Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add IP and port validation to beef.net

Browse Source
This commit is contained in:
Brendan Coles
2017-08-11 06:12:15 +00:00
parent f545b3631b
commit 173a65be13
10 changed files with 46 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
core/main/client/net.js
View File

@@ -514,6 +514,35 @@ beef.net = {
return false;
},
/**
* Checks if the specified port is valid
*/
is_valid_port: function (port) {
if (isNaN(port)) return false;
if (port > 65535 || port < 0) return false;
return true;
},
/**
* Checks if the specified IP address is valid
*/
is_valid_ip: function (ip) {
if (ip == null) return false;
var ip_match = ip.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
if (ip_match == null) return false;
return true;
},
/**
* Checks if the specified IP address range is valid
*/
is_valid_ip_range: function (ip_range) {
if (ip_range == null) return false;
var range_match = ip_range.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
if (range_match == null || range_match[1] == null) return false;
return true;
},
/**
* Sends back browser details to framework, calling beef.browser.getDetails()
*/

4
modules/exploits/extract_cmd_exec/command.js
View File

@@ -20,11 +20,11 @@ beef.execute(function() {
}
// validate target details
if (!rport || !rhost || isNaN(rport)) {
if (!rport || !rhost) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
return;
}
if (rport > 65535 || rport < 0) {
if (!beef.net.is_valid_port(rport)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
return;
}

4
modules/exploits/groovyshell_server_cmd_exec/command.js
View File

@@ -20,11 +20,11 @@ beef.execute(function() {
}
// validate target details
if (!rport || !rhost || isNaN(rport)) {
if (!rport || !rhost) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
return;
}
if (rport > 65535 || rport < 0) {
if (!beef.net.is_valid_port(rport)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
return;
}

4
modules/exploits/qnx_qconn_command_execution/command.js
View File

@@ -20,11 +20,11 @@ beef.execute(function() {
}
// validate target details
if (!rport || !rhost || isNaN(rport)) {
if (!rport || !rhost) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
return;
}
if (rport > 65535 || rport < 0) {
if (!beef.net.is_valid_port(rport)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
return;
}

4
modules/exploits/ruby_nntpd_cmd_exec/command.js
View File

@@ -20,11 +20,11 @@ beef.execute(function() {
}
// validate target details
if (!rport || !rhost || isNaN(rport)) {
if (!rport || !rhost) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
return;
}
if (rport > 65535 || rport < 0) {
if (!beef.net.is_valid_port(rport)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
return;
}

4
modules/ipec/cross_site_printing/command.js
View File

@@ -46,9 +46,9 @@ beef.execute(function() {
}
// validate target
if (!target_port || !target_ip || isNaN(target_port)) {
if (!target_port || !target_ip) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed target host or target port');
} else if (target_port > 65535 || target_port < 0) {
} else if (!beef.net.is_valid_port(target_port)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
// send request and wait for reply
} else {

5
modules/ipec/inter_protocol_posix_bindshell/command.js
View File

@@ -81,11 +81,10 @@ beef.execute(function() {
}
// validate target
if (!target_port || !target_ip || isNaN(target_port)) {
if (!target_port || !target_ip) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed target host or target port');
} else if (target_port > 65535 || target_port < 0) {
} else if (!beef.net.is_valid_port(target_port)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
// send request and wait for reply
} else {
send_cmds(target_ip, target_port, cmd,result_size);

2
modules/ipec/inter_protocol_redis/command.js
View File

@@ -23,7 +23,7 @@ beef.execute(function() {
// validate target port
var rport = "<%= @rport %>";
if (!rport || rport > 65535 || rport < 0 || isNaN(rport)) {
if (!beef.net.is_valid_port(rport)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
return;
}

2
modules/ipec/inter_protocol_win_bindshell/command.js
View File

@@ -23,7 +23,7 @@ beef.execute(function() {
// validate target port
var rport = "<%= @rport %>";
if (!rport || rport > 65535 || rport < 0 || isNaN(rport)) {
if (!beef.net.is_valid_port(rport)) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
return;
}

23
modules/network/get_http_servers/command.js
View File

@@ -31,16 +31,11 @@ beef.execute(function() {
}
// set target ports
var is_valid_port = function(port) {
if (isNaN(port)) return false;
if (port > 65535 || port < 0) return false;
return true;
}
ports = ports.split(',');
var target_ports = new Array();
for (var i=0; i<ports.length; i++) {
var p = ports[i].replace(/(^\s+|\s+$)/g, '');
if (is_valid_port(p)) target_ports.push(p);
if (beef.net.is_valid_port(p)) target_ports.push(p);
}
ports = sort_unique(target_ports);
if (ports.length == 0) {
@@ -49,18 +44,6 @@ beef.execute(function() {
}
// set target IP addresses
var is_valid_ip = function(ip) {
if (ip == null) return false;
var ip_match = ip.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
if (ip_match == null) return false;
return true;
}
var is_valid_ip_range = function(ip_range) {
if (ip_range == null) return false;
var range_match = ip_range.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
if (range_match == null || range_match[1] == null) return false;
return true;
}
if (ips == 'common') {
ips = [
'192.168.0.1',
@@ -84,8 +67,8 @@ beef.execute(function() {
var target_ips = new Array();
for (var i=0; i<ips.length; i++) {
var ip = ips[i].replace(/(^\s+|\s+$)/g, '');
if (is_valid_ip(ip)) target_ips.push(ip);
else if (is_valid_ip_range(ip)) {
if (beef.net.is_valid_ip(ip)) target_ips.push(ip);
else if (beef.net.is_valid_ip_range(ip)) {
ipBounds = ip.split('-');
lowerBound = ipBounds[0].split('.')[3];
upperBound = ipBounds[1].split('.')[3];