Apparently I missed a lot of stuff

2013-10-21 21:02:01 -05:00 · 2013-10-21 21:02:01 -05:00 · 19615ac4b7
parent fcba529ea5
commit 19615ac4b7
8 changed files with 187 additions and 0 deletions
--- a/data/js/exploitation/heap_spray.js
+++ b/data/js/exploitation/heap_spray.js
--- a/data/js/exploitation/mstime_malloc.js
+++ b/data/js/exploitation/mstime_malloc.js
--- a/data/js/exploitation/property_spray.js
+++ b/data/js/exploitation/property_spray.js
--- a/lib/rex/exploitation/js/addonsdetect.rb
+++ b/lib/rex/exploitation/js/addonsdetect.rb
@ -0,0 +1,30 @@
+# -*- coding: binary -*-
+
+require 'msf/core'
+require 'rex/text'
+require 'rex/exploitation/jsobfu'
+
+module Rex
+module Exploitation
+module Js
+
+#
+# Provides javascript functions to determine addon information.
+#
+# getMsOfficeVersion(): Returns the version for Microsoft Office
+#
+class AddonsDetect < JSObfu
+
+  def initialize(custom_js = '', opts = {})
+    @js = custom_js
+    @js += ::File.read(::File.join(Msf::Config.data_directory, "js", "detect", "addons.js"))
+
+    super @js
+
+    return @js
+  end
+
+end
+end
+end
+end
--- a/lib/rex/exploitation/js/memory.rb
+++ b/lib/rex/exploitation/js/memory.rb
@ -0,0 +1,52 @@
+# -*- coding: binary -*-
+
+require 'msf/core'
+
+module Rex
+module Exploitation
+module Js
+
+#
+# Provides meomry manipulative functions in JavaScript
+#
+class Memory
+
+  def self.mstime_malloc
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "mstime_malloc.js"))
+    js = js.gsub(/W00TA/, Rex::Text.rand_text_hex(6))
+    js = js.gsub(/W00TB/, Rex::Text.rand_text_hex(5))
+
+    ::Rex::Exploitation::ObfuscateJS.new(js,
+      {
+        'Symbols' => {
+          'Variables' => %w{ buf eleId acTag }
+        }
+      }).obfuscate
+  end
+
+  def self.property_spray
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "property_spray.js"))
+
+    ::Rex::Exploitation::ObfuscateJS.new(js,
+      {
+        'Symbols' => {
+          'Variables' => %w{ sym_div_container data junk obj }
+        }
+      }).obfuscate
+  end
+
+  def self.heap_spray
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "heap_spray.js"))
+
+    ::Rex::Exploitation::ObfuscateJS.new(js,
+      {
+        'Symbols' => {
+          'Variables' => %w{ index heapSprayAddr_hi heapSprayAddr_lo retSlide heapBlockCnt }
+        }
+      }).obfuscate
+  end
+
+end
+end
+end
+end
--- a/lib/rex/exploitation/js/network.rb
+++ b/lib/rex/exploitation/js/network.rb
@ -0,0 +1,28 @@
+# -*- coding: binary -*-
+
+require 'msf/core'
+
+module Rex
+module Exploitation
+module Js
+
+#
+# Provides networking functions in JavaScript
+#
+class Network
+
+  def self.ajax_download
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_download.js"))
+
+    ::Rex::Exploitation::ObfuscateJS.new(js,
+      {
+        'Symbols' => {
+          'Variables' => %w{ xmlHttp }
+        }
+      }).obfuscate
+  end
+
+end
+end
+end
+end
--- a/lib/rex/exploitation/js/osdetect.rb
+++ b/lib/rex/exploitation/js/osdetect.rb
@ -0,0 +1,44 @@
+# -*- coding: binary -*-
+
+require 'msf/core'
+require 'rex/text'
+require 'rex/exploitation/jsobfu'
+
+module Rex
+module Exploitation
+module Js
+
+#
+# Provides several javascript functions for determining the OS and browser versions of a client.
+#
+# getVersion():  returns an object with the following properties
+#	os_name      -  OS name, one of the Msf::OperatingSystems constants
+#	os_flavor    -  OS flavor as a string (e.g.: "XP", "2000")
+#	os_sp        -  OS service pack (e.g.: "SP2", will be empty on non-Windows)
+#	os_lang      -  OS language (e.g.: "en-us")
+#	ua_name      -  Client name, one of the Msf::HttpClients constants
+#	ua_version   -  Client version as a string (e.g.: "3.5.1", "6.0;SP2")
+#	arch         -  Architecture, one of the ARCH_* constants
+#
+# The following functions work on the version returned in obj.ua_version
+#
+# ua_ver_cmp(a, b): returns -1, 0, or 1 based on whether a < b, a == b, or a > b respectively
+# ua_ver_lt(a, b):  returns true if a < b
+# ua_ver_gt(a, b):  returns true if a > b
+# ua_ver_eq(a, b):  returns true if a == b
+#
+class OSDetect < JSObfu
+
+  def initialize(custom_js = '', opts = {})
+    @js = custom_js
+    @js += ::File.read(::File.join(Msf::Config.data_directory, "js", "detect", "os.js"))
+
+    super @js
+
+    return @js
+  end
+
+end
+end
+end
+end
--- a/lib/rex/exploitation/js/utils.rb
+++ b/lib/rex/exploitation/js/utils.rb
@ -0,0 +1,33 @@
+# -*- coding: binary -*-
+
+require 'msf/core'
+require 'rex/text'
+require 'rex/exploitation/jsobfu'
+
+module Rex
+module Exploitation
+module Js
+
+#
+# Javascript utilities
+#
+class Utils
+
+  def self.base64
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "utils", "base64.js"))
+
+    opts = {
+      'Symbols' => {
+        'Variables' => %w{ Base64 encoding result _keyStr encoded_data utftext input_idx
+          input output chr chr1 chr2 chr3 enc1 enc2 enc3 enc4 },
+        'Methods'   => %w{ _utf8_encode _utf8_decode encode decode }
+      }
+    }
+
+    ::Rex::Exploitation::ObfuscateJS.new(js, opts).to_s
+  end
+
+end
+end
+end
+end