Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Resolved merge conflicts from other working branch

Browse Source
This commit is contained in:
Jack Walker
2020-04-14 10:50:34 +10:00
parent d8fac13f8f c610aa1666
commit 815d2e4bb8
7 changed files with 213 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -120,6 +120,3 @@ node_modules/
# Generated files
out/
doc/rdoc/
# User-specific files
config.yaml

64
Dockerfile Normal file
View File

@@ -0,0 +1,64 @@
###########################################################################################################
###########################################################################################################
## ##
## Please read the Wiki Installation section on set-up using Docker prior to building this container. ##
## BeEF does NOT allow authentication with default credentials. So please, at the very least ##
## change the username:password in the config.yaml file to something secure that is not beef:beef ##
## before building or you will to denied access and have to rebuild anyway. ##
## ##
###########################################################################################################
###########################################################################################################
# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
FROM ruby:2.6.3-alpine AS builder
LABEL maintainer="Beef Project: github.com/beefproject/beef"
# Install gems in parallel with 4 workers to expedite build process.=
ARG BUNDLER_ARGS="--jobs=4"
# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files
RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
COPY . /beef
# Add bundler/gem dependencies and then install
RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \
bundle install --system --clean --no-cache --gemfile=/beef/Gemfile $BUNDLER_ARGS && \
# Temp fix for https://github.com/bundler/bundler/issues/6680
rm -rf /usr/local/bundle/cache
WORKDIR /beef
# So we don't need to run as root
RUN chmod -R a+r /usr/local/bundle
# ------------------------------------- End of Builder 0 -------------------------------------------------
# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
FROM ruby:2.6.3-alpine
LABEL maintainer="Beef Project: github.com/beefproject/beef"
# Create service account to run BeEF
RUN adduser -h /beef -g beef -D beef
COPY . /beef
# Use gemset created by the builder above
COPY --from=builder /usr/local/bundle /usr/local/bundle
# Grant beef service account owner and groups rights over our BeEF working directory.
RUN chown -R beef:beef /beef
# Install BeEF's runtime dependencies
RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses5 automake libtool bison nodejs
WORKDIR /beef
# Ensure we are using our service account by default
USER beef
# Expose UI, Proxy, WebSocket server, and WebSocketSecure server
EXPOSE 3000 6789 61985 61986
ENTRYPOINT ["/beef/beef"]
# ------------------------------------- End of Builder 1 -------------------------------------------------

4
Gemfile
View File

@@ -81,7 +81,9 @@ group :test do
gem 'rest-client', '>= 2.0.1'
gem 'irb'
gem 'pry-byebug'
gem 'em-websocket-client'
gem "websocket-client-simple", "~> 0.3.0"
end
source 'https://rubygems.org'

4
config.yaml
View File

@@ -69,13 +69,13 @@ beef:
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: true
enable: false
port: 61985 # WS: good success rate through proxies
# Use encrypted 'WebSocketSecure'
# NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
secure: true
secure_port: 61986 # WSSecure
ws_poll_timeout: 60000 # poll BeEF every 60 second
ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it
ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)

2
modules/debug/test_get_variable/config.yaml
View File

@@ -6,7 +6,7 @@
beef:
module:
test_get_variable:
enable: false
enable: true
category: "Debug"
name: "Test JS variable passing"
description: "Test for JS variable passing from another BeEF's script via Window object"

39
spec/beef/extensions/websocket_spec.rb
View File

@@ -1,6 +1,6 @@
require 'rest-client'
require 'core/main/network_stack/websocket/websocket'
require 'em-websocket-client'
require 'websocket-client-simple'
RSpec.describe 'BeEF Extension WebSockets' do
@@ -10,26 +10,31 @@ RSpec.describe 'BeEF Extension WebSockets' do
@cert = @config.get('beef.http.https.cert')
@port = @config.get('beef.http.websocket.port')
@secure_port = @config.get('beef.http.websocket.secure_port')
@config.set('beef.http.websocket.secure', false)
@ws = BeEF::Core::Websocket::Websocket.instance
end
it 'Create Websocket Server' do
ws = BeEF::Core::Websocket::Websocket.instance
server= ws.start_websocket_server(:host => '127.0.0.1',
:port => @port ,
:secure => false)
expect(server).to be_a_kind_of(Thread)
after(:all) do
@config.set('beef.http.websocket.secure', true)
end
it 'Create Websocket Secure Server' do
ws = BeEF::Core::Websocket::Websocket.instance
server= ws.start_websocket_server(:host => '127.0.0.1',
:port => @secure_port ,
:secure => true,
:tls_options => {
:cert_chain_file => @cert,
:private_key_file => @cert_key
})
expect(server).to be_a_kind_of(Thread)
it 'confirms that a websocket server has been started' do
expect(@ws).to be_a_kind_of(BeEF::Core::Websocket::Websocket)
end
it 'confirms that a secure websocket server has been started' do
@config.set('beef.http.websocket.secure', true)
wss = BeEF::Core::Websocket::Websocket.instance
expect(wss).to be_a_kind_of(BeEF::Core::Websocket::Websocket)
end
it 'confirms that a websocket client can connect to the BeEF Websocket Server' do
sleep(3)
client = WebSocket::Client::Simple.connect "ws://127.0.0.1:#{@port}"
sleep(1)
expect(client).to be_a_kind_of(WebSocket::Client::Simple::Client)
expect(client.open?).to be true
client.close
end
end

