 6 +++++- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb index 47bf591d79..8518d710c5 100644 --- a/lib/msf/core/exploit/http/client.rb +++ b/lib/msf/core/exploit/http/client.rb @@ -467,7 +467,6 @@ module Exploit::Remote::HttpClient service.notes.where(:ntype => 'http.fingerprint').order("notes.id DESC").each do |n| next unless n.data and n.data.kind_of?(::Hash) next unless n.data[:uri] == uri and n.data[:method] == method - # Append additional fingerprints to the results as found fprints.unshift n.data.dup end @@ -511,7 +510,7 @@ module Exploit::Remote::HttpClient return fprint if opts[:full] # Otherwise just return the signature string for compatibility - fprint[:signature] + return fprint[:signature] end # Go ahead and send a request to the target for fingerprinting @@ -623,7 +622,15 @@ module Exploit::Remote::HttpClient fprint[:content] = res.body.to_s[0,65535] # Report a new http.fingerprint note - report_note(:host => rhost, :port => rport, :ntype => 'http.fingerprint', :data => fprint, :update => :unique_data) + report_note( + :host => rhost, + :port => rport, + :proto => 'tcp', + :ntype => 'http.fingerprint', + :data => fprint, + # Limit reporting to one stored note per host/service combination + :update => :unique + ) # Report here even if info is empty since the fact that we didn't # return early means we at least got a connection and the service is up diff --git a/modules/auxiliary/scanner/http/http_version.rb b/modules/auxiliary/scanner/http/http_version.rb index ce6800a326..2f54153957 100644 --- a/modules/auxiliary/scanner/http/http_version.rb +++ b/modules/auxiliary/scanner/http/http_version.rb @@ -32,9 +32,13 @@ class Metasploit3 < Msf::Auxiliary # Fingerprint a single host def run_host(ip) begin - fp = http_fingerprint + connect + res = send_request_raw({ 'uri' => '/', 'method' => 'GET' }) + fp = http_fingerprint(:response => res) print_status("#{ip}:#{rport} #{fp}") if fp rescue ::Timeout::Error, ::Errno::EPIPE + ensure + disconnect end end From 20bbf7837ceaadc10a8388e131d22e5d11be75d8 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 30 Mar 2014 05:52:23 -0700 Subject: [PATCH 04/43] Refactor and integrate smb_fingerprint() for Recog support --- lib/msf/core/exploit/smb.rb | 131 +++++++------------ modules/auxiliary/scanner/smb/smb_version.rb | 122 ++++++++++------- 2 files changed, 125 insertions(+), 128 deletions(-) diff --git a/lib/msf/core/exploit/smb.rb b/lib/msf/core/exploit/smb.rb index 095adf45bc..698c81d70e 100644 --- a/lib/msf/core/exploit/smb.rb +++ b/lib/msf/core/exploit/smb.rb @@ -329,93 +329,53 @@ module Exploit::Remote::SMB fprint = {} # Connect to the server if needed - if(not self.simple) + if not self.simple connect() smb_login() end + fprint['native_os'] = smb_peer_os() + fprint['native_lm'] = smb_peer_lm() + # Leverage Recog for SMB native OS fingerprinting + fp_match = Recog::Nizer.match('smb.native_os', fprint['native_os']) || { } + + os = fp_match['os.product'] || 'Unknown' + sp = fp_match['os.version'] || '' - os = 'Unknown' - sp = '' - - case smb_peer_os() - when 'Windows NT 4.0' - os = 'Windows NT 4.0' - - when 'Windows 5.0' - os = 'Windows 2000' - - when 'Windows 5.1' - os = 'Windows XP' - - when /Windows XP (\d+) Service Pack (\d+)/ - os = 'Windows XP' - sp = 'Service Pack ' + $2 - - when /Windows Server 2003 (\d+)$/ - os = 'Windows 2003' - sp = 'No Service Pack' - - when /Windows Server 2003 (\d+) Service Pack (\d+)/ - os = 'Windows 2003' - sp = 'Service Pack ' + $2 - - when /Windows Server 2003 R2 (\d+) Service Pack (\d+)/ - os = 'Windows 2003 R2' - sp = 'Service Pack ' + $2 - - when /Windows Vista \(TM\) (\w+|\w+ \w+) (\d+) Service Pack (\d+)/ - os = 'Windows Vista ' + $1 - sp = 'Service Pack ' + $3 - - when /Windows Vista \(TM\) (\w+|\w+ \w+) (\d+)/ - os = 'Windows Vista ' + $1 - sp = '(Build ' + $2 + ')' - - when /Windows Server \(R\) 2008 (([\-\w]+ ){1,4})(\d+) Service Pack (\d+)/ - os = 'Windows 2008 ' + $1.strip - sp = 'Service Pack ' + $4 - - when /Windows Server \(R\) 2008 (([\-\w]+ ){1,4})(\d+)/ - os = 'Windows 2008 ' + $1.strip - sp = '(Build ' + $3 + ')' - - when /Windows \(R\) Storage Server 2008 (([\-\w]+ ){1,4})(\d+) Service Pack (\d+)/ - os = 'Windows 2008 Storage Server ' + $1.strip - sp = 'Service Pack ' + $4 - - when /Windows \(R\) Storage Server 2008 (([\-\w]+ ){1,4})(\d+)/ - os = 'Windows 2008 Storage Server ' + $1.strip - sp = '(Build ' + $3 + ')' - - when /Windows 7 (([\-\w]+ ){1,4})(\d+)/ - os = 'Windows 7 ' + $1.strip - sp = '(Build ' + $3 + ')' - - when /^(Windows.*) Service Pack (\d+)/ - os = $1.strip - sp = 'Service Pack ' + $2 - - when /^(Windows.*) (\d+)/ - os = $1.strip - sp = '(Build ' + $2 + ')' - - when 'VxWorks' - os = 'VxWorks' - sp = smb_peer_lm() - - when 'Unix' - os = 'Unix' - sv = smb_peer_lm() - case sv - when /Samba\s+(.*)/i - sp = 'Samba ' + $1 - end + # Metasploit prefers 'Windows 2003' vs 'Windows Server 2003' + if os =~ /^Windows Server/ + os = os.sub(/^Windows Server/, 'Windows') end + if fp_match['os.edition'] + fprint['edition'] = fp_match['os.edition'] + end - if (os == 'Windows XP' and sp.length == 0) + if fp_match['os.build'] + fprint['build'] = fp_match['os.build'] + end + + if sp == '' + sp = smb_fingerprint_windows_sp(os) + end + + lang = smb_fingerprint_windows_lang + + fprint['os'] = os + fprint['sp'] = sp + fprint['lang'] = lang + + fprint + end + + # + # Determine the service pack level of a Windows system via SMB probes + # + def smb_fingerprint_windows_sp(os) + sp = '' + + if (os == 'Windows XP') # SRVSVC was blocked in SP2 begin smb_create("\\SRVSVC") @@ -509,8 +469,16 @@ module Exploit::Remote::SMB rescue ::Exception end end + + sp + end + # + # Determine the native language pack of a Windows system via SMB probes + # + def smb_fingerprint_windows_lang + # # Remote language detection via Print Providers # Credit: http://immunityinc.com/downloads/Remote_Language_Detection_in_Immunity_CANVAS.odt @@ -663,12 +631,7 @@ module Exploit::Remote::SMB raise $! rescue ::Rex::Proto::SMB::Exceptions::ErrorCode end - - fprint['os'] = os - fprint['sp'] = sp - fprint['lang'] = lang - - fprint + lang end # @return [Rex::Proto::SMB::SimpleClient] diff --git a/modules/auxiliary/scanner/smb/smb_version.rb b/modules/auxiliary/scanner/smb/smb_version.rb index 5e44019df1..a4028063aa 100644 --- a/modules/auxiliary/scanner/smb/smb_version.rb +++ b/modules/auxiliary/scanner/smb/smb_version.rb @@ -34,82 +34,116 @@ class Metasploit3 < Msf::Auxiliary ) deregister_options('RPORT') + @smb_port = 445 end - # Fingerprint a single host - def run_host(ip) - [[445, true], [139, false]].each do |info| + # + # Change the target port as needed + # + def rport + @smb_port + end - datastore['RPORT'] = info[0] - datastore['SMBDirect'] = info[1] - self.simple = nil + # + # Fingerprint a single host + # + def run_host(ip) + smb_ports = [445, 139] + smb_ports.each do |pnum| + @smb_port = pnum + self.simple = nil begin res = smb_fingerprint() + + # + # Create the note hash for smb.fingerprint + # + conf = { + :native_os => res['native_os'], + :native_lm => res['native_lm'] + } - if(res['os'] and res['os'] != 'Unknown') + if res['os'] and res['os'] != 'Unknown' - case res['os'] - when /Windows/ - os = OperatingSystems::WINDOWS - else - case res['sp'] - when /apple/ - os = OperatingSystems::MAC_OSX - res['os'] = 'Mac OS X' - when /ubuntu/ - os = OperatingSystems::LINUX - res['os'] = 'Ubuntu' - when /debian/ - os = OperatingSystems::LINUX - res['os'] = 'Debian' - else - os = OperatingSystems::UNKNOWN - end + # + # Create the note hash for fingerprint.match + # + match_conf = { } + + # + # Create a descriptive string for service.info + # + desc = res['os'].dup + + if res['edition'].to_s.length > 0 + desc << " #{res['edition']}" + conf[:os_edition] = res['edition'] end - desc = "#{res['os']} #{res['sp']} (language: #{res['lang']})" - if(simple.client.default_name) + if res['sp'].to_s.length > 0 + desc << " #{res['sp'].downcase.gsub('service pack ', 'SP')}" + conf[:os_sp] = res['sp'] + end + + if res['build'].to_s.length > 0 + desc << " (build:#{res['build']})" + conf[:os_build] = res['build'] + end + + if res['lang'].to_s.length > 0 and res['lang'] != 'Unknown' + desc << " (language:#{res['lang']}" + conf[:os_lang] = res['lang'] + match_conf['os.language'] = conf[:os_lang] + end + + if simple.client.default_name desc << " (name:#{simple.client.default_name})" + conf[:SMBName] = simple.client.default_name + match_conf['host.name'] = conf[:SMBName] end - if(simple.client.default_domain) + if simple.client.default_domain desc << " (domain:#{simple.client.default_domain})" + conf[:SMBDomain] = simple.client.default_domain + match_conf['host.domain'] = conf[:SMBDomain] end print_status("#{rhost}:#{rport} is running #{desc}") + # Report the service with a friendly banner report_service( :host => ip, - :port => info[0], + :port => rport, :proto => 'tcp', :name => 'smb', :info => desc ) - conf = { - :os_flavor => res['os'], - :os_name => os, - } - - conf[:os_sp] = res['sp'] if res['sp'] - conf[:os_lang] = res['lang'] if res['os'] =~ /Windows/ - conf[:SMBName] = simple.client.default_name if simple.client.default_name - conf[:SMBDomain] = simple.client.default_domain if simple.client.default_domain - + # Report a fingerprint.match hash for name, domain, and language + # Ignore OS fields, as those are handled via smb.fingerprint report_note( :host => ip, - :port => info[0], + :port => rport, :proto => 'tcp', - :ntype => 'smb.fingerprint', - :data => conf + :ntype => 'fingerprint.match', + :data => match_conf ) - else - report_service(:host => ip, :port => info[0], :name => 'smb') - print_status("#{rhost} could not be identified") + desc = "#{res['native_os']} (#{res['native_lm']})" + report_service(:host => ip, :port => rport, :name => 'smb', :info => desc) + print_status("#{rhost}:#{rport} could not be identified: #{desc}") end + # Report a smb.fingerprint hash of attributes for OS fingerprinting + report_note( + :host => ip, + :port => rport, + :proto => 'tcp', + :ntype => 'smb.fingerprint', + :data => conf + ) + disconnect break From dbb192532e74d5bc9d6bc6ea97d40d6db66c22a6 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 30 Mar 2014 06:23:07 -0700 Subject: [PATCH 05/43] Remove obsolete call to update_host_via_sysinfo() --- lib/msf/base/sessions/meterpreter.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb index 508f533c5a..86bd4c5cd3 100644 --- a/lib/msf/base/sessions/meterpreter.rb +++ b/lib/msf/base/sessions/meterpreter.rb @@ -347,7 +347,8 @@ class Meterpreter < Rex::Post::Meterpreter::Client self.db_record.save! end - framework.db.update_host_via_sysinfo(:host => self, :workspace => wspace, :info => sysinfo) + # XXX: This is obsolete given the Mdm::Host.normalize_os() support for host.os.session_fingerprint + # framework.db.update_host_via_sysinfo(:host => self, :workspace => wspace, :info => sysinfo) if nhost framework.db.report_note({ From 4611d0a8d0141d4d134b83961374e91feb593e27 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 30 Mar 2014 06:23:47 -0700 Subject: [PATCH 06/43] Update report_host() to match os_* field changes This is part of a bigger change to normalize what os_name, os_flavor, and os_sp actually mean. To summarize the changes happening in Mdm: 1) The vendor name is being removed from os_name * "Microsoft Windows" -> "Windows 7" 2) The os_flavor field is being used for the edition of the os_name product * "7" -> "Enterprise" 3) The os_sp field specifies a version if known and nothing if not * "SP0" -> "", "Service Pack 2" -> "SP2", etc --- lib/msf/core/db.rb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index e029fe8abe..9645b5b02f 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -301,8 +301,8 @@ class DBManager # # The opts parameter can contain: # +:state+:: -- one of the Msf::HostState constants - # +:os_name+:: -- one of the Msf::OperatingSystems constants - # +:os_flavor+:: -- something like "XP" or "Gentoo" + # +:os_name+:: -- something like "Windows", "Linux", or "Mac OS X" + # +:os_flavor+:: -- something like "Enterprise", "Pro", or "Home" # +:os_sp+:: -- something like "SP2" # +:os_lang+:: -- something like "English", "French", or "en-US" # +:arch+:: -- one of the ARCH_* constants @@ -449,14 +449,13 @@ class DBManager end if info['OS'] =~ /^Windows\s*([^\(]+)\(([^\)]+)\)/i - res[:os_name] = "Microsoft Windows" - res[:os_flavor] = $1.strip + res[:os_name] = "Windows #{$1}" build = $2.strip if build =~ /Service Pack (\d+)/ res[:os_sp] = "SP" + $1 else - res[:os_sp] = "SP0" + res[:os_sp] = "" end end From 76720e9cf8a72932b338659ea576a692e8ef6efa Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 30 Mar 2014 06:27:48 -0700 Subject: [PATCH 07/43] Small tweaks, see 4611d0a8d0141d4d134b83961374e91feb593e27 --- lib/msf/core/db.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index 9645b5b02f..3da468f559 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -449,13 +449,11 @@ class DBManager end if info['OS'] =~ /^Windows\s*([^\(]+)\(([^\)]+)\)/i - res[:os_name] = "Windows #{$1}" + res[:os_name] = "Windows #{$1.strip}" build = $2.strip if build =~ /Service Pack (\d+)/ res[:os_sp] = "SP" + $1 - else - res[:os_sp] = "" end end From b5561cc9ecfbe877398440181f748e6aca98ce5f Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 30 Mar 2014 06:32:38 -0700 Subject: [PATCH 08/43] Report a fingerprint instead of overwriting host.os_name --- lib/msf/core/db.rb | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index 3da468f559..04bf753482 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -3426,7 +3426,18 @@ class DBManager :task => args[:task] } - conf[:os_name] = os if os + + if os + report_note( + :workspace => wspace, + :task => args[:task], + :host => ip, + :type => 'host.os.spiceworks_fingerprint', + :data => { + :os => os.to_s.strip + } + ) + end info = [] info << "Serial Number: #{serialno}" unless (serialno.blank? or serialno == name) From 7e227581a778f0e67b334749f4198b49cdc1053d Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 1 Apr 2014 08:14:58 -0700 Subject: [PATCH 09/43] Rework OS fingerprinting to match Recog changes This commit changes how os_name and os_flavor are handled for client-side exploits, matching recent changes to the server-side exploits and scanner fingerprints. This commit also updates the client-side fingerprinting to take into account Windows 8.1 and IE 9, 10, and 11. --- data/js/detect/os.js | 562 ++++++++++-------- .../samples/modules/exploits/ie_browser.rb | 4 +- lib/msf/core/constants.rb | 10 +- lib/msf/core/exploit/http/server.rb | 61 +- .../exploit/remote/browser_exploit_server.rb | 25 +- lib/rex/exploitation/js/detect.rb | 6 +- lib/rex/proto/http/handler/proc.rb | 2 +- modules/auxiliary/server/browser_autopwn.rb | 49 +- .../browser/webview_addjavascriptinterface.rb | 4 +- .../multi/browser/firefox_escape_retval.rb | 2 +- .../multi/browser/mozilla_compareto.rb | 2 +- .../multi/browser/opera_configoverwrite.rb | 2 +- .../exploits/osx/browser/mozilla_mchannel.rb | 2 +- .../osx/browser/safari_metadata_archive.rb | 2 +- .../safari_user_assisted_download_launch.rb | 2 +- .../windows/browser/adobe_flash_mp4_cprt.rb | 2 +- .../windows/browser/adobe_flash_rtmp.rb | 2 +- .../windows/browser/adobe_toolbutton.rb | 3 +- .../browser/aladdin_choosefilepath_bof.rb | 2 +- .../browser/apple_quicktime_marshaled_punk.rb | 2 +- .../browser/apple_quicktime_mime_type.rb | 2 +- .../windows/browser/apple_quicktime_rtsp.rb | 2 +- .../browser/apple_quicktime_smil_debug.rb | 2 +- .../apple_quicktime_texml_font_table.rb | 2 +- .../browser/blackice_downloadimagefileurl.rb | 2 +- .../browser/cisco_playerpt_setsource.rb | 2 +- .../browser/cisco_playerpt_setsource_surl.rb | 2 +- .../windows/browser/clear_quest_cqole.rb | 2 +- .../browser/crystal_reports_printcontrol.rb | 2 +- .../hp_alm_xgo_setshapenodetype_exec.rb | 2 +- .../browser/hp_loadrunner_writefilebinary.rb | 2 +- .../browser/hp_loadrunner_writefilestring.rb | 2 +- .../windows/browser/ibm_spss_c1sizer.rb | 2 +- .../browser/ibm_tivoli_pme_activex_bof.rb | 2 +- .../windows/browser/ie_cbutton_uaf.rb | 2 +- .../windows/browser/ie_cgenericelement_uaf.rb | 2 +- .../windows/browser/ie_createobject.rb | 2 +- ...ndusoft_issymbol_internationalseparator.rb | 2 +- .../windows/browser/inotes_dwa85w_bof.rb | 2 +- .../browser/keyhelp_launchtripane_exec.rb | 2 +- .../browser/mozilla_interleaved_write.rb | 2 +- .../windows/browser/mozilla_mchannel.rb | 2 +- .../windows/browser/mozilla_nstreerange.rb | 2 +- .../windows/browser/ms06_067_keyframe.rb | 2 +- .../browser/ms08_078_xml_corruption.rb | 2 +- .../browser/ms09_002_memory_corruption.rb | 2 +- .../windows/browser/ms09_072_style_object.rb | 2 +- .../windows/browser/ms10_002_aurora.rb | 2 +- .../windows/browser/ms10_018_ie_behaviors.rb | 2 +- .../windows/browser/ms10_090_ie_css_clip.rb | 2 +- .../windows/browser/ms11_003_ie_css_import.rb | 2 +- .../browser/ms11_050_mshtml_cobjectelement.rb | 2 +- .../exploits/windows/browser/ms12_004_midi.rb | 5 +- .../windows/browser/ms12_037_ie_colspan.rb | 2 +- .../ms13_022_silverlight_script_object.rb | 2 +- .../windows/browser/ms13_037_svg_dashstyle.rb | 2 +- .../browser/ms13_080_cdisplaypointer.rb | 2 +- .../browser/ms13_090_cardspacesigninhelper.rb | 4 +- .../browser/msxml_get_definition_code_exec.rb | 2 +- .../browser/novell_groupwise_gwcls1_actvx.rb | 2 +- .../windows/browser/ntr_activex_check_bof.rb | 2 +- .../windows/browser/ntr_activex_stopmodule.rb | 2 +- .../browser/oracle_autovue_setmarkupmode.rb | 2 +- .../windows/browser/quickr_qp2_bof.rb | 2 +- .../browser/siemens_solid_edge_selistctrlx.rb | 2 +- .../browser/synactis_connecttosynactis_bof.rb | 2 +- .../browser/tom_sawyer_tsgetx71ex552.rb | 2 +- .../wellintech_kingscada_kxclientdownload.rb | 2 +- .../windows/browser/winzip_fileview.rb | 2 +- .../windows/browser/wmi_admintools.rb | 2 +- 70 files changed, 473 insertions(+), 378 deletions(-) diff --git a/data/js/detect/os.js b/data/js/detect/os.js index 47250c2d32..bb747342d1 100644 --- a/data/js/detect/os.js +++ b/data/js/detect/os.js @@ -1,25 +1,27 @@ // Case matters, see lib/msf/core/constants.rb // All of these should match up with constants in ::Msf::HttpClients -clients_opera = "Opera"; -clients_ie = "MSIE"; -clients_ff = "Firefox"; -clients_chrome= "Chrome"; -clients_safari= "Safari"; +clients_opera = "Opera"; +clients_ie = "MSIE"; +clients_ff = "Firefox"; +clients_chrome = "Chrome"; +clients_safari = "Safari"; -// All of these should match up with constants in ::Msf::OperatingSystems -oses_linux = "Linux"; -oses_windows = "Microsoft Windows"; -oses_mac_osx = "Mac OS X"; -oses_freebsd = "FreeBSD"; -oses_netbsd = "NetBSD"; -oses_openbsd = "OpenBSD"; +// The name of the operating system name +oses_linux = "Linux"; +oses_android = "Android"; +oses_windows = "Windows"; +oses_mac_osx = "Mac OS X"; +oses_apple_ios = "iOS"; +oses_freebsd = "FreeBSD"; +oses_netbsd = "NetBSD"; +oses_openbsd = "OpenBSD"; // All of these should match up with the ARCH_* constants -arch_armle = "armle"; -arch_x86 = "x86"; -arch_x86_64 = "x86_64"; -arch_ppc = "ppc"; +arch_armle = "armle"; +arch_x86 = "x86"; +arch_x86_64 = "x86_64"; +arch_ppc = "ppc"; window.os_detect = {}; @@ -32,6 +34,8 @@ window.os_detect = {}; window.os_detect.getVersion = function(){ //Default values: var os_name; + var os_vendor; + var os_device; var os_flavor; var os_sp; var os_lang; @@ -119,11 +123,10 @@ window.os_detect.getVersion = function(){ // Android 2.3.6, opera mini 7.1 // Opera/9.80 (Android; Opera Mini/7.29530/27.1407; U; en) Presto/2.8.119 Version/11.101.10 if (navigator.userAgent.indexOf("Android")) { - os_name = oses_linux; - os_flavor = "Android"; + os_name = oses_android; } else if (navigator.userAgent.indexOf("iPhone")) { - os_name = oses_mac_osx; - os_flavor = "iPhone"; + os_name = oses_apple_ios; + os_device = "iPhone"; } break; // A few are ambiguous, record them here @@ -161,18 +164,18 @@ window.os_detect.getVersion = function(){ // "Version" in the UA, see example above. Grab the webkit version // instead. =/ if (platform.match(/ipod/)) { - os_name = oses_mac_osx; - os_flavor = "iPod"; + os_name = oses_apple_ios; + os_device = "iPod"; arch = arch_armle; search = "AppleWebKit"; } else if (platform.match(/ipad/)) { - os_name = oses_mac_osx; - os_flavor = "iPad"; + os_name = oses_apple_ios; + os_device = "iPad"; arch = arch_armle; search = "AppleWebKit"; } else if (platform.match(/iphone/)) { - os_name = oses_mac_osx; - os_flavor = "iPhone"; + os_name = oses_apple_ios; + os_device = "iPhone"; arch = arch_armle; } else if (platform.match(/macintel/)) { os_name = oses_mac_osx; @@ -185,7 +188,7 @@ window.os_detect.getVersion = function(){ // Android and maemo arch = arch_armle; if (navigator.userAgent.match(/android/i)) { - os_flavor = 'Android'; + os_name = oses_android; } } } else if (platform.match(/windows/)) { @@ -301,13 +304,17 @@ window.os_detect.getVersion = function(){ } if (version.match(/Windows/)) { os_name = oses_windows; + // Technically these will mismatch server OS editions, but those are + // rarely used as client systems and typically have the same exploit + // characteristics as the associated client. switch(version) { - case "Windows NT 5.0": os_flavor = "2000"; break; - case "Windows NT 5.1": os_flavor = "XP"; break; - case "Windows NT 5.2": os_flavor = "2003"; break; - case "Windows NT 6.0": os_flavor = "Vista"; break; - case "Windows NT 6.1": os_flavor = "7"; break; - case "Windows NT 6.2": os_flavor = "8"; break; + case "Windows NT 5.0": os_name = "Windows 2000"; break; + case "Windows NT 5.1": os_name = "Windows XP"; break; + case "Windows NT 5.2": os_name = "Windows 2003"; break; + case "Windows NT 6.0": os_name = "Windows Vista"; break; + case "Windows NT 6.1": os_name = "Windows 7"; break; + case "Windows NT 6.2": os_name = "Windows 8"; break; + case "Windows NT 6.3": os_name = "Windows 8.1"; break; } } if (version.match(/Linux/)) { @@ -326,17 +333,17 @@ window.os_detect.getVersion = function(){ var buildid = navigator.buildID; switch(buildid) { - case "2008041514": ua_version = "3.0.0.b5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2008041515": ua_version = "3.0.0.b5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "2008052312": ua_version = "3.0.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2008041514": ua_version = "3.0.0.b5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2008041515": ua_version = "3.0.0.b5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "2008052312": ua_version = "3.0.0"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2008052906": ua_version = "3.0.0"; os_name = oses_windows; break; - case "2008052909": ua_version = "3.0.0.rc1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2008052909": ua_version = "3.0.0.rc1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2008052912": ua_version = "3.0.0"; os_name = oses_linux; break; - case "2008060309": ua_version = "3.0.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; + case "2008060309": ua_version = "3.0.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break; case "2008070205": ua_version = "2.0.0.16"; os_name = oses_windows; break; case "2008070206": ua_version = "3.0.1"; os_name = oses_linux; break; case "2008070208": ua_version = "3.0.1"; os_name = oses_windows; break; - case "2008071222": ua_version = "3.0.1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2008071222": ua_version = "3.0.1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2008072820": switch (navigator.productSub) { case "2008072820": ua_version = "3.0.1"; os_name = oses_linux; break; @@ -345,10 +352,10 @@ window.os_detect.getVersion = function(){ case "2008082909": ua_version = "2.0.0.17"; os_name = oses_windows; break; case "2008091618": ua_version = "3.0.2"; os_name = oses_linux; break; case "2008091620": ua_version = "3.0.2"; os_name = oses_windows; break; - case "2008092313": ua_version = "3.0.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2008092313": ua_version = "3.0.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2008092416": ua_version = "3.0.3"; os_name = oses_linux; break; case "2008092417": ua_version = "3.0.3"; os_name = oses_windows; break; - case "2008092510": ua_version = "3.