Detection added for the Foxit Reader plugin, fixes #829

2013-03-11 00:19:19 +00:00
parent 2d710a1bcf
commit 657aac9dcd
9 changed files with 100 additions and 3 deletions
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -1223,6 +1223,15 @@ beef.browser = {
                        }
                        catch (e) {
                        }
+                    }},
+                'FoxitReader_Plugin':{
+                    'control':'FoxitReader Plugin',
+                    'return':function (control) {
+                        try {
+                            version = navigator.plugins['Foxit Reader Plugin for Mozilla']['version'];
+                            return 'FoxitReader Plugin Version ' + version;
+                        } catch (e) {
+                        }
                    }}
            };

@@ -1293,6 +1302,11 @@ beef.browser = {
                'control':'WMPlayer.OCX',
                'return':function (control) {
                    return 'Windows Media Player v' + parseFloat(control.versionInfo);
+                }},
+            'FoxitReaderPlugin':{
+                'control':'FoxitReader.FoxitReaderCtl.1',
+                'return':function (control) {
+                    return 'Foxit Reader Plugin v' + parseFloat(control.versionInfo);
                }}
        };
        if (window.ActiveXObject) {
@@ -1388,6 +1402,7 @@ beef.browser = {
        var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
        var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
        var has_vlc = (beef.browser.hasVLC()) ? "Yes" : "No";
+        var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No";
        try{
            var cookies = document.cookie;
            var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie")) ? "Yes" : "No";
@@ -1432,6 +1447,7 @@ beef.browser = {
        if (has_quicktime) details['HasQuickTime'] = has_quicktime;
        if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
        if (has_vlc) details['HasVLC'] = has_vlc ;
+        if (has_foxit) details['HasFoxit'] = has_foxit;

        return details;
    },
@@ -1548,6 +1564,30 @@ beef.browser = {
        if (!ggfactory) return false; else return true;
    },

+    /**
+     * Checks if the zombie has Foxit PDF reader plugin.
+     * @return: {Boolean} true or false.
+     *
+     * @example: if(beef.browser.hasFoxit()) { ... }
+     * */
+    hasFoxit:function () {
+
+        var foxitplugin = false;
+
+        try {
+            if (beef.browser.isIE()) {
+                var foxitControl = new ActiveXObject('FoxitReader.FoxitReaderCtl.1');
+                foxitplugin = true;
+            } else if (navigator.plugins['Foxit Reader Plugin for Mozilla']) {
+                foxitplugin = true;
+            }
+        } catch (e) {
+            foxitplugin = false;
+        }
+
+        return foxitplugin;
+    },
+
    /**
     * Dynamically changes the favicon: works in Firefox, Chrome and Opera
     **/
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -239,6 +239,14 @@ module BeEF
            self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
          end

+          # get and store the yes|no value for HasFoxit
+          has_foxit = get_param(@data['results'], 'HasFoxit')
+          if BeEF::Filters.is_valid_yes_no?(has_foxit)
+            BD.set(session_id, 'HasFoxit', has_foxit)
+          else
+            self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
+          end
+
          # get and store the yes|no value for HasWebSocket
          has_web_socket = get_param(@data['results'], 'HasWebSocket')
          if BeEF::Filters.is_valid_yes_no?(has_web_socket)
--- a/extensions/admin_ui/controllers/modules/modules.rb
+++ b/extensions/admin_ui/controllers/modules/modules.rb
@@ -84,6 +84,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
        ['Browser Components', 'QuickTime',          'HasQuickTime'],
        ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
        ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit Reader',       'HasFoxit'],
        ['Browser Components', 'ActiveX',            'HasActiveX'],
        ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
        ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
--- a/extensions/admin_ui/controllers/panel/panel.rb
+++ b/extensions/admin_ui/controllers/panel/panel.rb
@@ -93,6 +93,7 @@ module BeEF
            has_quicktime   = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
            has_realplayer  = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
            has_vlc         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
+            has_foxit       = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFoxit')
            date_stamp      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')

            return {
@@ -115,6 +116,7 @@ module BeEF
                'has_silverlight' => has_silverlight,
                'has_quicktime'   => has_quicktime,
                'has_vlc'         => has_vlc,
+                'has_foxit'       => has_foxit,
                'has_realplayer'  => has_realplayer,
                'date_stamp'      => date_stamp
            }
--- a/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
@@ -29,6 +29,7 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		var has_java           = zombie_array[index]["has_java"];
 		var has_activex        = zombie_array[index]["has_activex"];
 		var has_vlc            = zombie_array[index]["has_vlc"];
+        var has_foxit          = zombie_array[index]["has_foxit"];
 		var has_silverlight    = zombie_array[index]["has_silverlight"];
 		var has_quicktime      = zombie_array[index]["has_quicktime"];
 		var has_realplayer     = zombie_array[index]["has_realplayer"];
@@ -45,12 +46,13 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		balloon_text+= "<br/>Hardware: "       + hw_name;
 		balloon_text+= "<br/>Domain: "         + domain + ":" + port;
 		balloon_text+= "<br/>Flash: "          + has_flash;
-                balloon_text+= "<br/>Java: "           + has_java;
-                balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+        balloon_text+= "<br/>Java: "           + has_java;
+        balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
 		balloon_text+= "<br/>ActiveX: "        + has_activex;
 		balloon_text+= "<br/>Silverlight: "    + has_silverlight;
 		balloon_text+= "<br/>QuickTime: "      + has_quicktime;
-                balloon_text+= "<br/>VLC: "            + has_vlc;
+        balloon_text+= "<br/>VLC: "            + has_vlc;
+        balloon_text+= "<br/>Foxit: "          + has_foxit;
 		balloon_text+= "<br/>RealPlayer: "     + has_realplayer;
 		balloon_text+= "<br/>Google Gears: "   + has_googlegears;
 		balloon_text+= "<br/>Date: "           + date_stamp;
--- a/extensions/console/lib/shellinterface.rb
+++ b/extensions/console/lib/shellinterface.rb
@@ -300,6 +300,7 @@ class ShellInterface
        ['Browser Components', 'QuickTime',          'HasQuickTime'],
        ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
        ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit',              'HasFoxit'],
        ['Browser Components', 'ActiveX',            'HasActiveX'],
        ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
        ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
--- a/modules/browser/detect_foxit/command.js
+++ b/modules/browser/detect_foxit/command.js
@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasFoxit() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "foxit="+result);
+
+});
+
--- a/modules/browser/detect_foxit/config.yaml
+++ b/modules/browser/detect_foxit/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_foxit:
+            enable: true
+            category: "Browser"
+            name: "Detect Foxit Reader"
+            description: "This module will check if the browser has Foxit Reader Plugin."
+            authors: ["javuto"]
+            target:
+                working: ["All"]
--- a/modules/browser/detect_foxit/module.rb
+++ b/modules/browser/detect_foxit/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_foxit < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['foxit'] = @datastore['foxit']
+		save content
+	end
+
+end