Release: 0.5.3.0 (#2169)

* Fix #1851 - Command/request(s) sent to zombie 'undefined' bug (#1963) * Provided correct context in locationHashChanged() to have data necessary for the nested function calls to act as intended. * rubocop cleanup (#2170) * version up (#2172) Co-authored-by: Jack Walker <46417690+jackdwalker@users.noreply.github.com> Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com>
2021-09-24 11:06:47 +10:00
parent 694df4c17b
commit 43e3fa5432
7 changed files with 50 additions and 45 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -5,7 +5,7 @@ Verify first that your issue/request has not been posted previously:
 * https://github.com/beefproject/beef/issues
 * https://github.com/beefproject/beef/wiki/FAQ
-Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.2.0).
+Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.3.0).
 Please do your best to provide as much information as possible. It will help substantially if you can enable and provide debugging logs with your issue. Instructions for enabling debugging logs are below:
--- a/2
+++ b/2
@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
-0.5.2.0
+0.5.3.0
--- a/config.yaml
+++ b/config.yaml
@@ -6,7 +6,7 @@
 # BeEF Configuration file
 beef:
-    version: '0.5.2.0'
+    version: '0.5.3.0'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
--- a/core/api.rb
+++ b/core/api.rb
@@ -24,28 +24,28 @@ module BeEF
      # Register timed API calls to an owner
      #
      # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class the owner would like to hook into
+      # @param [Class] cla the API class the owner would like to hook into
      # @param [String] method the method of the class the owner would like to execute
      # @param [Array] params an array of parameters that need to be matched before the owner will be called
      #
-      def register(owner, c, method, params = [])
+      def register(owner, cla, method, params = [])
-        unless verify_api_path(c, method)
+        unless verify_api_path(cla, method)
-          print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}"
+          print_error "API Registrar: Attempted to register non-existant API method #{cla} :#{method}"
          return
        end
-        if registered?(owner, c, method, params)
+        if registered?(owner, cla, method, params)
-          print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}"
+          print_debug "API Registrar: Attempting to re-register API call #{cla} :#{method}"
          return
        end
        id = @count
        @registry << {
-          'id'     => id,
+          'id': id,
-          'owner'  => owner,
+          'owner': owner,
-          'class'  => c,
+          'class': cla,
-          'method' => method,
+          'method': method,
-          'params' => params
+          'params': params
        }
        @count += 1
@@ -56,18 +56,19 @@ module BeEF
      # Tests whether the owner is registered for an API hook
      #
      # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class
+      # @param [Class] cla the API class
      # @param [String] method the method of the class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Boolean] whether or not the owner is registered
      #
-      def registered?(owner, c, method, params = [])
+      def registered?(owner, cla, method, params = [])
        @registry.each do |r|
          next unless r['owner'] == owner
-          next unless r['class'] == c
+          next unless r['class'] == cla
          next unless r['method'] == method
          next unless is_matched_params? r, params
          return true
        end
        false
@@ -76,17 +77,18 @@ module BeEF
      #
      # Match a timed API call to determine if an API.fire() is required
      #
-      # @param [Class] c the target API class
+      # @param [Class] cla the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Boolean] whether or not the arguments match an entry in the API registry
      #
-      def matched?(c, method, params = [])
+      def matched?(cla, method, params = [])
        @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == cla
          next unless r['method'] == method
          next unless is_matched_params? r, params
          return true
        end
        false
@@ -98,24 +100,25 @@ module BeEF
      # @param [Integer] id the ID of the API hook
      #
      def unregister(id)
-        @registry.delete_if {|r| r['id'] == id }
+        @registry.delete_if { |r| r['id'] == id }
      end
      #
      # Retrieves all the owners and ID's of an API hook
-      # @param [Class] c the target API class
