Extensions: Remove IPEC extension (#2792)
* Remove browser extension payloads from Social Engineering modules * Extensions: Remove IPEC extension
This commit is contained in:
bcoles
GitHub
@@ -78,7 +78,6 @@ module BeEF
|
||||
ui/panel/tabs/ZombieTabRider.js
|
||||
ui/panel/tabs/ZombieTabXssRays.js
|
||||
wterm/wterm.jquery.js
|
||||
ui/panel/tabs/ZombieTabIpec.js
|
||||
ui/panel/tabs/ZombieTabAutorun.js
|
||||
ui/panel/PanelViewer.js
|
||||
ui/panel/LogsDataGrid.js
|
||||
|
||||
@@ -39,7 +39,6 @@ WelcomeTab = function() {
|
||||
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Proxy:</span> The Proxy tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. \
|
||||
Each request sent by the Proxy is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.</li> \
|
||||
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Network:</span> The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.</li> \
|
||||
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>IPEC:</span> Send commands to the victims systems using Inter-Protocol Exploitation/Communication (IPEC)</li> \
|
||||
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>WebRTC:</span> Send commands to the victims systems via a zombie specified as the primary WebRTC caller.</li> \
|
||||
</ul><br /> \
|
||||
<p>You can also right-click a hooked browser to open a context-menu with additional functionality:</p><br /> \
|
||||
|
||||
@@ -10,7 +10,6 @@ ZombieTab = function(zombie) {
|
||||
commands_tab = new ZombieTab_Commands(zombie);
|
||||
proxy_tab = new ZombieTab_Requester(zombie);
|
||||
xssrays_tab = new ZombieTab_XssRaysTab(zombie);
|
||||
ipec_tab = new ZombieTab_IpecTab(zombie);
|
||||
autorun_tab = new ZombieTab_Autorun(zombie);
|
||||
network_tab = new ZombieTab_Network(zombie);
|
||||
webrtc_tab = new ZombieTab_Rtc(zombie);
|
||||
@@ -32,7 +31,6 @@ ZombieTab = function(zombie) {
|
||||
commands_tab,
|
||||
proxy_tab,
|
||||
xssrays_tab,
|
||||
ipec_tab,
|
||||
autorun_tab,
|
||||
network_tab,
|
||||
webrtc_tab
|
||||
@@ -41,8 +39,6 @@ ZombieTab = function(zombie) {
|
||||
afterrender:function(component){
|
||||
// Hide auto-run tab
|
||||
component.hideTabStripItem(autorun_tab);
|
||||
// Hide IPEC tab - it's current broken
|
||||
component.hideTabStripItem(ipec_tab);
|
||||
// Hide tabs for disabled functionality
|
||||
<%= BeEF::Core::Configuration.instance.get("beef.extension.webrtc.enable") ? '' : 'component.hideTabStripItem(webrtc_tab);' %>
|
||||
<%= BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable") ? '' : 'component.hideTabStripItem(xssrays_tab);' %>
|
||||
|
||||
@@ -1,236 +0,0 @@
|
||||
//
|
||||
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
|
||||
// Browser Exploitation Framework (BeEF) - http://beefproject.com
|
||||
// See the file 'doc/COPYING' for copying permission
|
||||
//
|
||||
|
||||
/*
|
||||
* The Ipec Tab panel for the selected zombie.
