Stash

wchen-r7 · wchen-r7 · commit e520ace1f17a · 2015-03-23T14:21:46.000-05:00
diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@@ -64,7 +64,7 @@ class BESException < RuntimeError; end
       :java,         # Example: Return '1.6', or maybe '1.6.0.0' (depends)
       :mshtml_build, # mshtml build. Example: Returns "65535"
       :flash,        # Example: Returns "12.0" (chrome/ff) or "12.0.0.77" (IE)
-      :vuln_test     # Example: "if(window.MyComponentIsInstalled)return true;",
+      :vuln_test,    # Example: "if(window.MyComponentIsInstalled)return true;",
       :activex       # Example: [{:clsid=>'String', :method=>'String'}]
     ])
 
@@ -187,15 +187,9 @@ def try_set_target(profile)
       end
     end
 
-    # Returns true if a bad ActiveX is found, otherwise false
-    #
-    # @param expected_ax [Array] ActiveX requirements set by the module
-    def has_bad_activex?(user_ax)
-      user_ax.each do |a|
-        found = a[:found]
-        return true unless found
-      end
 
+    def has_bad_activex?(ax)
+      return true unless ax.split(';').empty?
       false
     end
 
@@ -211,7 +205,7 @@ def get_bad_requirements(profile)
         vprint_debug("Comparing requirement: #{k}=#{expected} vs #{k}=#{profile[k.to_sym]}")
 
         if k == :activex
-          bad_reqs << k unless has_bad_activex?(v)
+          bad_reqs << k unless has_bad_activex?(profile[k.to_sym])
         elsif k == :vuln_test
           bad_reqs << k unless profile[k.to_sym].to_s == 'true'
         elsif v.is_a? Regexp
@@ -365,9 +359,12 @@ def has_proxy?(request)
     # @param user_agent [String] The user-agent of the browser
     # @return [String] Returns the HTML for detection
     def get_detection_html(user_agent)
+      print_debug(user_agent)
       ua_info = fingerprint_user_agent(user_agent)
       os      = ua_info[:os_name]
       client  = ua_info[:ua_name]
+      print_debug(os.inspect)
+      print_debug(client.inspect)
 
       code = ERB.new(%Q|
       <%= js_base64 %>
@@ -406,14 +403,12 @@ def get_detection_html(user_agent)
           <%
             activex = @requirements[:activex]
             if activex
-          %>
-              d['activex'] = '';
-          <%
               activex.each do \|a\|
                 clsid = a[:clsid]
                 method = a[:method]
           %>
                 var ax = ie_addons_detect.hasActiveX('<%=clsid%>', '<%=method%>');
+                d['activex'] = '';
                 if (ax == false) {
                   d['activex'] += "<%=clsid%>=<%=method%>;";
                 }
@@ -433,7 +428,7 @@ def get_detection_html(user_agent)
 
       %Q|
       <script>
-      #{js}
+      #{code}
       </script>
       <noscript>
       <img style="visibility:hidden" src="#{get_resource.chomp("/")}/#{@noscript_receiver_page}/">
