From c19a4d7a239307d31e63cd0e2625ce9d4db9b863 Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 9 Apr 2012 14:08:35 -0600 Subject: [PATCH] Put final detection results on window.os_detect object Makes it easier to grab results from within a module without having to run the detection again. I thought I had committed something like this before, I wonder what other code I've lost... --- lib/rex/exploitation/javascriptosdetect.js | 56 ++++++++++++++++++---- 1 file changed, 47 insertions(+), 9 deletions(-) diff --git a/lib/rex/exploitation/javascriptosdetect.js b/lib/rex/exploitation/javascriptosdetect.js index 181d7138d1..dc70d142eb 100644 --- a/lib/rex/exploitation/javascriptosdetect.js +++ b/lib/rex/exploitation/javascriptosdetect.js @@ -10,7 +10,7 @@ clients_safari= "Safari"; // All of these should match up with constants in ::Msf::OperatingSystems oses_linux = "Linux"; oses_windows = "Microsoft Windows"; -oses_mac_osx = "MAC_OSX"; +oses_mac_osx = "Mac OS X"; oses_freebsd = "FreeBSD"; oses_netbsd = "NetBSD"; oses_openbsd = "OpenBSD"; @@ -21,7 +21,7 @@ arch_x86 = "x86"; arch_x86_64 = "x86_64"; arch_ppc = "ppc"; -window.os_detect = function(){}; +window.os_detect = {}; /** * This can reliably detect browser versions for IE and Firefox even in the @@ -91,6 +91,25 @@ window.os_detect.getVersion = function(){ case "6386": // 10.61 os_name = oses_mac_osx; break; + case "1407": + // In the case of mini versions, the UA is quite a bit + // harder to spoof, so it's correspondingly easier to + // trust. Unfortunately, despite being fairly truthful in + // what OS it's running on, Opera mini seems to lie like a + // rug in regards to the browser version. + // + // iPhone, iOS 5.0.1 + // Opera/9.80 (iPhone; Opera Mini/7.1.32694/27.1407; U; en) Presto/2.8.119 Version/11.10.10 + // Android 2.3.6, opera mini 7.1 + // Opera/9.80 (Android; Opera Mini/7.29530/27.1407; U; en) Presto/2.8.119 Version/11.101.10 + if (navigator.userAgent.indexOf("Android")) { + os_name = oses_linux; + os_flavor = "Android"; + } else if (navigator.userAgent.indexOf("iPhone")) { + os_name = oses_mac_osx; + os_flavor = "iPhone"; + } + break; // A few are ambiguous, record them here case "1250": // Opera 9.80 / Windows XP @@ -568,7 +587,16 @@ window.os_detect.getVersion = function(){ case "20120216100510": ua_version = "10.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 10.0.2 / Ubuntu 9.10 (Karmic Koala) case "20120310010316": ua_version = "11.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // browsershots: Firefox 11.0 / Ubuntu 9.10 (Karmic Koala) case "20120310194926": ua_version = "11.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break; - case "20120312181643": ua_version = "11.0"; os_name = oses_windows; break; // browsershots: Firefox 11.0 / Windows XP + case "20120312181643": + // It is disconcerting that a buildID is the same on Windows + // and Mac, need to examine more versions on Mac. + ua_version = "11.0"; + if (/Mac/.test(navigator.oscpu)) { + os_name = oses_mac_osx; + } else { + os_name = oses_windows; // browsershots: Firefox 11.0 / Windows XP + } + break; case "20120314195616": ua_version = "12.0"; os_name = oses_linux; os_flavor = "Debian"; break; // browsershots: Firefox 12.0 / Debian 4.0 (Etch) default: version = this.searchVersion("Firefox", navigator.userAgent); @@ -855,8 +883,18 @@ window.os_detect.getVersion = function(){ } } + this.ua_is_lying = ua_is_lying; + this.os_name = os_name; + this.os_flavor = os_flavor; + this.os_sp = os_sp; + this.os_lang = os_lang; + this.arch = arch; + this.ua_name = ua_name; + this.ua_version = ua_version; + this.ua_version = ua_version; + return { os_name:os_name, os_flavor:os_flavor, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version }; -} // function getVersion +}; // function getVersion window.os_detect.searchVersion = function(needle, haystack) { var index = haystack.indexOf(needle); @@ -868,7 +906,7 @@ window.os_detect.searchVersion = function(needle, haystack) { found_version = found_version.substring(0,found_version.indexOf(' ')); } return found_version; -} +}; /* @@ -916,17 +954,17 @@ window.ua_ver_cmp = function(ver_a, ver_b) { } // If we get here, they must be equal return 0; -} +}; window.ua_ver_lt = function(a, b) { if (-1 == this.ua_ver_cmp(a,b)) { return true; } return false; -} +}; window.ua_ver_gt = function(a, b) { if (1 == this.ua_ver_cmp(a,b)) { return true; } return false; -} +}; window.ua_ver_eq = function(a, b) { if (0 == this.ua_ver_cmp(a,b)) { return true; } return false; -} +};