From c98d9a4300b5a526cfb099400741446778f97b8f Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Sun, 17 Mar 2013 03:30:12 +1030
Subject: [PATCH] Manually merged Windows Media Player detection from @gcattani

Fix issue #833

Fix issue #847
---
 core/main/client/browser.js                   | 45 ++++++++++++++++++-
 core/main/handlers/browserdetails.rb          |  8 ++++
 .../admin_ui/controllers/modules/modules.rb   |  1 +
 .../admin_ui/controllers/panel/panel.rb       |  2 +
 .../media/javascript/ui/panel/ZombiesMgr.js   |  2 +
 extensions/console/lib/shellinterface.rb      |  1 +
 modules/browser/detect_wmp/command.js         | 13 ++++++
 modules/browser/detect_wmp/config.yaml        | 15 +++++++
 modules/browser/detect_wmp/module.rb          | 14 ++++++
 9 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 modules/browser/detect_wmp/command.js
 create mode 100644 modules/browser/detect_wmp/config.yaml
 create mode 100644 modules/browser/detect_wmp/module.rb

diff --git a/core/main/client/browser.js b/core/main/client/browser.js
index 10daa9cf4..88926c088 100644
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -964,6 +964,47 @@ beef.browser = {
 
     },
 
+	/**
+	 * Checks if the zombie has the Windows Media Player plugin installed.
+	 * @return: {Boolean} true or false.
+	 *
+	 * @example: if ( beef.browser.hasWMP() ) { ... }
+	 */
+	hasWMP:function () {
+
+	    var wmp = false;
+
+	    // Not Internet Explorer
+	    if (!this.type().IE) {
+
+	        for (i = 0; i < navigator.plugins.length; i++) {
+
+	            if (navigator.plugins[i].name.indexOf("Windows Media Player") >= 0) {
+	                wmp = true;
+	            }
+
+	        }
+
+	    // Internet Explorer
+	    } else {
+
+	        try {
+
+	            var wmp_test = new ActiveXObject('WMPlayer.OCX');
+
+	        } catch (e) {
+	        }
+
+	        if (wmp_test) {
+	            wmp = true;
+	        }
+
+	    }
+
+	    return wmp;
+
+	},
+
     /**
      *  Checks if VLC is installed
      *  @return: {Boolean} true or false
@@ -1401,6 +1442,7 @@ beef.browser = {
         var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No";
         var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
         var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
+        var has_wmp = (beef.browser.hasWMP()) ? "Yes" : "No"; 
         var has_vlc = (beef.browser.hasVLC()) ? "Yes" : "No";
         var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No";
         try{
@@ -1446,7 +1488,8 @@ beef.browser = {
         if (has_silverlight) details['HasSilverlight'] = has_silverlight;
         if (has_quicktime) details['HasQuickTime'] = has_quicktime;
         if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
-        if (has_vlc) details['HasVLC'] = has_vlc ;
+        if (has_wmp) details['HasWMP'] = has_wmp;
+        if (has_vlc) details['HasVLC'] = has_vlc;
         if (has_foxit) details['HasFoxit'] = has_foxit;
 
