From 0ac7023df10652ca8482257f49ddc8102b23b9f8 Mon Sep 17 00:00:00 2001 From: bcoles Date: Tue, 29 May 2012 18:52:43 +0930 Subject: [PATCH] Renamed getScreenParams() to getScreenSize() Added date stamp to browser hook initialization --- core/filters/browser.rb | 15 +++++-- core/main/client/browser.js | 8 ++-- core/main/client/browser/popup.js | 4 +- core/main/handlers/browserdetails.rb | 16 ++++++-- .../admin_ui/controllers/modules/modules.rb | 39 +++++++++++++------ extensions/console/lib/shellinterface.rb | 39 +++++++++++++------ 6 files changed, 85 insertions(+), 36 deletions(-) diff --git a/core/filters/browser.rb b/core/filters/browser.rb index 0bf881883..f955fb6f6 100644 --- a/core/filters/browser.rb +++ b/core/filters/browser.rb @@ -78,10 +78,10 @@ module Filters true end - # Verify the screen params are valid + # Verify the screen size is valid # @param [String] str String for testing - # @return [Boolean] If the string has valid screen param characters - def self.is_valid_screen_params?(str) + # @return [Boolean] If the string has valid screen size characters + def self.is_valid_screen_size?(str) return false if has_non_printable_char?(str) return false if str.length > 200 true @@ -105,6 +105,15 @@ module Filters true end + # Verify the date stamp is valid + # @param [String] str String for testing + # @return [Boolean] If the string has valid date stamp characters + def self.is_valid_date_stamp?(str) + return false if has_non_printable_char?(str) + return false if str.length > 200 + true + end + # Verify the browser_plugins string is valid # @param [String] str String for testing # @return [Boolean] If the string has valid browser plugin characters diff --git a/core/main/client/browser.js b/core/main/client/browser.js index 31663f729..762072108 100644 --- a/core/main/client/browser.js +++ b/core/main/client/browser.js @@ -714,7 +714,7 @@ beef.browser = { /** * Returns zombie screen size and color depth. */ - getScreenParams: function() { + getScreenSize: function() { return { width: window.screen.width, height: window.screen.height, @@ -763,10 +763,11 @@ beef.browser = { var hostname = document.location.hostname; var hostport = (document.location.port)? document.location.port : "80"; var browser_plugins = beef.browser.getPlugins(); + var date_stamp = new Date().toString(); var os_name = beef.os.getName(); var system_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null; var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {if (value == true) return value; else if (typeof value == 'object') return value; else return;}); - var screen_params = beef.browser.getScreenParams(); + var screen_size = beef.browser.getScreenSize(); var window_size = beef.browser.getWindowSize(); var java_enabled = (beef.browser.javaEnabled())? "Yes" : "No"; var vbscript_enabled=(beef.browser.hasVBScript())? "Yes" : "No"; @@ -788,9 +789,10 @@ beef.browser = { if(hostport) details["HostPort"] = hostport; if(browser_plugins) details["BrowserPlugins"] = browser_plugins; if(os_name) details['OsName'] = os_name; + if(date_stamp) details['DateStamp'] = date_stamp; if(system_platform) details['SystemPlatform'] = system_platform; if(browser_type) details['BrowserType'] = browser_type; - if(screen_params) details['ScreenParams'] = screen_params; + if(screen_size) details['ScreenSize'] = screen_size; if(window_size) details['WindowSize'] = window_size; if(java_enabled) details['JavaEnabled'] = java_enabled; if(vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled diff --git a/core/main/client/browser/popup.js b/core/main/client/browser/popup.js index 656d41c6a..bdea5eb35 100644 --- a/core/main/client/browser/popup.js +++ b/core/main/client/browser/popup.js @@ -25,7 +25,7 @@ beef.browser.popup = { blocker_enbabled: function () { - screenParams = beef.browser.getScreenParams(); + screenParams = beef.browser.getScreenSize(); var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable'); if (popUp == null || typeof(popUp)=='undefined') { return true; @@ -36,4 +36,4 @@ beef.browser.popup = { } }; -beef.regCmp('beef.browser.popup'); \ No newline at end of file +beef.regCmp('beef.browser.popup'); diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb index 862e20770..dfb3b8040 100644 --- a/core/main/handlers/browserdetails.rb +++ b/core/main/handlers/browserdetails.rb @@ -118,6 +118,14 @@ module BeEF self.err_msg "Invalid operating system name returned from the hook browser's initial connection." end + # get and store the date + date_stamp = get_param(@data['results'], 'DateStamp') + if BeEF::Filters.is_valid_date_stamp?(date_stamp) + BD.set(session_id, 'DateStamp', date_stamp) + else + self.err_msg "Invalid date returned from the hook browser's initial connection." + end + # get and store page title page_title = get_param(@data['results'], 'PageTitle') if BeEF::Filters.is_valid_pagetitle?(page_title) @@ -175,11 +183,11 @@ module BeEF end # get and store the zombie screen size and color depth - screen_params = get_param(@data['results'], 'ScreenParams') - if BeEF::Filters.is_valid_screen_params?(screen_params) - BD.set(session_id, 'ScreenParams', screen_params) + screen_size = get_param(@data['results'], 'ScreenSize') + if BeEF::Filters.is_valid_screen_size?