+      # @param [Class] cla the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Array] an array of hashes consisting of two keys :owner and :id
      #
-      def get_owners(c, method, params = [])
+      def get_owners(cla, method, params = [])
        owners = []
        @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == cla
          next unless r['method'] == method
          next unless is_matched_params? r, params
-          owners << { :owner => r['owner'], :id => r['id'] }
+
          owners << { owner: r['owner'], id: r['id'] }
        end
        owners
      end
@@ -126,23 +129,23 @@ module BeEF
      #
      # @note This is a security precaution
      #
-      # @param [Class] c the target API class to verify
+      # @param [Class] cla the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [String] met the target method to verify
      #
-      def verify_api_path(c, m)
+      def verify_api_path(cla, met)
-        (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m))
+        (cla.const_defined?('API_PATHS') && cla.const_get('API_PATHS').key?(met))
      end
      #
      # Retrieves the registered symbol reference for an API hook
      #
-      # @param [Class] c the target API class to verify
+      # @param [Class] cla the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [String] met the target method to verify
      #
      # @return [Symbol] the API path
      #
-      def get_api_path(c, m)
+      def get_api_path(cla, met)
-        verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil
+        verify_api_path(cla, met) ? cla.const_get('API_PATHS')[met] : nil
      end
      #
@@ -171,24 +174,24 @@ module BeEF
      #
      # Fires all owners registered to this API hook
      #
-      # @param [Class] c the target API class
+      # @param [Class] cla the target API class
-      # @param [String] m the target API method
+      # @param [String] met the target API method
      # @param [Array] *args parameters passed for the API call
      #
      # @return [Hash, NilClass] returns either a Hash of :api_id and :data
      #         if the owners return data, otherwise NilClass
      #
-      def fire(c, m, *args)
+      def fire(cla, met, *args)
-        mods = get_owners(c, m, args)
+        mods = get_owners(cla, met, args)
        return nil unless mods.length.positive?
-        unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API'
+        unless verify_api_path(cla, met) && cla.ancestors[0].to_s > 'BeEF::API'
-          print_error "API Path not defined for Class: #{c} method:#{method}"
+          print_error "API Path not defined for Class: #{cla} method:#{method}"
          return []
        end
        data = []
-        method = get_api_path(c, m)
+        method = get_api_path(cla, met)
        mods.each do |mod|
          begin
            # Only used for API Development (very verbose)
@@ -196,7 +199,7 @@ module BeEF
            result = mod[:owner].method(method).call(*args)
            unless result.nil?
-              data << { :api_id => mod[:id], :data => result }
+              data << { api_id: mod[:id], data: result }
            end
          rescue => e
            print_error "API Fire Error: #{e.message} in #{mod}.#{method}()"
@@ -214,7 +217,7 @@ require 'core/api/modules'
 require 'core/api/extension'
 require 'core/api/extensions'
 require 'core/api/main/migration'
-require 'core/api/main/network_stack/assethandler.rb'
+require 'core/api/main/network_stack/assethandler'
 require 'core/api/main/server'
 require 'core/api/main/server/hook'
 require 'core/api/main/configuration'
--- a/extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js
@@ -91,11 +91,13 @@ function locationHashChanged() {
  if (id === null) return;
  var zombie = Object.values(beefwui.hooked_browsers).find(hb => hb.session === id);
  id = id.replace(/[^a-z0-9]/gi, '');
  console.log("Loading hooked browser with ID: " + id);
  mainPanel.remove(mainPanel.getComponent('current-browser'));
  if(!mainPanel.getComponent('current-browser')) {
-    mainPanel.add(new ZombieTab({session: id}));
+    mainPanel.add(new ZombieTab(zombie));
  }
  mainPanel.activate(mainPanel.getComponent('current-browser'));
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,5 +1,5 @@
 {
  "name": "BeEF",
-  "version": "0.5.2.0",
+  "version": "0.5.3.0",
  "lockfileVersion": 1
 }
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "BeEF",
-    "version": "0.5.2.0",
+    "version": "0.5.3.0",
    "description": "The Browser Exploitation Framework Project",
    "scripts": {
        "docs": "./node_modules/.bin/jsdoc -c conf.json"