From 67d0c8bca2901eaa65163e8260cff6c07fcba50b Mon Sep 17 00:00:00 2001 From: Grant Burgess Date: Thu, 9 Apr 2020 12:30:08 +1000 Subject: [PATCH 1/7] Added a new test and modified the others. --- spec/beef/extensions/websocket_spec.rb | 40 +++++++++++++++----------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/spec/beef/extensions/websocket_spec.rb b/spec/beef/extensions/websocket_spec.rb index 5111a9418..c7aad0fd0 100644 --- a/spec/beef/extensions/websocket_spec.rb +++ b/spec/beef/extensions/websocket_spec.rb @@ -1,6 +1,7 @@ require 'rest-client' require 'core/main/network_stack/websocket/websocket' -require 'em-websocket-client' +require 'websocket-client-simple' +require 'byebug' RSpec.describe 'BeEF Extension WebSockets' do @@ -10,26 +11,31 @@ RSpec.describe 'BeEF Extension WebSockets' do @cert = @config.get('beef.http.https.cert') @port = @config.get('beef.http.websocket.port') @secure_port = @config.get('beef.http.websocket.secure_port') + @config.set('beef.http.websocket.secure', false) + @ws = BeEF::Core::Websocket::Websocket.instance end - it 'Create Websocket Server' do - ws = BeEF::Core::Websocket::Websocket.instance - server= ws.start_websocket_server(:host => '127.0.0.1', - :port => @port , - :secure => false) - expect(server).to be_a_kind_of(Thread) + after(:all) do + @config.set('beef.http.websocket.secure', true) end - it 'Create Websocket Secure Server' do - ws = BeEF::Core::Websocket::Websocket.instance - server= ws.start_websocket_server(:host => '127.0.0.1', - :port => @secure_port , - :secure => true, - :tls_options => { - :cert_chain_file => @cert, - :private_key_file => @cert_key - }) - expect(server).to be_a_kind_of(Thread) + it 'confirms that a websocket server has been started' do + expect(@ws).to be_a_kind_of(BeEF::Core::Websocket::Websocket) + end + + it 'confirms that a secure websocket server has been started' do + @config.set('beef.http.websocket.secure', true) + wss = BeEF::Core::Websocket::Websocket.instance + expect(wss).to be_a_kind_of(BeEF::Core::Websocket::Websocket) + end + + it 'confirms that a websocket client can connect to the BeEF Websocket Server' do + sleep(3) + client = WebSocket::Client::Simple.connect "ws://127.0.0.1:#{@port}" + sleep(1) + expect(client).to be_a_kind_of(WebSocket::Client::Simple::Client) + expect(client.open?).to be true + client.close end end From 3c6aca28fd89f1f03c12594f9669dfca794b73a3 Mon Sep 17 00:00:00 2001 From: Grant Burgess Date: Thu, 9 Apr 2020 12:30:28 +1000 Subject: [PATCH 2/7] Added websocket client gem for testing --- Gemfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 0117ced97..d6cf1e954 100644 --- a/Gemfile +++ b/Gemfile @@ -81,7 +81,9 @@ group :test do gem 'rest-client', '>= 2.0.1' gem 'irb' gem 'pry-byebug' - gem 'em-websocket-client' + gem "websocket-client-simple", "~> 0.3.0" end source 'https://rubygems.org' + + From a3eca6350408c603865695f78eb842275c00a2bf Mon Sep 17 00:00:00 2001 From: Jack Walker Date: Thu, 9 Apr 2020 13:03:37 +1000 Subject: [PATCH 3/7] Added Dockerfile --- Dockerfile | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..32f677523 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,64 @@ +########################################################################################################### +########################################################################################################### +## ## +## Please read the Wiki Installation section on set-up using Docker prior to building this container. ## +## BeEF does NOT allow authentication with default credentials. So please, at the very least ## +## change the username:password in the config.yaml file to something secure that is not beef:beef ## +## before building or you will to denied access and have to rebuild anyway. ## +## ## +########################################################################################################### +########################################################################################################### + +# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------ +FROM ruby:2.6.3-alpine AS builder +LABEL maintainer="Beef Project: github.com/beefproject/beef" + +# Install gems in parallel with 4 workers to expedite build process.