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2008092510": ua_version = "3.0.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2008101315": switch (navigator.productSub) { case "2008101315": ua_version = "3.0.3"; os_name = oses_linux; break; @@ -356,63 +363,63 @@ window.os_detect.getVersion = function(){ } break; case "2008102918": ua_version = "2.0.0.18"; os_name = oses_windows; break; case "2008102920": ua_version = "3.0.4"; break; - case "2008112309": ua_version = "3.0.4"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Iceweasel 3.0.4 / Debian Testing (Lenny) - case "2008111317": ua_version = "3.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2008111318": ua_version = "3.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; break; + case "2008112309": ua_version = "3.0.4"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Iceweasel 3.0.4 / Debian Testing (Lenny) + case "2008111317": ua_version = "3.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2008111318": ua_version = "3.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; break; case "2008120119": ua_version = "2.0.0.19"; os_name = oses_windows; break; case "2008120121": ua_version = "3.0.5"; os_name = oses_linux; break; case "2008120122": ua_version = "3.0.5"; os_name = oses_windows; break; - case "2008121623": ua_version = "2.0.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 2.0.0.19 / Ubuntu 8.04 LTS (Hardy Heron) + case "2008121623": ua_version = "2.0.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 2.0.0.19 / Ubuntu 8.04 LTS (Hardy Heron) case "2008121709": ua_version = "2.0.0.20"; os_name = oses_windows; break; case "2009011912": ua_version = "3.0.6"; os_name = oses_linux; break; case "2009011913": ua_version = "3.0.6"; os_name = oses_windows; break; - case "2009012615": ua_version = "3.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2009012616": ua_version = "3.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2009012615": ua_version = "3.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2009012616": ua_version = "3.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2009021906": ua_version = "3.0.7"; os_name = oses_linux; break; case "2009021910": ua_version = "3.0.7"; os_name = oses_windows; break; - case "2009030422": ua_version = "3.0.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2009030422": ua_version = "3.0.8"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2009032608": ua_version = "3.0.8"; os_name = oses_linux; break; case "2009032609": ua_version = "3.0.8"; os_name = oses_windows; break; - case "2009032711": ua_version = "3.0.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2009032711": ua_version = "3.0.9"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; case "2009033100": switch (navigator.productSub) { - case "2009033100": ua_version = "3.0.8"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "2009042113": ua_version = "3.0.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2009033100": ua_version = "3.0.8"; os_name = oses_linux; os_vendor = "Ubuntu"; break; + case "2009042113": ua_version = "3.0.9"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; } break; case "2009040820": ua_version = "3.0.9"; os_name = oses_linux; break; case "2009040821": ua_version = "3.0.9"; os_name = oses_windows; break; - case "2009042113": ua_version = "3.0.10"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2009042114": ua_version = "3.0.10"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; + case "2009042113": ua_version = "3.0.10"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2009042114": ua_version = "3.0.10"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; case "2009042315": ua_version = "3.0.10"; os_name = oses_linux; break; case "2009042316": ua_version = "3.0.10"; os_name = oses_windows; break; - case "20090427153806": ua_version = "3.5.0.b4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20090427153807": ua_version = "3.5.0.b4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; + case "20090427153806": ua_version = "3.5.0.b4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20090427153807": ua_version = "3.5.0.b4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; case "2009060214": ua_version = "3.0.11"; os_name = oses_linux; break; case "2009060215": ua_version = "3.0.11"; os_name = oses_windows; break; case "2009060308": switch (navigator.productSub) { - case "2009060308": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2009060308": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; } break; case "2009060309": switch (navigator.productSub) { - case "2009060309": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; + case "2009060309": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "Ubuntu"; break; + case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; } break; - case "2009060310": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "BackTrack"; break; - case "2009062005": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "PCLunixOS"; break; + case "2009060310": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "BackTrack"; break; + case "2009062005": ua_version = "3.0.11"; os_name = oses_linux; os_vendor = "PCLunixOS"; break; case "20090624012136": ua_version = "3.5.0"; os_name = oses_mac_osx; break; case "20090624012820": ua_version = "3.5.0"; os_name = oses_linux; break; - case "20090701234143": ua_version = "3.5.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20090702060527": ua_version = "3.5.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; + case "20090701234143": ua_version = "3.5.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20090702060527": ua_version = "3.5.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; case "2009070610": ua_version = "3.0.12"; os_name = oses_linux; break; case "2009070611": ua_version = "3.0.12"; os_name = oses_windows; break; - case "2009070811": ua_version = "3.0.13"; os_name = oses_linux; os_flavor = "Ubuntu"; break; + case "2009070811": ua_version = "3.0.13"; os_name = oses_linux; os_vendor = "Ubuntu"; break; case "20090715083437": ua_version = "3.5.1"; os_name = oses_mac_osx; break; case "20090715083816": ua_version = "3.5.1"; os_name = oses_linux; break; case "20090715094852": ua_version = "3.5.1"; os_name = oses_windows; break; - case "2009072202": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Oracle"; break; - case "2009072711": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "CentOS"; break; + case "2009072202": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "Oracle"; break; + case "2009072711": ua_version = "3.0.12"; os_name = oses_linux; os_vendor = "CentOS"; break; case "20090729211433": ua_version = "3.5.2"; os_name = oses_mac_osx; break; case "20090729211829": ua_version = "3.5.2"; os_name = oses_linux; break; case "20090729225027": ua_version = "3.5.2"; os_name = oses_windows; break; @@ -422,34 +429,34 @@ window.os_detect.getVersion = function(){ case "20090824085743": ua_version = "3.5.3"; os_name = oses_linux; break; case "20090824101458": ua_version = "3.5.3"; os_name = oses_windows; break; case "2009082707": ua_version = "3.0.14"; break; - case "2009090216": ua_version = "3.0.14"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20090914014745": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break; - case "20090915065903": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break; - case "20090915070141": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break; - case "20091007090112": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 - case "20091007095328": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 + case "2009090216": ua_version = "3.0.14"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20090914014745": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break; + case "20090915065903": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break; + case "20090915070141": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86; break; + case "20091007090112": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 + case "20091007095328": ua_version = "3.5.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 case "2009101600": switch (navigator.productSub) { case "2009101600": ua_version = "3.0.15"; break; // Can be either Mac or Linux - case "20091016": ua_version = "3.5.4"; os_name = oses_linux; os_flavor = "SUSE"; arch = arch_x86; break; + case "20091016": ua_version = "3.5.4"; os_name = oses_linux; os_vendor = "SUSE"; arch = arch_x86; break; } break; case "2009101601": ua_version = "3.0.15"; os_name = oses_windows; break; case "20091016081620": ua_version = "3.5.4"; os_name = oses_mac_osx; break; case "20091016081727": ua_version = "3.5.4"; os_name = oses_linux; break; case "20091016092926": ua_version = "3.5.4"; os_name = oses_windows; break; - case "20091020122601": ua_version = "3.5.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 + case "20091020122601": ua_version = "3.5.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 case "2009102814": switch (navigator.productSub) { - case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "2009121602": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Mint"; break; - case "2010021501": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86; break; - case "2010021502": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86_64; break; + case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; break; + case "2009121602": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; break; + case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_vendor = "Mint"; break; + case "2010021501": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_vendor = "Mint"; arch = arch_x86; break; + case "2010021502": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_vendor = "Mint"; arch = arch_x86_64; break; } break; case "2009102815": switch (navigator.productSub) { - case "2009102815": ua_version = "3.0.15"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "2009102815": ua_version = "3.0.15"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; } break; case "20091029152254": ua_version = "3.6.0.b1"; os_name = oses_linux; break; case "20091029171059": ua_version = "3.6.0.b1"; os_name = oses_windows; break; @@ -457,23 +464,23 @@ window.os_detect.getVersion = function(){ case "20091102141836": ua_version = "3.5.5"; os_name = oses_linux; break; case "20091102152451": ua_version = "3.5.5"; os_name = oses_windows; break; case "2009110421": ua_version = "3.0.15"; os_name = oses_freebsd; arch = arch_x86; break; - case "20091106091959": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break; - case "20091106140514": ua_version = "3.5.5"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20091106145609": ua_version = "3.5.5"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; + case "20091106091959": ua_version = "3.5.5"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break; + case "20091106140514": ua_version = "3.5.5"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20091106145609": ua_version = "3.5.5"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; case "20091108163911": ua_version = "3.6.0.b2"; os_name = oses_linux; break; case "20091108181924": ua_version = "3.6.0.b2"; os_name = oses_windows; break; case "20091109125225": switch (navigator.productSub) { - case "20091109": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; + case "20091109": ua_version = "3.5.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; } break; - case "20091109134913": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; + case "20091109134913": ua_version = "3.5.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; case "20091115172547": ua_version = "3.6.0.b3"; os_name = oses_linux; break; case "20091115182845": ua_version = "3.6.0.b3"; os_name = oses_windows; break; case "20091124201530": ua_version = "3.6.0.b4"; os_name = oses_mac_osx; break; case "20091124201751": ua_version = "3.6.0.b4"; os_name = oses_linux; break; case "20091124213835": ua_version = "3.6.0.b4"; os_name = oses_windows; break; - case "2009120100": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "SUSE"; break; + case "2009120100": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "SUSE"; break; case "20091201203240": ua_version = "3.5.6"; os_name = oses_mac_osx; break; case "20091201204959": ua_version = "3.5.6"; os_name = oses_linux; break; case "20091201220228": ua_version = "3.5.6"; os_name = oses_windows; break; @@ -482,74 +489,74 @@ window.os_detect.getVersion = function(){ case "20091204132459": ua_version = "3.6.0.b5"; os_name = oses_linux; break; case "20091204132509": ua_version = "3.6.0.b5"; os_name = oses_mac_osx; break; case "20091204143806": ua_version = "3.6.0.b5"; os_name = oses_windows; break; - case "20091215230859": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20091215230946": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20091215231400": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 + case "20091215230859": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20091215230946": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20091215231400": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 case "20091215231754": switch (navigator.productSub) { - case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100106": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 + case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100106": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 } break; case "2009121601": switch (navigator.productSub) { - case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // Could also be Mint x86-64 + case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // Could also be Mint x86-64 } break; - case "2009121602": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "20091216104148": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Mandriva"; break; - case "20091216132458": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20091216132537": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20091216142458": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20091216142519": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "2009121708": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break; + case "2009121602": ua_version = "3.0.17"; os_name = oses_linux; os_vendor = "Ubuntu"; break; + case "20091216104148": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Mandriva"; break; + case "20091216132458": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20091216132537": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20091216142458": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20091216142519": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "2009121708": ua_version = "3.0.16"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86; break; case "20091221151141": ua_version = "3.5.7"; os_name = oses_mac_osx; break; case "20091221152502": ua_version = "3.5.7"; os_name = oses_linux; break; case "2009122115": ua_version = "3.0.17"; break; // Can be either Mac or Linux case "20091221164558": ua_version = "3.5.7"; os_name = oses_windows; break; case "2009122116": ua_version = "3.0.17"; os_name = oses_windows; break; - case "2009122200": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "SUSE"; break; - case "20091223231431": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "PCLunixOS"; arch = arch_x86; break; + case "2009122200": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "SUSE"; break; + case "20091223231431": ua_version = "3.5.6"; os_name = oses_linux; os_vendor = "PCLunixOS"; arch = arch_x86; break; case "20100105194006": ua_version = "3.6.0.rc1"; os_name = oses_mac_osx; break; case "20100105194116": ua_version = "3.6.0.rc1"; os_name = oses_linux; break; case "20100105212446": ua_version = "3.6.0.rc1"; os_name = oses_windows; break; - case "2010010604": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "20100106054534": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 - case "20100106054634": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 - case "2010010605": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100106211825": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20100106212742": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; - case "20100106215614": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20100110112429": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Mandriva"; break; + case "2010010604": ua_version = "3.0.18"; os_name = oses_linux; os_vendor = "Ubuntu"; break; + case "20100106054534": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 + case "20100106054634": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 + case "2010010605": ua_version = "3.0.18"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100106211825": ua_version = "3.5.7"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20100106212742": ua_version = "3.5.7"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; + case "20100106215614": ua_version = "3.5.7"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20100110112429": ua_version = "3.5.7"; os_name = oses_linux; os_vendor = "Mandriva"; break; case "20100115132715": ua_version = "3.6.0"; os_name = oses_mac_osx; break; case "20100115133306": ua_version = "3.6.0"; os_name = oses_linux; break; case "20100115144158": ua_version = "3.6.0"; os_name = oses_windows; break; - case "20100125074043": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 - case "20100125074127": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 - case "20100125204847": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break; // Could also be Mint x86 - case "20100125204903": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break; // Could also be Mint x86-64 + case "20100125074043": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86 + case "20100125074127": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64 + case "20100125204847": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86; break; // Could also be Mint x86 + case "20100125204903": ua_version = "3.6.0"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break; // Could also be Mint x86-64 case "20100202152834": ua_version = "3.5.8"; os_name = oses_mac_osx; break; case "20100202153512": ua_version = "3.5.8"; os_name = oses_linux; break; case "20100202165920": ua_version = "3.5.8"; os_name = oses_windows; break; case "2010020219": ua_version = "3.0.18"; os_name = oses_mac_osx; break; case "2010020220": ua_version = "3.0.18"; os_name = oses_windows; break; - case "2010020400": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "SUSE"; break; - case "20100212131909": ua_version = "3.6.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100212132013": ua_version = "3.6.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100216105329": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20100216105348": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20100216105410": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20100216110009": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "2010021718": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break; - case "20100218022359": ua_version = "3.6.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100218022705": ua_version = "3.6.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100218112915": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break; - case "20100222120605": ua_version = "3.6.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100222120717": ua_version = "3.6.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100301015346": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20100305054927": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; - case "20100307204001": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20100308142847": ua_version = "3.6.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100308151019": ua_version = "3.6.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; + case "2010020400": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "SUSE"; break; + case "20100212131909": ua_version = "3.6.0.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100212132013": ua_version = "3.6.0.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100216105329": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20100216105348": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20100216105410": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20100216110009": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "2010021718": ua_version = "3.0.18"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86; break; + case "20100218022359": ua_version = "3.6.0.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100218022705": ua_version = "3.6.0.4"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100218112915": ua_version = "3.5.8"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break; + case "20100222120605": ua_version = "3.6.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100222120717": ua_version = "3.6.0.5"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100301015346": ua_version = "3.6.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20100305054927": ua_version = "3.6.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; + case "20100307204001": ua_version = "3.6.0"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20100308142847": ua_version = "3.6.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100308151019": ua_version = "3.6.0.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; case "2010031218": ua_version = "3.0.19"; break; // Mac OS X or Linux case "2010031422": ua_version = "3.0.19"; os_name = oses_windows; break; case "20100315075757": ua_version = "3.5.9"; os_name = oses_linux; break; @@ -558,48 +565,48 @@ window.os_detect.getVersion = function(){ case "20100316055951": ua_version = "3.6.2"; os_name = oses_mac_osx; break; case "20100316060223": ua_version = "3.6.2"; os_name = oses_linux; break; case "20100316074819": ua_version = "3.6.2"; os_name = oses_windows; break; - case "2010031700": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "SUSE"; break; - case "20100323102218": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20100323102339": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20100323194640": ua_version = "3.6.2"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; - case "20100324182054": ua_version = "3.6.2"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20100330071911": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20100330072017": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20100330072020": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20100330072034": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; + case "2010031700": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "SUSE"; break; + case "20100323102218": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20100323102339": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20100323194640": ua_version = "3.6.2"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; + case "20100324182054": ua_version = "3.6.2"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20100330071911": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20100330072017": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20100330072020": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20100330072034": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; case "20100401064631": ua_version = "3.6.3"; os_name = oses_mac_osx; break; case "20100401074458": ua_version = "3.6.3"; os_name = oses_linux; break; case "20100401080539": ua_version = "3.6.3"; os_name = oses_windows; break; - case "20100401144201": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2010040116": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2010040118": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2010040119": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100401213457": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "2010040121": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "2010040123": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "2010040200": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100402010516": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86_64; break; - case "20100402041908": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100403042003": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20100403082016": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20100404024515": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100404024646": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100404104043": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break; - case "20100409151117": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100409170726": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100412125148": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break; + case "20100401144201": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2010040116": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2010040118": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2010040119": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100401213457": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "2010040121": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "2010040123": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "2010040200": ua_version = "3.0.19"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100402010516": ua_version = "3.5.9"; os_name = oses_linux; os_vendor = "Mint"; arch = arch_x86_64; break; + case "20100402041908": ua_version = "3.6.