         return details;
diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb
index 7469a2edd..ae9218d65 100644
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -287,6 +287,14 @@ module BeEF
             self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasWMP
+          has_wmp = get_param(@data['results'], 'HasWMP')
+          if BeEF::Filters.is_valid_yes_no?(has_wmp)
+            BD.set(session_id, 'HasWMP', has_wmp)
+          else
+            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasVLC
           has_vlc = get_param(@data['results'], 'HasVLC')
           if BeEF::Filters.is_valid_yes_no?(has_vlc)
diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb
index 327499b3e..3d71bc7aa 100644
--- a/extensions/admin_ui/controllers/modules/modules.rb
+++ b/extensions/admin_ui/controllers/modules/modules.rb
@@ -83,6 +83,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
         ['Browser Components', 'Web Sockets',        'HasWebSocket'],
         ['Browser Components', 'QuickTime',          'HasQuickTime'],
         ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'],
         ['Browser Components', 'VLC',                'HasVLC'],
         ['Browser Components', 'Foxit Reader',       'HasFoxit'],
         ['Browser Components', 'ActiveX',            'HasActiveX'],
diff --git a/extensions/admin_ui/controllers/panel/panel.rb b/extensions/admin_ui/controllers/panel/panel.rb
index bd06df3db..22eeb00b6 100644
--- a/extensions/admin_ui/controllers/panel/panel.rb
+++ b/extensions/admin_ui/controllers/panel/panel.rb
@@ -92,6 +92,7 @@ module BeEF
             has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
             has_quicktime   = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
             has_realplayer  = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
+            has_wmp         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWMP') 
             has_vlc         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
             has_foxit       = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFoxit')
             date_stamp      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
@@ -115,6 +116,7 @@ module BeEF
                 'has_activex'     => has_activex,
                 'has_silverlight' => has_silverlight,
                 'has_quicktime'   => has_quicktime,
+                'has_wmp'         => has_wmp,
                 'has_vlc'         => has_vlc,
                 'has_foxit'       => has_foxit,
                 'has_realplayer'  => has_realplayer,
diff --git a/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js b/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
index 40aa2b879..d983ba4a9 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
@@ -28,6 +28,7 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		var has_googlegears    = zombie_array[index]["has_googlegears"];
 		var has_java           = zombie_array[index]["has_java"];
 		var has_activex        = zombie_array[index]["has_activex"];
+        var has_wmp            = zombie_array[index]["has_wmp"]; 
 		var has_vlc            = zombie_array[index]["has_vlc"];
         var has_foxit          = zombie_array[index]["has_foxit"];
 		var has_silverlight    = zombie_array[index]["has_silverlight"];
@@ -51,6 +52,7 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		balloon_text+= "<br/>ActiveX: "        + has_activex;
 		balloon_text+= "<br/>Silverlight: "    + has_silverlight;
 		balloon_text+= "<br/>QuickTime: "      + has_quicktime;
+        balloon_text+= "<br/>Windows MediaPlayer: " + has_wmp; 
         balloon_text+= "<br/>VLC: "            + has_vlc;
         balloon_text+= "<br/>Foxit: "          + has_foxit;
 		balloon_text+= "<br/>RealPlayer: "     + has_realplayer;
diff --git a/extensions/console/lib/shellinterface.rb b/extensions/console/lib/shellinterface.rb
index d228de9b6..e122933e5 100644
--- a/extensions/console/lib/shellinterface.rb
+++ b/extensions/console/lib/shellinterface.rb
@@ -299,6 +299,7 @@ class ShellInterface
         ['Browser Components', 'Web Sockets',        'HasWebSocket'],
         ['Browser Components', 'QuickTime',          'HasQuickTime'],
         ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'], 
         ['Browser Components', 'VLC',                'HasVLC'],
         ['Browser Components', 'Foxit',              'HasFoxit'],
         ['Browser Components', 'ActiveX',            'HasActiveX'],
diff --git a/modules/browser/detect_wmp/command.js b/modules/browser/detect_wmp/command.js
new file mode 100644
index 000000000..2d58463fe
--- /dev/null
+++ b/modules/browser/detect_wmp/command.js
@@ -0,0 +1,13 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasWMP() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "wmp="+result);
+
+});
diff --git a/modules/browser/detect_wmp/config.yaml b/modules/browser/detect_wmp/config.yaml
new file mode 100644
index 000000000..376c7cb26
--- /dev/null
+++ b/modules/browser/detect_wmp/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_wmp:
+            enable: true
+            category: "Browser"
+            name: "Detect Windows Media Player"
+            description: "This module will check if the browser has the Windows Media Player plugin installed."
+            authors: ["gcattani"]
+            target:
+                working: ["All"]
diff --git a/modules/browser/detect_wmp/module.rb b/modules/browser/detect_wmp/module.rb
new file mode 100644
index 000000000..afa829b8a
--- /dev/null
+++ b/modules/browser/detect_wmp/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_wmp < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['wmp'] = @datastore['wmp']
+		save content
+	end
+
+end