diff --git a/How-to-write-a-browser-exploit-using-BrowserExploitServer.md b/How-to-write-a-browser-exploit-using-BrowserExploitServer.md
index 13861d0343..7f3439ba80 100644
--- a/How-to-write-a-browser-exploit-using-BrowserExploitServer.md
+++ b/How-to-write-a-browser-exploit-using-BrowserExploitServer.md
@@ -1,5 +1,3 @@
-**Nov 30th 2014 - This documentation is outdated. The use of os_flavor should be corrected.
-
The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are:
* **[Msf::Exploit::Remote::HttpServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-HttpServer)** - The most basic form of a HTTP server.
@@ -17,7 +15,7 @@ Hint: In the module, you can check the :source key in the profile to determine w
### Setting Exploitable Requirements
-Being able to set browser requirements is an important feature of the mixin. It allows your attack to be smarter, more targeted, and prevents accidents. Here's a scenario: Say you have a vulnerability against Internet Explorer that only affects a specific range of MSHTML builds, you can set the :os_name, :os_flavor, :ua_name, :ua_ver, and :mshtml_build to make sure it doesn't blindly exploit against anything else. The :mshtml_build requirement can be found in "Product version" under MSHTML's file properties.
+Being able to set browser requirements is an important feature of the mixin. It allows your attack to be smarter, more targeted, and prevents accidents. Here's a scenario: Say you have a vulnerability against Internet Explorer that only affects a specific range of MSHTML builds, you can set the :os_name, :ua_name, :ua_ver, and :mshtml_build to make sure it doesn't blindly exploit against anything else. The :mshtml_build requirement can be found in "Product version" under MSHTML's file properties.
Exploitable browser requirements are defined under "BrowserRequirements" in the module's metadata. Here's an example of defining a vulnerable target running some ActiveX control:
@@ -36,8 +34,8 @@ You can also define target-specific requirements. This is also how the mixin is
```ruby
'BrowserRequirements' =>
{
- :source => /script|headers/i,
- :os_name => /win/i
+ :source => /script|headers/i,
+ 'ua_name' => HttpClients::IE,
},
'Targets' =>
[
@@ -45,8 +43,7 @@ You can also define target-specific requirements. This is also how the mixin is
[
'Windows XP with IE 8',
{
- 'os_flavor' => WindowsVersions::XP,
- 'ua_name' => HttpClients::IE,
+ :os_name => 'Windows XP',
'ua_ver' => '8.0',
'Rop' => true,
'Offset' => 0x100
@@ -55,8 +52,7 @@ You can also define target-specific requirements. This is also how the mixin is
[
'Windows 7 with IE 9',
{
- 'os_flavor' => WindowsVersions::SEVEN,
- 'ua_name' => HttpClients::IE,
+ 'os_name' => 'Windows 7',
'ua_ver' => '9.0',
'Rop' => true,
'Offset' => 0x200
@@ -67,29 +63,31 @@ You can also define target-specific requirements. This is also how the mixin is
You can use these for **:os_name**:
-| Constant | Value |
+| Constant | Purpose |
| -------- | ----- |
-| OperatingSystems::LINUX | "Linux" |
-| OperatingSystems::MAC_OSX | "Mac OS X" |
-| OperatingSystems::WINDOWS | "Microsoft Windows" |
-| OperatingSystems::FREEBSD | "FreeBSD" |
-| OperatingSystems::NETBSD | "NetBSD" |
-| OperatingSystems::OPENBSD | "OpenBSD" |
-| OperatingSystems::VMWARE | "VMware" |
-
-
-You can use these for **:os_flavor**:
-
-| Constant | Value |
-| -------- | ----- |
-| WindowsVersions::NT | "NT" |
-| WindowsVersions::XP | "XP" |
-| WindowsVersions::TWOK | "2000" |
-| WindowsVersions::TWOK3 | "2003" |
-| WindowsVersions::VISTA | "Vista" |
-| WindowsVersions::TWOK8 | "2008" |
-| WindowsVersions::SEVEN | "7" |
-| WindowsVersions::EIGHT | "8" |
+| OperatingSystems::Match::WINDOWS | Match all versions of Windows |
+| OperatingSystems::Match::WINDOWS_95 | Match Windows 95 |
+| OperatingSystems::Match::WINDOWS_98 | Match Windows 98 |
+| OperatingSystems::Match::WINDOWS_ME | Match Windows ME |
+| OperatingSystems::Match::WINDOWS_NT3 | Match Windows NT 3 |
+| OperatingSystems::Match::WINDOWS_NT4 | Match Windows NT 4 |
+| OperatingSystems::Match::WINDOWS_2000 | Match Windows 2000 |
+| OperatingSystems::Match::WINDOWS_XP | Match Windows XP |
+| OperatingSystems::Match::WINDOWS_2003 | Match Windows Server 2003 |
+| OperatingSystems::Match::WINDOWS_VISTA | Match Windows Vista |
+| OperatingSystems::Match::WINDOWS_2008 | Match Windows Server 2008 |
+| OperatingSystems::Match::WINDOWS_7 | Match Windows 7 |
+| OperatingSystems::Match::WINDOWS_2012 | Match Windows 2012 |
+| OperatingSystems::Match::WINDOWS_8 | Match Windows 8 |
+| OperatingSystems::Match::WINDOWS_81 | Match Windows 8.1 |
+| OperatingSystems::Match::LINUX | Match a Linux distro |
+| OperatingSystems::Match::MAC_OSX | Match Mac OSX |
+| OperatingSystems::Match::FREEBSD | Match FreeBSD |
+| OperatingSystems::Match::NETBSD | Match NetBSD |
+| OperatingSystems::Match::OPENBSD | Match OpenBSD |
+| OperatingSystems::Match::VMWARE | Match VMWare |
+| OperatingSystems::Match::ANDROID | Match Android |
+| OperatingSystems::Match::APPLE_IOS | Match Apple IOS |
You can use these for **:ua_name**:
@@ -170,7 +168,6 @@ def exploit_template1(target_info, txt)
Data gathered from source: #{target_info[:source]}
OS name: #{target_info[:os_name]}
- Flavor: #{target_info[:os_flavor]}
UA name: #{target_info[:ua_name]}
UA version: #{target_info[:ua_ver]}
Java version: #{target_info[:java]}
@@ -218,7 +215,6 @@ class Metasploit3 < Msf::Exploit::Remote
'BrowserRequirements' =>
{
:source => /script|headers/i,
- :os_name => /win/i
},
'Targets' =>
[
@@ -226,7 +222,7 @@ class Metasploit3 < Msf::Exploit::Remote
[
'Windows XP with IE 8',
{
- 'os_flavor' => 'XP',
+ 'os_name' => 'Windows XP',
'ua_name' => 'MSIE',
'ua_ver' => '8.0'
}
@@ -234,7 +230,7 @@ class Metasploit3 < Msf::Exploit::Remote
[
'Windows 7 with IE 9',
{
- 'os_flavor' => '7',
+ 'os_name' => 'Windows 7',
'ua_name' => 'MSIE',
'ua_ver' => '9.0'
}
@@ -249,7 +245,6 @@ class Metasploit3 < Msf::Exploit::Remote
template = %Q|
Data source: <%=target_info[:source]%>
OS name: <%=target_info[:os_name]%>
- Flavor: <%=target_info[:os_flavor]%>
UA name: <%=target_info[:ua_name]%>
UA version: <%=target_info[:ua_ver]%>
Java version: <%=target_info[:java]%>