def testParseAll(self):
user_agent_string = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; fr; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5,gzip(gfe),gzip(gfe)'
expected = {
'device': {
'is_spider': False,
'is_mobile': False,
'family': None
},
'os': {
'family': 'Mac OS X',
'major': '10',
'minor': '4',
'patch': None,
'patch_minor': None
},
'user_agent': {
'family': 'Firefox',
'major': '3',
'minor': '5',
'patch': '5'
},
'string': user_agent_string
}
result = user_agent_parser.Parse(user_agent_string)
self.assertEqual(
result, expected, u"UA: {0}\n expected<{1}> != actual<{2}>".format(
user_agent_string, expected, result))
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if not 'Windows' in parsed['os']['family']:
self.log_error('Not a Windows host, aborting.')
return 0
# Adobe Flash Player before 18.0.0.194 and
# after Adobe Flash Player 9 on Windows
if "IE Flash" in info_dict['plugins']:
flash = info_dict['plugins']['IE Flash']
version_regex = "([\d.]*\d+)"
match = re.search(version_regex, flash)
# If there's no match it will throw an exception
if match:
flash_version = match.group(0)
else:
return 0
version_list = flash_version.split(".")
major = int(version_list[0])
minor = int(version_list[1])
build = int(version_list[2])
patch = int(version_list[3])
if major > 9 and major < 18:
return 1
if major == 18:
if minor == 0:
if build == 0:
if patch <= 194:
return 1
return 0
def is_vulnerable(self, info_dict):
user_agent = info_dict['user_agent']
parsed = user_agent_parser.Parse(user_agent)
if 'Windows' not in parsed['os']['family']:
return 0
#detect if the os is Windows 7
self.win7 = self.isWin7(user_agent)
return 1
def is_vulnerable(self, info_dict):
# User-Agent: Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; sdk Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if parsed['os']['family'] == 'Android' and \
parsed['os']['major'] == '2' and \
parsed['os']['minor'] == '1' and \
parsed['os']['patch'] == 'update1':
return 100
return 0
def is_vulnerable( self, info_dict ):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']:
return 0
major, minor, _, _ = self.getReaderVersions(info_dict)
if not major: return 0
# Tested/verified on 10.1.4
if major <= 11: return 1
return 0
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if "Windows" not in parsed['os']['family']:
self.log("Target not running Windows")
return 0
#must also be running flash...
#but js_recon kills this by moving something else into our heap-spray region.
#so really you don't want to run this unless you've done it explicitly
return 0
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' in parsed['os']['family'] and \
parsed['user_agent']['family'] == 'Firefox' and \
parsed['user_agent']['major'] == '3' and \
parsed['user_agent']['minor'] == '6' and \
parsed['user_agent']['patch'] in ('16', '17'):
return 100
self.log("Did not detect vulnerable version of Firefox - bailing out.")
return 0
def parse_agent(agent):
data = user_agent_parser.Parse(agent)
order = ['family', 'major', 'minor', 'patch']
os_vals = filter(None, (data['os'][key] for key in order))
os = ([os_vals[0], '.'.join(os_vals[1:])])
agent_vals = filter(None, (data['user_agent'][key] for key in order))
agent = ([
agent_vals[0].replace('IE', 'Internet Explorer'),
'.'.join(agent_vals[1:])
])
return os, agent
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']:
return 0
major, minor, build, patch = self.getReaderVersions(info_dict)
if not major:
#no Reader
return 0
if major == 9:
if minor <= 4:
if build <= 0:
return 100
return 0
def is_vulnerable(self, info_dict):
major, minor, build, patch = self.getReaderVersions(info_dict)
if not major:
self.log("No Acrobat Reader available to target")
return 0
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']:
self.log("Target not running Windows")
return 0
if major == 9:
if minor <= 3:
if build == 0:
return 70
return 0
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']: return 0
if 'Safari' in parsed['user_agent']['family']:
try:
minor = int(parsed['user_agent']['minor'])
except Exception:
return 0
if parsed['user_agent']['major'] == '5' and \
minor <= 1:
return 100
return 0
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if not 'Windows' in parsed['os']['family']:
self.log('Not Windows, not vulnerable to this exploit.')
return 0
# Adobe Flash Player before 10.3.183.51 and
# 11.x before 11.5.502.149 on Windows
import re
if "Firefox" in info_dict['plugins'][
'AGENT'] and "Shockwave Flash" in info_dict['plugins']:
# we cant check for patch version in ff, fml.
if "11.4 r402" in info_dict['plugins'][
'Shockwave Flash'] or "11.5 r502" in info_dict['plugins'][
'Shockwave Flash']:
return 1
if "IE Flash" in info_dict['plugins']:
flash = info_dict['plugins']['IE Flash']
version_regex = "([\d.]*\d+)"
match = re.search(version_regex, flash)
# If there's no match it will throw an exception
if match:
flash_version = match.group(0)
else:
return 0
version_list = flash_version.split(".")
major = int(version_list[0])
minor = int(version_list[1])
build = int(version_list[2])
patch = int(version_list[3])
if major == 11:
if minor == 4:
if build == 402:
if patch <= 287 and patch >= 265:
return 1
elif minor == 5:
if build == 502:
if patch <= 146 and patch >= 110:
return 1
return 0
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if not 'Windows' in parsed['os']['family']:
self.log('Not Windows, not vulnerable to this exploit.')