233
spec/beef/modules/debug/test_beef_debugs_spec.rb
View File

@@ -11,145 +11,154 @@ require_relative '../../../support/beef_test'
RSpec.describe 'BeEF Debug Command Modules:' do
before(:each) do
# Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test.
ARGV = []
before(:all) do
# Grab config and set creds in variables for ease of access
@config = BeEF::Core::Configuration.instance
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# Load BeEF exetensions and modules
BeEF::Extensions.load
sleep 10
BeEF::Modules.load
# Grab DB file and regenerate if requested
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exists?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
sleep 10
BeEF::Core::Migration.instance.update_db!
# Spawn HTTP Server
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Wait for server to start
sleep 2
@restclient = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, @password)
# Give the server time to start-up
sleep 1
# Authenticate to RESTful API endpoint to generate token for future tests
response = @restclient.post "#{RESTAPI_ADMIN}/login",
{ 'username': "#{@username}",
'password': "#{@password}" }.to_json,
:content_type => :json
@token = JSON.parse(response)['token']
hooks = @restclient.get "#{RESTAPI_HOOKS}?token=#{@token}"
@session = JSON.parse(hooks)['hooked-browsers']['online']['0']['session']
# Authenticate to REST API & pull the token from the response
@response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json
@token = JSON.parse(@response)['token']
# Hook new victim
victim = BeefTest.new_victim
@victim = BeefTest.new_victim
sleep 5
# Identify Session ID of victim generated above
@hooks = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}"
@session = JSON.parse(@hooks)['hooked-browsers']['online']['0']['session']
end
after(:each) do
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
describe 'Test_beef.debug() command module' do
it 'successfully executes' do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/27?token=#{@token}",
{ "msg": "Testing Test_beef.debug() command module" }.to_json,
it 'The Test_beef.debug() command module successfully executes' do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/27?token=#{@token}",
{ "msg": "test" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Return ASCII Characters command module successfully executes' do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/25?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it "The Return Image command module successfully executes" do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/22?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Test HTTP Redirect command module successfully executes' do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/24?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it "The Test Returning Results/Long String command module successfully executes" do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}",
{ "repeat": 20,
"repeat_string": "beef" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it "The Test Network Request command module successfully executes" do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}",
{ "scheme": "http",
"method": "GET",
"domain": "#{ATTACK_DOMAIN}",
"port": "#{@config.get('beef.http.port')}",
"path": "/hook.js",
"anchor": "anchor",
"data": "query=testquerydata",
"timeout": "10",
"dataType": "script" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
describe 'Return ASCII Characters command module' do
it 'successfully executes' do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/25?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it "The Test DNS Tunnel command module successfully executes" do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/26?token=#{@token}",
{ "domain": "example.com",
"data": "Lorem ipsum" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
describe 'Return Image command module' do
it "successfully executes" do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/22?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
end
describe "Test HTTP Redirect command module" do
before(:each) do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/24?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'is successfully redirected to the specified URL' do
redirect_response = @restclient.get "http://#{ATTACK_DOMAIN}:3000/redirect"
expect(redirect_response.request.url).to eq "https://beefproject.com/"
end
end
describe "Test Returning Results/Long String command module" do
it "successfully executes" do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}",
{ "repeat": 20,
"repeat_string": "beef" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
end
describe "Test Network Request command module" do
it "successfully executes" do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}",
{ "scheme": "http",
"method": "GET",
"domain": "#{ATTACK_DOMAIN}",
"port": "#{@config.get('beef.http.port')}",
"path": "/hook.js",
"anchor": "anchor",
"data": "query=testquerydata",
"timeout": "10",
"dataType": "script" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
end
describe "Test DNS Tunnel command module" do
it "successfully executes" do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/26?token=#{@token}",
{ "domain": "example.com",
"data": "Lorem ipsum" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
end
describe "Test CORS Request command module" do
it "successfully executes" do
response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/30?token=#{@token}",
{ "method": "GET",
"url": "example.com",
"data": {
"test": "data"
}}.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it "The Test CORS Request command module successfully executes" do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/30?token=#{@token}",
{ "method": "GET",
"url": "example.com",
"data": {
"test": "data"
}}.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
end