From 4a386822128c920cfd7f2a8684cdc8dd3db14a32 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 17 Feb 2019 04:39:51 +0000 Subject: [PATCH 1/3] chmod -x --- extensions/demos/html/report.html | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 extensions/demos/html/report.html diff --git a/extensions/demos/html/report.html b/extensions/demos/html/report.html old mode 100755 new mode 100644 From 6911842e67f758309441d82d21e667677801a5b2 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 17 Feb 2019 04:40:12 +0000 Subject: [PATCH 2/3] Add BeEF logo to demos extension --- extensions/demos/html/beef.jpg | Bin 0 -> 7669 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 extensions/demos/html/beef.jpg diff --git a/extensions/demos/html/beef.jpg b/extensions/demos/html/beef.jpg new file mode 100644 index 0000000000000000000000000000000000000000..f5941f54ab724a7e107b4240646aab06d50b18d9 GIT binary patch literal 7669 zcmb7}cT`hNxA21?SSVtlHw8sRn)EIfdU+@U5{eKYhK_VY6GR?LK#KIHlqelS2oQ=C zi4a1O5=f)>-lFu6_g(9I@At>I?tSj>tT}7;o-=39nl*c7_RQJ%*%aWKuBMJAfaU@K z;CTK3&ei~|&-_5HK>!*69RL7OIah4}m^BvbA5C4ClVPIfjVr1gD zc8!DU7V9mp{}lYw%-MGU>m`66%{y8eR=@>T8d_GGvo1i z(goUc<-gMZ1I-0mx{KEUG<5&U&|kbnfBE8hDGlIXYF7H&*BPWV?%Xi;esuHJCHtf& zChYGVehEsavT=NVll;_lxF+JuOx@iV@)juwp%HV|^Iu;8(9_V;otyu+4I0)9x1}_$ z)6yAl-MDG*o%H$6yPEdxN7H8n03+@B$E>uh0Cm7h>Ul@f(Or1VmG?d3(Xz1B1JCjV z5W6$|;7`-cUC^s-nTc*iQuVl})XZiZoLTUBNL>fQt!VW5`+wK_r>~n(+VKTG%mtQt z4IDS<)tnFdNdqzMgG4E>G#bo#vuG#o+9Pn!O=;H?Qcc_U*-iq(J5iu_m~P4SX#FN^ z0$Exoyx&5BX;Z5`>@wIAOQPWM;#30Ecb#8*n`^!D#sh6L%g6s4G+6x9*)zwFYI4nq zeq@i&F-TO&9kq!S=}0lju$W7mdm%hngTOw~KySz236y29sa%B^R)zF2?XuKSUgl1@ znZSzT9IZJrk(w zFHHD?!nK8@uL9JFYZ}UtZX0|F3+o##xi1gIB7?eZdXN)cqj)017#{wbx3IxWjrXc= zIy!2hMDoD7Vqr^x;}AAGQ}B$z36V)ue2LlPz?b$eywp>5iMR zVHYQ5koGa1$)eVUCZL(eL7s7s^{f?8(KH5itBPWB2YM@Um;N~qHx{b*G*O=TQu?NY zU$tuelds=@AM;Utwe0+Wp_RIbVf*ms%Lo6LL45Cc)IfbXLEMF+eSFevnw*3<|ejlj1rJoJ4VRne*4KSV#L?dz;+$v7g{d}|cn;k;%piI3cptn{5YnhjaADXvEq z6R9Zr&R!%Efpl*eaOHNYRbs&2gm*hg*bh~zXA?B6Cd4o=?sgV06D!^n$v^0wD4l@S zwo5Zt1bfope2fYrOMe86(hK`;;98J1*XMWfph8V?dL5RS{tZVruEq^j-0M;O%;yb0 zt@8&tl%o$2QQuugkwLmTXNeDui@RAJ!6k1Km6o>;@nH3o3B0X4*NI`V2LtpVW(uI1QJ<1dgkDWA-#JbleQpfx$w90xCf1TDBWi{pwz`oa7k`HP%7iA7d z%X@2^3g@~8j(HonyUaYEw?0@-&a_@$5y&y=a8-ihbKD<3l4`2IjAl^8AP zSmhyJ;(P{(m3PH@7vx7yTWNn#h?(w;rlmmbRt6=E@cSjwww{P}>lrzEsic~k?!lkq zG9WI%YuW|?I`7SAdQs2g4$?AJSUTc|gCH^sk&1A!j!MtJT@eTpydd}bcUrv^HQd%H zUw`urwV4~FJt*&KrIgzgM@$>Ayk$q!{ruZfW{>ST7I#|n0HMQR#VP z+>6@aI!P*U4Gm|PBRZqT>`|pf|D^wWiLI^;u*OjvwCz)%X!yVw+475miiS&dZct;_HFNu+U&`jyK79+URW~|^3V?@)2K8O`Yo2~% zV`lW>T!XZa2Wh?olmWJgA3(=9GTU{<=r=~<&4L!n&3OxT0V$-L?sX}$N~``2Fs?|Y z=#lJ~T-gp~KU6{j2sLybbNA$q#Deo(bY!+9{m%fpyT`3R+KS%h@teCIj(D%GZ{m@T zET=$sw^G@}}Dl`3B`^J@x zoI#=dDDUmzzn2$vRZMlKsl}fNjf-Qxyx6PA3dhb@esEJvg&K_K9McV^;0!#%*470)TggR9Hf*G^Ui~u4xd~3n= zU4rHz^ZU1Ke?FzTIr=Z`k{Z{~0Q6e&{`#L*la%TZIJjg?g@mgW*E!SU7beH1Q4H!x z>0+JLp&;!-U+`xVF}78Dat1T~B^~>FxwB79H8FQau4Rt7J6!!&^BF)ry=iNn4_-07 zp4q%wuyta&l&(`xTLaY+Af4Ld9w~HSb|>l=mKO$Yy8^ixeEg;;fa?ut4}2Wzk(RW( zSXmAwJCBi1=-FE3W2}&a#es2hw-R_|ojHfg7YO{jUw0W{Mj*rkc3$4bSZ4*|Bncvew(~5-adI07V?Um)y@gKXL#7ZJ2BtZ7cYzXP&r-LQ9_u8 zyqUNu^xrz8MjT1m&V7SRGY`rO6tsw8L~z?-_mG%4mS4YaV&7ZN1k+2!A-}Fg-Bho?dD16X->}L?n*`@iZb<}|eFp)AH6b$`qF06P-aC&k;cUICx~b<1;G>t<)uZ#SSa zh(LNdcsGUjWfg)q^a7BMo?Z(#&M#WWMSY-?mF>0IXViy(`TKd9dIwYuN!Z_eq{Smw zp(L;qM3?+XoA_<;B&jma4kfGv4{6S~RC5iW(5mxEhq_xXOPgo2cJ-`UIvTAdm1q89 zNG!9{4QUMG{at2#&{e~fyB?09jhxPA;Ym{QSFEZLf$&wE{b>{obq9gw)NCAxvVs&2 z5)#&-G7y|r`1ku&!T8|9{=}nJn?V0E+qJD{ovPb*sdk5Q&?E2}pt_J-_!u}~`)!?& zFRuJX6?LsMdxYDX{v4zozu!pu!p`Vh}tNFI;6*|E5pMUJq z+?f1!Rn|kuRmTGmJGVUxYd@VZh6AZHK&j>7j{5uquaqR`SB+!ggM>3cFVh)dQ2k2Q zV%L}9w(gI}l-{9;BGkGTN8*5NF>JV3(4)Cfv+Utkx$?hEQK3He8{4%pa_#6j04a$s&|XiZgsEsc{~z?$gi5k48e3xEd64} zXR*ZZ5X{&YD{DEsEK49g82n^NzzyhM#&wUTb_xGe-EvTydG8&i5HqS=eIyvXXT)Cb zVnRaSvu<^fkfzi!WmN0n1ak&hGRTUSPoc`G6Fwcu-2vOu^XM}Gx6x7i89-LcV^XB= zk2@JmRxrTrkRy9uEva+HdKhvc@Be%n?>*|c^-8BxT=g~~_nCh% zm<(xSx)nksJGzC{?*<(-W}JjM%b4%DJ2b7PjvjyZEj+e{Z=MgkRKyW7^k=HSCa%kk zjI!`_V66Q7*UzQ+4VILbj=l+_-({dis=aCR5Xt`kAtZ}TQkt;En>8h+!ov&AOXR^F ze|FJnA(n%8MtT-in}6WqkvJF(;yr{xAVL&0q285mZ-?iZmicYv%8Uf?vXxH|ltJpp z(&Ag)*HTruZt?K;FfASA%;FafVW;ltnqUBSxL{$Bu;)Cf9ZsVO@ z8SP&fNFR>^vdjNILa4$043OC3cm~)vKLa3G4qTM)koQ~8eNkjrtM#GQR`ckRRHa~F zFTv5++!czo28|h+(wGrkZ-`Y^6C1D`@wePOEJW`)thwD8J+g)c_j}*PBo)Y3Y|suZ ztC*`0WT7ormgbLGka82n3(8%)mxCY9Vr;c-yIH;g(T@HYJj+mJlD!A!%?C;$@7KSB zP4sY5uF-6bU%)D~OShHlO9TbcZ(Xb94SsrhSnIQ|Kjlwi99CSvBRR8ScQu(Vpev^7nx#FX$spA*_hyn<%`&}l+IaivX73IO14pJlTxmi;!NKgfcyLZ z2&rCs9wd29-_4?cXQvxm787`zL^!P>pR7pxq_FzbQQ3YH)OOZUut@GrQr?b(Ph!TM zh53<|ergaYjgTn>COV+oeVjm9ldq#MFjQ!YWK`wTzdwKt`scmMc(jMFnKf5Xc&jn` z#5VYk>~Nn)D@?Q0E52+2Q=l@d1r;{Nj1*q(g=Mk3Vg(H&O+Pa{hF`)C7lDBNi}Z-i z8wH0Wcjplu3%hcfjZMp61z;gpyy9Vb?7ZB9I;!Ei8{|z1pM{kbZ0VP|teB(PI}OaHIb&lS1g=p( z8iq$Ghg^}&Ddodlr+p_jHN^t1xX3Ldu2KQj*}EWX`rgrPNM#9w#0*{%iF_c}#S$PW zqTyob(CB(i>-sC^i)))o zZ$m#-;y;-PtmcdHf-90_G9%c4xL)kX@yMTEc)|j7d`i81&^-T*$b`unRG4$<^xei= z^p}wvV0jr6%?Fx6S>Rw>vui)TUOcssS0=+*ej*0^v9qkbj~nFEP2m@`{0mz=et0Kh z?0RfIB&ao~ZH#+4-kOF4CwgzV0>9l)f9{K)XSwZNGbcX^H;($Q*btlG3RgYUlaGnt zmp9#uN~73CE#!-=dia8hkDy88#dZC5f;q}G7MS0 z**fMoQi_R?yJ+)ECfUbD#S>Tb-e$=%=Z|It-0-Q=Cc{v#S+ z2KmC}odB^UGX-*TV^&2CeZ@VQE?J!#HemSLtS3U{CI*=Et;?Jy(GI6?d0buUg^!9O zWrlROzAt2u$TYq_@^!zf%T>c34lAxKQB^F0L4`JD!`4Gpbl0=IpY+9TaO4d+!C<4u z6^x+kpdyA^x}2DFB^b|n~6&H$Lgh zS2;Qa89ybZDHiR7KMB=DEqEEtx~oZWw{P&qHN2{FCexdC&lzk6eKuil9G#BUR;8Hl z(n}K<@*|;-je`$~aoLhab`Y_QbQSgZ2X8%-ouH}QGCs2fWe+(l=aSX~L%v}89KBrY zW;(b_ny-ZF_qF(7PFQ|4AW9U%O8fR!z11pp*&bE+1Hb;{`n8136$CqGrFYr_xO;~Q zcyIILTpz`)Hk%j6?lnQ)`8MoK%M^3n3;9VVl_*zBC<&BXnINz=wKQRiuvt&Mio`D& zA4n_C_MZ5Zh02X%n0;1L-Jt4jR_!l)4=Udc64OLPkD49m0pkbODrtW>F@u5SDwLPa z`GsLDvCEz-_$_4?2^cPJ_(g>R8#qVzE?E9yWsqmoXxu&xA#~JzZg;i50XM&oKjjEK z2|*GSa!#AVu&Z(7nWX_=(1K;yt1U~?oCCrsPbtd0W=S)u{Ugki%(3#jtIp~k>gr9t z`_y#xHkQN*Pp#sB+g)9FLM3+FIIr3%ko!__N(bn~cNQb6*|hCaPa&b-OsBf8ysT1F zu$`;lSnILh-gEy|u(X|wPa(r%czM%0Ixvq69JZ*D<1b`)AeCd-z%ziJ`|PB?SsfHkObh^Dx zGU?Z1?%UufU8coMXr`D3i?k0%=;lJ6s;Nm9cJ|j4%Dz!s=Do4mGNYO})WIV!YU}1aA z=Arj+8RJ@dmcl}SN>o&qmb4IfLIrBBCL!-!@8`O(6|gR$-R1Ze;(F|-e}wz^BFB~*OQicG3}bQ z*rfLKa>7r+RDb19+b6d*Tix%qpc2|F4Jk|;cu1!Q{|N}b>~DB~rs_qtfyvc+;RHpe zq5fD)2Uu~pHrP{M#xei0Mc&9_&~)y;ga}rCHAPUoy~n_g-&TrATPSM8$5`qxeRQ{L z7VGQ%gyJ&;*2S z#Z-zj52qWd&g)bCGG;wx?0~L$*WXMZsZB;J{=Jw~Z544TH?+9k=tV>gNFY{Ir51qi z#_y^?mN$(Ll#YGB9lJN#)*#l7#ro9Lbj>rb7P(ahw02qBfiqSY`uMxFp~uhOvhleu z;H6J<`FO<6^`|4vLWd_A zkd=uzPy7bz$KHU1?nAxiLs(v&kCxNc)489F)oPNn(!oBj7ikN__sTriU43visx~Ex zAx7)^{+;KyF!pTnoQa57sAIY?V`6aqRY4zL=rd!q4v&U^l|c*4BaoQ)p|y3GM+ozx z-v{Ecw(E}bSMpnHjW-+rSpuC9oNz+4oZdfXx?Myw^J4p;ZkS_0<=nr6RFpS!X4BM> zZPTaLpzNy6riM8YinpH)&KC7{b`}9OUeMO7}q8`X{R&+19y6LIV{iK*D^0> z#e*J8IEpbrLc`k~X~p9CHn967c%3l{hHhF$CAWIS zhy}e~bE|;Z2l93)@NM*8Ioyo$Xnbb#taw+aR>}~?wv?jyAs!;z^zq3mtNf-e=9wey zZq_1%@}#u|2_*B(=8zQEPKKfKNj1q0nh{VFB@3D*PpPfM0x`!8eFJFMx-m`{bKY0EmOKV?w&_L?Yi=swXZ}#9H;Zebl7^ZE4WpXL;k(`0@C+%0^*B z1N8^)l?