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100403042003": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20100403082016": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20100404024515": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100404024646": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100404104043": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "PClinuxOS"; arch = arch_x86_64; break; + case "20100409151117": ua_version = "3.6.3.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100409170726": ua_version = "3.6.3.2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100412125148": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break; case "20100413152922": ua_version = "3.6.4.b1"; os_name = oses_mac_osx; break; case "20100413154310": ua_version = "3.6.4.b1"; os_name = oses_linux; break; case "20100413172113": ua_version = "3.6.4.b1"; os_name = oses_windows; break; - case "20100415062243": ua_version = "3.6.3.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100415103754": ua_version = "3.6.3.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100416101101": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break; - case "2010041700": ua_version = "3.6.4.1"; os_name = oses_linux; os_flavor = "SUSE"; break; - case "20100419015333": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; - case "20100423043606": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break; - case "20100423140709": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100423141150": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100423142835": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; + case "20100415062243": ua_version = "3.6.3.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100415103754": ua_version = "3.6.3.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100416101101": ua_version = "3.6.3.2"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break; + case "2010041700": ua_version = "3.6.4.1"; os_name = oses_linux; os_vendor = "SUSE"; break; + case "20100419015333": ua_version = "3.6.3"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; + case "20100423043606": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break; + case "20100423140709": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100423141150": ua_version = "3.6.3"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100423142835": ua_version = "3.6.3"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; case "20100502202326": ua_version = "3.6.4.b2"; os_name = oses_linux; break; case "20100502202401": ua_version = "3.6.4.b2"; os_name = oses_mac_osx; break; case "20100502221517": ua_version = "3.6.4.b2"; os_name = oses_windows; break; @@ -609,69 +616,69 @@ window.os_detect.getVersion = function(){ case "20100504085637": ua_version = "3.5.10"; os_name = oses_linux; break; case "20100504085753": ua_version = "3.5.10"; os_name = oses_mac_osx; break; case "20100504093643": ua_version = "3.5.10"; os_name = oses_windows; break; - case "2010050600": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "SUSE"; break; - case "2010051300": ua_version = "3.6.4.1"; os_name = oses_linux; os_flavor = "SUSE"; break; + case "2010050600": ua_version = "3.5.10"; os_name = oses_linux; os_vendor = "SUSE"; break; + case "2010051300": ua_version = "3.6.4.1"; os_name = oses_linux; os_vendor = "SUSE"; break; case "20100513134853": ua_version = "3.6.4.b4"; os_name = oses_mac_osx; break; case "20100513140540": ua_version = "3.6.4.b4"; os_name = oses_linux; break; case "20100513144105": ua_version = "3.6.4.b4"; os_name = oses_windows; break; - case "20100513190740": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; + case "20100513190740": ua_version = "3.6.3"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; case "20100523180910": ua_version = "3.6.4.b5"; os_name = oses_mac_osx; break; case "20100523181754": ua_version = "3.6.4.b5"; os_name = oses_linux; break; case "20100523185824": ua_version = "3.6.4.b5"; os_name = oses_windows; break; case "20100527084110": ua_version = "3.6.4.b6"; os_name = oses_mac_osx; break; case "20100527085242": ua_version = "3.6.4.b6"; os_name = oses_linux; break; case "20100527093236": ua_version = "3.6.4.b6"; os_name = oses_windows; break; - case "2010061100": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "SUSE"; break; + case "2010061100": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "SUSE"; break; case "20100611134546": ua_version = "3.6.4.b7"; os_name = oses_mac_osx; break; case "20100611135942": ua_version = "3.6.4.b7"; os_name = oses_linux; break; case "20100611143157": ua_version = "3.6.4.b7"; os_name = oses_windows; break; - case "20100622203044": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20100622203045": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20100622204750": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break; - case "20100622204830": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break; - case "20100622205038": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break; - case "20100623081410": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86_64; break; - case "20100623081921": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break; - case "20100623155731": ua_version = "3.6.4.b7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100623200132": ua_version = "3.6.4.b7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; + case "20100622203044": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20100622203045": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20100622204750": ua_version = "3.5.10"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86_64; break; + case "20100622204830": ua_version = "3.5.10"; os_name = oses_linux; os_vendor = "Fedora"; arch = arch_x86; break; + case "20100622205038": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "PClinuxOS"; arch = arch_x86_64; break; + case "20100623081410": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86_64; break; + case "20100623081921": ua_version = "3.6.4"; os_name = oses_linux; os_vendor = "CentOS"; arch = arch_x86; break; + case "20100623155731": ua_version = "3.6.4.b7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100623200132": ua_version = "3.6.4.b7"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; case "20100625222733": ua_version = "3.6.6"; os_name = oses_linux; break; case "20100625223402": ua_version = "3.6.6"; os_name = oses_mac_osx; break; case "20100625231939": ua_version = "3.6.6"; os_name = oses_windows; break; - case "20100626104508": ua_version = "3.6.4"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break; - case "20100627211341": ua_version = "3.6.4"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break; - case "20100628082832": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break; - case "20100628124739": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100628143222": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100628232431": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100629034705": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100629105354": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break; - case "20100630130433": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; + case "20100626104508": ua_version = "3.6.4"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86; break; + case "20100627211341": ua_version = "3.6.4"; os_name = oses_freebsd; os_vendor = "PC-BSD"; arch = arch_x86_64; break; + case "20100628082832": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "PClinuxOS"; arch = arch_x86_64; break; + case "20100628124739": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100628143222": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100628232431": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100629034705": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100629105354": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Mandriva"; arch = arch_x86; break; + case "20100630130433": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; case "20100630131607": ua_version = "4.0.0.b1"; os_name = oses_mac_osx; break; case "20100630132217": ua_version = "4.0.0.b1"; os_name = oses_linux; break; case "20100630141702": ua_version = "4.0.0.b1"; os_name = oses_windows; break; - case "20100630174226": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break; - case "20100630180611": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break; - case "20100709115208": ua_version = "3.6.7.b1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; - case "20100709183408": ua_version = "3.6.7.b1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; - case "20100716093011": ua_version = "3.6.7.b2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; + case "20100630174226": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86_64; break; + case "20100630180611": ua_version = "3.6.6"; os_name = oses_linux; os_vendor = "Sabayon"; arch = arch_x86; break; + case "20100709115208": ua_version = "3.6.7.b1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86; break; + case "20100709183408": ua_version = "3.6.7.b1"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; + case "20100716093011": ua_version = "3.6.7.b2"; os_name = oses_linux; os_vendor = "Ubuntu"; arch = arch_x86_64; break; case "20101203075014": ua_version = "3.6.13"; os_name = oses_windows; break; - case "20101206122825": ua_version = "3.6.13"; os_name = oses_linux; os_flavor = "Ubuntu"; break; + case "20101206122825": ua_version = "3.6.13"; os_name = oses_linux; os_vendor = "Ubuntu"; break; case "20110318052756": ua_version = "4.0"; os_name = oses_windows; break; // browsershots: Firefox 4.0 / Windows XP - case "20110420144310": ua_version = "3.5.19"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 3.5.19 / Debian 4.0 (Etch) + case "20110420144310": ua_version = "3.5.19"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 3.5.19 / Debian 4.0 (Etch) case "20110615151330": ua_version = "5.0"; os_name = oses_windows; break; // browsershots: Firefox 5.0 / Windows XP case "20110811165603": ua_version = "6.0"; os_name = oses_windows; break; // browsershots: Firefox 6.0 / Windows XP - case "20110830092941": ua_version = "6.0.1"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 6.0.1 / Debian 4.0 (Etch) + case "20110830092941": ua_version = "6.0.1"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 6.0.1 / Debian 4.0 (Etch) case "20110922153450": ua_version = "7.0"; os_name = oses_windows; break; // browsershots: Firefox 7.0 / Windows XP - case "20110928134238": ua_version = "7.0.1"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 7.0.1 / Debian 4.0 (Etch) + case "20110928134238": ua_version = "7.0.1"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 7.0.1 / Debian 4.0 (Etch) case "20111104165243": ua_version = "8.0"; os_name = oses_windows; break; // browsershots: Firefox 8.0 / Windows XP - case "20111115183813": ua_version = "8.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 8.0 / Ubuntu 9.10 (Karmic Koala) + case "20111115183813": ua_version = "8.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 8.0 / Ubuntu 9.10 (Karmic Koala) case "20111216140209": ua_version = "9.0"; os_name = oses_windows; break; // browsershots: Firefox 9.0 / Windows XP case "20120129021758": ua_version = "10.0"; os_name = oses_windows; break; // browsershots: Firefox 10.0 / Windows 2000 - case "20120201083324": ua_version = "3.5.16"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Iceweasel 3.5.16 / Debian 4.0 (Etch) - case "20120216013254": ua_version = "3.6.27"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 3.6.27 / Debian 4.0 (Etch) - case "20120216100510": ua_version = "10.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 10.0.2 / Ubuntu 9.10 (Karmic Koala) - case "20120310010316": ua_version = "11.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 11.0 / Ubuntu 9.10 (Karmic Koala) - case "20120310194926": ua_version = "11.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; + case "20120201083324": ua_version = "3.5.16"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Iceweasel 3.5.16 / Debian 4.0 (Etch) + case "20120216013254": ua_version = "3.6.27"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 3.6.27 / Debian 4.0 (Etch) + case "20120216100510": ua_version = "10.0.2"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 10.0.2 / Ubuntu 9.10 (Karmic Koala) + case "20120310010316": ua_version = "11.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break; // browsershots: Firefox 11.0 / Ubuntu 9.10 (Karmic Koala) + case "20120310194926": ua_version = "11.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break; case "20120312181643": // It is disconcerting that a buildID is the same on Windows // and Mac, need to examine more versions on Mac. @@ -682,9 +689,9 @@ window.os_detect.getVersion = function(){ os_name = oses_windows; // browsershots: Firefox 11.0 / Windows XP } break; - case "20120314195616": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 12.0 / Debian 4.0 (Etch) - case "20120423142301": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "20120424151700": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Fedora"; break; + case "20120314195616": ua_version = "12.0"; os_name = oses_linux; os_vendor = "Debian"; break; // browsershots: Firefox 12.0 / Debian 4.0 (Etch) + case "20120423142301": ua_version = "12.0"; os_name = oses_linux; os_vendor = "Ubuntu"; break; + case "20120424151700": ua_version = "12.0"; os_name = oses_linux; os_vendor = "Fedora"; break; default: version = this.searchVersion("Firefox", navigator.userAgent); // Verify whether the ua string is lying by checking if it contains @@ -714,64 +721,67 @@ window.os_detect.getVersion = function(){ // share. os_name = oses_windows; ua_name = clients_ie; - version = ScriptEngineMajorVersion().toString(); - version += ScriptEngineMinorVersion().toString(); - version += ScriptEngineBuildVersion().toString(); + version_maj = ScriptEngineMajorVersion().toString(); + version_min = ScriptEngineMinorVersion().toString(); + version_build = ScriptEngineBuildVersion().toString(); + + version = version_maj + version_min + version_build; + //document.write("ScriptEngine: "+version+"
"); switch (version){ case "514615": // IE 5.00.2920.0000, 2000 Advanced Server SP0 English ua_version = "5.0"; - os_flavor = "2000"; + os_name = "Windows 2000"; os_sp = "SP0"; break; case "515907": - os_flavor = "2000"; + os_name = "Windows 2000"; os_sp = "SP3"; //or SP2: oCC.getComponentVersion('{22d6f312-b0f6-11d0-94ab-0080c74c7e95}', 'componentid') => 6,4,9,1109 break; case "518513": - os_flavor = "2000"; + os_name = "Windows 2000"; os_sp = "SP4"; break; case "566626": // IE 6.0.2600.0000, XP SP0 English // IE 6.0.2800.1106, XP SP1 English ua_version = "6.0"; - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP0"; break; case "568515": // IE 6.0.3790.0, 2003 Standard SP0 English ua_version = "6.0"; - os_flavor = "2003"; + os_name = "Windows 2003"; os_sp = "SP0"; break; case "568820": // IE 6.0.2900.2180, xp sp2 english - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP2"; break; case "568827": - os_flavor = "2003"; + os_name = "Windows 2003"; os_sp = "SP1"; break; case "568831": //XP SP2 -OR- 2K SP4 - if (os_flavor == "2000"){ + if (os_name == "2000"){ os_sp = "SP4"; } else{ - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP2"; } break; case "568832": - os_flavor = "2003"; + os_name = "Windows 2003"; os_sp = "SP2"; break; case "568837": // IE 6.0.2900.2180, XP Professional SP2 Korean ua_version = "6.0"; - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP2"; break; case "5716599": @@ -782,7 +792,7 @@ window.os_detect.getVersion = function(){ // Since this scriptengine applies to more than one major version of // IE, rely on the object detection below to determine ua_version. //ua_version = "6.0"; - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP3"; break; case "575730": @@ -797,19 +807,19 @@ window.os_detect.getVersion = function(){ case "5718066": // IE 7.0.5730.13, XP Professional SP3 English ua_version = "7.0"; - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP3"; break; case "5722589": // IE 7.0.5730.13, XP Professional SP3 English ua_version = "7.0"; - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP3"; break; case "576000": // IE 7.0.6000.16386, Vista Ultimate SP0 English ua_version = "7.0"; - os_flavor = "Vista"; + os_name = "Windows Vista"; os_sp = "SP0"; break; case "580": @@ -821,13 +831,13 @@ window.os_detect.getVersion = function(){ case "5816762": // IE 8.0.7600.16385, Windows 7 English ua_version = "8.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP0"; break; case "5817514": // IE 8.0.7600.17514, Windows 7 SP1 English ua_version = "8.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP1"; break; case "5818702": @@ -835,80 +845,103 @@ window.os_detect.getVersion = function(){ case "5822960": // IE 8.0.6001.18702, XP Professional SP3 Greek ua_version = "8.0"; - os_flavor = "XP"; + os_name = "Windows XP"; os_sp = "SP3"; break; case "9016406": // IE 9.0.7930.16406, Windows 7 64-bit ua_version = "9.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP0"; break; case "9016441": // IE 9.0.8112.16421, Windows 7 32-bit English ua_version = "9.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP1"; break; case "9016443": // IE 9.0.8112.16421, Windows 7 Polish // Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ua_version = "9.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP1"; break; case "9016446": // IE 9.0.8112.16421, Windows 7 English (Update Versions: 9.0.7 (KB2699988) // Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2)Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2) ua_version = "9.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP1"; break; case "9016464": // browsershots.org, MSIE 7.0 / Windows 2008 R2 - os_flavor = "2008R2"; + os_name = "Windows 2008R2"; ua_version = "9.0"; break; case "9016470": // IE 9.0.8112.16421 / Windows 7 SP1 ua_version = "9.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP1"; break; case "10016720": // IE 10.0.9200.16721 / Windows 7 SP1 ua_version = "10.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP1"; break; case "11016428": // IE 11.0.9600.16428 / Windows 7 SP1 ua_version = "11.0"; - os_flavor = "7"; + os_name = "Windows 7"; os_sp = "SP1"; break; case "10016384": // IE 10.0.9200.16384 / Windows 8 x86 ua_version = "10.0"; - os_flavor = "8"; + os_name = "Windows 8"; os_sp = "SP0"; break; case "1000": // IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release ua_version = "10.0"; - os_flavor = "8"; + os_name = "Windows 8"; os_sp = "SP0"; break; + case "11016426": + // IE 11.0.9600.16476 / KB2898785 (Technically: 11.0.2) Windows 8.1 x86 English + ua_version = "11.0"; + os_name = "Windows 8.1"; + break; default: unknown_fingerprint = version; break; } + // Trust reported versions of 9, 10, and 11 until we have a better method + if (!ua_version) { + switch(version_maj) { + case "11": + ua_version = "11.0"; + os_name = "Windows 8.1"; + break; + case "10": + ua_version = "10.0"; + os_name = "Windows 8"; + break; + case "9": + ua_version = "9.0"; + break; + } + } + if (!ua_version) { // The ScriptEngine functions failed us, try some object detection if (document.documentElement && (typeof document.documentElement.style.maxHeight)!