Module: Detect Software - h4sh5/beef GitHub Wiki
Summary
- Objective : This module attempts to detect software installed on the host by using Internet Explorer XMLDOM XXE discovered by Soroush Dalili (@irsdl). If the XMLDOM XXE technique fails, the module falls back to using the 'res' protocol handler to load known resource images from EXE/DLL files. It also attempts to enumerate installed patches if service pack uninstall files are present on the host (WinXP only).
- Authors: bcoles
- Browser: IE
- Code
Internal working
This module abuses an XXE vulnerability (CVE-2013-7331) in the loadXML() method of the ActiveXObject("Microsoft.XMLDOM") object in Internet Explorer to determine whether specific folders are present on the system.
This vulnerability was patched in MS14-05 in September 2014.
See the source code for more information.