~c1|C`&COP2)KCZ`y>g#IjU!MkMD0@{M*`|)krxa|;^;YM3VD(+Zu=icd+ kKkDce)!8Y^YEM;wI@;@S#Cl&JquKrW&V_#p%h|;L0gA^-pY literal 0 HcmV?d00001 From 9c9119f9cd557c0282753abb39e9bf2282fc9f4f Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 17 Feb 2019 04:54:26 +0000 Subject: [PATCH 3/3] Move option http.web_ui_basepath to extension.admin_ui.base_path --- config.yaml | 4 +-- core/main/console/banners.rb | 6 ++-- core/main/router/router.rb | 2 +- core/main/server.rb | 4 +++ extensions/admin_ui/api/handler.rb | 4 +-- extensions/admin_ui/classes/httpcontroller.rb | 31 +++++++++++-------- extensions/admin_ui/config.yaml | 6 ++++ extensions/demos/html/basic.html | 2 +- 8 files changed, 36 insertions(+), 23 deletions(-) diff --git a/config.yaml b/config.yaml index 4bd0c9c41..e853313f4 100644 --- a/config.yaml +++ b/config.yaml @@ -54,9 +54,6 @@ beef: #public: "" # public hostname/IP address #public_port: "" # public port (experimental) - # Web Admin user interface URI - web_ui_basepath: "/ui" - # Hook hook_file: "/hook.js" hook_session_name: "BEEFHOOK" @@ -155,6 +152,7 @@ beef: extension: admin_ui: enable: true + base_path: "/ui" demos: enable: true events: diff --git a/core/main/console/banners.rb b/core/main/console/banners.rb index e1bfe40c6..f8247913f 100644 --- a/core/main/console/banners.rb +++ b/core/main/console/banners.rb @@ -80,14 +80,14 @@ module Banners proto = configuration.get("beef.http.https.enable") == true ? 'https' : 'http' hook_file = configuration.get("beef.http.hook_file") admin_ui = configuration.get("beef.extension.admin_ui.enable") ? true : false - web_ui_basepath = configuration.get("beef.http.web_ui_basepath") + admin_ui_path = configuration.get("beef.extension.admin_ui.base_path") # display the hook URL and Admin UI URL on each interface from the interfaces array self.interfaces.map do |host| print_info "running on network interface: #{host}" port = configuration.get("beef.http.port") data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n" - data += "UI URL: #{proto}://#{host}:#{port}#{web_ui_basepath}/panel\n" if admin_ui + data += "UI URL: #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui print_more data end @@ -97,7 +97,7 @@ module Banners port = configuration.get("beef.http.public_port") || configuration.get('beef.http.port') print_info 'Public:' data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n" - data += "UI URL: #{proto}://#{host}:#{port}#{web_ui_basepath}/panel\n" if admin_ui + data += "UI URL: #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui print_more data end end diff --git a/core/main/router/router.rb b/core/main/router/router.rb index 2c92dfecb..0298b1f49 100644 --- a/core/main/router/router.rb +++ b/core/main/router/router.rb @@ -130,7 +130,7 @@ module BeEF # @note Default root page get "/" do if config.get("beef.http.web_server_imitation.enable") - bp = config.get "beef.http.web_ui_basepath" + bp = config.get "beef.extension.admin_ui.base_path" type = config.get("beef.http.web_server_imitation.type") case type when "apache" diff --git a/core/main/server.rb b/core/main/server.rb index a701c7c78..708713e60 100644 --- a/core/main/server.rb +++ b/core/main/server.rb @@ -152,6 +152,10 @@ module BeEF print_warning 'Warning: Default SSL cert/key in use.' print_more 'Use the generate-certificate utility to generate a new certificate.' end + rescue => e + print_error "Failed to prepare HTTP server: #{e.message}" + puts e.backtrace + exit 1 end # diff --git a/extensions/admin_ui/api/handler.rb b/extensions/admin_ui/api/handler.rb index 915a9b31a..a319c4c78 100644 --- a/extensions/admin_ui/api/handler.rb +++ b/extensions/admin_ui/api/handler.rb @@ -51,7 +51,7 @@ module API end config = BeEF::Core::Configuration.instance - bp = config.get "beef.http.web_ui_basepath" + bp = config.get "beef.extension.admin_ui.base_path" # if more dynamic variables are needed in JavaScript files # add them here in the following Hash @@ -75,7 +75,7 @@ module API config = BeEF::Core::Configuration.instance # Web UI base path, like http://beef_domain//panel - bp = config.get "beef.http.web_ui_basepath" + bp = config.get "beef.extension.admin_ui.base_path" # registers the http controllers used by BeEF core (authentication, logs, modules and panel) Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each do |http_module| diff --git a/extensions/admin_ui/classes/httpcontroller.rb b/extensions/admin_ui/classes/httpcontroller.rb index 685ddda30..f2d7026bd 100644 --- a/extensions/admin_ui/classes/httpcontroller.rb +++ b/extensions/admin_ui/classes/httpcontroller.rb @@ -24,6 +24,10 @@ module AdminUI def initialize(data = {}) @erubis = nil @status = 200 if data['status'].nil? + @session = BeEF::Extension::AdminUI::Session.instance + + config = BeEF::Core::Configuration.instance + @bp = config.get "beef.extension.admin_ui.base_path" @headers = {'Content-Type' => 'text/html; charset=UTF-8'} if data['headers'].nil? @@ -40,11 +44,8 @@ module AdminUI def run(request, response) @request = request @params = request.params - @session = BeEF::Extension::AdminUI::Session.instance - config = BeEF::Core::Configuration.instance # Web UI base path, like http://beef_domain//panel - @bp = config.get "beef.http.web_ui_basepath" auth_url = "#{@bp}/authentication" # test if session is unauth'd and whether the auth functionality is requested @@ -77,7 +78,6 @@ module AdminUI # set content type if @headers['Content-Type'].nil? @headers['Content-Type']='text/html; charset=UTF-8' # default content and charset type for all pages - @headers['Content-Type']='application/json; charset=UTF-8' if request.path =~ /\.json$/ end rescue => e print_error "Error handling HTTP request: #{e.message}" @@ -85,22 +85,27 @@ module AdminUI end # Constructs a html script tag (from media/javascript directory) - def script_tag(filename) "" end + def script_tag(filename) + "" + end # Constructs a html script tag (from media/javascript-min directory) - def script_tag_min(filename) "" end + def script_tag_min(filename) + "" + end # Constructs a html stylesheet tag - def stylesheet_tag(filename) "" end + def stylesheet_tag(filename) + "" + end # Constructs a hidden html nonce tag def nonce_tag - @session = BeEF::Extension::AdminUI::Session.instance - "" + "" end def base_path - "#{@bp}" + @bp.to_s end private @@ -108,10 +113,10 @@ module AdminUI @eruby # Unescapes a URL-encoded string. - def unescape(s); s.tr('+', ' ').gsub(/%([\da-f]{2})/in){[$1].pack('H*')} end - + def unescape(s) + s.tr('+', ' ').gsub(/%([\da-f]{2})/in){[$1].pack('H*')} + end end - end end end diff --git a/extensions/admin_ui/config.yaml b/extensions/admin_ui/config.yaml index ce803a895..52131c44c 100644 --- a/extensions/admin_ui/config.yaml +++ b/extensions/admin_ui/config.yaml @@ -8,8 +8,14 @@ beef: admin_ui: name: 'Admin UI' enable: false + + # Admin UI base path + base_path: "/ui" + + # Favicon favicon_file_name: "favicon.ico" favicon_dir: "/images" + login_fail_delay: 1 play_sound_on_new_zombie: false diff --git a/extensions/demos/html/basic.html b/extensions/demos/html/basic.html index d8e7bbdc8..0b4eaddf2 100644 --- a/extensions/demos/html/basic.html +++ b/extensions/demos/html/basic.html @@ -16,7 +16,7 @@
- +

You should be hooked into BeEF.

Have fun while your browser is working against you.