="undefined") { // IE8 detection straight from IEBlog. Thank you Microsoft. try { + // Technically this also applies to 9.0, 10.0, and 11.0... ua_version = "8.0"; document.documentElement.style.display = "table-cell"; } catch(e) { @@ -936,7 +969,7 @@ window.os_detect.getVersion = function(){ if (!os_name && navigator.platform == "Win32") { os_name = oses_windows; } //-- - // Flavor + // Figure out the type of Windows //-- if (!ua_is_lying) { version = useragent.toLowerCase(); @@ -953,27 +986,28 @@ window.os_detect.getVersion = function(){ else if (version.indexOf("mac") != -1) { os_name = oses_mac_osx; } else if (version.indexOf("linux") != -1) { os_name = oses_linux; } } - if (os_name == oses_windows && (!os_flavor || 0 == os_flavor.length)) { - if (version.indexOf("windows 95") != -1) { os_flavor = "95"; } - else if (version.indexOf("windows nt 4") != -1) { os_flavor = "NT"; } - else if (version.indexOf("win 9x 4.9") != -1) { os_flavor = "ME"; } - else if (version.indexOf("windows 98") != -1) { os_flavor = "98"; } - else if (version.indexOf("windows nt 5.0") != -1) { os_flavor = "2000"; } - else if (version.indexOf("windows nt 5.1") != -1) { os_flavor = "XP"; } - else if (version.indexOf("windows nt 5.2") != -1) { os_flavor = "2003"; } - else if (version.indexOf("windows nt 6.0") != -1) { os_flavor = "Vista"; } - else if (version.indexOf("windows nt 6.1") != -1) { os_flavor = "7"; } - else if (version.indexOf("windows nt 6.2") != -1) { os_flavor = "8"; } + if (os_name == oses_windows) { + if (version.indexOf("windows 95") != -1) { os_name = "Windows 95"; } + else if (version.indexOf("windows nt 4") != -1) { os_name = "Windows NT"; } + else if (version.indexOf("win 9x 4.9") != -1) { os_name = "Windows ME"; } + else if (version.indexOf("windows 98") != -1) { os_name = "Windows 98"; } + else if (version.indexOf("windows nt 5.0") != -1) { os_name = "Windows 2000"; } + else if (version.indexOf("windows nt 5.1") != -1) { os_name = "Windows XP"; } + else if (version.indexOf("windows nt 5.2") != -1) { os_name = "Windows 2003"; } + else if (version.indexOf("windows nt 6.0") != -1) { os_name = "Windows Vista"; } + else if (version.indexOf("windows nt 6.1") != -1) { os_name = "Windows 7"; } + else if (version.indexOf("windows nt 6.2") != -1) { os_name = "Windows 8"; } + else if (version.indexOf("windows nt 6.3") != -1) { os_name = "Windows 8.1"; } } - if (os_name == oses_linux && (!os_flavor || 0 == os_flavor.length)) { - if (version.indexOf("gentoo") != -1) { os_flavor = "Gentoo"; } - else if (version.indexOf("ubuntu") != -1) { os_flavor = "Ubuntu"; } - else if (version.indexOf("debian") != -1) { os_flavor = "Debian"; } - else if (version.indexOf("rhel") != -1) { os_flavor = "RHEL"; } - else if (version.indexOf("red hat") != -1) { os_flavor = "RHEL"; } - else if (version.indexOf("centos") != -1) { os_flavor = "CentOS"; } - else if (version.indexOf("fedora") != -1) { os_flavor = "Fedora"; } - else if (version.indexOf("android") != -1) { os_flavor = "Android"; } + if (os_name == oses_linux && (!os_vendor || 0 == os_vendor.length)) { + if (version.indexOf("gentoo") != -1) { os_vendor = "Gentoo"; } + else if (version.indexOf("ubuntu") != -1) { os_vendor = "Ubuntu"; } + else if (version.indexOf("debian") != -1) { os_vendor = "Debian"; } + else if (version.indexOf("rhel") != -1) { os_vendor = "RHEL"; } + else if (version.indexOf("red hat") != -1) { os_vendor = "RHEL"; } + else if (version.indexOf("centos") != -1) { os_vendor = "CentOS"; } + else if (version.indexOf("fedora") != -1) { os_vendor = "Fedora"; } + else if (version.indexOf("android") != -1) { os_vendor = "Android"; } } //-- @@ -1031,7 +1065,9 @@ window.os_detect.getVersion = function(){ this.ua_is_lying = ua_is_lying; this.os_name = os_name; + this.os_vendor = os_vendor; this.os_flavor = os_flavor; + this.os_device = os_device; this.os_sp = os_sp; this.os_lang = os_lang; this.arch = arch; @@ -1039,7 +1075,7 @@ window.os_detect.getVersion = function(){ this.ua_version = ua_version; this.ua_version = ua_version; - return { os_name:os_name, os_flavor:os_flavor, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version }; + return { os_name:os_name, os_vendor:os_vendor, os_flavor:os_flavor, os_device:os_device, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version }; }; // function getVersion window.os_detect.searchVersion = function(needle, haystack) { diff --git a/documentation/samples/modules/exploits/ie_browser.rb b/documentation/samples/modules/exploits/ie_browser.rb index 3580436400..fcbeade692 100644 --- a/documentation/samples/modules/exploits/ie_browser.rb +++ b/documentation/samples/modules/exploits/ie_browser.rb @@ -29,7 +29,7 @@ class Metasploit4 < Msf::Exploit::Remote :ua_minver => "8.0", :ua_maxver => "10.0", :javascript => true, - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :rank => NormalRanking }) @@ -85,6 +85,8 @@ class Metasploit4 < Msf::Exploit::Remote os_name = 'Windows 7' when '6.2' os_name = 'Windows 8' + when '6.3' + os_name = 'Windows 8.1' end targets.each do |t| diff --git a/lib/msf/core/constants.rb b/lib/msf/core/constants.rb index d000aeb4cb..4ce79e1276 100644 --- a/lib/msf/core/constants.rb +++ b/lib/msf/core/constants.rb @@ -58,14 +58,17 @@ module HttpClients UNKNOWN = "Unknown" end + module OperatingSystems LINUX = "Linux" MAC_OSX = "Mac OS X" - WINDOWS = "Microsoft Windows" + WINDOWS = "Windows" FREEBSD = "FreeBSD" NETBSD = "NetBSD" OPENBSD = "OpenBSD" VMWARE = "VMware" + ANDROID = "Android" + APPLE_IOS = "iOS" module VmwareVersions ESX = "ESX" @@ -79,8 +82,10 @@ module OperatingSystems TWOK3 = "2003" VISTA = "Vista" TWOK8 = "2008" + TWOK12 = "2012" SEVEN = "7" EIGHT = "8" + EIGHTONE = "8.1" end UNKNOWN = "Unknown" @@ -104,5 +109,4 @@ LICENSES = BSD_LICENSE, ARTISTIC_LICENSE, UNKNOWN_LICENSE - ] - + ] \ No newline at end of file diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb index 2798d64567..698cbb5db8 100644 --- a/lib/msf/core/exploit/http/server.rb +++ b/lib/msf/core/exploit/http/server.rb @@ -258,18 +258,19 @@ module Exploit::Remote::HttpServer # Report#report_client, and Msf::DBManager#report_host namely: # +:ua_name+:: a brief identifier for the client, e.g. "Firefox" # +:ua_ver+:: the version number of the client, e.g. "3.0.11" - # +:os_name+:: one of the Msf::OperatingSystems constants - # +:os_flavor+:: something like "XP" or "Gentoo" + # +:os_name+:: something like "Windows XP", "Windows 7", or "Linux" + # +:os_flavor+:: something like "Enterprise", "Pro", or "Home" # +:os_lang+:: something like "English", "French", or "en-US" # +:arch+:: one of the ARCH_* constants # # Unknown values may be nil. # def fingerprint_user_agent(ua_str) + fp = { :ua_string => ua_str } - # always check for IE last because everybody tries to - # look like IE + # Guess the browser type based on the user agent + # Check for IE last since its often impersonated case (ua_str.downcase) # Chrome tries to look like Safari, so check it first when /chrome\/(\d+(:?\.\d+)*)/ @@ -292,58 +293,70 @@ module Exploit::Remote::HttpServer else fp[:ua_name] = HttpClients::UNKNOWN end + + # Guess the language case (ua_str.downcase) when /(en-us|en-gb)/ fp[:os_lang] = $1 end + + # Guess the general OS type case (ua_str.downcase) - when /windows/ + when /windows|win32/ fp[:os_name] = OperatingSystems::WINDOWS fp[:arch] = ARCH_X86 when /linux/ fp[:os_name] = OperatingSystems::LINUX - when /iphone/ - fp[:os_name] = OperatingSystems::MAC_OSX + when /iphone|ipad/ + fp[:os_name] = OperatingSystems::APPLE_IOS fp[:arch] = 'armle' when /mac os x/ fp[:os_name] = OperatingSystems::MAC_OSX else fp[:os_name] = OperatingSystems::UNKNOWN end + + # Determine the specific OS variant + + # Note that we assume windows variants are the + # client version and mismatch server editions. + case (ua_str.downcase) when /windows 95/ - fp[:os_flavor] = '95' + fp[:os_name] = 'Windows 95' when /windows 98/ - fp[:os_flavor] = '98' + fp[:os_name] = 'Windows 98' when /windows nt 4/ - fp[:os_flavor] = 'NT' + fp[:os_name] = 'Windows NT' when /windows nt 5.0/ - fp[:os_flavor] = '2000' + fp[:os_name] = 'Windows 2000' when /windows nt 5.1/ - fp[:os_flavor] = 'XP' + fp[:os_name] = 'Windows XP' when /windows nt 5.2/ - fp[:os_flavor] = '2003' + fp[:os_name] = 'Windows 2003' when /windows nt 6.0/ - fp[:os_flavor] = 'Vista' + fp[:os_name] = 'Windows Vista' when /windows nt 6.1/ - fp[:os_flavor] = '7' + fp[:os_name] = 'Windows 7' when /windows nt 6.2/ - fp[:os_flavor] = '8' + fp[:os_name] = 'Windows 8' + when /windows nt 6.3/ + fp[:os_name] = 'Windows 8.1' when /gentoo/ - fp[:os_flavor] = 'Gentoo' + fp[:os_vendor] = 'Gentoo' when /debian/ - fp[:os_flavor] = 'Debian' + fp[:os_vendor] = 'Debian' when /ubuntu/ - fp[:os_flavor] = 'Ubuntu' + fp[:os_vendor] = 'Ubuntu' when /fedora/ - fp[:os_flavor] = 'Fedora' + fp[:os_vendor] = 'Fedora' when /red hat|rhel/ - fp[:os_flavor] = 'RHEL' + fp[:os_vendor] = 'RHEL' when /android/ - fp[:os_flavor] = 'Android' - else - fp[:os_flavor] = '' + fp[:os_name] = OperatingSystems::ANDROID end + + # Guess the architecture case (ua_str.downcase) when /ppc/ fp[:arch] = ARCH_PPC diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb index 902befc114..6aeb9c7319 100644 --- a/lib/msf/core/exploit/remote/browser_exploit_server.rb +++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb @@ -45,8 +45,11 @@ module Msf :source => 'source', # Either 'script' or 'headers' :ua_name => 'ua_name', # Example: MSIE :ua_ver => 'ua_ver', # Example: 8.0, 9.0 - :os_name => 'os_name', # Example: Microsoft Windows - :os_flavor => 'os_flavor', # Example: XP, 7 + :os_name => 'os_name', # Example: Windows 7, Linux + :os_flavor => 'os_flavor', # Example: Home, Enterprise, etc + :os_device => 'os_device', # Example: iPad, iPhone, etc + :os_vendor => 'os_vendor', # Example: Microsoft, Ubuntu, Apple, etc + :os_sp => 'os_sp', # Example: SP2 :language => 'language', # Example: en-us :arch => 'arch', # Example: x86 :proxy => 'proxy', # 'true' or 'false' @@ -203,8 +206,8 @@ module Msf # Returns the target profile based on the tag. Each profile has the following structure: # 'cookie_name' => # { - # :os_name => 'Windows', - # :os_flavor => 'something' + # :os_name => 'Windows 7', + # :os_flavor => 'Enterprise', # ...... etc ...... # } # A profile should at least have info about the following: @@ -212,8 +215,8 @@ module Msf # should be more accurate in some scenarios like browser compatibility mode # :ua_name : The name of the browser # :ua_ver : The version of the browser - # :os_name : The name of the OS - # :os_flavor : The flavor of the OS (example: XP) + # :os_name : The name of the OS ("Windows XP") + # :os_flavor : The edition of the OS ("Home") # :language : The system's language # :arch : The system's arch # :proxy : Indicates whether proxy is used @@ -354,7 +357,7 @@ module Msf <%= js_os_detect %> <%= js_ajax_post %> <%= js_misc_addons_detect %> - <%= js_ie_addons_detect if os == OperatingSystems::WINDOWS and client == HttpClients::IE %> + <%= js_ie_addons_detect if os.match(/^Windows/) and client == HttpClients::IE %> function objToQuery(obj) { var q = []; @@ -370,6 +373,8 @@ module Msf var d = { "<%=REQUIREMENT_KEY_SET[:os_name]%>" : osInfo.os_name, "<%=REQUIREMENT_KEY_SET[:os_flavor]%>" : osInfo.os_flavor, + "<%=REQUIREMENT_KEY_SET[:os_vendor]%>" : osInfo.os_vendor, + "<%=REQUIREMENT_KEY_SET[:os_device]%>" : osInfo.os_device, "<%=REQUIREMENT_KEY_SET[:ua_name]%>" : osInfo.ua_name, "<%=REQUIREMENT_KEY_SET[:ua_ver]%>" : osInfo.ua_version, "<%=REQUIREMENT_KEY_SET[:arch]%>" : osInfo.arch, @@ -377,7 +382,7 @@ module Msf "<%=REQUIREMENT_KEY_SET[:silverlight]%>" : window.misc_addons_detect.hasSilverlight() }; - <% if os == OperatingSystems::WINDOWS and client == HttpClients::IE %> + <% if os.match(/^Windows/) and client == HttpClients::IE %> d['<%=REQUIREMENT_KEY_SET[:office]%>'] = window.ie_addons_detect.getMsOfficeVersion(); <% clsid = @requirements[:clsid] @@ -537,10 +542,10 @@ module Msf arch = browser_info[:arch] platform = browser_info[:os_name] - # Fix names for consisntecy so our API can find the right one + # Fix names for consistency so our API can find the right one # Originally defined in lib/msf/core/constants.rb platform = platform.gsub(/^Mac OS X$/, 'OSX') - platform = platform.gsub(/^Microsoft Windows$/, 'Windows') + platform = platform.gsub(/^Windows.*$/, 'Windows') regenerate_payload(cli, platform, arch).encoded end diff --git a/lib/rex/exploitation/js/detect.rb b/lib/rex/exploitation/js/detect.rb index c7c9f40bcd..04df435fa4 100644 --- a/lib/rex/exploitation/js/detect.rb +++ b/lib/rex/exploitation/js/detect.rb @@ -15,10 +15,12 @@ class Detect # Provides several javascript functions for determining the OS and browser versions of a client. # # getVersion(): returns an object with the following properties - # os_name - OS name, one of the Msf::OperatingSystems constants - # os_flavor - OS flavor as a string (e.g.: "XP", "2000") + # os_name - OS name such as "Windows 8", "Linux", "Mac OS X" + # os_flavor - OS flavor as a string such as "Home", "Enterprise", etc # os_sp - OS service pack (e.g.: "SP2", will be empty on non-Windows) # os_lang - OS language (e.g.: "en-us") + # os_vendor - A company or organization name such as Microsoft, Ubuntu, Apple, etc + # os_device - A specific piece of hardware such as iPad, iPhone, etc # ua_name - Client name, one of the Msf::HttpClients constants # ua_version - Client version as a string (e.g.: "3.5.1", "6.0;SP2") # arch - Architecture, one of the ARCH_* constants diff --git a/lib/rex/proto/http/handler/proc.rb b/lib/rex/proto/http/handler/proc.rb index 58b350cc26..6976e14908 100644 --- a/lib/rex/proto/http/handler/proc.rb +++ b/lib/rex/proto/http/handler/proc.rb @@ -36,7 +36,7 @@ class Handler::Proc < Handler def on_request(cli, req) begin procedure.call(cli, req) - rescue Errno::EPIPE + rescue Errno::EPIPE, ::Errno::ECONNRESET, ::Errno::ENOTCONN, ::Errno::ECONNABORTED elog("Proc::on_request: Client closed connection prematurely", LogSource) rescue elog("Proc::on_request: #{$!.class}: #{$!}\n\n#{$@.join("\n")}", LogSource) diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb index 8bbdeda05b..82bbf94316 100644 --- a/modules/auxiliary/server/browser_autopwn.rb +++ b/modules/auxiliary/server/browser_autopwn.rb @@ -774,8 +774,12 @@ class Metasploit3 < Msf::Auxiliary # Reject exploits whose OS doesn't match that of the # victim. Note that host_info comes from javascript OS # detection, NOT the database. + + # Note that the os_name could be a string, a regex, or + # an array of strings and regexes. + if host_info[:os_name] != "undefined" - unless s[:os_name].include?(host_info[:os_name]) + unless client_matches_module_spec?(host_info[:os_name], s[:os_name]) vprint_status("Rejecting #{s[:name]} for non-matching OS") next end @@ -821,6 +825,29 @@ class Metasploit3 < Msf::Auxiliary return response end + + # + # Determines whether a browser string matches an exploit module specification + # Example: :os_name => ( 'Windows' | /Windows/ | ['Windows', 'Mac OS X'] ) + # + def client_matches_module_spec?(client_str, module_spec) + if module_spec.kind_of?(::String) + return !! (client_str == module_spec) + end + + if module_spec.kind_of?(::Regexp) + return !! client_str.match(module_spec) + end + + if module_spec.kind_of?(::Array) + return !! exploit_spec.map{ |spec| + client_matches_module_spec?(client_str, spec) + }.include?(true) + end + + false + end + # # Yields each module that exports autopwn_info, filtering on MATCH and EXCLUDE options # @@ -874,6 +901,8 @@ class Metasploit3 < Msf::Auxiliary os_flavor = nil os_sp = nil os_lang = nil + os_device = nil + os_vendor = nil arch = nil ua_name = nil ua_ver = nil @@ -895,15 +924,19 @@ class Metasploit3 < Msf::Auxiliary if (0 < detected_version.length) detected_version = Rex::Text.decode_base64(Rex::Text.uri_decode(detected_version)) print_status("JavaScript Report: #{detected_version}") - (os_name, os_flavor, os_sp, os_lang, arch, ua_name, ua_ver) = detected_version.split(':') + + + (os_name, os_vendor, os_flavor, os_device, os_sp, os_lang, arch, ua_name, ua_ver) = detected_version.split(':') if framework.db.active note_data = { } - note_data[:os_name] = os_name if os_name != "undefined" - note_data[:os_flavor] = os_flavor if os_flavor != "undefined" - note_data[:os_sp] = os_sp if os_sp != "undefined" - note_data[:os_lang] = os_lang if os_lang != "undefined" - note_data[:arch] = arch if arch != "undefined" + note_data[:os_name] = os_name if os_name != 'undefined' + note_data[:os_vendor] = os_vendor if os_vendor != 'undefined' + note_data[:os_flavor] = os_flavor if os_flavor != 'undefined' + note_data[:os_device] = os_device if os_device != 'undefined' + note_data[:os_sp] = os_sp if os_sp != 'undefined' + note_data[:os_lang] = os_lang if os_lang != 'undefined' + note_data[:arch] = arch if arch != 'undefined' print_status("Reporting: #{note_data.inspect}") # Reporting stuff isn't really essential since we store all @@ -959,7 +992,9 @@ class Metasploit3 < Msf::Auxiliary @targetcache[key][:host] = {} @targetcache[key][:host][:os_name] = os_name + @targetcache[key][:host][:os_vendor] = os_vendor @targetcache[key][:host][:os_flavor] = os_flavor + @targetcache[key][:host][:os_device] = os_device @targetcache[key][:host][:os_sp] = os_sp @targetcache[key][:host][:os_lang] = os_lang diff --git a/modules/exploits/android/browser/webview_addjavascriptinterface.rb b/modules/exploits/android/browser/webview_addjavascriptinterface.rb index 40c5461117..2ffed4ab19 100644 --- a/modules/exploits/android/browser/webview_addjavascriptinterface.rb +++ b/modules/exploits/android/browser/webview_addjavascriptinterface.rb @@ -66,8 +66,8 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultTarget' => 0, 'BrowserRequirements' => { :source => 'script', - :os_flavor => "Android", - :arch => ARCH_ARMLE + :os_name => /^Android/, + :arch => ARCH_ARMLE } )) end diff --git a/modules/exploits/multi/browser/firefox_escape_retval.rb b/modules/exploits/multi/browser/firefox_escape_retval.rb index de67d612ef..ebcf8fc013 100644 --- a/modules/exploits/multi/browser/firefox_escape_retval.rb +++ b/modules/exploits/multi/browser/firefox_escape_retval.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.5", # :ua_maxver => "3.5", - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption # :vuln_test => nil, diff --git a/modules/exploits/multi/browser/mozilla_compareto.rb b/modules/exploits/multi/browser/mozilla_compareto.rb index cf49018f3d..1b34966225 100644 --- a/modules/exploits/multi/browser/mozilla_compareto.rb +++ b/modules/exploits/multi/browser/mozilla_compareto.rb @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "1.0", # :ua_maxver => "1.7.10", - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption # :vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }", diff --git a/modules/exploits/multi/browser/opera_configoverwrite.rb b/modules/exploits/multi/browser/opera_configoverwrite.rb index 72aa51c2a7..817677bf5e 100644 --- a/modules/exploits/multi/browser/opera_configoverwrite.rb +++ b/modules/exploits/multi/browser/opera_configoverwrite.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote autopwn_info({ :ua_name => HttpClients::OPERA, :ua_maxver => "9.10", - :os_name => [ OperatingSystems::WINDOWS, OperatingSystems::LINUX ], + :os_name => [ /^Windows/, /^Mac OS X/, ], :javascript => true, :rank => ExcellentRanking, # reliable cmd exec, cleans up after itself :vuln_test => nil, diff --git a/modules/exploits/osx/browser/mozilla_mchannel.rb b/modules/exploits/osx/browser/mozilla_mchannel.rb index b7de8a41ba..0285c5fe90 100644 --- a/modules/exploits/osx/browser/mozilla_mchannel.rb +++ b/modules/exploits/osx/browser/mozilla_mchannel.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.6.16", # :ua_maxver => "3.6.16", - # :os_name => OperatingSystems::MAC_OSX, + # :os_name => 'Mac OS X', # :javascript => true, # :rank => NormalRanking, #}) diff --git a/modules/exploits/osx/browser/safari_metadata_archive.rb b/modules/exploits/osx/browser/safari_metadata_archive.rb index 0c6eef1bb1..6c8f1f1535 100644 --- a/modules/exploits/osx/browser/safari_metadata_archive.rb +++ b/modules/exploits/osx/browser/safari_metadata_archive.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote #autopwn_info({ # :ua_name => HttpClients::SAFARI, # :ua_maxver => '2.0.2', - # :os_name => [ OperatingSystems::MAC_OSX ], + # :os_name => [ 'Mac OS X' ], # :javascript => false, # :rank => ExcellentRanking, # reliable cmd execution # :vuln_test => nil, diff --git a/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb b/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb index f1d8270b9d..5188f17428 100644 --- a/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb +++ b/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => 'script', :ua_name => HttpClients::SAFARI, - :os_name => OperatingSystems::MAC_OSX, + :os_name => 'Mac OS X', # On 10.6.8 (Safari 5.x), a dialog never appears unless the user # has already manually launched the dropped exe diff --git a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb index f9273b9133..45421e9545 100644 --- a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb +++ b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::RopDb include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :method => "GetVariable", :classid => "ShockwaveFlash.ShockwaveFlash", :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/adobe_flash_rtmp.rb b/modules/exploits/windows/browser/adobe_flash_rtmp.rb index e36cc12fe3..0fa3a62191 100644 --- a/modules/exploits/windows/browser/adobe_flash_rtmp.rb +++ b/modules/exploits/windows/browser/adobe_flash_rtmp.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :ua_name => HttpClients::IE, :ua_minver => "6.0", :ua_maxver => "8.0", diff --git a/modules/exploits/windows/browser/adobe_toolbutton.rb b/modules/exploits/windows/browser/adobe_toolbutton.rb index 5432fbf4f3..08ab245f7d 100644 --- a/modules/exploits/windows/browser/adobe_toolbutton.rb +++ b/modules/exploits/windows/browser/adobe_toolbutton.rb @@ -49,8 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :os_name => Msf::OperatingSystems::WINDOWS, - :os_flavor => Msf::OperatingSystems::WindowsVersions::XP, + :os_name => /^Windows XP/, :ua_name => Msf::HttpClients::IE }, 'Targets' => diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb index 433d73d80e..326b6b426c 100644 --- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb +++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb @@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote :source => /script|headers/i, :clsid => "{09F68A41-2FBE-11D3-8C9D-0008C7D901B6}", :method => "ChooseFilePath", - :os_name => /win/i + :os_name => /^Windows/, }, 'Targets' => [ diff --git a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb index a9d460988b..cc4ec639b4 100644 --- a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb +++ b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_name => HttpClients::IE, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb index 84edee8e8d..c11f1b7cfb 100644 --- a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb +++ b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_name => HttpClients::SAFARI, # :ua_maxver => '5.0.1', # :ua_maxver => '5.1.7', diff --git a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb index 7387c651f7..4bdc997690 100644 --- a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb +++ b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # # No particular browser. Works on at least IE6 and Firefox 1.5.0.3 # :javascript => true, # :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb index 96d57cf54b..d1b915fa95 100644 --- a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb +++ b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption # :vuln_test => nil, diff --git a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb index 3db798b445..16a0324d57 100644 --- a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb +++ b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :javascript => true, # :rank => NormalRanking #}) diff --git a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb index 28b8003a0a..a434b4f0b7 100644 --- a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb +++ b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_name => HttpClients::IE, # :javascript => true, # :rank => NormalRanking, diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb index 6f6f1a828b..c397e34f21 100644 --- a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb +++ b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => "{9E065E4A-BD9D-4547-8F90-985DC62A5591}", # :method => "SetSource", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb index 98caf4c686..b29e8b7649 100644 --- a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb +++ b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => "{9E065E4A-BD9D-4547-8F90-985DC62A5591}", # :method => "SetSource", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/clear_quest_cqole.rb b/modules/exploits/windows/browser/clear_quest_cqole.rb index 0f8dff21d5..ab762cc4c4 100644 --- a/modules/exploits/windows/browser/clear_quest_cqole.rb +++ b/modules/exploits/windows/browser/clear_quest_cqole.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => "{94773112-72E8-11D0-A42E-00A024DED613}", # :method => "RegisterSchemaRepoFromFileByDbSet", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb index 3a1a2953dc..b925d1d8bc 100644 --- a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb +++ b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => NormalRanking, # :classid => "{88DD90B6-C770-4CFF-B7A4-3AFD16BB8824}", # :method => "ServerResourceVersion" diff --git a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb index b136a41c9f..9c325d2641 100644 --- a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb +++ b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => "{C3B92104-B5A7-11D0-A37F-00A0248F0AF1}", # :method => "SetShapeNodeType", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb index 2a9cfd1ae2..71d9465d9d 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => Rank, # :classid => "{8D9E2CC7-D94B-4977-8510-FB49C361A139}", # :method => "WriteFileBinary" diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb index f6a01d021d..22d7172a2d 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :os_ver => OperatingSystems::WindowsVersions::XP, # :rank => NormalRanking, # :classid => "{8D9E2CC7-D94B-4977-8510-FB49C361A139}", diff --git a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb index c85c94dcc8..4af85dd1bb 100644 --- a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb +++ b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => NormalRanking, # :classid => "{24E04EBF-014D-471F-930E-7654B1193BA9}", # :method => "TabCaption" diff --git a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb index c841580762..883218d643 100644 --- a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb +++ b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn # #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_name => HttpClients::IE, # :ua_minver => "6.0", # :ua_maxver => "8.0", diff --git a/modules/exploits/windows/browser/ie_cbutton_uaf.rb b/modules/exploits/windows/browser/ie_cbutton_uaf.rb index 7ea0cc7822..532f8dab45 100644 --- a/modules/exploits/windows/browser/ie_cbutton_uaf.rb +++ b/modules/exploits/windows/browser/ie_cbutton_uaf.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "8.