From 43e3fa54326631a69ec050bb70f006693a60ba52 Mon Sep 17 00:00:00 2001 From: wheatley Date: Fri, 24 Sep 2021 11:06:47 +1000 Subject: [PATCH] Release: 0.5.3.0 (#2169) * Fix #1851 - Command/request(s) sent to zombie 'undefined' bug (#1963) * Provided correct context in locationHashChanged() to have data necessary for the nested function calls to act as intended. * rubocop cleanup (#2170) * version up (#2172) Co-authored-by: Jack Walker <46417690+jackdwalker@users.noreply.github.com> Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com> --- .github/ISSUE_TEMPLATE.md | 2 +- VERSION | 2 +- config.yaml | 2 +- core/api.rb | 81 ++++++++++--------- .../media/javascript/ui/panel/PanelViewer.js | 4 +- package-lock.json | 2 +- package.json | 2 +- 7 files changed, 50 insertions(+), 45 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 72a1dda3a..5c3fe4155 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -5,7 +5,7 @@ Verify first that your issue/request has not been posted previously: * https://github.com/beefproject/beef/issues * https://github.com/beefproject/beef/wiki/FAQ -Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.2.0). +Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.3.0). Please do your best to provide as much information as possible. It will help substantially if you can enable and provide debugging logs with your issue. Instructions for enabling debugging logs are below: diff --git a/VERSION b/VERSION index d49b9337a..512323139 100644 --- a/VERSION +++ b/VERSION @@ -4,4 +4,4 @@ # See the file 'doc/COPYING' for copying permission # -0.5.2.0 +0.5.3.0 diff --git a/config.yaml b/config.yaml index 674a21e87..e0668e8ea 100644 --- a/config.yaml +++ b/config.yaml @@ -6,7 +6,7 @@ # BeEF Configuration file beef: - version: '0.5.2.0' + version: '0.5.3.0' # More verbose messages (server-side) debug: false # More verbose messages (client-side) diff --git a/core/api.rb b/core/api.rb index 5b132e531..62dd586f8 100644 --- a/core/api.rb +++ b/core/api.rb @@ -24,28 +24,28 @@ module BeEF # Register timed API calls to an owner # # @param [Class] owner the owner of the API hook - # @param [Class] c the API class the owner would like to hook into + # @param [Class] cla the API class the owner would like to hook into # @param [String] method the method of the class the owner would like to execute # @param [Array] params an array of parameters that need to be matched before the owner will be called # - def register(owner, c, method, params = []) - unless verify_api_path(c, method) - print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}" + def register(owner, cla, method, params = []) + unless verify_api_path(cla, method) + print_error "API Registrar: Attempted to register non-existant API method #{cla} :#{method}" return end - if registered?(owner, c, method, params) - print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}" + if registered?(owner, cla, method, params) + print_debug "API Registrar: Attempting to re-register API call #{cla} :#{method}" return end id = @count @registry << { - 'id' => id, - 'owner' => owner, - 'class' => c, - 'method' => method, - 'params' => params + 'id': id, + 'owner': owner, + 'class': cla, + 'method': method, + 'params': params } @count += 1 @@ -56,18 +56,19 @@ module BeEF # Tests whether the owner is registered for an API hook # # @param [Class] owner the owner of the API hook - # @param [Class] c the API class + # @param [Class] cla the API class # @param [String] method the method of the class # @param [Array] params an array of parameters that need to be matched # # @return [Boolean] whether or not the owner is registered # - def registered?(owner, c, method, params = []) + def registered?(owner, cla, method, params = []) @registry.each do |r| next unless r['owner'] == owner - next unless r['class'] == c + next unless r['class'] == cla next unless r['method'] == method next unless is_matched_params? r, params + return true end false @@ -76,17 +77,18 @@ module BeEF # # Match a timed API call to determine if an API.fire() is required # - # @param [Class] c the target API class + # @param [Class] cla the target API class # @param [String] method the method of the target API class # @param [Array] params an array of parameters that need to be matched # # @return [Boolean] whether or not the arguments match an entry in the API registry # - def matched?(c, method, params = []) + def matched?