Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into pr/LauchieHarvey/3031

Browse Source
This commit is contained in:
Stephen
2024-03-25 12:20:05 +10:00
parent 91295243a3 822c6616de
commit 0821490acd
14 changed files with 265 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
beef
View File

@@ -243,6 +243,8 @@ BeEF::Core::Console::Banners.print_loaded_extensions
BeEF::Core::Console::Banners.print_loaded_modules
BeEF::Core::Console::Banners.print_network_interfaces_count
BeEF::Core::Console::Banners.print_network_interfaces_routes
BeEF::Core::Console::Banners.print_http_proxy
BeEF::Core::Console::Banners.print_dns
#
# @note Prints the API key needed to use the RESTful API

3
core/main/configuration.rb
View File

@@ -26,7 +26,6 @@ module BeEF
begin
# open base config
@config = load(config)
# set default value if key? does not exist
@config.default = nil
@@config = config
rescue StandardError => e
@@ -156,7 +155,7 @@ module BeEF
"#{beef_proto}://#{beef_host}:#{beef_port}"
end
# Returns the hool path value stored in the config file
# Returns the hook path value stored in the config file
#
# @return [String] hook file path
def hook_file_path

23
core/main/console/banners.rb
View File

@@ -134,6 +134,29 @@ module BeEF
print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get('beef.http.websocket.secure_port').to_i} [timer: #{ws_poll_timeout}]"
end
end
# Print WebSocket servers
#
def print_http_proxy
config = BeEF::Core::Configuration.instance
print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}"
end
def print_dns
address = nil
port = nil
protocol = nil
# TODO: fix the following reference - extensions/dns/api.rb
# servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration
# Print the DNS server information
unless address.nil? || port.nil? || protocol.nil?
print_info "DNS Server: #{address}:#{port} (#{protocol})"
print_more upstream_servers unless upstream_servers.empty?
end
end
end
end
end

22
extensions/dns/api.rb
View File

@@ -24,8 +24,23 @@ module BeEF
#
# @param http_hook_server [BeEF::Core::Server] HTTP server instance
def self.pre_http_start(_http_hook_server)
dns_config = BeEF::Core::Configuration.instance.get('beef.extension.dns')
servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration
# Start the DNS server
dns = BeEF::Extension::Dns::Server.instance
dns.run(upstream: servers, listen: interfaces)
end
def self.print_dns_info
servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration
# Print the DNS server information
print_info "DNS Server: #{address}:#{port} (#{protocol})"
print_more upstream_servers unless upstream_servers.empty?
end
def self.get_dns_config
dns_config = BeEF::Core::Configuration.instance.get('beef.extension.dns')
protocol = begin
dns_config['protocol'].to_sym
@@ -52,10 +67,7 @@ module BeEF
end
end
dns.run(upstream: servers, listen: interfaces)
print_info "DNS Server: #{address}:#{port} (#{protocol})"
print_more upstream_servers unless upstream_servers.empty?
return servers, interfaces, address, port, protocol, upstream_servers
end
# Mounts the handler for processing DNS RESTful API requests.

12
extensions/dns/dns.rb
View File

@@ -15,9 +15,11 @@ module BeEF
def initialize
super()
logger.level = Logger::ERROR
@lock = Mutex.new
@database = BeEF::Core::Models::Dns::Rule
@data_chunks = {}
@server_started = false
end
# Adds a new DNS rule. If the rule already exists, its current ID is returned.
@@ -118,6 +120,7 @@ module BeEF
@lock.synchronize do
Thread.new do
EventMachine.next_tick do
next if @server_started # Check if the server was already started
upstream = options[:upstream] || nil
listen = options[:listen] || nil
@@ -132,6 +135,7 @@ module BeEF
begin
# super(:listen => listen)
Thread.new { super() }
@server_started = true # Set the server started flag
rescue RuntimeError => e
if e.message =~ /no datagram socket/ || e.message =~ /no acceptor/ # the port is in use
print_error "[DNS] Another process is already listening on port #{options[:listen]}"
@@ -146,6 +150,14 @@ module BeEF
end
end
def stop
return unless @server_started # Check if the server was started
# Logic to stop the Async::DNS server
puts EventMachine.stop if EventMachine.reactor_running?
@server_started = false # Reset the server started flag
end
# Entry point for processing incoming DNS requests. Attempts to find a matching rule and
# sends back its associated response.
#

1
extensions/proxy/api.rb
View File

@@ -18,7 +18,6 @@ module BeEF
BeEF::Extension::Proxy::Proxy.new
end
end
print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}"
end
def self.mount_handler(beef_server)

