def testParseAll(self): user_agent_string = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; fr; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5,gzip(gfe),gzip(gfe)' expected = { 'device': { 'is_spider': False, 'is_mobile': False, 'family': None }, 'os': { 'family': 'Mac OS X', 'major': '10', 'minor': '4', 'patch': None, 'patch_minor': None }, 'user_agent': { 'family': 'Firefox', 'major': '3', 'minor': '5', 'patch': '5' }, 'string': user_agent_string } result = user_agent_parser.Parse(user_agent_string) self.assertEqual( result, expected, u"UA: {0}\n expected<{1}> != actual<{2}>".format( user_agent_string, expected, result))
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if not 'Windows' in parsed['os']['family']: self.log_error('Not a Windows host, aborting.') return 0 # Adobe Flash Player before 18.0.0.194 and # after Adobe Flash Player 9 on Windows if "IE Flash" in info_dict['plugins']: flash = info_dict['plugins']['IE Flash'] version_regex = "([\d.]*\d+)" match = re.search(version_regex, flash) # If there's no match it will throw an exception if match: flash_version = match.group(0) else: return 0 version_list = flash_version.split(".") major = int(version_list[0]) minor = int(version_list[1]) build = int(version_list[2]) patch = int(version_list[3]) if major > 9 and major < 18: return 1 if major == 18: if minor == 0: if build == 0: if patch <= 194: return 1 return 0
def is_vulnerable(self, info_dict): user_agent = info_dict['user_agent'] parsed = user_agent_parser.Parse(user_agent) if 'Windows' not in parsed['os']['family']: return 0 #detect if the os is Windows 7 self.win7 = self.isWin7(user_agent) return 1
def is_vulnerable(self, info_dict): # User-Agent: Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; sdk Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17 parsed = user_agent_parser.Parse(info_dict['user_agent']) if parsed['os']['family'] == 'Android' and \ parsed['os']['major'] == '2' and \ parsed['os']['minor'] == '1' and \ parsed['os']['patch'] == 'update1': return 100 return 0
def is_vulnerable( self, info_dict ): parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: return 0 major, minor, _, _ = self.getReaderVersions(info_dict) if not major: return 0 # Tested/verified on 10.1.4 if major <= 11: return 1 return 0
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if "Windows" not in parsed['os']['family']: self.log("Target not running Windows") return 0 #must also be running flash... #but js_recon kills this by moving something else into our heap-spray region. #so really you don't want to run this unless you've done it explicitly return 0
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' in parsed['os']['family'] and \ parsed['user_agent']['family'] == 'Firefox' and \ parsed['user_agent']['major'] == '3' and \ parsed['user_agent']['minor'] == '6' and \ parsed['user_agent']['patch'] in ('16', '17'): return 100 self.log("Did not detect vulnerable version of Firefox - bailing out.") return 0
def parse_agent(agent): data = user_agent_parser.Parse(agent) order = ['family', 'major', 'minor', 'patch'] os_vals = filter(None, (data['os'][key] for key in order)) os = ([os_vals[0], '.'.join(os_vals[1:])]) agent_vals = filter(None, (data['user_agent'][key] for key in order)) agent = ([ agent_vals[0].replace('IE', 'Internet Explorer'), '.'.join(agent_vals[1:]) ]) return os, agent
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: return 0 major, minor, build, patch = self.getReaderVersions(info_dict) if not major: #no Reader return 0 if major == 9: if minor <= 4: if build <= 0: return 100 return 0
def is_vulnerable(self, info_dict): major, minor, build, patch = self.getReaderVersions(info_dict) if not major: self.log("No Acrobat Reader available to target") return 0 parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: self.log("Target not running Windows") return 0 if major == 9: if minor <= 3: if build == 0: return 70 return 0
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: return 0 if 'Safari' in parsed['user_agent']['family']: try: minor = int(parsed['user_agent']['minor']) except Exception: return 0 if parsed['user_agent']['major'] == '5' and \ minor <= 1: return 100 return 0
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if not 'Windows' in parsed['os']['family']: self.log('Not Windows, not vulnerable to this exploit.') return 0 # Adobe Flash Player before 10.3.183.51 and # 11.x before 11.5.502.149 on Windows import re if "Firefox" in info_dict['plugins'][ 'AGENT'] and "Shockwave Flash" in info_dict['plugins']: # we cant check for patch version in ff, fml. if "11.4 r402" in info_dict['plugins'][ 'Shockwave Flash'] or "11.5 r502" in info_dict['plugins'][ 'Shockwave Flash']: return 1 if "IE Flash" in info_dict['plugins']: flash = info_dict['plugins']['IE Flash'] version_regex = "([\d.]*\d+)" match = re.search(version_regex, flash) # If there's no match it will throw an exception if match: flash_version = match.group(0) else: return 0 version_list = flash_version.split(".") major = int(version_list[0]) minor = int(version_list[1]) build = int(version_list[2]) patch = int(version_list[3]) if major == 11: if minor == 4: if build == 402: if patch <= 287 and patch >= 265: return 1 elif minor == 5: if build == 502: if patch <= 146 and patch >= 110: return 1 return 0