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => GoodRanking #}) diff --git a/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb b/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb index 01864436ff..de6caa3a59 100644 --- a/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb +++ b/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "8.0", :ua_maxver => "8.0", :javascript => true, - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :rank => GoodRanking }) diff --git a/modules/exploits/windows/browser/ie_createobject.rb b/modules/exploits/windows/browser/ie_createobject.rb index 14309fb53d..c5fc357021 100644 --- a/modules/exploits/windows/browser/ie_createobject.rb +++ b/modules/exploits/windows/browser/ie_createobject.rb @@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote # than the max by setting to 6.1 (which doesn't really exist). :ua_maxver => "6.1", :javascript => true, - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :method => [ 'CreateObject', 'GetObject' ], :classid => [ diff --git a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb index b3f677f8cc..cf39ed622d 100644 --- a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb +++ b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => NormalRanking, # :classid => "{3c9dff6f-5cb0-422e-9978-d6405d10718f}", # :method => "InternationalSeparator" diff --git a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb index 5670eedd15..a40fdc954b 100644 --- a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb +++ b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => Rank, # :classid => "{0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C}", # :method => "Attachment_Times" diff --git a/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb b/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb index 3d8782b686..72317863d0 100644 --- a/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb +++ b/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_name => HttpClients::IE, # :javascript => true, # :rank => NormalRanking, diff --git a/modules/exploits/windows/browser/mozilla_interleaved_write.rb b/modules/exploits/windows/browser/mozilla_interleaved_write.rb index c39594143b..f62321d4fd 100644 --- a/modules/exploits/windows/browser/mozilla_interleaved_write.rb +++ b/modules/exploits/windows/browser/mozilla_interleaved_write.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.6.8", # :ua_maxver => "3.6.11", - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :javascript => true, # :rank => NormalRanking, # :vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }", diff --git a/modules/exploits/windows/browser/mozilla_mchannel.rb b/modules/exploits/windows/browser/mozilla_mchannel.rb index 8399836c1d..1237acf1dd 100644 --- a/modules/exploits/windows/browser/mozilla_mchannel.rb +++ b/modules/exploits/windows/browser/mozilla_mchannel.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.6.16", # :ua_maxver => "3.6.16", - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :javascript => true, # :rank => NormalRanking, #}) diff --git a/modules/exploits/windows/browser/mozilla_nstreerange.rb b/modules/exploits/windows/browser/mozilla_nstreerange.rb index d239ef9219..ed1b822549 100644 --- a/modules/exploits/windows/browser/mozilla_nstreerange.rb +++ b/modules/exploits/windows/browser/mozilla_nstreerange.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_name => HttpClients::FF, :ua_minver => "3.5", :ua_maxver => "3.6.16", - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :javascript => true, :rank => NormalRanking, :vuln_test => "if (navigator.userAgent.indexOf('Windows NT 5.1') != -1 || navigator.javaEnabled()) { is_vuln = true; }", diff --git a/modules/exploits/windows/browser/ms06_067_keyframe.rb b/modules/exploits/windows/browser/ms06_067_keyframe.rb index 607cc5e58f..4af5adb8ac 100644 --- a/modules/exploits/windows/browser/ms06_067_keyframe.rb +++ b/modules/exploits/windows/browser/ms06_067_keyframe.rb @@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::IE, # :ua_minver => "6.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => 'DirectAnimation.PathControl', # :method => 'KeyFrame', # :rank => NormalRanking # reliable memory corruption diff --git a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb index 31fc8794b7..8b1f4ac2ba 100644 --- a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb +++ b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb index 635c0a5b8a..458e8c24e3 100644 --- a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb +++ b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms09_072_style_object.rb b/modules/exploits/windows/browser/ms09_072_style_object.rb index c33b60fee7..23be1dd31f 100644 --- a/modules/exploits/windows/browser/ms09_072_style_object.rb +++ b/modules/exploits/windows/browser/ms09_072_style_object.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :vuln_test => nil, # no way to test without just trying it # :rank => LowRanking # exploitable on ie7/vista #}) diff --git a/modules/exploits/windows/browser/ms10_002_aurora.rb b/modules/exploits/windows/browser/ms10_002_aurora.rb index 31049e7c9b..d43eda0800 100644 --- a/modules/exploits/windows/browser/ms10_002_aurora.rb +++ b/modules/exploits/windows/browser/ms10_002_aurora.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "6.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb index 957a4d8908..af231bd7c6 100644 --- a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb +++ b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb index 0649d42364..624f386ce4 100644 --- a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb +++ b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb index 9a6010dcb2..555ca45d7b 100644 --- a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb +++ b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # Should be 6 # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # # Not strictly a vuln check, but an exploitability check since a # # specific version of .NET is required to make the ROP work. # :vuln_test => "if (/.NET CLR 2\\.0\\.50727/.test(navigator.userAgent)) { is_vuln = true }else{ is_vuln = false }", diff --git a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb index 188a52c080..ada3d6273d 100644 --- a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb +++ b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS + # :os_name => /^Windows/ #}) def initialize(info={}) diff --git a/modules/exploits/windows/browser/ms12_004_midi.rb b/modules/exploits/windows/browser/ms12_004_midi.rb index fe074d86ee..29b4d7710e 100644 --- a/modules/exploits/windows/browser/ms12_004_midi.rb +++ b/modules/exploits/windows/browser/ms12_004_midi.rb @@ -16,12 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "6.0", :ua_maxver => "8.0", :javascript => true, - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :vuln_test => %Q| var v = window.os_detect.getVersion(); var os_name = v['os_name']; - var os_flavor = v['os_flavor']; - if (os_name == 'Microsoft Windows' && os_flavor == 'XP') {is_vuln = true;} else { is_vuln = false; } + if (os_name.indexOf('Windows XP') == 0) {is_vuln = true;} else { is_vuln = false; } |, }) diff --git a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb index 46d4cbf27b..544228399f 100644 --- a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb +++ b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb @@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_minver => "8.0", # :ua_maxver => "8.0", # :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb index aad80f2983..f414fe3bfd 100644 --- a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb +++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :os_name => Msf::OperatingSystems::WINDOWS, + :os_name => /^Windows/, :ua_name => Msf::HttpClients::IE, :silverlight => "true" }, diff --git a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb index 8dc9aa65a7..322f8085c7 100644 --- a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb +++ b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "8.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => Rank #}) diff --git a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb index 33b35ee5d0..4b61f98a88 100644 --- a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb +++ b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "8.0", :ua_maxver => "8.0", :javascript => true, - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :rank => NormalRanking }) diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb index 2de5599e9d..2e19c9a857 100644 --- a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb +++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb @@ -62,7 +62,7 @@ class Metasploit3 < Msf::Exploit::Remote :source => /script|headers/i, :clsid => "{19916E01-B44E-4E31-94A4-4696DF46157B}", :method => "requiredClaims", - :os_name => Msf::OperatingSystems::WINDOWS + :os_name => /^Windows/ }, 'Targets' => [ @@ -379,4 +379,4 @@ cccccccc ?? ??? 001f58d4 48 00 9c 02 84 14 5c 75-e8 ac 9c 02 1b 00 00 00 H.....\u........ 001f58e4 e8 52 19 00 ed 7e a1 ea-00 01 08 ff 08 00 00 00 .R...~.......... 001f58f4 90 01 00 00 f0 00 00 00-00 00 00 00 01 00 00 00 ................ -=end \ No newline at end of file +=end diff --git a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb index a821d4759c..f265b49e00 100644 --- a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb +++ b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "6.0", :ua_maxver => "9.0", :javascript => true, - :os_name => OperatingSystems::WINDOWS, + :os_name => /^Windows/, :classid => "{f6D90f11-9c73-11d3-b32e-00C04f990bb4}", :method => "definition", :rank => GoodRanking diff --git a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb index f5efd9b11a..762d475e36 100644 --- a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb +++ b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => NormalRanking, # :classid => "{601D7813-408F-11D1-98D7-444553540000}", # :method => "SetEngine" diff --git a/modules/exploits/windows/browser/ntr_activex_check_bof.rb b/modules/exploits/windows/browser/ntr_activex_check_bof.rb index 9b72d04c9f..db181598ff 100644 --- a/modules/exploits/windows/browser/ntr_activex_check_bof.rb +++ b/modules/exploits/windows/browser/ntr_activex_check_bof.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => "{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}", # :method => "Check", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb index b7d998d5e8..bd5393157c 100644 --- a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb +++ b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => "{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}", # :method => "StopModule", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb index 0da727daa7..3628c48b2c 100644 --- a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb +++ b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => "{B6FCC215-D303-11D1-BC6C-0000C078797F}", # :method => "SetMarkupMode", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/quickr_qp2_bof.rb b/modules/exploits/windows/browser/quickr_qp2_bof.rb index 8e173c5c33..1b16a6413a 100644 --- a/modules/exploits/windows/browser/quickr_qp2_bof.rb +++ b/modules/exploits/windows/browser/quickr_qp2_bof.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => Rank, # :classid => "{05D96F71-87C6-11D3-9BE4-00902742D6E0}", # :method => "Attachment_Times" diff --git a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb index 37f3aeeb95..d87a146397 100644 --- a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb +++ b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => Rank, # :classid => "{5D6A72E6-C12F-4C72-ABF3-32F6B70EBB0D}" #}) diff --git a/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb b/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb index 39741a0c92..fc061b50b4 100644 --- a/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb +++ b/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb @@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote # :javascript => true, # :classid => "{C80CAF1F-C58E-11D5-A093-006097ED77E6}", # :method => "ConnectToSynactis", - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :rank => AverageRanking #}) diff --git a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb index a749d68d7e..cbfe4a67dc 100644 --- a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb +++ b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn # #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_name => HttpClients::IE, # :ua_minver => "6.0", # :ua_maxver => "8.0", diff --git a/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb b/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb index a493e8b846..64907de362 100644 --- a/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb +++ b/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :os_name => Msf::OperatingSystems::WINDOWS, + :os_name => /^Windows/, :ua_name => /MSIE|KXCLIE/i }, 'Payload' => diff --git a/modules/exploits/windows/browser/winzip_fileview.rb b/modules/exploits/windows/browser/winzip_fileview.rb index c45e9cc946..efdc583d37 100644 --- a/modules/exploits/windows/browser/winzip_fileview.rb +++ b/modules/exploits/windows/browser/winzip_fileview.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #autopwn_info({ # :ua_name => HttpClients::IE, # :javascript => true, - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :classid => '{A09AE68F-B14D-43ED-B713-BA413F034904}', # :method => 'CreateNewFolderFromName', # :rank => NormalRanking # reliable memory corruption diff --git a/modules/exploits/windows/browser/wmi_admintools.rb b/modules/exploits/windows/browser/wmi_admintools.rb index 07fbf4052a..e887578a82 100644 --- a/modules/exploits/windows/browser/wmi_admintools.rb +++ b/modules/exploits/windows/browser/wmi_admintools.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn # #autopwn_info({ - # :os_name => OperatingSystems::WINDOWS, + # :os_name => /^Windows/, # :ua_name => HttpClients::IE, # :rank => NormalRanking, # :vuln_test => nil, From 2bc6668312452cf56096812e6d637845b2b83318 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 1 Apr 2014 08:55:10 -0700 Subject: [PATCH 10/43] Point gemfile to the dependent git repos in github vs local --- Gemfile | 6 ++++-- Gemfile.lock | 47 ++++++++++++++++++++++++++++++----------------- 2 files changed, 34 insertions(+), 19 deletions(-) diff --git a/Gemfile b/Gemfile index 9dbb6ba2db..0e09c3af4d 100755 --- a/Gemfile +++ b/Gemfile @@ -14,12 +14,14 @@ gem 'nokogiri' gem 'robots' # Needed by db.rb and Msf::Exploit::Capture gem 'packetfu', '1.1.9' +# Needed for service fingerprinting (Recog) +gem 'recog', :git => 'git@github.com:rapid7/recog.git' group :db do # Needed for Msf::DbManager gem 'activerecord' - # Database models shared between framework and Pro. - gem 'metasploit_data_models', '~> 0.16.9' + # Database models shared between framework and Pro. (using the Recog fork) + gem 'metasploit_data_models', :git => 'git@github.com:hmoore-r7/metasploit_data_models.git' # Needed for module caching in Mdm::ModuleDetails gem 'pg', '>= 0.11' end diff --git a/Gemfile.lock b/Gemfile.lock index d23d0eb424..a368f10ce5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,18 +1,34 @@ +GIT + remote: git@github.com:hmoore-r7/metasploit_data_models.git + revision: 369398260def99448ff26371d304bb03b2176b4c + specs: + metasploit_data_models (0.17.0) + activerecord (>= 3.2.13) + activesupport + pg + +GIT + remote: git@github.com:rapid7/recog.git + revision: 915799d493f96ea8c6981fc8b4bc3fc06acde06c + specs: + recog (0.01) + nokogiri + GEM remote: https://rubygems.org/ specs: - activemodel (3.2.14) - activesupport (= 3.2.14) + activemodel (3.2.17) + activesupport (= 3.2.17) builder (~> 3.0.0) - activerecord (3.2.14) - activemodel (= 3.2.14) - activesupport (= 3.2.14) + activerecord (3.2.17) + activemodel (= 3.2.17) + activesupport (= 3.2.17) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activesupport (3.2.14) + activesupport (3.2.17) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) - arel (3.0.2) + arel (3.0.3) bcrypt-ruby (3.1.2) builder (3.0.4) database_cleaner (1.1.1) @@ -20,21 +36,17 @@ GEM factory_girl (4.2.0) activesupport (>= 3.0.0) fivemat (1.2.1) - i18n (0.6.5) + i18n (0.6.9) json (1.8.0) - metasploit_data_models (0.16.9) - activerecord (>= 3.2.13) - activesupport - pg - mini_portile (0.5.1) + mini_portile (0.5.2) msgpack (0.5.5) multi_json (1.0.4) network_interface (0.0.1) - nokogiri (1.6.0) + nokogiri (1.6.1) mini_portile (~> 0.5.0) packetfu (1.1.9) pcaprub (0.11.3) - pg (0.16.0) + pg (0.17.1) rake (10.1.0) redcarpet (3.0.0) robots (0.10.1) @@ -53,7 +65,7 @@ GEM simplecov-html (~> 0.5.3) simplecov-html (0.5.3) timecop (0.6.3) - tzinfo (0.3.37) + tzinfo (0.3.39) yard (0.8.7) PLATFORMS @@ -67,7 +79,7 @@ DEPENDENCIES factory_girl (>= 4.1.0) fivemat (= 1.2.1) json - metasploit_data_models (~> 0.16.9) + metasploit_data_models! msgpack network_interface (~> 0.0.1) nokogiri @@ -75,6 +87,7 @@ DEPENDENCIES pcaprub pg (>= 0.11) rake (>= 10.0.0) + recog! redcarpet robots rspec (>= 2.12) From 749bcf24736b383eead40e89eb33859d3d600f1a Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:08:23 -0700 Subject: [PATCH 11/43] Report fingerprint.match notes, various cleanups --- modules/auxiliary/server/browser_autopwn.rb | 31 +++++++++++++-------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb index 82bbf94316..f4b2ed16fa 100644 --- a/modules/auxiliary/server/browser_autopwn.rb +++ b/modules/auxiliary/server/browser_autopwn.rb @@ -930,13 +930,14 @@ class Metasploit3 < Msf::Auxiliary if framework.db.active note_data = { } - note_data[:os_name] = os_name if os_name != 'undefined' - note_data[:os_vendor] = os_vendor if os_vendor != 'undefined' - note_data[:os_flavor] = os_flavor if os_flavor != 'undefined' - note_data[:os_device] = os_device if os_device != 'undefined' - note_data[:os_sp] = os_sp if os_sp != 'undefined' - note_data[:os_lang] = os_lang if os_lang != 'undefined' - note_data[:arch] = arch if arch != 'undefined' + note_data['os.product'] = os_name if os_name != 'undefined' + note_data['os.vendor'] = os_vendor if os_vendor != 'undefined' + note_data['os.edition'] = os_flavor if os_flavor != 'undefined' + note_data['os.device'] = os_device if os_device != 'undefined' + note_data['os.version'] = os_sp if os_sp != 'undefined' + note_data['os.language'] = os_lang if os_lang != 'undefined' + note_data['os.arch'] = arch if arch != 'undefined' + note_data['os.certainty'] = '0.7' print_status("Reporting: #{note_data.inspect}") # Reporting stuff isn't really essential since we store all @@ -947,10 +948,14 @@ class Metasploit3 < Msf::Auxiliary # ActiveRecord::RecordInvalid errors because 127.0.0.1 is # blacklisted in the Host validations. begin + + # Report a generic fingerprint.match note for the OS normalizer + # Previously we reported a javascript_fingerprint type but this + # was never used. report_note({ - :host => cli.peerhost, - :type => 'javascript_fingerprint', - :data => note_data, + :host => cli.peerhost, + :ntype => 'fingerprint.match', + :data => note_data, :update => :unique_data, }) client_info = { @@ -960,8 +965,10 @@ class Metasploit3 < Msf::Auxiliary :ua_ver => ua_ver } report_client(client_info) - rescue => e - elog("Reporting failed: #{e.class} : #{e.message}") + rescue ::Interrupt + raise $! + rescue ::Exception => e + elog("Reporting failed: #{e.class} : #{e.message} #{e.backtrace}") end end end From be4a366eabbf5bc267a6ab4e49068240274f49be Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:19:47 -0700 Subject: [PATCH 12/43] Fix up two modules using the old os_flavor definition --- .../exploits/windows/browser/hp_loadrunner_writefilestring.rb | 3 +-- .../windows/browser/ms13_090_cardspacesigninhelper.rb | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb index 22d7172a2d..2ef6a85dcf 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb @@ -17,8 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/, - # :os_ver => OperatingSystems::WindowsVersions::XP, + # :os_name => /^Windows XP/, # :rank => NormalRanking, # :classid => "{8D9E2CC7-D94B-4977-8510-FB49C361A139}", # :method => "WriteFileString " diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb index 2e19c9a857..39c6599bc9 100644 --- a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb +++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb @@ -62,13 +62,13 @@ class Metasploit3 < Msf::Exploit::Remote :source => /script|headers/i, :clsid => "{19916E01-B44E-4E31-94A4-4696DF46157B}", :method => "requiredClaims", - :os_name => /^Windows/ + :os_name => /^Windows XP/ }, 'Targets' => [ [ 'Windows XP with IE 8', { - 'os_flavor' => Msf::OperatingSystems::WindowsVersions::XP, + 'os_name' => 'Windows XP', 'ua_name' => Msf::HttpClients::IE, 'ua_ver' => '8.0', 'arch' => ARCH_X86 From 55d9928186028ac1802f2ace9f704a3fb5421da0 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:21:54 -0700 Subject: [PATCH 13/43] Fix use of os_flavor to ensure correct target matching --- modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb index 4b61f98a88..ddd2671e68 100644 --- a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb +++ b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb @@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote function os() { var detect = window.os_detect.getVersion(); - var os_string = detect.os_name + " " + detect.os_flavor + " " + detect.ua_name + " " + detect.ua_version; + var os_string = detect.os_name + " " + detect.ua_name + " " + detect.ua_version; return os_string; } From a7a0a306f990a69e34240bfa80520947051bd661 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:23:30 -0700 Subject: [PATCH 14/43] Fix usage of os_flavor for target matching --- .../windows/browser/aladdin_choosefilepath_bof.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb index 326b6b426c..483c381b1b 100644 --- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb +++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb @@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows XP with IE 6', { - 'os_flavor' => 'XP', + 'os_name' => 'Windows XP', 'ua_name' => 'MSIE', 'ua_ver' => '6.0', 'Rop' => false, @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows XP with IE 7', { - 'os_flavor' => 'XP', + 'os_name' => 'Windows XP', 'ua_name' => 'MSIE', 'ua_ver' => '7.0', 'Rop' => false, @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows XP with IE 8', { - 'os_flavor' => 'XP', + 'os_name' => 'Windows XP', 'ua_name' => 'MSIE', 'ua_ver' => '8.0', 'Rop' => true, @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows Vista with IE 7', { - 'os_flavor' => 'Vista', + 'os_name' => 'Windows Vista', 'ua_name' => 'MSIE', 'ua_ver' => '7.0', 'Rop' => false, From c6013b8514ea26534c61c1b20a52144dd8c3e3fe Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:24:03 -0700 Subject: [PATCH 15/43] Fix use of os_flavor for targeting --- .../exploits/android/browser/webview_addjavascriptinterface.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/android/browser/webview_addjavascriptinterface.rb b/modules/exploits/android/browser/webview_addjavascriptinterface.rb index 2ffed4ab19..40a43a092a 100644 --- a/modules/exploits/android/browser/webview_addjavascriptinterface.rb +++ b/modules/exploits/android/browser/webview_addjavascriptinterface.rb @@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ - :os_flavor => "Android", + :os_name => "Android", :arch => ARCH_ARMLE, :javascript => true, :rank => ExcellentRanking, From fbec434ab29de3fb6a714a6870b7758ba2686cdf Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:30:37 -0700 Subject: [PATCH 16/43] Fix up host.os* field usage in the enum_ad_computers module --- .../post/windows/gather/enum_ad_computers.rb | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/post/windows/gather/enum_ad_computers.rb b/modules/post/windows/gather/enum_ad_computers.rb index cd5acd2947..5c34d253d1 100644 --- a/modules/post/windows/gather/enum_ad_computers.rb +++ b/modules/post/windows/gather/enum_ad_computers.rb @@ -95,23 +95,23 @@ class Metasploit3 < Msf::Post report[:name] = dns hostnames << dns when 'operatingSystem' - os = field - index = os.index(/windows/i) - if index - name = 'Microsoft Windows' - flavour = os[index..