6
extensions/qrcode/qrcode.rb
View File

@@ -32,11 +32,7 @@ module BeEF
# Retrieve the list of network interfaces from BeEF::Core::Console::Banners
interfaces = BeEF::Core::Console::Banners.interfaces
# Check if the interfaces variable is nil, indicating that network interfaces are not available
if interfaces.nil?
print_error "[QR] Error: Network interfaces information is unavailable."
print_error "[QR] Error: This will be acceptable during testing."
else
if not interfaces.nil? and not interfaces.empty? # If interfaces are available, iterate over each network interface
# If interfaces are available, iterate over each network interface
interfaces.each do |int|
# Skip the loop iteration if the interface address is '0.0.0.0' (which generally represents all IPv4 addresses on the local machine)

194
spec/beef/api/auth_rate_spec.rb
View File

@@ -1,139 +1,71 @@
# #
# # Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# # Browser Exploitation Framework (BeEF) - https://beefproject.com
# # See the file 'doc/COPYING' for copying permission
# #
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# RSpec.describe 'BeEF API Rate Limit' do
RSpec.describe 'BeEF API Rate Limit' do
# before(:all) do
# @config = BeEF::Core::Configuration.instance
# @config.set('beef.credentials.user', "beef")
# @config.set('beef.credentials.passwd', "beef")
# @username = @config.get('beef.credentials.user')
# @password = @config.get('beef.credentials.passwd')
# # Load BeEF extensions and modules
# # Always load Extensions, as previous changes to the config from other tests may affect
# # whether or not this test passes.
# print_info "Loading in BeEF::Extensions"
# BeEF::Extensions.load
# sleep 2
before(:each) do
@pid = start_beef_server_and_wait
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
end
# # Check if modules already loaded. No need to reload.
# if @config.get('beef.module').nil?
# print_info "Loading in BeEF::Modules"
# BeEF::Modules.load
after(:each) do
# Shutting down server
Process.kill("KILL", @pid) unless @pid.nil?
Process.wait(@pid) unless @pid.nil? # Ensure the process has exited and the port is released
@pid = nil
end
# sleep 2
# else
# print_info "Modules already loaded"
# end
it 'confirm correct creds are successful' do
test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, @password)
expect(@config.get('beef.credentials.user')).to eq('beef')
expect(@config.get('beef.credentials.passwd')).to eq('beef')
expect(test_api.auth()[:payload]).not_to eql("401 Unauthorized")
expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed
end
it 'confirm incorrect creds are unsuccessful' do
sleep 0.5
test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, "wrong_passowrd")
expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance)
end
it 'adheres to 9 bad passwords then 1 correct auth rate limits' do
# create api structures with bad passwords and one good
passwds = (1..9).map { |i| "bad_password"} # incorrect password
passwds.push @password # correct password
apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, pswd) }
# # Grab DB file and regenerate if requested
# print_info "Loading database"
# db_file = @config.get('beef.database.file')
(0..apis.length-1).each do |i|
test_api = apis[i]
expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance)
end
end
it 'adheres to random bad passords and 1 correct auth rate limits' do
# create api structures with bad passwords and one good
passwds = (1..9).map { |i| "bad_password"} # incorrect password
passwds.push @password # correct password
apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, pswd) }
# if BeEF::Core::Console::CommandLine.parse[:resetdb]
# print_info 'Resetting the database for BeEF.'
# File.delete(db_file) if File.exist?(db_file)
# end
apis.shuffle! # random order for next iteration
apis = apis.reverse if (apis[0].is_pass?(@password)) # prevent the first from having valid passwd
# # Load up DB and migrate if necessary
# ActiveRecord::Base.logger = nil
# OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
# OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
# # otr-activerecord require you to manually establish the connection with the following line
# #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
# if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
# OTR::ActiveRecord.establish_connection!
# end
# # Migrate (if required)
# ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
# context = ActiveRecord::Migration.new.migration_context
# if context.needs_migration?
# ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
# end
# sleep 2
# BeEF::Core::Migration.instance.update_db!
# # Spawn HTTP Server
# print_info "Starting HTTP Hook Server"
# http_hook_server = BeEF::Core::Server.instance
# http_hook_server.prepare
# # Generate a token for the server to respond with
# BeEF::Core::Crypto::api_token
# # Initiate server start-up
# @pids = fork do
# BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
# end
# @pid = fork do
# http_hook_server.start
# end
# # Give the server time to start-up
# sleep 3
# # Try to connect 3 times
# (0..2).each do |again|
# # Authenticate to REST API & pull the token from the response
# if @response.nil?
# print_info "Try to connect: " + again.to_s
# begin
# creds = { 'username': "#{@username}", 'password': "#{@password}" }.to_json
# @response = RestClient.post "#{RESTAPI_ADMIN}/login", creds, :content_type => :json
# rescue RestClient::ServerBrokeConnection, Errno::ECONNREFUSED # likely to be starting up still
# rescue => error
# print_error error.message
# end
# print_info "Rescue: sleep for 10 and try to connect again"
# sleep 10
# end
# end
# expect(@response) .to be_truthy # confirm the test has connected to the server
# print_info "Connection with server was successful"
# @token = JSON.parse(@response)['token']
# end
# after(:all) do
# print_info "Shutting down server"
# Process.kill("KILL",@pid) unless @pid.nil?
# Process.kill("KILL",@pids) unless @pid.nil?
# end
# xit 'adheres to auth rate limits' do
# passwds = (1..9).map { |i| "broken_pass"}
# passwds.push BEEF_PASSWD
# apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
# l = apis.length
# (0..2).each do |again| # multiple sets of auth attempts
# # first pass -- apis in order, valid passwd on 9th attempt
# # subsequent passes apis shuffled
# print_info "Starting authentication attempt sequence #{again + 1}. The valid password is placed randomly among failed attempts."
# (0..50).each do |i|
# test_api = apis[i%l]
# expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance)
# end
# # again with more time between calls -- there should be success (1st iteration)
# print_info "Initiating delayed authentication requests to test successful authentication with correct credentials."
# print_info "Delayed requests are made to simulate more realistic login attempts and verify rate limiting."
# (0..(l*2)).each do |i|
# test_api = apis[i%l]
# if (test_api.is_pass?(BEEF_PASSWD))
# expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed
# else
# expect(test_api.auth()[:payload]).to eql("401 Unauthorized")
# end
# sleep(0.5)
# end
# apis.shuffle! # new order for next iteration
# apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd
# end # multiple sets of auth attempts
# end
(0..apis.length-1).each do |i|
test_api = apis[i]
if (test_api.is_pass?(@password))
sleep 0.5
expect(@config.get('beef.credentials.user')).to eq('beef')
expect(@config.get('beef.credentials.passwd')).to eq('beef')
expect(test_api.auth()[:payload]).not_to eql("401 Unauthorized")
expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed
else
expect(test_api.auth()[:payload]).to eql("401 Unauthorized")
end
end
end
# end
end