= +ARG BUNDLER_ARGS="--jobs=4" + +# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files +RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc + +COPY . /beef + +# Add bundler/gem dependencies and then install +RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \ + bundle install --system --clean --no-cache --gemfile=/beef/Gemfile $BUNDLER_ARGS && \ + # Temp fix for https://github.com/bundler/bundler/issues/6680 + rm -rf /usr/local/bundle/cache + +WORKDIR /beef + +# So we don't need to run as root +RUN chmod -R a+r /usr/local/bundle +# ------------------------------------- End of Builder 0 ------------------------------------------------- + + +# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------ +FROM ruby:2.6.3-alpine +LABEL maintainer="Beef Project: github.com/beefproject/beef" + +# Create service account to run BeEF +RUN adduser -h /beef -g beef -D beef + +COPY . /beef + +# Use gemset created by the builder above +COPY --from=builder /usr/local/bundle /usr/local/bundle + +# Grant beef service account owner and groups rights over our BeEF working directory. +RUN chown -R beef:beef /beef + +# Install BeEF's runtime dependencies +RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses5 automake libtool bison nodejs + +WORKDIR /beef + +# Ensure we are using our service account by default +USER beef + +# Expose UI, Proxy, WebSocket server, and WebSocketSecure server +EXPOSE 3000 6789 61985 61986 + +ENTRYPOINT ["/beef/beef"] +# ------------------------------------- End of Builder 1 ------------------------------------------------- \ No newline at end of file From 4e0a2bb46558a86ad11810aa1cf2957f51041955 Mon Sep 17 00:00:00 2001 From: Josh Date: Wed, 8 Apr 2020 20:26:15 -0700 Subject: [PATCH 4/7] moving these back to defaults --- .gitignore | 3 --- config.yaml | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 8cfdbfb00..43485ea7d 100644 --- a/.gitignore +++ b/.gitignore @@ -120,6 +120,3 @@ node_modules/ # Generated files out/ doc/rdoc/ - -# User-specific files -config.yaml diff --git a/config.yaml b/config.yaml index 5b8ad8617..d4d93e81b 100644 --- a/config.yaml +++ b/config.yaml @@ -69,13 +69,13 @@ beef: # Prefer WebSockets over XHR-polling when possible. websocket: - enable: true + enable: false port: 61985 # WS: good success rate through proxies # Use encrypted 'WebSocketSecure' # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF secure: true secure_port: 61986 # WSSecure - ws_poll_timeout: 60000 # poll BeEF every 60 second + ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header) From 340279f91c1547b503fcc9ff78f5b55e7fade5f0 Mon Sep 17 00:00:00 2001 From: Grant Burgess Date: Thu, 9 Apr 2020 13:45:11 +1000 Subject: [PATCH 5/7] Removed byebug dependency --- spec/beef/extensions/websocket_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/beef/extensions/websocket_spec.rb b/spec/beef/extensions/websocket_spec.rb index c7aad0fd0..67b09c2a9 100644 --- a/spec/beef/extensions/websocket_spec.rb +++ b/spec/beef/extensions/websocket_spec.rb @@ -1,7 +1,6 @@ require 'rest-client' require 'core/main/network_stack/websocket/websocket' require 'websocket-client-simple' -require 'byebug' RSpec.describe 'BeEF Extension WebSockets' do From 0ffd87059acafefb581b69160ea8068ac4095da6 Mon Sep 17 00:00:00 2001 From: Jack Walker Date: Tue, 14 Apr 2020 10:40:50 +1000 Subject: [PATCH 6/7] Resolved issues preventing server starting w/ test. Tests now passing. --- config.yaml | 2 +- modules/debug/test_get_variable/config.yaml | 2 +- .../modules/debug/test_beef_debugs_spec.rb | 164 ++++++++++++++++++ 3 files changed, 166 insertions(+), 2 deletions(-) create mode 100644 spec/beef/modules/debug/test_beef_debugs_spec.rb diff --git a/config.yaml b/config.yaml index d4d93e81b..64039f64f 100644 --- a/config.yaml +++ b/config.yaml @@ -18,7 +18,7 @@ beef: # Used by both the RESTful API and the Admin interface credentials: user: "beef" - passwd: "beef" + passwd: "beef1" # Interface / IP restrictions restrictions: diff --git a/modules/debug/test_get_variable/config.yaml b/modules/debug/test_get_variable/config.yaml index efb400759..f26bc835c 100644 --- a/modules/debug/test_get_variable/config.yaml +++ b/modules/debug/test_get_variable/config.yaml @@ -6,7 +6,7 @@ beef: module: test_get_variable: - enable: false + enable: true category: "Debug" name: "Test JS variable passing" description: "Test for JS variable passing from another BeEF's script via Window object" diff --git a/spec/beef/modules/debug/test_beef_debugs_spec.rb b/spec/beef/modules/debug/test_beef_debugs_spec.rb new file mode 100644 index 000000000..bbbc4afd5 --- /dev/null +++ b/spec/beef/modules/debug/test_beef_debugs_spec.rb @@ -0,0 +1,164 @@ +# +# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +require 'rest-client' +require 'json' +require_relative '../../../support/constants' +require_relative '../../../support/beef_test' + +RSpec.describe 'BeEF Debug Command Modules:' do + + before(:all) do + # Grab config and set creds in variables for ease of access + @config = BeEF::Core::Configuration.instance + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + + # Load BeEF exetensions and modules + BeEF::Extensions.load + + sleep 10 + + BeEF::Modules.load + + # Grab DB file and regenerate if requested + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + + sleep 10 + + BeEF::Core::Migration.instance.update_db! + + # Spawn HTTP Server + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up + @pids = fork do + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + end + @pid = fork do + http_hook_server.start + end + + # Give the server time to start-up + sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] + + # Hook new victim + @victim = BeefTest.new_victim + + sleep 5 + + # Identify Session ID of victim generated above + @hooks = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}" + @session = JSON.parse(@hooks)['hooked-browsers']['online']['0']['session'] + end + + after(:all) do + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) + end + + it 'The Test_beef.debug() command module successfully executes' do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/27?token=#{@token}", + { "msg": "test" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Return ASCII Characters command module successfully executes' do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/25?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Return Image command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/22?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + + it 'The Test HTTP Redirect command module successfully executes' do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/24?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Test Returning Results/Long String command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", + { "repeat": 20, + "repeat_string": "beef" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Test Network Request command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", + { "scheme": "http", + "method": "GET", + "domain": "#{ATTACK_DOMAIN}", + "port": "#{@config.get('beef.http.port')}", + "path": "/hook.js", + "anchor": "anchor", + "data": "query=testquerydata", + "timeout": "10", + "dataType": "script" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Test DNS Tunnel command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/26?token=#{@token}", + { "domain": "example.com", + "data": "Lorem ipsum" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Test CORS Request command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/30?token=#{@token}", + { "method": "GET", + "url": "example.com", + "data": { + "test": "data" + }}.to_json, + content_type: :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end +end \ No newline at end of file From c610aa16666aec103f719045f172d82d83d1a94a Mon Sep 17 00:00:00 2001 From: Jack Walker Date: Tue, 14 Apr 2020 10:41:32 +1000 Subject: [PATCH 7/7] Fixed change to config.yaml creds --- config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.yaml b/config.yaml index 64039f64f..d4d93e81b 100644 --- a/config.yaml +++ b/config.yaml @@ -18,7 +18,7 @@ beef: # Used by both the RESTful API and the Admin interface credentials: user: "beef" - passwd: "beef1" + passwd: "beef" # Interface / IP restrictions restrictions: