From 75f33016ea1288a6e727276e6f518cbdb42d11f4 Mon Sep 17 00:00:00 2001 From: Saafan Date: Mon, 22 Jul 2013 08:49:56 -0400 Subject: [PATCH 1/2] Added support for target browser detection for MSF modules #530 --- .../admin_ui/controllers/modules/modules.rb | 28 ++++--------------- extensions/metasploit/api.rb | 24 +++++++++++++++- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb index 7e8f5a280..867faa596 100644 --- a/extensions/admin_ui/controllers/modules/modules.rb +++ b/extensions/admin_ui/controllers/modules/modules.rb @@ -326,29 +326,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController if(dynamic_modules != nil) all_modules = BeEF::Core::Models::CommandModule.all(:order => [:id.asc]) all_modules.each{|dyn_mod| - next if !dyn_mod.path.split('/').first.match(/^Dynamic/) - - hook_session_id = @params['zombie_session'] || nil - (print_error "hook_session_id is nil";return) if hook_session_id.nil? - - dyn_mod_name = dyn_mod.path.split('/').last - dyn_mod_category = nil - if(dyn_mod_name == "Msf") - dyn_mod_category = "Metasploit" - else - # future dynamic modules... - end - - print_debug ("Loading Dynamic command module: category [#{dyn_mod_category}] - name [#{dyn_mod.name.to_s}]") - command_mod = BeEF::Modules::Commands.const_get(dyn_mod_name.capitalize).new - command_mod.session_id = hook_session_id - command_mod.update_info(dyn_mod.id) - command_mod_name = command_mod.info['Name'].downcase - - # create url path and file for the command module icon - #command_module_status = set_command_module_status(command_mod) - command_module_status = BeEF::Core::Constants::CommandModule::VERIFIED_UNKNOWN - command_module_icon_path = set_command_module_icon(command_mod) + next if !dyn_mod.path.split('/')[1].match(/^metasploit/) + command_mod_name = dyn_mod["name"] + dyn_mod_category = "Metasploit" + command_module_status = set_command_module_status(command_mod_name) + command_module_icon_path = set_command_module_icon(command_module_status) update_command_module_tree(tree, dyn_mod_category, command_module_icon_path, command_module_status, command_mod_name,dyn_mod.id) } diff --git a/extensions/metasploit/api.rb b/extensions/metasploit/api.rb index 644adf6af..861f67e98 100644 --- a/extensions/metasploit/api.rb +++ b/extensions/metasploit/api.rb @@ -48,6 +48,27 @@ module BeEF #m.split('/')[0...-1].each{|c| # categories.push(c.capitalize) #} + + if m_details['description'] =~ /Java|JVM|flash|Adobe/i + target_browser = {BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY => ["ALL"]} + elsif m_details['description'] =~ /IE|Internet\s+Explorer/i + target_browser = {BeEF::Core::Constants::CommandModule::VERIFIED_WORKING => ["IE"]} + elsif m_details['description'] =~ /Firefox/i + target_browser = {BeEF::Core::Constants::CommandModule::VERIFIED_WORKING => ["FF"]} + elsif m_details['description'] =~ /Chrome/i + target_browser = {BeEF::Core::Constants::CommandModule::VERIFIED_WORKING => ["C"]} + elsif m_details['description'] =~ /Safari/i + target_browser = {BeEF::Core::Constants::CommandModule::VERIFIED_WORKING => ["S"]} + elsif m_details['description'] =~ /Opera/i + target_browser = {BeEF::Core::Constants::CommandModule::VERIFIED_WORKING => ["O"]} + end + #TODO: + # - Add support for detection of target OS + # - Add support for detection of target services (e.g. java, flash, silverlight, ...etc) + # - Add support for multiple target browsers as currently only 1 browser will match or all + + + msf_module_config[key] = { 'enable'=> true, 'msf'=> true, @@ -57,7 +78,8 @@ module BeEF 'description'=> m_details['description'], 'authors'=> m_details['references'], 'path'=> path, - 'class'=> 'Msf_module' + 'class'=> 'Msf_module', + 'target'=> target_browser } BeEF::API::Registrar.instance.register(BeEF::Extension::Metasploit::API::MetasploitHooks, BeEF::API::Module, 'get_options', [key]) BeEF::API::Registrar.instance.register(BeEF::Extension::Metasploit::API::MetasploitHooks, BeEF::API::Module, 'get_payload_options', [key, nil]) From ee1e29341efbea7b415715f63a994e5c9a0b9a4c Mon Sep 17 00:00:00 2001 From: bcoles Date: Sun, 16 Mar 2014 18:18:18 +1030 Subject: [PATCH 2/2] Move firefox extension modules to social engineering directory --- .../firefox_extension_bindshell/command.js | 0 .../firefox_extension_bindshell/config.yaml | 2 +- .../extension/HTML5_Enhancements.xpi | Bin .../extension/bootstrap.js | 0 .../extension/build/readme.txt | 0 .../extension/chrome.manifest | 0 .../extension/install.rdf | 0 .../extension/overlay.xul | 0 .../firefox_extension_bindshell/module.rb | 4 ++-- .../firefox_extension_dropper/command.js | 0 .../firefox_extension_dropper/config.yaml | 2 +- .../firefox_extension_dropper/dropper/readme.txt | 0 .../extension/bootstrap.js | 0 .../extension/build/readme.txt | 0 .../extension/chrome.manifest | 0 .../firefox_extension_dropper/extension/install.rdf | 0 .../firefox_extension_dropper/extension/overlay.xul | 0 .../firefox_extension_dropper/module.rb | 4 ++-- .../firefox_extension_reverse_shell/command.js | 0 .../firefox_extension_reverse_shell/config.yaml | 2 +- .../extension/HTML5_Enhancements.xpi | Bin .../extension/bootstrap.js | 0 .../extension/build/readme.txt | 0 .../extension/chrome.manifest | 0 .../extension/install.rdf | 0 .../extension/overlay.xul | 0 .../firefox_extension_reverse_shell/module.rb | 4 ++-- 27 files changed, 9 insertions(+), 9 deletions(-) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/command.js (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/config.yaml (93%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/extension/HTML5_Enhancements.xpi (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/extension/bootstrap.js (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/extension/build/readme.txt (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/extension/chrome.manifest (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/extension/install.rdf (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/extension/overlay.xul (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_bindshell/module.rb (93%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/command.js (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/config.yaml (93%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/dropper/readme.txt (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/extension/bootstrap.js (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/extension/build/readme.txt (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/extension/chrome.manifest (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/extension/install.rdf (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/extension/overlay.xul (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_dropper/module.rb (94%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/command.js (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/config.yaml (93%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/extension/HTML5_Enhancements.xpi (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/extension/bootstrap.js (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/extension/build/readme.txt (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/extension/chrome.manifest (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/extension/install.rdf (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/extension/overlay.xul (100%) rename modules/{exploits/local_host => social_engineering}/firefox_extension_reverse_shell/module.rb (93%) diff --git a/modules/exploits/local_host/firefox_extension_bindshell/command.js b/modules/social_engineering/firefox_extension_bindshell/command.js similarity index 100% rename from modules/exploits/local_host/firefox_extension_bindshell/command.js rename to modules/social_engineering/firefox_extension_bindshell/command.js diff --git a/modules/exploits/local_host/firefox_extension_bindshell/config.yaml b/modules/social_engineering/firefox_extension_bindshell/config.yaml similarity index 93% rename from modules/exploits/local_host/firefox_extension_bindshell/config.yaml rename to modules/social_engineering/firefox_extension_bindshell/config.yaml index 1d427dd3b..9eb6eb45a 100644 --- a/modules/exploits/local_host/firefox_extension_bindshell/config.yaml +++ b/modules/social_engineering/firefox_extension_bindshell/config.yaml @@ -7,7 +7,7 @@ beef: module: firefox_extension_bindshell: enable: true - category: ["Exploits", "Local Host"] + category: ["Social Engineering"] name: "Firefox Extension (Bindshell)" description: "Create on the fly a malicious Firefox extension that binds a shell to a specified port.

The extension is based on the original work from Michael Schierl and his Metasploit module, and joev's Firefox payloads for Metasploit." authors: ["antisnatchor", "bcoles"] diff --git a/modules/exploits/local_host/firefox_extension_bindshell/extension/HTML5_Enhancements.xpi b/modules/social_engineering/firefox_extension_bindshell/extension/HTML5_Enhancements.xpi similarity index 100% rename from modules/exploits/local_host/firefox_extension_bindshell/extension/HTML5_Enhancements.xpi rename to modules/social_engineering/firefox_extension_bindshell/extension/HTML5_Enhancements.xpi diff --git a/modules/exploits/local_host/firefox_extension_bindshell/extension/bootstrap.js b/modules/social_engineering/firefox_extension_bindshell/extension/bootstrap.js similarity index 100% rename from modules/exploits/local_host/firefox_extension_bindshell/extension/bootstrap.js rename to modules/social_engineering/firefox_extension_bindshell/extension/bootstrap.js diff --git a/modules/exploits/local_host/firefox_extension_bindshell/extension/build/readme.txt b/modules/social_engineering/firefox_extension_bindshell/extension/build/readme.txt similarity index 100% rename from modules/exploits/local_host/firefox_extension_bindshell/extension/build/readme.txt rename to modules/social_engineering/firefox_extension_bindshell/extension/build/readme.txt diff --git a/modules/exploits/local_host/firefox_extension_bindshell/extension/chrome.manifest b/modules/social_engineering/firefox_extension_bindshell/extension/chrome.manifest similarity index 100% rename from modules/exploits/local_host/firefox_extension_bindshell/extension/chrome.manifest rename to modules/social_engineering/firefox_extension_bindshell/extension/chrome.manifest diff --git a/modules/exploits/local_host/firefox_extension_bindshell/extension/install.rdf b/modules/social_engineering/firefox_extension_bindshell/extension/install.rdf similarity index 100% rename from modules/exploits/local_host/firefox_extension_bindshell/extension/install.rdf rename to modules/social_engineering/firefox_extension_bindshell/extension/install.rdf diff --git a/modules/exploits/local_host/firefox_extension_bindshell/extension/overlay.xul b/modules/social_engineering/firefox_extension_bindshell/extension/overlay.xul similarity index 100% rename from modules/exploits/local_host/firefox_extension_bindshell/extension/overlay.xul rename to modules/social_engineering/firefox_extension_bindshell/extension/overlay.xul diff --git a/modules/exploits/local_host/firefox_extension_bindshell/module.rb b/modules/social_engineering/firefox_extension_bindshell/module.rb similarity index 93% rename from modules/exploits/local_host/firefox_extension_bindshell/module.rb rename to modules/social_engineering/firefox_extension_bindshell/module.rb index 179d43901..3ba31175b 100644 --- a/modules/exploits/local_host/firefox_extension_bindshell/module.rb +++ b/modules/social_engineering/firefox_extension_bindshell/module.rb @@ -38,7 +38,7 @@ class Firefox_extension_bindshell < BeEF::Core::Command end end - mod_path = "#{$root_dir}/modules/exploits/local_host/firefox_extension_bindshell" + mod_path = "#{$root_dir}/modules/social_engineering/firefox_extension_bindshell" extension_path = mod_path + "/extension" # clean the build directory @@ -65,7 +65,7 @@ class Firefox_extension_bindshell < BeEF::Core::Command # mount the extension in the BeEF web server, calling a specific nested class (needed because we need a specific content-type/disposition) bind_extension = Firefox_extension_bindshell::Bind_extension - bind_extension.set :extension_path, "#{$root_dir}/modules/exploits/local_host/firefox_extension_bindshell/extension/#{@xpi_name}.xpi" + bind_extension.set :extension_path, "#{$root_dir}/modules/social_engineering/firefox_extension_bindshell/extension/#{@xpi_name}.xpi" BeEF::Core::Server.instance.mount("/#{@xpi_name}.xpi", bind_extension.new) BeEF::Core::Server.instance.remap end diff --git a/modules/exploits/local_host/firefox_extension_dropper/command.js b/modules/social_engineering/firefox_extension_dropper/command.js similarity index 100% rename from modules/exploits/local_host/firefox_extension_dropper/command.js rename to modules/social_engineering/firefox_extension_dropper/command.js diff --git a/modules/exploits/local_host/firefox_extension_dropper/config.yaml b/modules/social_engineering/firefox_extension_dropper/config.yaml similarity index 93% rename from modules/exploits/local_host/firefox_extension_dropper/config.yaml rename to modules/social_engineering/firefox_extension_dropper/config.yaml index cefbb1211..79a802cb1 100644 --- a/modules/exploits/local_host/firefox_extension_dropper/config.yaml +++ b/modules/social_engineering/firefox_extension_dropper/config.yaml @@ -7,7 +7,7 @@ beef: module: firefox_extension_dropper: enable: true - category: ["Exploits", "Local Host"] + category: ["Social Engineering"] name: "Firefox Extension (Dropper)" description: "Create on the fly a malicious Firefox extension that embeds a dropper you can specify (add it to the 'dropper' directory).

The extension is based on the original work from Michael Schierl and his Metasploit module." authors: ["antisnatchor"] diff --git a/modules/exploits/local_host/firefox_extension_dropper/dropper/readme.txt b/modules/social_engineering/firefox_extension_dropper/dropper/readme.txt similarity index 100% rename from modules/exploits/local_host/firefox_extension_dropper/dropper/readme.txt rename to modules/social_engineering/firefox_extension_dropper/dropper/readme.txt diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/bootstrap.js b/modules/social_engineering/firefox_extension_dropper/extension/bootstrap.js similarity index 100% rename from modules/exploits/local_host/firefox_extension_dropper/extension/bootstrap.js rename to modules/social_engineering/firefox_extension_dropper/extension/bootstrap.js diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/build/readme.txt b/modules/social_engineering/firefox_extension_dropper/extension/build/readme.txt similarity index 100% rename from modules/exploits/local_host/firefox_extension_dropper/extension/build/readme.txt rename to modules/social_engineering/firefox_extension_dropper/extension/build/readme.txt diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/chrome.manifest b/modules/social_engineering/firefox_extension_dropper/extension/chrome.manifest similarity index 100% rename from modules/exploits/local_host/firefox_extension_dropper/extension/chrome.manifest rename to modules/social_engineering/firefox_extension_dropper/extension/chrome.manifest diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/install.rdf b/modules/social_engineering/firefox_extension_dropper/extension/install.rdf similarity index 100% rename from modules/exploits/local_host/firefox_extension_dropper/extension/install.rdf rename to modules/social_engineering/firefox_extension_dropper/extension/install.rdf diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/overlay.xul b/modules/social_engineering/firefox_extension_dropper/extension/overlay.xul similarity index 100% rename from modules/exploits/local_host/firefox_extension_dropper/extension/overlay.xul rename to modules/social_engineering/firefox_extension_dropper/extension/overlay.xul diff --git a/modules/exploits/local_host/firefox_extension_dropper/module.rb b/modules/social_engineering/firefox_extension_dropper/module.rb similarity index 94% rename from modules/exploits/local_host/firefox_extension_dropper/module.rb rename to modules/social_engineering/firefox_extension_dropper/module.rb index 13a782f0a..4860d1dd2 100644 --- a/modules/exploits/local_host/firefox_extension_dropper/module.rb +++ b/modules/social_engineering/firefox_extension_dropper/module.rb @@ -35,7 +35,7 @@ class Firefox_extension_dropper < BeEF::Core::Command end end - mod_path = "#{$root_dir}/modules/exploits/local_host/firefox_extension_dropper" + mod_path = "#{$root_dir}/modules/social_engineering/firefox_extension_dropper" extension_path = mod_path + "/extension" # clean the build directory @@ -75,7 +75,7 @@ class Firefox_extension_dropper < BeEF::Core::Command # mount the extension in the BeEF web server, calling a specific nested class (needed because we need a specifi content-type/disposition) bind_extension = Firefox_extension_dropper::Bind_extension - bind_extension.set :extension_path, "#{$root_dir}/modules/exploits/local_host/firefox_extension_dropper/extension/#{@xpi_name}.xpi" + bind_extension.set :extension_path, "#{$root_dir}/modules/social_engineering/firefox_extension_dropper/extension/#{@xpi_name}.xpi" BeEF::Core::Server.instance.mount("/#{@xpi_name}.xpi", bind_extension.new) BeEF::Core::Server.instance.remap end diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/command.js b/modules/social_engineering/firefox_extension_reverse_shell/command.js similarity index 100% rename from modules/exploits/local_host/firefox_extension_reverse_shell/command.js rename to modules/social_engineering/firefox_extension_reverse_shell/command.js diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/config.yaml b/modules/social_engineering/firefox_extension_reverse_shell/config.yaml similarity index 93% rename from modules/exploits/local_host/firefox_extension_reverse_shell/config.yaml rename to modules/social_engineering/firefox_extension_reverse_shell/config.yaml index b48157dd1..20f50972f 100644 --- a/modules/exploits/local_host/firefox_extension_reverse_shell/config.yaml +++ b/modules/social_engineering/firefox_extension_reverse_shell/config.yaml @@ -7,7 +7,7 @@ beef: module: firefox_extension_reverse_shell: enable: true - category: ["Exploits", "Local Host"] + category: ["Social Engineering"] name: "Firefox Extension (Reverse Shell)" description: "Create on the fly a malicious Firefox extension that makes a reverse shell connection to a specified host:port.

The extension is based on the original work from Michael Schierl and his Metasploit module, and joev's Firefox payloads for Metasploit." authors: ["antisnatchor", "bcoles"] diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/extension/HTML5_Enhancements.xpi b/modules/social_engineering/firefox_extension_reverse_shell/extension/HTML5_Enhancements.xpi similarity index 100% rename from modules/exploits/local_host/firefox_extension_reverse_shell/extension/HTML5_Enhancements.xpi rename to modules/social_engineering/firefox_extension_reverse_shell/extension/HTML5_Enhancements.xpi diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/extension/bootstrap.js b/modules/social_engineering/firefox_extension_reverse_shell/extension/bootstrap.js similarity index 100% rename from modules/exploits/local_host/firefox_extension_reverse_shell/extension/bootstrap.js rename to modules/social_engineering/firefox_extension_reverse_shell/extension/bootstrap.js diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/extension/build/readme.txt b/modules/social_engineering/firefox_extension_reverse_shell/extension/build/readme.txt similarity index 100% rename from modules/exploits/local_host/firefox_extension_reverse_shell/extension/build/readme.txt rename to modules/social_engineering/firefox_extension_reverse_shell/extension/build/readme.txt diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/extension/chrome.manifest b/modules/social_engineering/firefox_extension_reverse_shell/extension/chrome.manifest similarity index 100% rename from modules/exploits/local_host/firefox_extension_reverse_shell/extension/chrome.manifest rename to modules/social_engineering/firefox_extension_reverse_shell/extension/chrome.manifest diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/extension/install.rdf b/modules/social_engineering/firefox_extension_reverse_shell/extension/install.rdf similarity index 100% rename from modules/exploits/local_host/firefox_extension_reverse_shell/extension/install.rdf rename to modules/social_engineering/firefox_extension_reverse_shell/extension/install.rdf diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/extension/overlay.xul b/modules/social_engineering/firefox_extension_reverse_shell/extension/overlay.xul similarity index 100% rename from modules/exploits/local_host/firefox_extension_reverse_shell/extension/overlay.xul rename to modules/social_engineering/firefox_extension_reverse_shell/extension/overlay.xul diff --git a/modules/exploits/local_host/firefox_extension_reverse_shell/module.rb b/modules/social_engineering/firefox_extension_reverse_shell/module.rb similarity index 93% rename from modules/exploits/local_host/firefox_extension_reverse_shell/module.rb rename to modules/social_engineering/firefox_extension_reverse_shell/module.rb index b66fc9e36..34978bf74 100644 --- a/modules/exploits/local_host/firefox_extension_reverse_shell/module.rb +++ b/modules/social_engineering/firefox_extension_reverse_shell/module.rb @@ -41,7 +41,7 @@ class Firefox_extension_reverse_shell < BeEF::Core::Command end end - mod_path = "#{$root_dir}/modules/exploits/local_host/firefox_extension_reverse_shell" + mod_path = "#{$root_dir}/modules/social_engineering/firefox_extension_reverse_shell" extension_path = mod_path + "/extension" # clean the build directory @@ -68,7 +68,7 @@ class Firefox_extension_reverse_shell < BeEF::Core::Command # mount the extension in the BeEF web server, calling a specific nested class (needed because we need a specific content-type/disposition) bind_extension = Firefox_extension_reverse_shell::Bind_extension - bind_extension.set :extension_path, "#{$root_dir}/modules/exploits/local_host/firefox_extension_reverse_shell/extension/#{@xpi_name}.xpi" + bind_extension.set :extension_path, "#{$root_dir}/modules/social_engineering/firefox_extension_reverse_shell/extension/#{@xpi_name}.xpi" BeEF::Core::Server.instance.mount("/#{@xpi_name}.xpi", bind_extension.new) BeEF::Core::Server.instance.remap end