7
spec/beef/core/main/command_spec.rb
View File

@@ -1,12 +1,13 @@
RSpec.describe 'BeEF Command class testing' do
before(:each) do
# Reset or re-initialise the configuration to a default state
config = File.expand_path('../../../support/assets/config_old.yaml', __dir__)
@config_instance = BeEF::Core::Configuration.new(config)
# @config_instance = BeEF::Core::Configuration.instance
end
it 'should return a beef configuration variable' do
BeEF::Modules.load
expect {
BeEF::Modules.load if BeEF::Core::Configuration.instance.get('beef.module').nil?
}.to_not raise_error
command_mock = BeEF::Core::Command.new('test_get_variable')
expect(command_mock.config.beef_host).to eq('0.0.0.0')

32
spec/beef/core/main/configuration_spec.rb
View File

@@ -2,25 +2,29 @@ RSpec.configure do |config|
end
RSpec.describe 'BeEF Configuration' do
before(:context, :type => :old ) do
config = File.expand_path('../../../support/assets/config_old.yaml', __dir__)
@config_instance = BeEF::Core::Configuration.new(config)
end
before(:context) do
@config_instance = BeEF::Core::Configuration.instance
@original_http_host = @config_instance.get('beef.http.host')
@original_http_port = @config_instance.get('beef.http.port')
@original_http_https = @config_instance.get('beef.http.https.enable')
@original_http_public_host = @config_instance.get('beef.http.public.host')
@original_http_public_port = @config_instance.get('beef.http.public.port')
@original_http_public_https = @config_instance.get('beef.http.public.https')
@original_http_hook_file = @config_instance.get('beef.http.hook_file')
end
context 'configuration validation', :type => :old do
it 'should error when using hold public config' do
@config_instance.set('beef.http.public', 'example.com')
expect(@config_instance.validate).to eq(nil)
end
it 'should error when using old public_port config' do
@config_instance.set('beef.http.public_port', 443)
expect(@config_instance.validate).to eq(nil)
end
after(:context) do
# Reset the configuration values
# This is important as the tests may change the configuration values
@config_instance.set('beef.http.host', @original_http_host)
@config_instance.set('beef.http.port', @original_http_port)
@config_instance.set('beef.http.https.enable', @original_http_https)
@config_instance.set('beef.http.public.host', @original_http_public_host)
@config_instance.set('beef.http.public.port', @original_http_public_port)
@config_instance.set('beef.http.public.https', @original_http_public_https)
@config_instance.set('beef.http.hook_file', @original_http_hook_file)
end
context 'http local host configuration values' do