(screen_size) + BD.set(session_id, 'ScreenSize', screen_size) else - self.err_msg "Invalid screen params returned from the hook browser's initial connection." + self.err_msg "Invalid screen size returned from the hook browser's initial connection." end # get and store the window size diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb index 17d757e29..b30573a0d 100644 --- a/extensions/admin_ui/controllers/modules/modules.rb +++ b/extensions/admin_ui/controllers/modules/modules.rb @@ -119,21 +119,36 @@ class Modules < BeEF::Extension::AdminUI::HttpController summary_grid_hash['results'].push(page_name_row) # add the row end + # set and add the return values for the date stamp + date_stamp = BD.get(zombie_session, 'DateStamp') + if not date_stamp.nil? + encoded_date_stamp = CGI.escapeHTML(date_stamp) + encoded_date_stamp_hash = { 'Date' => encoded_date_stamp } + + page_name_row = { + 'category' => 'Host', + 'data' => encoded_date_stamp_hash, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end + # set and add the return values for the os name os_name = BD.get(zombie_session, 'OsName') if not host_name.nil? encoded_os_name = CGI.escapeHTML(os_name) encoded_os_name_hash = { 'OS Name' => encoded_os_name } - + page_name_row = { 'category' => 'Host', 'data' => encoded_os_name_hash, 'from' => 'Initialization' } - + summary_grid_hash['results'].push(page_name_row) # add the row end - + # set and add the return values for the browser name browser_name = BD.get(zombie_session, 'BrowserName') if not browser_name.nil? @@ -224,24 +239,24 @@ class Modules < BeEF::Extension::AdminUI::HttpController end # set and add the zombie screen size and color depth - screen_params = BD.get(zombie_session, 'ScreenParams') - if not screen_params.nil? + screen_size = BD.get(zombie_session, 'ScreenSize') + if not screen_size.nil? - screen_params_hash = JSON.parse(screen_params.gsub(/\"\=\>/, '":')) # tidy up the string for JSON - width = screen_params_hash['width'] + screen_size_hash = JSON.parse(screen_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON + width = screen_size_hash['width'] (print_error "width is wrong type";return) if not width.is_a?(Fixnum) - height = screen_params_hash['height'] + height = screen_size_hash['height'] (print_error "height is wrong type";return) if not height.is_a?(Fixnum) - colordepth = screen_params_hash['colordepth'] + colordepth = screen_size_hash['colordepth'] (print_error "colordepth is wrong type";return) if not colordepth.is_a?(Fixnum) # construct the string to be displayed in the details tab - encoded_screen_params = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s) - encoded_screen_params_hash = { 'Screen Params' => encoded_screen_params } + encoded_screen_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s) + encoded_screen_size_hash = { 'Screen Size' => encoded_screen_size } page_name_row = { 'category' => 'Host', - 'data' => encoded_screen_params_hash, + 'data' => encoded_screen_size_hash, 'from' => 'Initialization' } diff --git a/extensions/console/lib/shellinterface.rb b/extensions/console/lib/shellinterface.rb index 927686cb7..a896184cb 100644 --- a/extensions/console/lib/shellinterface.rb +++ b/extensions/console/lib/shellinterface.rb @@ -328,21 +328,36 @@ class ShellInterface summary_grid_hash['results'].push(page_name_row) # add the row end + # set and add the return values for the date + date_stamp = BD.get(self.targetsession, 'DateStamp') + if not date_stamp.nil? + encoded_date_stamp = CGI.escapeHTML(date_stamp) + encoded_date_stamp_hash = { 'Date' => encoded_date_stamp } + + page_name_row = { + 'category' => 'Host', + 'data' => encoded_date_stamp, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end + # set and add the return values for the os name os_name = BD.get(self.targetsession, 'OsName') if not os_name.nil? encoded_os_name = CGI.escapeHTML(os_name) encoded_os_name_hash = { 'OS Name' => encoded_os_name } - + page_name_row = { 'category' => 'Host', 'data' => encoded_os_name_hash, 'from' => 'Initialization' } - + summary_grid_hash['results'].push(page_name_row) # add the row end - + # set and add the return values for the browser name browser_name = BD.get(self.targetsession, 'BrowserName') if not browser_name.nil? @@ -433,21 +448,21 @@ class ShellInterface end # set and add the zombie screen size and color depth - screen_params = BD.get(self.targetsession, 'ScreenParams') - if not screen_params.nil? + screen_size = BD.get(self.targetsession, 'ScreenSize') + if not screen_size.nil? - screen_params_hash = JSON.parse(screen_params.gsub(/\"\=\>/, '":')) # tidy up the string for JSON - width = screen_params_hash['width'] - height = screen_params_hash['height'] - colordepth = screen_params_hash['colordepth'] + screen_size_hash = JSON.parse(screen_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON + width = screen_size_hash['width'] + height = screen_size_hash['height'] + colordepth = screen_size_hash['colordepth'] # construct the string to be displayed in the details tab - encoded_screen_params = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s) - encoded_screen_params_hash = { 'Screen Params' => encoded_screen_params } + encoded_screen_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s) + encoded_screen_size_hash = { 'Screen Size' => encoded_screen_size } page_name_row = { 'category' => 'Host', - 'data' => encoded_screen_params_hash, + 'data' => encoded_screen_size_hash, 'from' => 'Initialization' }