|
||||
*/
|
||||
|
||||
ZombieTab_IpecTab = function(zombie) {
|
||||
|
||||
var commands_statusbar = new Beef_StatusBar('ipec-bbar-zombie-'+zombie.session);
|
||||
|
||||
var ipec_config_panel = new Ext.Panel({
|
||||
id: 'ipec-config-zombie-'+zombie.session,
|
||||
title: 'Scan Config',
|
||||
layout: 'fit',
|
||||
autoscroll: true
|
||||
});
|
||||
|
||||
function get_module_id(name, token){
|
||||
var id = "";
|
||||
var url = "/api/modules/search/" + name + "?token=" + token;
|
||||
$jwterm.ajax({
|
||||
contentType: 'application/json',
|
||||
dataType: 'json',
|
||||
type: 'GET',
|
||||
url: url,
|
||||
async: false,
|
||||
processData: false,
|
||||
success: function(data){
|
||||
id = data.id;
|
||||
},
|
||||
error: function(){
|
||||
beef.debug("Error getting module id.");
|
||||
}
|
||||
});
|
||||
return id;
|
||||
}
|
||||
|
||||
|
||||
function escape_html(str) {
|
||||
str = str.toString();
|
||||
str = str.replace(/</g, '<');
|
||||
str = str.replace(/>/g, '>');
|
||||
// str = str.replace(/\u0022/g, '"');
|
||||
str = str.replace(/\u0027/g, ''');
|
||||
str = str.replace(/\"\"/g, '');
|
||||
str = str.replace(/\\r/g, '');
|
||||
str = str.replace(/\\n/g, '<br>');
|
||||
str = str.replace(/\\\\/g, '\\');
|
||||
str = str.replace(/\\t/g, ' ');
|
||||
// str = str.replace(/\\/g, '\');
|
||||
return str;
|
||||
}
|
||||
|
||||
function validateNumber(input, min, max) {
|
||||
var value = parseInt(input);
|
||||
return (!isNaN(value) && value >= min && value <= max);
|
||||
}
|
||||
|
||||
|
||||
function initTerminal(zombie){
|
||||
String.prototype.reverse = function() {
|
||||
return this.split('').reverse().join('');
|
||||
};
|
||||
|
||||
$jwterm( document ).ready( function() {
|
||||
$jwterm('#wterm').wterm( { WIDTH: '100%', HEIGHT: '100%', WELCOME_MESSAGE: 'Welcome to BeEF Bind interactive shell. Unfortunately the IPEC shell is currently broken. See: https://github.com/beefproject/beef/issues/1394 - To Begin Using type \'help\'' });
|
||||
});
|
||||
|
||||
var target_ip = "";
|
||||
var target_port = "";
|
||||
|
||||
var command_directory = {
|
||||
|
||||
'target': function(tokens){
|
||||
var ip_regex = new RegExp('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$');
|
||||
target_ip = tokens[1];
|
||||
target_port = tokens[2];
|
||||
if(ip_regex.test(target_ip) && validateNumber(target_port, 1, 65535)){
|
||||
return "Target is now " + tokens[1] + ":" + tokens[2];
|
||||
}else{
|
||||
return "Target error: invalid IP or port.";
|
||||
}
|
||||
},
|
||||
|
||||
'exec': function(tokens){
|
||||
if(target_ip.length == 0 || target_port.length == 0)
|
||||
return "Error: target ip or port not set."
|
||||
|
||||
tokens.shift(); //remove the first element (exec)
|
||||
var cmd = tokens.join(' '); //needed in case of commands with options
|
||||
cmd = cmd.replace(/\\/g, '\\\\'); //needed to prevent JS errors (\ need to be escaped)
|
||||
|
||||
var token = beefwui.get_rest_token();
|
||||
var mod_id = get_module_id("BeEF_bind_shell", token);
|
||||
|
||||
var uri = "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token;
|
||||
|
||||
var result = null;
|
||||
|
||||
$jwterm.ajax({
|
||||
contentType: 'application/json',
|
||||
data: JSON.stringify({"rhost":target_ip, "rport":target_port, "path":"/", "cmd":cmd}),
|
||||
dataType: 'json',
|
||||
type: 'POST',
|
||||
url: uri,
|
||||
async: false,
|
||||
processData: false,
|
||||
success: function(data){
|
||||
beef.debug("data: " + data.command_id);
|
||||