-1] - report[:os_name] = name - report[:os_flavor] = flavour - else - # Incase there are non-windows domain computers?! - report[:os_name] = os - end + report[:os_name] = os when 'distinguishedName' if field =~ /Domain Controllers/i - report[:purpose] = "DC" + # TODO: Find another way to mark a host as being a domain controller + # The 'purpose' field should be server, client, device, printer, etc + # report[:purpose] = "DC" end when 'operatingSystemServicePack' - report[:os_sp] = field + # XXX: Does this take into account the leading 'SP' string? + + if field.to_i > 0 + report[:os_sp] = 'SP' + field + end + if field =~ /(Service Pack|SP\s?)(\d+)/ + report[:os_sp] = 'SP' + $1 + end + when 'description' report[:info] = field end From 4caeec81f008c6609fa265839ab08c9c876251c8 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:49:10 -0700 Subject: [PATCH 17/43] Do not blindly overwrite host fields, report fingerprint.match instead --- modules/auxiliary/scanner/vmware/esx_fingerprint.rb | 9 ++++++++- modules/auxiliary/scanner/vmware/vmware_http_login.rb | 7 ++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/scanner/vmware/esx_fingerprint.rb b/modules/auxiliary/scanner/vmware/esx_fingerprint.rb index 1aa553b135..f9ba8d06e8 100644 --- a/modules/auxiliary/scanner/vmware/esx_fingerprint.rb +++ b/modules/auxiliary/scanner/vmware/esx_fingerprint.rb @@ -75,13 +75,20 @@ class Metasploit3 < Msf::Auxiliary build_match = res.body.match(/([\w\s\.\-]+)<\/build>/) full_match = res.body.match(/([\w\s\.\-]+)<\/fullName>/) this_host = nil + if full_match print_good "Identified #{full_match[1]}" report_service(:host => (this_host || ip), :port => rport, :proto => 'tcp', :name => 'https', :info => full_match[1]) end + if os_match and ver_match and build_match if os_match[1] =~ /ESX/ or os_match[1] =~ /vCenter/ - this_host = report_host( :host => ip, :os_name => os_match[1], :os_flavor => ver_match[1], :os_sp => "Build #{build_match[1]}" ) + # Report a fingerprint match for OS identification + report_note( + :host => ip, + :ntype => 'fingerprint.match', + :data => {'os.vendor' => 'VMware', 'os.product' => os_match[1] + " " + ver_match[1], 'os.version' => build_match[1] } + ) end return true else diff --git a/modules/auxiliary/scanner/vmware/vmware_http_login.rb b/modules/auxiliary/scanner/vmware/vmware_http_login.rb index 6bcdfb08ee..fe9dfbf1be 100644 --- a/modules/auxiliary/scanner/vmware/vmware_http_login.rb +++ b/modules/auxiliary/scanner/vmware/vmware_http_login.rb @@ -114,7 +114,12 @@ class Metasploit3 < Msf::Auxiliary if os_match and ver_match and build_match if os_match[1] =~ /ESX/ or os_match[1] =~ /vCenter/ - this_host = report_host( :host => rhost, :os_name => os_match[1], :os_flavor => ver_match[1], :os_sp => "Build #{build_match[1]}" ) + # Report a fingerprint match for OS identification + report_note( + :host => ip, + :ntype => 'fingerprint.match', + :data => {'os.vendor' => 'VMware', 'os.product' => os_match[1] + " " + ver_match[1], 'os.version' => build_match[1] } + ) end return true else From b8c5e5ddb7b34f5ad8e00659dee10738c0514276 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:49:39 -0700 Subject: [PATCH 18/43] Refactor host/note reporting for the jenkins module This prevents this module from blindly overwriting the host fields and instead reports the information as a note that can be used by the fingerprinting engine. Additionally, consolidate all jenkins data bits into a single note vs a dozen. --- .../auxiliary/scanner/http/jenkins_enum.rb | 67 ++++++------------- 1 file changed, 21 insertions(+), 46 deletions(-) diff --git a/modules/auxiliary/scanner/http/jenkins_enum.rb b/modules/auxiliary/scanner/http/jenkins_enum.rb index 5f5b2ebbe7..4f3558e3f5 100644 --- a/modules/auxiliary/scanner/http/jenkins_enum.rb +++ b/modules/auxiliary/scanner/http/jenkins_enum.rb @@ -164,52 +164,37 @@ class Metasploit3 < Msf::Auxiliary infos[td] = tds[idx+1].get_text.to_s.strip if infos.has_key?(td) end + fprint = {} + jinfo = {} + # print out the goodies infos.each do |k, v| next if v.nil? + v = v.strip + next if v.length == 0 + + jinfo[k.gsub(/\s+/, '_')] = v + case k when "os.name" vprint_line(" OS: #{v}") - report_host({:host => rhost, :os_name => v}) + fprint['os.product'] = v when "os.version" vprint_line(" OS Version: #{v}") - report_host({:host => rhost, :os_flavor => v}) + fprint['os.version'] = v when "sun.os.patch.level" vprint_line(" Patch Level: #{v}") when "os.arch" vprint_line(" Arch: #{v}") - report_note({ - :type => "system_arch", - :host => rhost, - :data => "Arch: #{v}", - :update => :unique_data - }) + fprint['os.arch'] = v when "user.name" vprint_line(" User: #{v}") - report_note({ - :type => "jenkins_user", - :host => rhost, - :port => rport, - :proto => 'tcp', - :data => "User: #{v}", - :update => :unique_data - }) when "USERDOMAIN" vprint_line(" Domain: #{v}") - report_note({ - :type => "system_domain", - :host => rhost, - :data => "Domain: #{v}", - :update => :unique_data - }) + fprint['host.domain'] = v when "COMPUTERNAME" vprint_line(" Computer Name: #{v}") - report_note({ - :type => "system_computer", - :host => rhost, - :data => "Computer Name: #{v}", - :update => :unique_data - }) + fprint['host.name'] = v when "SystemDrive" vprint_line(" System Drive: #{v}") when "SHELL" @@ -222,30 +207,20 @@ class Metasploit3 < Msf::Auxiliary vprint_line(" Home Directory: #{v}") when "user.language" vprint_line(" Language: #{v}") - report_note({ - :type => "system_lang", - :host => rhost, - :data => "Language: #{v}", - :update => :unique_data - }) + fprint['os.language'] = v when "user.country" vprint_line(" Country: #{v}") - report_note({ - :type => "system_country", - :host => rhost, - :data => "Country: #{v}", - :update => :unique_data - }) when "user.timezone" vprint_line(" Timezone: #{v}") - report_note({ - :type => "system_timezone", - :host => rhost, - :data => "Timezone: #{v}", - :update => :unique_data - }) end end + + # Report a fingerprint.match for OS fingerprinting support, tied to this service + report_note(:host => rhost, :port => rport, :proto => 'tcp', :ntype => 'fingerprint.match', :data => fprint) + + # Report a jenkins information note for future analysis, tied to this service + report_note(:host => rhost, :port => rport, :proto => 'tcp', :ntype => 'jenkins.info', :data => jinfo) + vprint_line('') end end From 9b025347a98b8e0485feaf62a386e83d9da76fdb Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 2 Apr 2014 07:52:20 -0700 Subject: [PATCH 19/43] Use a string match vs regex for Android as the OS --- .../exploits/android/browser/webview_addjavascriptinterface.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/android/browser/webview_addjavascriptinterface.rb b/modules/exploits/android/browser/webview_addjavascriptinterface.rb index 40a43a092a..6eeed2afd6 100644 --- a/modules/exploits/android/browser/webview_addjavascriptinterface.rb +++ b/modules/exploits/android/browser/webview_addjavascriptinterface.rb @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultTarget' => 0, 'BrowserRequirements' => { :source => 'script', - :os_name => /^Android/, + :os_name => 'Android', :arch => ARCH_ARMLE } )) From 231138da1b3de1f24625165196cad0a73daff365 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Thu, 3 Apr 2014 07:12:45 -0700 Subject: [PATCH 20/43] Fix a typo in the nexpose raw importer --- lib/rex/parser/nexpose_raw_nokogiri.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rex/parser/nexpose_raw_nokogiri.rb b/lib/rex/parser/nexpose_raw_nokogiri.rb index 5162b8e472..3d5ec218b1 100644 --- a/lib/rex/parser/nexpose_raw_nokogiri.rb +++ b/lib/rex/parser/nexpose_raw_nokogiri.rb @@ -504,7 +504,7 @@ module Rex } } note[:data][:vendor] = @report_data[:os]["os_vendor"] if @report_data[:os]["os_vendor"] - note[:data][:product] = @report_data[:os]["os_product"] if @report_data[:os]["os_prduct"] + note[:data][:product] = @report_data[:os]["os_product"] if @report_data[:os]["os_product"] note[:data][:version] = @report_data[:os]["os_version"] if @report_data[:os]["os_version"] note[:data][:arch] = @report_data[:os]["os_arch"] if @report_data[:os]["os_arch"] db_report(:note, note) From a8bf53479d5029163895e5564899bc85e2ddb021 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 18 May 2014 11:08:04 -0500 Subject: [PATCH 21/43] Fix a merge error --- lib/msf/core/exploit/remote/browser_exploit_server.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb index 0bf1c0655c..aeea50e8c3 100644 --- a/lib/msf/core/exploit/remote/browser_exploit_server.rb +++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb @@ -57,8 +57,9 @@ module Msf :office => 'office', # Example: "2007", "2010" :java => 'java', # Example: 1.6, 1.6.0.0 :clsid => 'clsid', # ActiveX clsid. Also requires the :method key - :method => 'method' # ActiveX method. Also requires the :clsid key + :method => 'method', # ActiveX method. Also requires the :clsid key :mshtml_build => 'mshtml_build', # mshtml build. Example: "65535" + :flash => 'flash' # Example: "12.0" (chrome/ff) or "12.0.0.77" (IE) } def initialize(info={}) From 1d205081cb319b5252bb6abcf2a5f6a93d935c17 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 18 May 2014 11:10:31 -0500 Subject: [PATCH 22/43] Merge Gemfile changes properly --- Gemfile | 8 +++++--- Gemfile.lock | 10 ++++++---- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 0e09c3af4d..a5ef85e1b8 100755 --- a/Gemfile +++ b/Gemfile @@ -1,15 +1,17 @@ source 'https://rubygems.org' # Need 3+ for ActiveSupport::Concern -gem 'activesupport', '>= 3.0.0' +gem 'activesupport', '>= 3.0.0', '< 4.0.0' # Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb) -gem 'bcrypt-ruby' +gem 'bcrypt' # Needed for some admin modules (scrutinizer_add_user.rb) gem 'json' # Needed by msfgui and other rpc components gem 'msgpack' # Needed by anemone crawler gem 'nokogiri' +# Needed by JSObfu +gem 'rkelly-remix', '0.0.6' # Needed by anemone crawler gem 'robots' # Needed by db.rb and Msf::Exploit::Capture @@ -19,7 +21,7 @@ gem 'recog', :git => 'git@github.com:rapid7/recog.git' group :db do # Needed for Msf::DbManager - gem 'activerecord' + gem 'activerecord', '>= 3.0.0', '< 4.0.0' # Database models shared between framework and Pro. (using the Recog fork) gem 'metasploit_data_models', :git => 'git@github.com:hmoore-r7/metasploit_data_models.git' # Needed for module caching in Mdm::ModuleDetails diff --git a/Gemfile.lock b/Gemfile.lock index a368f10ce5..eb36319083 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,7 +29,7 @@ GEM i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) arel (3.0.3) - bcrypt-ruby (3.1.2) + bcrypt (3.1.7) builder (3.0.4) database_cleaner (1.1.1) diff-lcs (1.2.4) @@ -49,6 +49,7 @@ GEM pg (0.17.1) rake (10.1.0) redcarpet (3.0.0) + rkelly-remix (0.0.6) robots (0.10.1) rspec (2.14.1) rspec-core (~> 2.14.0) @@ -72,9 +73,9 @@ PLATFORMS ruby DEPENDENCIES - activerecord - activesupport (>= 3.0.0) - bcrypt-ruby + activerecord (>= 3.0.0, < 4.0.0) + activesupport (>= 3.0.0, < 4.0.0) + bcrypt database_cleaner factory_girl (>= 4.1.0) fivemat (= 1.2.1) @@ -89,6 +90,7 @@ DEPENDENCIES rake (>= 10.0.0) recog! redcarpet + rkelly-remix (= 0.0.6) robots rspec (>= 2.12) shoulda-matchers From 81194684aee64b65ba01aa67c14a4d61bb47e653 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 19 May 2014 11:41:44 -0500 Subject: [PATCH 23/43] Require MDM >= 0.17.2 for Recog support --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index a5ef85e1b8..bc82277181 100755 --- a/Gemfile +++ b/Gemfile @@ -22,8 +22,8 @@ gem 'recog', :git => 'git@github.com:rapid7/recog.git' group :db do # Needed for Msf::DbManager gem 'activerecord', '>= 3.0.0', '< 4.0.0' - # Database models shared between framework and Pro. (using the Recog fork) - gem 'metasploit_data_models', :git => 'git@github.com:hmoore-r7/metasploit_data_models.git' + # Database models shared between framework and Pro + gem 'metasploit_data_models', '>= 0.17.2' # Needed for module caching in Mdm::ModuleDetails gem 'pg', '>= 0.11' end From eda8a90cea012b2ee95efac897b145a6b0438f49 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 19 May 2014 13:04:36 -0500 Subject: [PATCH 24/43] Fix merge issues with os.js --- data/js/detect/os.js | 110 ++++++++++++++++++++++++++++++------------- 1 file changed, 78 insertions(+), 32 deletions(-) diff --git a/data/js/detect/os.js b/data/js/detect/os.js index bb747342d1..3213a41020 100644 --- a/data/js/detect/os.js +++ b/data/js/detect/os.js @@ -215,7 +215,9 @@ window.os_detect.getVersion = function(){ // Thanks to developer.mozilla.org "Firefox for developers" series for most // of these. // Release changelogs: http://www.mozilla.org/en-US/firefox/releases/ - if (css_is_valid('cursor', 'cursor', 'grab')) { + if (css_is_valid('flex-wrap', 'flexWrap', 'nowrap')) { + ua_version = '28.0'; + } else if (css_is_valid('cursor', 'cursor', 'grab')) { ua_version = '27.0'; } else if (css_is_valid('image-orientation', 'imageOrientation', @@ -876,7 +878,7 @@ window.os_detect.getVersion = function(){ break; case "9016464": // browsershots.org, MSIE 7.0 / Windows 2008 R2 - os_name = "Windows 2008R2"; + os_name = "Windows 2008 R2"; ua_version = "9.0"; break; case "9016470": @@ -885,6 +887,42 @@ window.os_detect.getVersion = function(){ os_name = "Windows 7"; os_sp = "SP1"; break; + case "9016502": + // IE 9.0.8112.16502 / Windows 7 SP1 + ua_version = "9.0"; + os_name = "Windows 7"; + os_sp = "SP1"; + break; + case "9016506": + // IE 9.0.8112.16506 / Windows 7 SP1 + ua_version = "9.0"; + os_name = "Windows 7"; + os_sp = "SP1"; + break; + case "9016514": + // IE 9.0.8112.16514 / Windows 7 SP1 + ua_version = "9.0"; + os_name = "Windows 7"; + os_sp = "SP1"; + break; + case "9016520": + // IE 9.0.8112.16520 / Windows 7 SP1 + ua_version = "9.0"; + os_name = "Windows 7"; + os_sp = "SP1"; + break; + case "9016526": + // IE 9.0.8112.16526 / Windows 7 SP1 + ua_version = "9.0"; + os_name = "Windows 7"; + os_sp = "SP1"; + break; + case "9016533": + // IE 9.0.8112.16533 / Windows 7 SP1 + ua_version = "9.0"; + os_name = "Windows 7"; + os_sp = "SP1"; + break; case "10016720": // IE 10.0.9200.16721 / Windows 7 SP1 ua_version = "10.0"; @@ -903,51 +941,59 @@ window.os_detect.getVersion = function(){ os_name = "Windows 8"; os_sp = "SP0"; break; + case "11016426": + // IE 11.0.9600.16476 / KB2898785 (Technically: 11.0.2) Windows 8.1 x86 English + ua_version = "11.0"; + os_name = "Windows 8.1"; + break; case "1000": // IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release ua_version = "10.0"; os_name = "Windows 8"; os_sp = "SP0"; break; - case "11016426": - // IE 11.0.9600.16476 / KB2898785 (Technically: 11.0.2) Windows 8.1 x86 English - ua_version = "11.0"; - os_name = "Windows 8.1"; - break; default: unknown_fingerprint = version; break; } - // Trust reported versions of 9, 10, and 11 until we have a better method - if (!ua_version) { - switch(version_maj) { - case "11": - ua_version = "11.0"; - os_name = "Windows 8.1"; - break; - case "10": - ua_version = "10.0"; - os_name = "Windows 8"; - break; - case "9": - ua_version = "9.0"; - break; - } - } - if (!ua_version) { // The ScriptEngine functions failed us, try some object detection if (document.documentElement && (typeof document.documentElement.style.maxHeight)!="undefined") { - // IE8 detection straight from IEBlog. Thank you Microsoft. + // IE 11 detection, see: http://msdn.microsoft.com/en-us/library/ie/bg182625(v=vs.85).aspx try { - // Technically this also applies to 9.0, 10.0, and 11.0... - ua_version = "8.0"; - document.documentElement.style.display = "table-cell"; - } catch(e) { - // This executes in IE7, - // but not IE8, regardless of mode - ua_version = "7.0"; + if (document.__proto__ != undefined) { ua_version = "11.0"; } + } catch (e) {} + + // IE 10 detection using nodeName + if (!ua_version) { + try { + var badNode = document.createElement && document.createElement("badname"); + if (badNode && badNode.nodeName === "BADNAME") { ua_version = "10.0"; } + } catch(e) {} + } + + // IE 9 detection based on a "Object doesn't support property or method" error + if (!ua_version) { + try { + document.BADNAME(); + } catch(e) { + if (e.message.indexOf("BADNAME") > 0) { + ua_version = "9.0"; + } + } + } + + // IE8 detection straight from IEBlog. Thank you Microsoft. + if (!ua_version) { + try { + ua_version = "8.0"; + document.documentElement.style.display = "table-cell"; + } catch(e) { + // This executes in IE7, + // but not IE8, regardless of mode + ua_version = "7.0"; + } } } else if (document.compatMode) { ua_version = "6.0"; From 583dab62b2ab1144fb996564c393b1f7bb10d565 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 28 May 2014 14:35:22 -0500 Subject: [PATCH 25/43] Introduce and use OS matching constants --- lib/msf/core/constants.rb | 29 +++++++++++++++++++ .../browser/webview_addjavascriptinterface.rb | 4 +-- .../multi/browser/firefox_escape_retval.rb | 2 +- .../multi/browser/mozilla_compareto.rb | 2 +- .../multi/browser/opera_configoverwrite.rb | 2 +- .../exploits/osx/browser/mozilla_mchannel.rb | 2 +- .../osx/browser/safari_metadata_archive.rb | 2 +- .../safari_user_assisted_download_launch.rb | 2 +- .../windows/browser/adobe_flash_mp4_cprt.rb | 2 +- .../windows/browser/adobe_flash_rtmp.rb | 2 +- .../windows/browser/adobe_toolbutton.rb | 2 +- .../browser/aladdin_choosefilepath_bof.rb | 10 +++---- .../browser/apple_quicktime_marshaled_punk.rb | 2 +- .../browser/apple_quicktime_mime_type.rb | 2 +- .../windows/browser/apple_quicktime_rtsp.rb | 2 +- .../browser/apple_quicktime_smil_debug.rb | 2 +- .../apple_quicktime_texml_font_table.rb | 2 +- .../browser/blackice_downloadimagefileurl.rb | 2 +- .../browser/cisco_playerpt_setsource.rb | 2 +- .../browser/cisco_playerpt_setsource_surl.rb | 2 +- .../windows/browser/clear_quest_cqole.rb | 2 +- .../browser/crystal_reports_printcontrol.rb | 2 +- .../hp_alm_xgo_setshapenodetype_exec.rb | 2 +- .../browser/hp_loadrunner_writefilebinary.rb | 2 +- .../browser/hp_loadrunner_writefilestring.rb | 2 +- .../windows/browser/ibm_spss_c1sizer.rb | 2 +- .../browser/ibm_tivoli_pme_activex_bof.rb | 2 +- .../windows/browser/ie_cbutton_uaf.rb | 2 +- .../windows/browser/ie_cgenericelement_uaf.rb | 2 +- .../windows/browser/ie_createobject.rb | 2 +- ...ndusoft_issymbol_internationalseparator.rb | 2 +- .../windows/browser/inotes_dwa85w_bof.rb | 2 +- .../browser/keyhelp_launchtripane_exec.rb | 2 +- .../browser/mozilla_interleaved_write.rb | 2 +- .../windows/browser/mozilla_mchannel.rb | 2 +- .../windows/browser/mozilla_nstreerange.rb | 2 +- .../windows/browser/ms06_067_keyframe.rb | 2 +- .../browser/ms08_078_xml_corruption.rb | 2 +- .../browser/ms09_002_memory_corruption.rb | 2 +- .../windows/browser/ms09_072_style_object.rb | 2 +- .../windows/browser/ms10_002_aurora.rb | 2 +- .../windows/browser/ms10_018_ie_behaviors.rb | 2 +- .../windows/browser/ms10_090_ie_css_clip.rb | 2 +- .../windows/browser/ms11_003_ie_css_import.rb | 2 +- .../browser/ms11_050_mshtml_cobjectelement.rb | 2 +- .../exploits/windows/browser/ms12_004_midi.rb | 2 +- .../windows/browser/ms12_037_ie_colspan.rb | 2 +- .../ms13_022_silverlight_script_object.rb | 2 +- .../windows/browser/ms13_037_svg_dashstyle.rb | 2 +- .../browser/ms13_080_cdisplaypointer.rb | 2 +- .../browser/ms13_090_cardspacesigninhelper.rb | 4 +-- .../browser/msxml_get_definition_code_exec.rb | 2 +- .../browser/novell_groupwise_gwcls1_actvx.rb | 2 +- .../windows/browser/ntr_activex_check_bof.rb | 2 +- .../windows/browser/ntr_activex_stopmodule.rb | 2 +- .../browser/oracle_autovue_setmarkupmode.rb | 2 +- .../windows/browser/quickr_qp2_bof.rb | 2 +- .../browser/siemens_solid_edge_selistctrlx.rb | 2 +- .../browser/synactis_connecttosynactis_bof.rb | 2 +- .../browser/tom_sawyer_tsgetx71ex552.rb | 2 +- .../wellintech_kingscada_kxclientdownload.rb | 2 +- .../windows/browser/winzip_fileview.rb | 2 +- .../windows/browser/wmi_admintools.rb | 2 +- 63 files changed, 97 insertions(+), 68 deletions(-) diff --git a/lib/msf/core/constants.rb b/lib/msf/core/constants.rb index 4ce79e1276..9a9a6f9ee4 100644 --- a/lib/msf/core/constants.rb +++ b/lib/msf/core/constants.rb @@ -76,6 +76,8 @@ module OperatingSystems end module WindowsVersions + NINE5 = "95" + NINE8 = "98" NT = "NT" XP = "XP" TWOK = "2000" @@ -89,6 +91,33 @@ module OperatingSystems end UNKNOWN = "Unknown" + + module Match + WINDOWS = /^(?:Microsoft )?Windows/ + WINDOWS_95 = /^(?:Microsoft )?Windows 95/ + WINDOWS_98 = /^(?:Microsoft )?Windows 98/ + WINDOWS_ME = /^(?:Microsoft )?Windows ME/ + WINDOWS_NT3 = /^(?:Microsoft )?Windows NT 3/ + WINDOWS_NT4 = /^(?:Microsoft )?Windows NT 4/ + WINDOWS_2000 = /^(?:Microsoft )?Windows 2000/ + WINDOWS_XP = /^(?:Microsoft )?Windows XP/ + WINDOWS_2003 = /^(?:Microsoft )?Windows 2003/ + WINDOWS_VISTA = /^(?:Microsoft )?Windows Vista/ + WINDOWS_2008 = /^(?:Microsoft )?Windows 2008/ + WINDOWS_7 = /^(?:Microsoft )?Windows 7/ + WINDOWS_2012 = /^(?:Microsoft )?Windows 2012/ + WINDOWS_8 = /^(?:Microsoft )?Windows 8/ + WINDOWS_81 = /^(?:Microsoft )?Windows 8\.1/ + + LINUX = /^Linux/i + MAC_OSX = /^(Apple )?Mac OS X/ + FREEBSD = /^FreeBSD/ + NETBSD = /^NetBSD/ + OPENBSD = /^OpenBSD/ + VMWARE = /^VMware/ + ANDROID = /^(?Google )?Android/ + APPLE_IOS = /^(?:Apple )?iOS/ + end end end diff --git a/modules/exploits/android/browser/webview_addjavascriptinterface.rb b/modules/exploits/android/browser/webview_addjavascriptinterface.rb index 6eeed2afd6..0348c15118 100644 --- a/modules/exploits/android/browser/webview_addjavascriptinterface.rb +++ b/modules/exploits/android/browser/webview_addjavascriptinterface.rb @@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ - :os_name => "Android", + :os_name => OperatingSystems::Match::ANDROID, :arch => ARCH_ARMLE, :javascript => true, :rank => ExcellentRanking, @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultTarget' => 0, 'BrowserRequirements' => { :source => 'script', - :os_name => 'Android', + :os_name => OperatingSystems::Match::ANDROID, :arch => ARCH_ARMLE } )) diff --git a/modules/exploits/multi/browser/firefox_escape_retval.rb b/modules/exploits/multi/browser/firefox_escape_retval.rb index ebcf8fc013..d2f64fe755 100644 --- a/modules/exploits/multi/browser/firefox_escape_retval.rb +++ b/modules/exploits/multi/browser/firefox_escape_retval.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.5", # :ua_maxver => "3.5", - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption # :vuln_test => nil, diff --git a/modules/exploits/multi/browser/mozilla_compareto.rb b/modules/exploits/multi/browser/mozilla_compareto.rb index 1b34966225..3b3b42b754 100644 --- a/modules/exploits/multi/browser/mozilla_compareto.rb +++ b/modules/exploits/multi/browser/mozilla_compareto.rb @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "1.0", # :ua_maxver => "1.7.10", - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption # :vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }", diff --git a/modules/exploits/multi/browser/opera_configoverwrite.rb b/modules/exploits/multi/browser/opera_configoverwrite.rb index 817677bf5e..c6542a1ffc 100644 --- a/modules/exploits/multi/browser/opera_configoverwrite.rb +++ b/modules/exploits/multi/browser/opera_configoverwrite.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote autopwn_info({ :ua_name => HttpClients::OPERA, :ua_maxver => "9.10", - :os_name => [ /^Windows/, /^Mac OS X/, ], + :os_name => [ OperatingSystems::Match::WINDOWS, OperatingSystems::Match::MAC_OSX, ], :javascript => true, :rank => ExcellentRanking, # reliable cmd exec, cleans up after itself :vuln_test => nil, diff --git a/modules/exploits/osx/browser/mozilla_mchannel.rb b/modules/exploits/osx/browser/mozilla_mchannel.rb index 0285c5fe90..3427b8c5a1 100644 --- a/modules/exploits/osx/browser/mozilla_mchannel.rb +++ b/modules/exploits/osx/browser/mozilla_mchannel.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.6.16", # :ua_maxver => "3.6.16", - # :os_name => 'Mac OS X', + # :os_name => OperatingSystems::Match::MAC_OSX, # :javascript => true, # :rank => NormalRanking, #}) diff --git a/modules/exploits/osx/browser/safari_metadata_archive.rb b/modules/exploits/osx/browser/safari_metadata_archive.rb index 6c8f1f1535..11d17f8f0a 100644 --- a/modules/exploits/osx/browser/safari_metadata_archive.rb +++ b/modules/exploits/osx/browser/safari_metadata_archive.