return 0
import re
#11.1.102.62 and earlier
if "IE Flash" in info_dict['plugins']:
flash = info_dict['plugins']['IE Flash']
version_regex = "([\d.]*\d+)"
match = re.search(version_regex, flash)
# If there's no match it will throw an exception
if match:
flash_version = match.group(0)
else:
return 0
version_list = flash_version.split(".")
major = int(version_list[0])
minor = int(version_list[1])
build = int(version_list[2])
patch = int(version_list[3])
if major == 10:
if minor == 3:
if build < 183:
return 100
elif build == 183 and patch < 15:
return 100
elif minor < 3:
return 100
if major == 11:
if minor == 1:
if build == 102 and patch < 62:
return 100
elif build < 102:
return 100
elif minor < 1:
return 100
return 0
def is_vulnerable(self,info):
parsed = user_agent_parser.Parse(info['user_agent'])
if "Mac OS X" in parsed['os']['family'] and \
"Safari" in parsed['user_agent']['family']:
try:
patch = int(parsed['user_agent']['patch'])
except Exception:
return 0
if parsed['user_agent']['major'] == '5' and \
parsed['user_agent']['minor'] == '0' and \
patch <= 3:
return 100
return 0
def is_vulnerable(self, info_dict):
vuln = (('9', '0', '115', '0'), ('9', '0', '47', '0'))
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']:
return 0
if 'plugins' not in info_dict: return 0
version = info_dict['plugins'].get('IE Flash', None)
# expected format "WIN 10.3.181.23"
if not version: return 0
version = version.split()[1]
ver, major, minor, build = version.split('.')
if (ver, major, minor, build) in vuln: return 100
return 0
def is_vulnerable(self, info):
# User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
parsed = user_agent_parser.Parse(info['user_agent'])
if parsed['user_agent']['family'] != 'Safari':
return 0
try:
patch = int(parsed['user_agent']['minor'])
except Exception:
return 0
if parsed['user_agent']['major'] != '5' or \
parsed['user_agent']['minor'] != '0' or \
patch > 3:
return 0
os_family = parsed['os']['family']
if 'Windows' in os_family:
self.os = "win"
if "Windows XP" in os_family:
self.osname = "xp"
self.log("Detected Windows XP")
elif "Windows 7" in os_family:
self.osname = "win7"
self.log("Detected Windows 7")
else:
self.log("Unknown Windows Version, trying with Windows 7")
self.osname = "win7"
return 100
if 'Mac OS X' in os_family:
self.log("Detected OSX")
self.os = "mac"
return 100
return 0
def is_vulnerable(self, info_dict):
ua = user_agent_parser.Parse(info_dict['user_agent'])
if "Windows" not in ua['os']['family']:
return 0
major, minor, build, patch = self.getReaderVersions(info_dict)
if not major:
self.log("Reader not found")
return 0
if major == 11 and minor == 0 and build <= 2:
return 100
if major == 10 and minor <= 1 and build <= 6:
return 100
if major == 9 and minor <= 5 and build <= 4:
self.log("Reader <= 9.5.4 is vulnerable but currently not supported")
return 0
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']:
return 0
major, minor, build, patch = self.getReaderVersions(info_dict)
if not major:
#no Reader
return 0
# Tested/verified on 8.1.1
if major <= 8:
if major == 8:
if minor == 1 and build == 1:
return 100
if minor <= 1 and build <= 1:
return 90
elif major < 8:
return 70
return 0
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if not 'Windows' in parsed['os']['family']:
self.log_error('Not a Windows host, aborting.')
return 0
if 'Win64' in info_dict['user_agent']:
self.swffilename = 'Simpsons_x64'
# Adobe Flash Player before 10.3.183.51 and
# 11.x before 11.5.502.149 on Windows
if "IE Flash" in info_dict['plugins']:
flash = info_dict['plugins']['IE Flash']
version_regex = "([\d.]*\d+)"
match = re.search(version_regex, flash)
# If there's no match it will throw an exception
if match:
flash_version = match.group(0)
else:
return 0
version_list = flash_version.split(".")
major = int(version_list[0])
minor = int(version_list[1])
build = int(version_list[2])
patch = int(version_list[3])
if major == 14:
if minor == 0:
if build == 0:
if patch == 5:
return 1
return 0
def is_vulnerable( self, info_dict ):
#9.0.159.0 and 10.0.22.87
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']:
return 0
import re
if "IE Flash" in info_dict['plugins']:
flash = info_dict['plugins']['IE Flash']
version_regex = "([\d.]*\d+)"
match = re.search( version_regex, flash )
# If there's no match it will throw an exception
try:
flash_version = match.group(0)
except Exception:
return 0
version_list = flash_version.split(".")
major = int(version_list[0])
minor = int(version_list[1])
build = int(version_list[2])
patch = int(version_list[3])
if major == 10:
if minor == 0:
if build < 22:
return 100
elif build == 22 and patch <= 87:
return 100
if major == 9:
if minor == 0:
if build <= 159:
return 100
return 0
def is_windows(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' in parsed['os']['family']:
return True
else:
return False
def is_vulnerable(self, info_dict):
parsed = user_agent_parser.Parse(info_dict['user_agent'])
if 'Windows' not in parsed['os']['family']:
return 0
return 1
def is_vulnerable(self, info_dict):
# Note: this says 'attack every windows box'. This may be too permissive.
user_agent = user_agent_parser.Parse(info_dict["user_agent"])
return int('Windows' not in user_agent['os']['family'])