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if not 'Windows' in parsed['os']['family']: self.log('Not Windows, not vulnerable to this exploit.') return 0 import re #11.1.102.62 and earlier if "IE Flash" in info_dict['plugins']: flash = info_dict['plugins']['IE Flash'] version_regex = "([\d.]*\d+)" match = re.search(version_regex, flash) # If there's no match it will throw an exception if match: flash_version = match.group(0) else: return 0 version_list = flash_version.split(".") major = int(version_list[0]) minor = int(version_list[1]) build = int(version_list[2]) patch = int(version_list[3]) if major == 10: if minor == 3: if build < 183: return 100 elif build == 183 and patch < 15: return 100 elif minor < 3: return 100 if major == 11: if minor == 1: if build == 102 and patch < 62: return 100 elif build < 102: return 100 elif minor < 1: return 100 return 0
def is_vulnerable(self,info): parsed = user_agent_parser.Parse(info['user_agent']) if "Mac OS X" in parsed['os']['family'] and \ "Safari" in parsed['user_agent']['family']: try: patch = int(parsed['user_agent']['patch']) except Exception: return 0 if parsed['user_agent']['major'] == '5' and \ parsed['user_agent']['minor'] == '0' and \ patch <= 3: return 100 return 0
def is_vulnerable(self, info_dict): vuln = (('9', '0', '115', '0'), ('9', '0', '47', '0')) parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: return 0 if 'plugins' not in info_dict: return 0 version = info_dict['plugins'].get('IE Flash', None) # expected format "WIN 10.3.181.23" if not version: return 0 version = version.split()[1] ver, major, minor, build = version.split('.') if (ver, major, minor, build) in vuln: return 100 return 0
def is_vulnerable(self, info): # User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 parsed = user_agent_parser.Parse(info['user_agent']) if parsed['user_agent']['family'] != 'Safari': return 0 try: patch = int(parsed['user_agent']['minor']) except Exception: return 0 if parsed['user_agent']['major'] != '5' or \ parsed['user_agent']['minor'] != '0' or \ patch > 3: return 0 os_family = parsed['os']['family'] if 'Windows' in os_family: self.os = "win" if "Windows XP" in os_family: self.osname = "xp" self.log("Detected Windows XP") elif "Windows 7" in os_family: self.osname = "win7" self.log("Detected Windows 7") else: self.log("Unknown Windows Version, trying with Windows 7") self.osname = "win7" return 100 if 'Mac OS X' in os_family: self.log("Detected OSX") self.os = "mac" return 100 return 0
def is_vulnerable(self, info_dict): ua = user_agent_parser.Parse(info_dict['user_agent']) if "Windows" not in ua['os']['family']: return 0 major, minor, build, patch = self.getReaderVersions(info_dict) if not major: self.log("Reader not found") return 0 if major == 11 and minor == 0 and build <= 2: return 100 if major == 10 and minor <= 1 and build <= 6: return 100 if major == 9 and minor <= 5 and build <= 4: self.log("Reader <= 9.5.4 is vulnerable but currently not supported") return 0
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: return 0 major, minor, build, patch = self.getReaderVersions(info_dict) if not major: #no Reader return 0 # Tested/verified on 8.1.1 if major <= 8: if major == 8: if minor == 1 and build == 1: return 100 if minor <= 1 and build <= 1: return 90 elif major < 8: return 70 return 0
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if not 'Windows' in parsed['os']['family']: self.log_error('Not a Windows host, aborting.') return 0 if 'Win64' in info_dict['user_agent']: self.swffilename = 'Simpsons_x64' # Adobe Flash Player before 10.3.183.51 and # 11.x before 11.5.502.149 on Windows if "IE Flash" in info_dict['plugins']: flash = info_dict['plugins']['IE Flash'] version_regex = "([\d.]*\d+)" match = re.search(version_regex, flash) # If there's no match it will throw an exception if match: flash_version = match.group(0) else: return 0 version_list = flash_version.split(".") major = int(version_list[0]) minor = int(version_list[1]) build = int(version_list[2]) patch = int(version_list[3]) if major == 14: if minor == 0: if build == 0: if patch == 5: return 1 return 0
def is_vulnerable( self, info_dict ): #9.0.159.0 and 10.0.22.87 parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: return 0 import re if "IE Flash" in info_dict['plugins']: flash = info_dict['plugins']['IE Flash'] version_regex = "([\d.]*\d+)" match = re.search( version_regex, flash ) # If there's no match it will throw an exception try: flash_version = match.group(0) except Exception: return 0 version_list = flash_version.split(".") major = int(version_list[0]) minor = int(version_list[1]) build = int(version_list[2]) patch = int(version_list[3]) if major == 10: if minor == 0: if build < 22: return 100 elif build == 22 and patch <= 87: return 100 if major == 9: if minor == 0: if build <= 159: return 100 return 0
def is_windows(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' in parsed['os']['family']: return True else: return False
def is_vulnerable(self, info_dict): parsed = user_agent_parser.Parse(info_dict['user_agent']) if 'Windows' not in parsed['os']['family']: return 0 return 1
def is_vulnerable(self, info_dict): # Note: this says 'attack every windows box'. This may be too permissive. user_agent = user_agent_parser.Parse(info_dict["user_agent"]) return int('Windows' not in user_agent['os']['family'])