2
spec/beef/core/modules_spec.rb
View File

@@ -2,7 +2,7 @@ RSpec.describe 'BeEF Modules' do
it 'loaded successfully' do
expect {
BeEF::Modules.load
BeEF::Modules.load if BeEF::Core::Configuration.instance.get('beef.module').nil?
}.to_not raise_error
modules = BeEF::Core::Configuration.instance.get('beef.module').select do |k,v|

5
spec/beef/extensions/dns_spec.rb
View File

@@ -11,6 +11,11 @@ RSpec.describe 'BeEF Extension DNS' do
@dns = BeEF::Extension::Dns::Server.instance
end
after(:all) do
# Stop the DNS server after each test case
BeEF::Extension::Dns::Server.instance.stop # this might not be needed?
end
it 'loaded configuration' do
config = @config.get('beef.extension.dns')
expect(config).to have_key('protocol')

119
spec/spec_helper.rb
View File

@@ -21,7 +21,7 @@ Dir['spec/support/*.rb'].each do |f|
require f
end
ENV['RACK_ENV'] ||= 'test'
ENV['RACK_ENV'] ||= 'test' # Set the environment to test
ARGV.clear
## BrowserStack config
@@ -34,7 +34,6 @@ class Capybara::Selenium::Driver < Capybara::Driver::Base
end
TASK_ID = (ENV['TASK_ID'] || 0).to_i
print_info ENV['CONFIG_FILE']
CONFIG_FILE = ENV['CONFIG_FILE'] || 'windows/win10/win10_chrome_81.config.yml'
CONFIG = YAML.safe_load(File.read("./spec/support/browserstack/#{CONFIG_FILE}"))
CONFIG['user'] = ENV['BROWSERSTACK_USERNAME'] || ''
@@ -89,4 +88,120 @@ RSpec.configure do |config|
Process.kill('KILL', server_pid)
Process.kill('KILL', server_pids)
end
########################################
require 'socket'
def port_available?
socket = TCPSocket.new(@host, @port)
socket.close
false # If a connection is made, the port is in use, so it's not available.
rescue Errno::ECONNREFUSED
true # If the connection is refused, the port is not in use, so it's available.
rescue Errno::EADDRNOTAVAIL
true # If the connection is refused, the port is not in use, so it's available.
end
def configure_beef
# Reset or re-initialise the configuration to a default state
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
@config.set('beef.http.https.enable', false)
end
# Load the server
def load_beef_extensions_and_modules
# Load BeEF extensions
BeEF::Extensions.load
# Load BeEF modules only if they are not already loaded
BeEF::Modules.load if @config.get('beef.module').nil?
end
def start_beef_server
configure_beef
@port = @config.get('beef.http.port')
@host = @config.get('beef.http.host')
@host = '127.0.0.1'
exit unless port_available?
load_beef_extensions_and_modules
# Grab DB file and regenerate if requested
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
File.delete(db_file) if File.exist?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
# otr-activerecord require you to manually establish the connection with the following line
#Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
OTR::ActiveRecord.establish_connection!
end
# Migrate (if required)
ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
end
BeEF::Core::Migration.instance.update_db!
# Spawn HTTP Server
# print_info "Starting HTTP Hook Server"
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Initiate server start-up
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
pid = fork do
http_hook_server.start
end
return pid
end
def beef_server_running?(uri_str)
begin
uri = URI.parse(uri_str)
response = Net::HTTP.get_response(uri)
response.is_a?(Net::HTTPSuccess)
rescue Errno::ECONNREFUSED
return false # Connection refused means the server is not running
rescue StandardError => e
return false # Any other error means the server is not running
end
end
def wait_for_beef_server_to_start(uri_str, timeout: 5)
start_time = Time.now # Record the time we started
until beef_server_running?(uri_str) || (Time.now - start_time) > timeout do
sleep 0.1 # Wait a bit before checking again
end
beef_server_running?(uri_str) # Return the result of the check
end
def start_beef_server_and_wait
pid = start_beef_server
if wait_for_beef_server_to_start('http://localhost:3000', timeout: 3)
# print_info "Server started successfully."
else
print_error "Server failed to start within timeout."
end
pid
end
end

1
spec/support/simple_rest_client.rb
View File

@@ -28,6 +28,7 @@ class BeefRestClient
rescue StandardError => e
{ success: false, payload: e.message }
end
def version
return { success: false, payload: 'no token' } if @token.nil?