result = "Command [" + data.command_id + "] sent successfully";
|
||||
},
|
||||
error: function(){
|
||||
beef.debug("Error sending command");
|
||||
return "Error sending command";
|
||||
}
|
||||
});
|
||||
|
||||
return result;
|
||||
},
|
||||
|
||||
'get': function(tokens){
|
||||
var command_id = tokens[1];
|
||||
|
||||
if(command_id != null){
|
||||
|
||||
var token = beefwui.get_rest_token();
|
||||
var mod_id = get_module_id("BeEF_bind_shell", token);
|
||||
|
||||
var uri_results = "/api/modules/" + zombie.session + "/" + mod_id + "/"
|
||||
+ command_id + "?token=" + token;
|
||||
var results = "";
|
||||
$jwterm.ajax({
|
||||
contentType: 'application/json',
|
||||
dataType: 'json',
|
||||
type: 'GET',
|
||||
url: uri_results,
|
||||
async: false,
|
||||
processData: false,
|
||||
success: function(data){
|
||||
$jwterm.each(data, function(i){
|
||||
beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
|
||||
results += $jwterm.parseJSON(data[i].data).data;
|
||||
});
|
||||
|
||||
},
|
||||
error: function(){
|
||||
beef.debug("Error sending command");
|
||||
return "Error sending command";
|
||||
}
|
||||
});
|
||||
results = escape_html(results);
|
||||
if(results.charAt(0) == '"' && results.charAt(results.length-1) == '"')
|
||||
results = results.slice(1,results.length-1);
|
||||
|
||||
return results;
|
||||
}
|
||||
},
|
||||
|
||||
'strrev': {
|
||||
PS1: 'strrev $',
|
||||
|
||||
EXIT_HOOK: function() {
|
||||
return 'exit interface commands';
|
||||
},
|
||||
|
||||
START_HOOK: function() {
|
||||
return 'exit interface commands';
|
||||
},
|
||||
|
||||
DISPATCH: function( tokens ) {
|
||||
return tokens.join('').reverse();
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
for( var j in command_directory ) {
|
||||
$jwterm.register_command( j, command_directory[j] );
|
||||
}
|
||||
|
||||
$jwterm.register_command( 'help', function() {
|
||||
return 'target - Usage: target <IP> <port> - Send commands to the specified IP:port<br>' +
|
||||
'exec - Usage exec <command> <command options> - Exec a command, returns the command id.<br>' +
|
||||
'get - Usage get <command id> - Retrieve command results given a specified command id.<br>'
|
||||
|
||||
});
|
||||
};
|
||||
|
||||
|
||||
var ipec_terminal_panel = new Ext.Panel({
|
||||
id: 'ipec-terminal-zombie-'+zombie.session,
|
||||
title: 'Terminal',
|
||||
layout: 'fit',
|
||||
padding: '1 1 1 1',
|
||||
autoScroll: true,
|
||||
html: "<style>body { background: #000; font-size: 1em;}</style><div id='wterm'></div>",
|
||||
listeners: {
|
||||
afterrender : function(){
|
||||
initTerminal(zombie);
|
||||
}
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
function createIpecTerminalPanel(zombie, bar, value) {
|
||||
|
||||
panel = Ext.getCmp('ipec-config-zombie-'+zombie.session);
|
||||
panel.setTitle('Prompt');
|
||||
panel.add(ipec_terminal_panel);
|
||||
}
|
||||
|
||||
ZombieTab_IpecTab.superclass.constructor.call(this, {
|
||||
id: 'ipec-log-tab-'+zombie.session,
|
||||
title: 'Ipec',
|
||||
activeTab: 0,
|
||||
viewConfig: {
|
||||
forceFit: true,
|
||||
type: 'fit',
|
||||
autoScroll:true
|
||||
},
|
||||
items: [ipec_config_panel],
|
||||
bbar: commands_statusbar,
|
||||
listeners: {
|
||||
afterrender : function(){
|
||||
createIpecTerminalPanel(zombie, commands_statusbar);
|
||||
},
|
||||
autoScroll:true
|
||||
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
Ext.extend(ZombieTab_IpecTab, Ext.TabPanel, {} );
|
||||
Reference in New Issue
Block a user