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote #autopwn_info({ # :ua_name => HttpClients::SAFARI, # :ua_maxver => '2.0.2', - # :os_name => [ 'Mac OS X' ], + # :os_name => OperatingSystems::Match::MAC_OSX, # :javascript => false, # :rank => ExcellentRanking, # reliable cmd execution # :vuln_test => nil, diff --git a/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb b/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb index 5188f17428..a7ee86f1e7 100644 --- a/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb +++ b/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => 'script', :ua_name => HttpClients::SAFARI, - :os_name => 'Mac OS X', + :os_name => OperatingSystems::Match::MAC_OSX, # On 10.6.8 (Safari 5.x), a dialog never appears unless the user # has already manually launched the dropped exe diff --git a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb index 45421e9545..6fd1c87105 100644 --- a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb +++ b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::RopDb include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :method => "GetVariable", :classid => "ShockwaveFlash.ShockwaveFlash", :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/adobe_flash_rtmp.rb b/modules/exploits/windows/browser/adobe_flash_rtmp.rb index 0fa3a62191..93d85537a2 100644 --- a/modules/exploits/windows/browser/adobe_flash_rtmp.rb +++ b/modules/exploits/windows/browser/adobe_flash_rtmp.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :ua_name => HttpClients::IE, :ua_minver => "6.0", :ua_maxver => "8.0", diff --git a/modules/exploits/windows/browser/adobe_toolbutton.rb b/modules/exploits/windows/browser/adobe_toolbutton.rb index 08ab245f7d..2ae03bba89 100644 --- a/modules/exploits/windows/browser/adobe_toolbutton.rb +++ b/modules/exploits/windows/browser/adobe_toolbutton.rb @@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :os_name => /^Windows XP/, + :os_name => OperatingSystems::Match::WINDOWS_XP, :ua_name => Msf::HttpClients::IE }, 'Targets' => diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb index 483c381b1b..03be97dd27 100644 --- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb +++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb @@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote :source => /script|headers/i, :clsid => "{09F68A41-2FBE-11D3-8C9D-0008C7D901B6}", :method => "ChooseFilePath", - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, }, 'Targets' => [ @@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows XP with IE 6', { - 'os_name' => 'Windows XP', + 'os_name' => OperatingSystems::Match::WINDOWS_XP, 'ua_name' => 'MSIE', 'ua_ver' => '6.0', 'Rop' => false, @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows XP with IE 7', { - 'os_name' => 'Windows XP', + 'os_name' => OperatingSystems::Match::WINDOWS_XP, 'ua_name' => 'MSIE', 'ua_ver' => '7.0', 'Rop' => false, @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows XP with IE 8', { - 'os_name' => 'Windows XP', + 'os_name' => OperatingSystems::Match::WINDOWS_XP, 'ua_name' => 'MSIE', 'ua_ver' => '8.0', 'Rop' => true, @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows Vista with IE 7', { - 'os_name' => 'Windows Vista', + 'os_name' => OperatingSystems::Match::WINDOWS_VISTA, 'ua_name' => 'MSIE', 'ua_ver' => '7.0', 'Rop' => false, diff --git a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb index cc4ec639b4..247b86dc34 100644 --- a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb +++ b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_name => HttpClients::IE, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb index c11f1b7cfb..3e1769f022 100644 --- a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb +++ b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_name => HttpClients::SAFARI, # :ua_maxver => '5.0.1', # :ua_maxver => '5.1.7', diff --git a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb index 4bdc997690..8d4d77b33d 100644 --- a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb +++ b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # # No particular browser. Works on at least IE6 and Firefox 1.5.0.3 # :javascript => true, # :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb index d1b915fa95..f125032e27 100644 --- a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb +++ b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :javascript => true, # :rank => NormalRanking, # reliable memory corruption # :vuln_test => nil, diff --git a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb index 16a0324d57..95aafafa3e 100644 --- a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb +++ b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :javascript => true, # :rank => NormalRanking #}) diff --git a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb index a434b4f0b7..8f475d6951 100644 --- a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb +++ b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_name => HttpClients::IE, # :javascript => true, # :rank => NormalRanking, diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb index c397e34f21..8f51c2b886 100644 --- a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb +++ b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => "{9E065E4A-BD9D-4547-8F90-985DC62A5591}", # :method => "SetSource", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb index b29e8b7649..1624d2591d 100644 --- a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb +++ b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => "{9E065E4A-BD9D-4547-8F90-985DC62A5591}", # :method => "SetSource", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/clear_quest_cqole.rb b/modules/exploits/windows/browser/clear_quest_cqole.rb index ab762cc4c4..5e8720287f 100644 --- a/modules/exploits/windows/browser/clear_quest_cqole.rb +++ b/modules/exploits/windows/browser/clear_quest_cqole.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => "{94773112-72E8-11D0-A42E-00A024DED613}", # :method => "RegisterSchemaRepoFromFileByDbSet", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb index b925d1d8bc..4874e24f18 100644 --- a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb +++ b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => NormalRanking, # :classid => "{88DD90B6-C770-4CFF-B7A4-3AFD16BB8824}", # :method => "ServerResourceVersion" diff --git a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb index 9c325d2641..25ecd8ab80 100644 --- a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb +++ b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => "{C3B92104-B5A7-11D0-A37F-00A0248F0AF1}", # :method => "SetShapeNodeType", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb index 71d9465d9d..043ae246b1 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => Rank, # :classid => "{8D9E2CC7-D94B-4977-8510-FB49C361A139}", # :method => "WriteFileBinary" diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb index 2ef6a85dcf..9706782dbb 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows XP/, + # :os_name => OperatingSystems::Match::WINDOWS_XP, # :rank => NormalRanking, # :classid => "{8D9E2CC7-D94B-4977-8510-FB49C361A139}", # :method => "WriteFileString " diff --git a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb index 4af85dd1bb..1c054a4f48 100644 --- a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb +++ b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => NormalRanking, # :classid => "{24E04EBF-014D-471F-930E-7654B1193BA9}", # :method => "TabCaption" diff --git a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb index 883218d643..92f7c46d60 100644 --- a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb +++ b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn # #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_name => HttpClients::IE, # :ua_minver => "6.0", # :ua_maxver => "8.0", diff --git a/modules/exploits/windows/browser/ie_cbutton_uaf.rb b/modules/exploits/windows/browser/ie_cbutton_uaf.rb index 65af178132..e92014d80c 100644 --- a/modules/exploits/windows/browser/ie_cbutton_uaf.rb +++ b/modules/exploits/windows/browser/ie_cbutton_uaf.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "8.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => GoodRanking #}) diff --git a/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb b/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb index de6caa3a59..6840dddf91 100644 --- a/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb +++ b/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "8.0", :ua_maxver => "8.0", :javascript => true, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :rank => GoodRanking }) diff --git a/modules/exploits/windows/browser/ie_createobject.rb b/modules/exploits/windows/browser/ie_createobject.rb index 5f74697acc..bd7f02c1a6 100644 --- a/modules/exploits/windows/browser/ie_createobject.rb +++ b/modules/exploits/windows/browser/ie_createobject.rb @@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote # than the max by setting to 6.1 (which doesn't really exist). :ua_maxver => "6.1", :javascript => true, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :method => [ 'CreateObject', 'GetObject' ], :classid => [ diff --git a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb index cf39ed622d..365c2b4836 100644 --- a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb +++ b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => NormalRanking, # :classid => "{3c9dff6f-5cb0-422e-9978-d6405d10718f}", # :method => "InternationalSeparator" diff --git a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb index a40fdc954b..81b3e1df8d 100644 --- a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb +++ b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => Rank, # :classid => "{0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C}", # :method => "Attachment_Times" diff --git a/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb b/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb index 72317863d0..9e526c4c90 100644 --- a/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb +++ b/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_name => HttpClients::IE, # :javascript => true, # :rank => NormalRanking, diff --git a/modules/exploits/windows/browser/mozilla_interleaved_write.rb b/modules/exploits/windows/browser/mozilla_interleaved_write.rb index f62321d4fd..52301c6cbe 100644 --- a/modules/exploits/windows/browser/mozilla_interleaved_write.rb +++ b/modules/exploits/windows/browser/mozilla_interleaved_write.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.6.8", # :ua_maxver => "3.6.11", - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :javascript => true, # :rank => NormalRanking, # :vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }", diff --git a/modules/exploits/windows/browser/mozilla_mchannel.rb b/modules/exploits/windows/browser/mozilla_mchannel.rb index 1237acf1dd..7f47927a72 100644 --- a/modules/exploits/windows/browser/mozilla_mchannel.rb +++ b/modules/exploits/windows/browser/mozilla_mchannel.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::FF, # :ua_minver => "3.6.16", # :ua_maxver => "3.6.16", - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :javascript => true, # :rank => NormalRanking, #}) diff --git a/modules/exploits/windows/browser/mozilla_nstreerange.rb b/modules/exploits/windows/browser/mozilla_nstreerange.rb index ed1b822549..f2602aa16f 100644 --- a/modules/exploits/windows/browser/mozilla_nstreerange.rb +++ b/modules/exploits/windows/browser/mozilla_nstreerange.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_name => HttpClients::FF, :ua_minver => "3.5", :ua_maxver => "3.6.16", - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :javascript => true, :rank => NormalRanking, :vuln_test => "if (navigator.userAgent.indexOf('Windows NT 5.1') != -1 || navigator.javaEnabled()) { is_vuln = true; }", diff --git a/modules/exploits/windows/browser/ms06_067_keyframe.rb b/modules/exploits/windows/browser/ms06_067_keyframe.rb index 036f3d72ac..c8f306d3f6 100644 --- a/modules/exploits/windows/browser/ms06_067_keyframe.rb +++ b/modules/exploits/windows/browser/ms06_067_keyframe.rb @@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_name => HttpClients::IE, # :ua_minver => "6.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => 'DirectAnimation.PathControl', # :method => 'KeyFrame', # :rank => NormalRanking # reliable memory corruption diff --git a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb index 85099cc807..318a9f303f 100644 --- a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb +++ b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb index 336ebe4db0..25308bdfcf 100644 --- a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb +++ b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms09_072_style_object.rb b/modules/exploits/windows/browser/ms09_072_style_object.rb index 338feb0524..32238ff910 100644 --- a/modules/exploits/windows/browser/ms09_072_style_object.rb +++ b/modules/exploits/windows/browser/ms09_072_style_object.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :vuln_test => nil, # no way to test without just trying it # :rank => LowRanking # exploitable on ie7/vista #}) diff --git a/modules/exploits/windows/browser/ms10_002_aurora.rb b/modules/exploits/windows/browser/ms10_002_aurora.rb index 2ed04767cc..01d39074c2 100644 --- a/modules/exploits/windows/browser/ms10_002_aurora.rb +++ b/modules/exploits/windows/browser/ms10_002_aurora.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "6.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb index 08561ad1ff..208c1d3601 100644 --- a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb +++ b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb index 2661f4dc7d..244a385dc2 100644 --- a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb +++ b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :vuln_test => nil, # no way to test without just trying it #}) diff --git a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb index bf68fd1460..f2463d3c32 100644 --- a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb +++ b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # Should be 6 # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # # Not strictly a vuln check, but an exploitability check since a # # specific version of .NET is required to make the ROP work. # :vuln_test => "if (/.NET CLR 2\\.0\\.50727/.test(navigator.userAgent)) { is_vuln = true }else{ is_vuln = false }", diff --git a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb index ada3d6273d..35b29d445a 100644 --- a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb +++ b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "7.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/ + # :os_name => OperatingSystems::Match::WINDOWS #}) def initialize(info={}) diff --git a/modules/exploits/windows/browser/ms12_004_midi.rb b/modules/exploits/windows/browser/ms12_004_midi.rb index 29b4d7710e..5d2d5ea153 100644 --- a/modules/exploits/windows/browser/ms12_004_midi.rb +++ b/modules/exploits/windows/browser/ms12_004_midi.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "6.0", :ua_maxver => "8.0", :javascript => true, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :vuln_test => %Q| var v = window.os_detect.getVersion(); var os_name = v['os_name']; diff --git a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb index cd6fb19ff1..6575b258c8 100644 --- a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb +++ b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb @@ -11,7 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML #include Msf::Exploit::Remote::BrowserAutopwn #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_minver => "8.0", # :ua_maxver => "8.0", # :rank => NormalRanking, # reliable memory corruption diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb index f414fe3bfd..276afd32ce 100644 --- a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb +++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :ua_name => Msf::HttpClients::IE, :silverlight => "true" }, diff --git a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb index 322f8085c7..219edb57c9 100644 --- a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb +++ b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "8.0", # :ua_maxver => "8.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => Rank #}) diff --git a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb index ddd2671e68..b8479f1d1d 100644 --- a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb +++ b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "8.0", :ua_maxver => "8.0", :javascript => true, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :rank => NormalRanking }) diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb index 39c6599bc9..71981fdb3d 100644 --- a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb +++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb @@ -62,13 +62,13 @@ class Metasploit3 < Msf::Exploit::Remote :source => /script|headers/i, :clsid => "{19916E01-B44E-4E31-94A4-4696DF46157B}", :method => "requiredClaims", - :os_name => /^Windows XP/ + :os_name => OperatingSystems::Match::WINDOWS_XP }, 'Targets' => [ [ 'Windows XP with IE 8', { - 'os_name' => 'Windows XP', + 'os_name' => OperatingSystems::Match::WINDOWS_XP, 'ua_name' => Msf::HttpClients::IE, 'ua_ver' => '8.0', 'arch' => ARCH_X86 diff --git a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb index f265b49e00..7c80b5e2c6 100644 --- a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb +++ b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote :ua_minver => "6.0", :ua_maxver => "9.0", :javascript => true, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :classid => "{f6D90f11-9c73-11d3-b32e-00C04f990bb4}", :method => "definition", :rank => GoodRanking diff --git a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb index 762d475e36..6a9199ca80 100644 --- a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb +++ b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => NormalRanking, # :classid => "{601D7813-408F-11D1-98D7-444553540000}", # :method => "SetEngine" diff --git a/modules/exploits/windows/browser/ntr_activex_check_bof.rb b/modules/exploits/windows/browser/ntr_activex_check_bof.rb index db181598ff..09f03bf478 100644 --- a/modules/exploits/windows/browser/ntr_activex_check_bof.rb +++ b/modules/exploits/windows/browser/ntr_activex_check_bof.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => "{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}", # :method => "Check", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb index bd5393157c..bfdcd935f3 100644 --- a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb +++ b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "7.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => "{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}", # :method => "StopModule", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb index 3628c48b2c..17f10cebfa 100644 --- a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb +++ b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => "{B6FCC215-D303-11D1-BC6C-0000C078797F}", # :method => "SetMarkupMode", # :rank => NormalRanking diff --git a/modules/exploits/windows/browser/quickr_qp2_bof.rb b/modules/exploits/windows/browser/quickr_qp2_bof.rb index 1b16a6413a..88eb2f5554 100644 --- a/modules/exploits/windows/browser/quickr_qp2_bof.rb +++ b/modules/exploits/windows/browser/quickr_qp2_bof.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => Rank, # :classid => "{05D96F71-87C6-11D3-9BE4-00902742D6E0}", # :method => "Attachment_Times" diff --git a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb index d87a146397..eab5e816e7 100644 --- a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb +++ b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote # :ua_minver => "6.0", # :ua_maxver => "9.0", # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => Rank, # :classid => "{5D6A72E6-C12F-4C72-ABF3-32F6B70EBB0D}" #}) diff --git a/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb b/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb index fc061b50b4..7d819a1830 100644 --- a/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb +++ b/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb @@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote # :javascript => true, # :classid => "{C80CAF1F-C58E-11D5-A093-006097ED77E6}", # :method => "ConnectToSynactis", - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :rank => AverageRanking #}) diff --git a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb index cbfe4a67dc..e7f4f09ef5 100644 --- a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb +++ b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn # #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_name => HttpClients::IE, # :ua_minver => "6.0", # :ua_maxver => "8.0", diff --git a/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb b/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb index 64907de362..426cbb5638 100644 --- a/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb +++ b/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Exploit::Remote 'BrowserRequirements' => { :source => /script|headers/i, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :ua_name => /MSIE|KXCLIE/i }, 'Payload' => diff --git a/modules/exploits/windows/browser/winzip_fileview.rb b/modules/exploits/windows/browser/winzip_fileview.rb index efdc583d37..a3f2f834e1 100644 --- a/modules/exploits/windows/browser/winzip_fileview.rb +++ b/modules/exploits/windows/browser/winzip_fileview.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote #autopwn_info({ # :ua_name => HttpClients::IE, # :javascript => true, - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :classid => '{A09AE68F-B14D-43ED-B713-BA413F034904}', # :method => 'CreateNewFolderFromName', # :rank => NormalRanking # reliable memory corruption diff --git a/modules/exploits/windows/browser/wmi_admintools.rb b/modules/exploits/windows/browser/wmi_admintools.rb index e887578a82..73caac15c5 100644 --- a/modules/exploits/windows/browser/wmi_admintools.rb +++ b/modules/exploits/windows/browser/wmi_admintools.rb @@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote #include Msf::Exploit::Remote::BrowserAutopwn # #autopwn_info({ - # :os_name => /^Windows/, + # :os_name => OperatingSystems::Match::WINDOWS, # :ua_name => HttpClients::IE, # :rank => NormalRanking, # :vuln_test => nil, From c7366b436126ad40bf71f2dddc3f317214a870e7 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 28 May 2014 14:40:09 -0500 Subject: [PATCH 26/43] Fix a small typo in the regex --- lib/msf/core/constants.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/msf/core/constants.rb b/lib/msf/core/constants.rb index 9a9a6f9ee4..2e2473fbe7 100644 --- a/lib/msf/core/constants.rb +++ b/lib/msf/core/constants.rb @@ -110,12 +110,12 @@ module OperatingSystems WINDOWS_81 = /^(?:Microsoft )?Windows 8\.1/ LINUX = /^Linux/i - MAC_OSX = /^(Apple )?Mac OS X/ + MAC_OSX = /^(?:Apple )?Mac OS X/ FREEBSD = /^FreeBSD/ NETBSD = /^NetBSD/ OPENBSD = /^OpenBSD/ VMWARE = /^VMware/ - ANDROID = /^(?Google )?Android/ + ANDROID = /^(?:Google )?Android/ APPLE_IOS = /^(?:Apple )?iOS/ end end From 90f3916259fe55b322fa10edc3dcb44768817401 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 6 Jul 2014 09:19:14 -0500 Subject: [PATCH 27/43] Remove duplicate packetfu inclusion after merge --- Gemfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Gemfile b/Gemfile index d06f9df5de..4c95104e01 100755 --- a/Gemfile +++ b/Gemfile @@ -17,9 +17,6 @@ gem 'rkelly-remix', '0.0.6' # Needed by anemone crawler gem 'robots' -# Needed by db.rb and Msf::Exploit::Capture -gem 'packetfu', '1.1.9' - # Needed for service fingerprinting (Recog) gem 'recog', :git => 'git@github.com:rapid7/recog.git' From b6b5435a3d52ac04c7881d103633085394453d5b Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 6 Jul 2014 09:24:36 -0500 Subject: [PATCH 28/43] Fix service pack parsing --- modules/post/windows/gather/enum_ad_computers.