(cla, method, params = []) @registry.each do |r| - next unless r['class'] == c + next unless r['class'] == cla next unless r['method'] == method next unless is_matched_params? r, params + return true end false @@ -98,24 +100,25 @@ module BeEF # @param [Integer] id the ID of the API hook # def unregister(id) - @registry.delete_if {|r| r['id'] == id } + @registry.delete_if { |r| r['id'] == id } end # # Retrieves all the owners and ID's of an API hook - # @param [Class] c the target API class + # @param [Class] cla the target API class # @param [String] method the method of the target API class # @param [Array] params an array of parameters that need to be matched # # @return [Array] an array of hashes consisting of two keys :owner and :id # - def get_owners(c, method, params = []) + def get_owners(cla, method, params = []) owners = [] @registry.each do |r| - next unless r['class'] == c + next unless r['class'] == cla next unless r['method'] == method next unless is_matched_params? r, params - owners << { :owner => r['owner'], :id => r['id'] } + + owners << { owner: r['owner'], id: r['id'] } end owners end @@ -126,23 +129,23 @@ module BeEF # # @note This is a security precaution # - # @param [Class] c the target API class to verify - # @param [String] m the target method to verify + # @param [Class] cla the target API class to verify + # @param [String] met the target method to verify # - def verify_api_path(c, m) - (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m)) + def verify_api_path(cla, met) + (cla.const_defined?('API_PATHS') && cla.const_get('API_PATHS').key?(met)) end # # Retrieves the registered symbol reference for an API hook # - # @param [Class] c the target API class to verify - # @param [String] m the target method to verify + # @param [Class] cla the target API class to verify + # @param [String] met the target method to verify # # @return [Symbol] the API path # - def get_api_path(c, m) - verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil + def get_api_path(cla, met) + verify_api_path(cla, met) ? cla.const_get('API_PATHS')[met] : nil end # @@ -171,24 +174,24 @@ module BeEF # # Fires all owners registered to this API hook # - # @param [Class] c the target API class - # @param [String] m the target API method + # @param [Class] cla the target API class + # @param [String] met the target API method # @param [Array] *args parameters passed for the API call # # @return [Hash, NilClass] returns either a Hash of :api_id and :data # if the owners return data, otherwise NilClass # - def fire(c, m, *args) - mods = get_owners(c, m, args) + def fire(cla, met, *args) + mods = get_owners(cla, met, args) return nil unless mods.length.positive? - unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API' - print_error "API Path not defined for Class: #{c} method:#{method}" + unless verify_api_path(cla, met) && cla.ancestors[0].to_s > 'BeEF::API' + print_error "API Path not defined for Class: #{cla} method:#{method}" return [] end data = [] - method = get_api_path(c, m) + method = get_api_path(cla, met) mods.each do |mod| begin # Only used for API Development (very verbose) @@ -196,7 +199,7 @@ module BeEF result = mod[:owner].method(method).call(*args) unless result.nil? - data << { :api_id => mod[:id], :data => result } + data << { api_id: mod[:id], data: result } end rescue => e print_error "API Fire Error: #{e.message} in #{mod}.#{method}()" @@ -214,7 +217,7 @@ require 'core/api/modules' require 'core/api/extension' require 'core/api/extensions' require 'core/api/main/migration' -require 'core/api/main/network_stack/assethandler.rb' +require 'core/api/main/network_stack/assethandler' require 'core/api/main/server' require 'core/api/main/server/hook' require 'core/api/main/configuration' diff --git a/extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js b/extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js index d6bdbfcf6..1c192f0b9 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js +++ b/extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js @@ -91,11 +91,13 @@ function locationHashChanged() { if (id === null) return; + var zombie = Object.values(beefwui.hooked_browsers).find(hb => hb.session === id); + id = id.replace(/[^a-z0-9]/gi, ''); console.log("Loading hooked browser with ID: " + id); mainPanel.remove(mainPanel.getComponent('current-browser')); if(!mainPanel.getComponent('current-browser')) { - mainPanel.add(new ZombieTab({session: id})); + mainPanel.add(new ZombieTab(zombie)); } mainPanel.activate(mainPanel.getComponent('current-browser')); diff --git a/package-lock.json b/package-lock.json index 298ab3e4c..97cc4d9ef 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { "name": "BeEF", - "version": "0.5.2.0", + "version": "0.5.3.0", "lockfileVersion": 1 } diff --git a/package.json b/package.json index 5edd81729..73b8bc203 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "BeEF", - "version": "0.5.2.0", + "version": "0.5.3.0", "description": "The Browser Exploitation Framework Project", "scripts": { "docs": "./node_modules/.bin/jsdoc -c conf.json"