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/post/windows/gather/enum_ad_computers.rb b/modules/post/windows/gather/enum_ad_computers.rb index f9ff5e3cf4..81363ec022 100644 --- a/modules/post/windows/gather/enum_ad_computers.rb +++ b/modules/post/windows/gather/enum_ad_computers.rb @@ -108,8 +108,8 @@ class Metasploit3 < Msf::Post if field.to_i > 0 report[:os_sp] = 'SP' + field end - if field =~ /(Service Pack|SP\s?)(\d+)/ - report[:os_sp] = 'SP' + $1 + if field =~ /(Service Pack|SP)\s?(\d+)/ + report[:os_sp] = 'SP' + $2 end when 'description' From 16af8b8c5c18bf804b940cfe5a88b7d03b94b8c6 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 6 Jul 2014 09:36:08 -0500 Subject: [PATCH 29/43] Use MDM 0.17.0 stock as master branch is broken. This resolves all issues I know of with the recog branch on Metasploit Framework, but obviously most of the benefits of this branch come from having a recog-aware MDM, something that can't happen until MDM 0.17.6+ is supported by the framework. In short, this should be good to merge, but will not solve the intended problems until MDM 0.17.6+ is fixed for MSF --- Gemfile | 9 +++++++-- Gemfile.lock | 35 +++++++++++++++-------------------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/Gemfile b/Gemfile index 4c95104e01..1827491d29 100755 --- a/Gemfile +++ b/Gemfile @@ -26,8 +26,13 @@ gem 'sqlite3' group :db do # Needed for Msf::DbManager gem 'activerecord', '>= 3.0.0', '< 4.0.0' - # Database models shared between framework and Pro - gem 'metasploit_data_models', '>= 0.17.2' + + # Database models shared between framework and Pro (depends on hmoore-r7 branch until merged) + # Unfortunately, MDM is broken after 0.17.0 in master right now, so waiting on that merge... + + gem 'metasploit_data_models', '= 0.17.0' + # gem 'metasploit_data_models', :git => 'git@github.com:hmoore-r7/metasploit_data_models.git' + # Needed for module caching in Mdm::ModuleDetails gem 'pg', '>= 0.11' end diff --git a/Gemfile.lock b/Gemfile.lock index bab75a882c..3cb1dd3057 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,15 +1,6 @@ -GIT - remote: git@github.com:hmoore-r7/metasploit_data_models.git - revision: 369398260def99448ff26371d304bb03b2176b4c - specs: - metasploit_data_models (0.17.0) - activerecord (>= 3.2.13) - activesupport - pg - GIT remote: git@github.com:rapid7/recog.git - revision: 915799d493f96ea8c6981fc8b4bc3fc06acde06c + revision: 9c2983de2e2ebbeb98c2211b5be95ab4099479bc specs: recog (0.01) nokogiri @@ -17,15 +8,15 @@ GIT GEM remote: https://rubygems.org/ specs: - activemodel (3.2.17) - activesupport (= 3.2.17) + activemodel (3.2.19) + activesupport (= 3.2.19) builder (~> 3.0.0) - activerecord (3.2.17) - activemodel (= 3.2.17) - activesupport (= 3.2.17) + activerecord (3.2.19) + activemodel (= 3.2.19) + activesupport (= 3.2.19) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activesupport (3.2.17) + activesupport (3.2.19) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) arel (3.0.3) @@ -38,12 +29,16 @@ GEM fivemat (1.2.1) i18n (0.6.9) json (1.8.0) - mini_portile (0.5.2) + metasploit_data_models (0.17.0) + activerecord (>= 3.2.13) + activesupport + pg + mini_portile (0.6.0) msgpack (0.5.5) multi_json (1.0.4) network_interface (0.0.1) - nokogiri (1.6.1) - mini_portile (~> 0.5.0) + nokogiri (1.6.2.1) + mini_portile (= 0.6.0) packetfu (1.1.9) pcaprub (0.11.3) pg (0.17.1) @@ -81,7 +76,7 @@ DEPENDENCIES factory_girl (>= 4.1.0) fivemat (= 1.2.1) json - metasploit_data_models! + metasploit_data_models (= 0.17.0) msgpack network_interface (~> 0.0.1) nokogiri From 740f75d0bf594b534767e0751d45209afc0eca18 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 6 Jul 2014 09:52:04 -0500 Subject: [PATCH 30/43] Match masters preferred MDM version --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 1827491d29..e54b6f6a50 100755 --- a/Gemfile +++ b/Gemfile @@ -30,7 +30,7 @@ group :db do # Database models shared between framework and Pro (depends on hmoore-r7 branch until merged) # Unfortunately, MDM is broken after 0.17.0 in master right now, so waiting on that merge... - gem 'metasploit_data_models', '= 0.17.0' + gem 'metasploit_data_models', '= 0.17.2' # gem 'metasploit_data_models', :git => 'git@github.com:hmoore-r7/metasploit_data_models.git' # Needed for module caching in Mdm::ModuleDetails From 92ff0974b727379ba5be093a3fd071c66ad8b52b Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 25 Aug 2014 01:45:59 -0500 Subject: [PATCH 31/43] Add YARD option formatting --- lib/msf/core/exploit/http/client.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb index 3f274b2e68..52385420cf 100644 --- a/lib/msf/core/exploit/http/client.rb +++ b/lib/msf/core/exploit/http/client.rb @@ -446,8 +446,8 @@ module Exploit::Remote::HttpClient # service.info field to represent the HTTP Server header. # # Options: - # :uri an HTTP URI to request in order to generate a fingerprint - # :method an HTTP method to use in the fingerprint request + # @option opts [String] :uri An HTTP URI to request in order to generate a fingerprint + # @option opts [String] :method An HTTP method to use in the fingerprint request # def lookup_http_fingerprints(opts={}) uri = opts[:uri] || '/' @@ -457,7 +457,7 @@ module Exploit::Remote::HttpClient return fprints unless framework.db.active ::ActiveRecord::Base.connection_pool.with_connection { - wspace = datastore['WORKSPACE'] ? + wspace = datastore['WORKSPACE'] ? framework.db.find_workspace(datastore['WORKSPACE']) : framework.db.workspace service = framework.db.get_service(wspace, rhost, 'tcp', rport) From 73e4ec709ff7a31765813b0eddaea81a3bb7e50a Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 25 Aug 2014 15:42:18 -0500 Subject: [PATCH 32/43] Fix smb_port and require 'recog' when no DB/MDM --- Gemfile.lock | 1 + metasploit-framework.gemspec | 2 ++ modules/auxiliary/scanner/smb/smb_version.rb | 4 ++-- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f6154944ff..28713d1fc9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -25,6 +25,7 @@ PATH nokogiri packetfu (= 1.1.9) railties + recog rkelly-remix (= 0.0.6) robots rubyzip (~> 1.1) diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec index 6999c787e3..aa08224337 100644 --- a/metasploit-framework.gemspec +++ b/metasploit-framework.gemspec @@ -80,4 +80,6 @@ Gem::Specification.new do |spec| spec.add_runtime_dependency 'sqlite3' # required for Time::TZInfo in ActiveSupport spec.add_runtime_dependency 'tzinfo' + # required for OS fingerprinting + spec.add_runtime_dependency 'recog' end diff --git a/modules/auxiliary/scanner/smb/smb_version.rb b/modules/auxiliary/scanner/smb/smb_version.rb index 0f6f07d188..44a0704ce6 100644 --- a/modules/auxiliary/scanner/smb/smb_version.rb +++ b/modules/auxiliary/scanner/smb/smb_version.rb @@ -5,7 +5,7 @@ require 'msf/core' - +require 'recog' class Metasploit3 < Msf::Auxiliary @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary end def rport - @rport || datastore['RPORT'] + @smb_port || datastore['RPORT'] end def smb_direct From fde2687c9edbc7d136f4c931eb2cf4b447081580 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 26 Aug 2014 18:44:08 -0500 Subject: [PATCH 33/43] Store edition,version,build in the fingerprint.match --- modules/auxiliary/scanner/smb/smb_version.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/auxiliary/scanner/smb/smb_version.rb b/modules/auxiliary/scanner/smb/smb_version.rb index 44a0704ce6..56b7ed87e6 100644 --- a/modules/auxiliary/scanner/smb/smb_version.rb +++ b/modules/auxiliary/scanner/smb/smb_version.rb @@ -79,16 +79,19 @@ class Metasploit3 < Msf::Auxiliary if res['edition'].to_s.length > 0 desc << " #{res['edition']}" conf[:os_edition] = res['edition'] + match_conf['os.edition'] = res['edition'] end if res['sp'].to_s.length > 0 desc << " #{res['sp'].downcase.gsub('service pack ', 'SP')}" conf[:os_sp] = res['sp'] + match_conf['os.version'] = res['sp'] end if res['build'].to_s.length > 0 desc << " (build:#{res['build']})" conf[:os_build] = res['build'] + match_conf['os.build'] = res['build'] end if res['lang'].to_s.length > 0 and res['lang'] != 'Unknown' From bfadfda58137ba51cfdcf352e2c1642b291d56ab Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 29 Sep 2014 15:34:35 -0500 Subject: [PATCH 34/43] Fix typo on match string for opera_configoverwrite --- modules/exploits/multi/browser/opera_configoverwrite.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/multi/browser/opera_configoverwrite.rb b/modules/exploits/multi/browser/opera_configoverwrite.rb index c6542a1ffc..ef87e6cfca 100644 --- a/modules/exploits/multi/browser/opera_configoverwrite.rb +++ b/modules/exploits/multi/browser/opera_configoverwrite.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote autopwn_info({ :ua_name => HttpClients::OPERA, :ua_maxver => "9.10", - :os_name => [ OperatingSystems::Match::WINDOWS, OperatingSystems::Match::MAC_OSX, ], + :os_name => [ OperatingSystems::Match::WINDOWS, OperatingSystems::Match::LINUX ], :javascript => true, :rank => ExcellentRanking, # reliable cmd exec, cleans up after itself :vuln_test => nil, From 77efa7c19a8b13829bed033de68a13183db5cf42 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 29 Sep 2014 15:37:58 -0500 Subject: [PATCH 35/43] Change if/else to case statement --- modules/auxiliary/server/browser_autopwn.rb | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb index f4b2ed16fa..7268531195 100644 --- a/modules/auxiliary/server/browser_autopwn.rb +++ b/modules/auxiliary/server/browser_autopwn.rb @@ -831,15 +831,13 @@ class Metasploit3 < Msf::Auxiliary # Example: :os_name => ( 'Windows' | /Windows/ | ['Windows', 'Mac OS X'] ) # def client_matches_module_spec?(client_str, module_spec) - if module_spec.kind_of?(::String) + + case module_spec + when kind_of? ::String return !! (client_str == module_spec) - end - - if module_spec.kind_of?(::Regexp) + when kind_of? ::Regexp return !! client_str.match(module_spec) - end - - if module_spec.kind_of?(::Array) + when kind_of? ::Array return !! exploit_spec.map{ |spec| client_matches_module_spec?(client_str, spec) }.include?(true) From 878f3d12cd2a63b1a6b5b7e216c3903aafa92a71 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 29 Sep 2014 15:39:10 -0500 Subject: [PATCH 36/43] Remove kind_of? per @trosen-r7 --- modules/auxiliary/server/browser_autopwn.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb index 7268531195..1edf5a5c8f 100644 --- a/modules/auxiliary/server/browser_autopwn.rb +++ b/modules/auxiliary/server/browser_autopwn.rb @@ -833,11 +833,11 @@ class Metasploit3 < Msf::Auxiliary def client_matches_module_spec?(client_str, module_spec) case module_spec - when kind_of? ::String + when ::String return !! (client_str == module_spec) - when kind_of? ::Regexp + when ::Regexp return !! client_str.match(module_spec) - when kind_of? ::Array + when ::Array return !! exploit_spec.map{ |spec| client_matches_module_spec?(client_str, spec) }.include?(true) From 3b5eb42b55f7e0dee2cff7a5dc01d6c33bbaa14d Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 29 Sep 2014 15:50:25 -0500 Subject: [PATCH 37/43] Switch to Msf::OperatingSystems::Match::WINDOWS --- documentation/samples/modules/exploits/ie_browser.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/samples/modules/exploits/ie_browser.rb b/documentation/samples/modules/exploits/ie_browser.rb index fcbeade692..6a49a3c7c4 100644 --- a/documentation/samples/modules/exploits/ie_browser.rb +++ b/documentation/samples/modules/exploits/ie_browser.rb @@ -29,7 +29,7 @@ class Metasploit4 < Msf::Exploit::Remote :ua_minver => "8.0", :ua_maxver => "10.0", :javascript => true, - :os_name => /^Windows/, + :os_name => OperatingSystems::Match::WINDOWS, :rank => NormalRanking }) From a75d47aad94134b3d5e3f8b939373ded2497b3db Mon Sep 17 00:00:00 2001 From: James Lee Date: Sun, 24 Aug 2014 14:19:39 -0500 Subject: [PATCH 38/43] Use yardoc for new methods Also substitute '&&' for 'and', and fix some whitespace --- lib/msf/core/exploit/http/client.rb | 60 +++++++++++++++-------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb index 52385420cf..e662fe6cbc 100644 --- a/lib/msf/core/exploit/http/client.rb +++ b/lib/msf/core/exploit/http/client.rb @@ -445,28 +445,28 @@ module Exploit::Remote::HttpClient # destination host and port. This method falls back to using the old # service.info field to represent the HTTP Server header. # - # Options: - # @option opts [String] :uri An HTTP URI to request in order to generate a fingerprint - # @option opts [String] :method An HTTP method to use in the fingerprint request - # + # @option opts [String] :uri ('/') An HTTP URI to request in order to generate + # a fingerprint + # @option opts [String] :method ('GET') An HTTP method to use in the fingerprint + # request def lookup_http_fingerprints(opts={}) uri = opts[:uri] || '/' method = opts[:method] || 'GET' fprints = [] - + return fprints unless framework.db.active - + ::ActiveRecord::Base.connection_pool.with_connection { wspace = datastore['WORKSPACE'] ? framework.db.find_workspace(datastore['WORKSPACE']) : framework.db.workspace service = framework.db.get_service(wspace, rhost, 'tcp', rport) return fprints unless service - + # Order by note_id descending so the first value is the most recent service.notes.where(:ntype => 'http.fingerprint').order("notes.id DESC").each do |n| - next unless n.data and n.data.kind_of?(::Hash) - next unless n.data[:uri] == uri and n.data[:method] == method + next unless n.data && n.data.kind_of?(::Hash) + next unless n.data[:uri] == uri && n.data[:method] == method # Append additional fingerprints to the results as found fprints.unshift n.data.dup end @@ -481,14 +481,18 @@ module Exploit::Remote::HttpClient # will use it directly, otherwise it will check the database for a previous # fingerprint. Failing that, it will make a request for /. # - # Options: - # :response an Http::Packet as returned from any of the send_* methods - # :uri an HTTP URI to request in order to generate a fingerprint - # :method an HTTP method to use in the fingerprint request - # :full request the full HTTP fingerprint, not just the signature + # Other options are passed directly to {#connect} if :response is not given # - # Other options are passed directly to +connect+ if :response is not given + # @option opts [Rex::Proto::Http::Packet] :response The return value from any + # of the send_* methods + # @option opts [String] :uri ('/') An HTTP URI to request in order to generate + # a fingerprint + # @option opts [String] :method ('GET') An HTTP method to use in the fingerprint + # request + # @option opts [Boolean] :full (false) Request the full HTTP fingerprint, not + # just the signature # + # @return [String] def http_fingerprint(opts={}) res = nil uri = opts[:uri] || '/' @@ -502,7 +506,7 @@ module Exploit::Remote::HttpClient fprints = lookup_http_fingerprints(opts) if fprints.length > 0 - + # Grab the most recent fingerprint available for this service, uri, and method fprint = fprints.last @@ -528,9 +532,9 @@ module Exploit::Remote::HttpClient # This section handles a few simple cases of pattern matching and service # classification. This logic should be deprecated in favor of Recog-based # fingerprint databases, but has been left in place for backward compat. - + extras = [] - + if res.headers['Set-Cookie'] =~ /^vmware_soap_session/ extras << "VMWare Web Services" end @@ -601,8 +605,8 @@ module Exploit::Remote::HttpClient info << " ( #{extras.join(", ")} )" if extras.length > 0 # Create a new fingerprint structure to track this response - fprint = { - :uri => uri, :method => method, + fprint = { + :uri => uri, :method => method, :code => res.code.to_s, :message => res.message.to_s, :signature => info } @@ -614,7 +618,7 @@ module Exploit::Remote::HttpClient # Set-Cookie > :header_set_cookie => JSESSIONID=AAASD23423452 # Server > :header_server => Apache/1.3.37 # WWW-Authenticate > :header_www_authenticate => basic realm='www' - + fprint["header_#{hname}".intern] = v end @@ -623,22 +627,22 @@ module Exploit::Remote::HttpClient # Report a new http.fingerprint note report_note( - :host => rhost, - :port => rport, - :proto => 'tcp', - :ntype => 'http.fingerprint', + :host => rhost, + :port => rport, + :proto => 'tcp', + :ntype => 'http.fingerprint', :data => fprint, - # Limit reporting to one stored note per host/service combination + # Limit reporting to one stored note per host/service combination :update => :unique ) # Report here even if info is empty since the fact that we didn't # return early means we at least got a connection and the service is up report_web_site(:host => rhost, :port => rport, :ssl => ssl, :vhost => vhost, :info => info.dup) - + # Return the full HTTP fingerprint if requested by the caller return fprint if opts[:full] - + # Otherwise just return the signature string for compatibility fprint[:signature] end From a21752bc9c308dd5f9b72e06cb7358547c08aa8f Mon Sep 17 00:00:00 2001 From: James Lee Date: Tue, 26 Aug 2014 14:42:28 -0500 Subject: [PATCH 39/43] Fix NoMethodError on os, mark DCs as 'server' --- .../post/windows/gather/enum_ad_computers.rb | 73 +++++++++---------- 1 file changed, 35 insertions(+), 38 deletions(-) diff --git a/modules/post/windows/gather/enum_ad_computers.rb b/modules/post/windows/gather/enum_ad_computers.rb index 81363ec022..ed46a72bee 100644 --- a/modules/post/windows/gather/enum_ad_computers.rb +++ b/modules/post/windows/gather/enum_ad_computers.rb @@ -66,11 +66,11 @@ class Metasploit3 < Msf::Post # Results table holds raw string data results_table = Rex::Ui::Text::Table.new( - 'Header' => "Domain Computers", - 'Indent' => 1, - 'SortIndex' => -1, - 'Columns' => fields - ) + 'Header' => "Domain Computers", + 'Indent' => 1, + 'SortIndex' => -1, + 'Columns' => fields + ) # Hostnames holds DNS Names to Resolve hostnames = [] @@ -81,40 +81,37 @@ class Metasploit3 < Msf::Post report = {} 0.upto(fields.length-1) do |i| - if result[i].nil? - field = "" - else - field = result[i] + field = result[i] || "" - # Only perform these actions if the database is connected and we want - # to store in the DB. - if db and datastore['STORE_DB'] - case fields[i] - when 'dNSHostName' - dns = field - report[:name] = dns - hostnames << dns - when 'operatingSystem' - report[:os_name] = os - when 'distinguishedName' - if field =~ /Domain Controllers/i - # TODO: Find another way to mark a host as being a domain controller - # The 'purpose' field should be server, client, device, printer, etc - # report[:purpose] = "DC" - end - when 'operatingSystemServicePack' - # XXX: Does this take into account the leading 'SP' string? - - if field.to_i > 0 - report[:os_sp] = 'SP' + field - end - if field =~ /(Service Pack|SP)\s?(\d+)/ - report[:os_sp] = 'SP' + $2 - end - - when 'description' - report[:info] = field + # Only perform these actions if the database is connected and we want + # to store in the DB. + if db && datastore['STORE_DB'] + case fields[i] + when 'dNSHostName' + dns = field + report[:name] = dns + hostnames << dns + when 'operatingSystem' + report[:os_name] = field + when 'distinguishedName' + if field =~ /Domain Controllers/i + # TODO: Find another way to mark a host as being a domain controller + # The 'purpose' field should be server, client, device, printer, etc + #report[:purpose] = "DC" + report[:purpose] = "server" end + when 'operatingSystemServicePack' + # XXX: Does this take into account the leading 'SP' string? + + if field.to_i > 0 + report[:os_sp] = 'SP' + field + end + if field =~ /(Service Pack|SP)\s?(\d+)/ + report[:os_sp] = 'SP' + $2 + end + + when 'description' + report[:info] = field end end @@ -125,7 +122,7 @@ class Metasploit3 < Msf::Post results_table << row end - if db and datastore['STORE_DB'] + if db && datastore['STORE_DB'] print_status("Resolving IP addresses...") ip_results = client.net.resolve.resolve_hosts(hostnames, AF_INET) From 7e05ff343eab3c00ce6574a58275e815a2a2e372 Mon Sep 17 00:00:00 2001 From: James Lee Date: Wed, 27 Aug 2014 17:33:09 -0500 Subject: [PATCH 40/43] Fix smbdirect Also some whitespace and a typo in output message --- modules/auxiliary/scanner/smb/smb_version.rb | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/auxiliary/scanner/smb/smb_version.rb b/modules/auxiliary/scanner/smb/smb_version.rb index 56b7ed87e6..6b02dbea71 100644 --- a/modules/auxiliary/scanner/smb/smb_version.rb +++ b/modules/auxiliary/scanner/smb/smb_version.rb @@ -34,6 +34,7 @@ class Metasploit3 < Msf::Auxiliary ) deregister_options('RPORT') + deregister_options('SMBDIRECT') @smb_port = 445 end @@ -42,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary end def smb_direct - @smbdirect || datastore['SMBDirect'] + (@smb_port == 445) end # Fingerprint a single host @@ -55,10 +56,10 @@ class Metasploit3 < Msf::Auxiliary begin res = smb_fingerprint() - + # # Create the note hash for smb.fingerprint - # + # conf = { :native_os => res['native_os'], :native_lm => res['native_lm'] @@ -82,7 +83,7 @@ class Metasploit3 < Msf::Auxiliary match_conf['os.edition'] = res['edition'] end - if res['sp'].to_s.length > 0 + if res['sp'].to_s.length > 0 desc << " #{res['sp'].downcase.gsub('service pack ', 'SP')}" conf[:os_sp] = res['sp'] match_conf['os.version'] = res['sp'] @@ -95,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary end if res['lang'].to_s.length > 0 and res['lang'] != 'Unknown' - desc << " (language:#{res['lang']}" + desc << " (language:#{res['lang']})" conf[:os_lang] = res['lang'] match_conf['os.language'] = conf[:os_lang] end @@ -130,7 +131,7 @@ class Metasploit3 < Msf::Auxiliary :port => rport, :proto => 'tcp', :ntype => 'fingerprint.match', - :data => match_conf + :data => match_conf ) else desc = "#{res['native_os']} (#{res['native_lm']})" From 5cb016c1b1315141ba55c083fbe0eff074169ba0 Mon Sep 17 00:00:00 2001 From: James Lee Date: Wed, 1 Oct 2014 16:17:13 -0500 Subject: [PATCH 41/43] Use Match constant in BES as well --- lib/msf/core/exploit/remote/browser_exploit_server.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb index ff69adc633..5c3c4a6b89 100644 --- a/lib/msf/core/exploit/remote/browser_exploit_server.rb +++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb @@ -362,7 +362,7 @@ module Msf <%= js_os_detect %> <%= js_ajax_post %> <%= js_misc_addons_detect %> - <%= js_ie_addons_detect if os.match(/^Windows/) and client == HttpClients::IE %> + <%= js_ie_addons_detect if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %> function objToQuery(obj) { var q = []; @@ -388,7 +388,7 @@ module Msf "<%=REQUIREMENT_KEY_SET[:flash]%>" : window.misc_addons_detect.getFlashVersion() }; - <% if os.match(/^Windows/) and client == HttpClients::IE %> + <% if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %> d['<%=REQUIREMENT_KEY_SET[:office]%>'] = window.ie_addons_detect.getMsOfficeVersion(); d['<%=REQUIREMENT_KEY_SET[:mshtml_build]%>'] = ScriptEngineBuildVersion().toString(); <% From 5f4098f650afa7679ce092a55ea5104b4d22358c Mon Sep 17 00:00:00 2001 From: HD Moore Date: Thu, 2 Oct 2014 00:51:37 -0500 Subject: [PATCH 42/43] Bump recog to ~> 1.0.0 --- metasploit-framework.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec index aa08224337..9d336dca6e 100644 --- a/metasploit-framework.gemspec +++ b/metasploit-framework.gemspec @@ -81,5 +81,5 @@ Gem::Specification.new do |spec| # required for Time::TZInfo in ActiveSupport spec.add_runtime_dependency 'tzinfo' # required for OS fingerprinting - spec.add_runtime_dependency 'recog' + spec.add_runtime_dependency 'recog', '~> 1.0.0' end From 24eec0e2a6e8207e279f1d8ddc332786b4b63030 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Thu, 2 Oct 2014 09:51:41 -0500 Subject: [PATCH 43/43] Swap to recog ~> 1.0 pre Luke's comment --- metasploit-framework.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec index 9d336dca6e..5a772ffbc2 100644 --- a/metasploit-framework.gemspec +++ b/metasploit-framework.gemspec @@ -81,5 +81,5 @@ Gem::Specification.new do |spec| # required for Time::TZInfo in ActiveSupport spec.add_runtime_dependency 'tzinfo' # required for OS fingerprinting - spec.add_runtime_dependency 'recog', '~> 1.0.0' + spec.add_runtime_dependency 'recog', '~> 1.0' end