CoCalc -- server.rb

GitHub Repository: beefproject/beef
Path: blob/master/core/main/rest/handlers/server.rb
¹¹⁵⁴ views
1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6

7
module BeEF
8
  module Core
9
    module Rest
10
      class Server < BeEF::Core::Router::Router
11
        config = BeEF::Core::Configuration.instance
12
        http_server = BeEF::Core::Server.instance
13

14
        before do
15
          error 401 unless params[:token] == config.get('beef.api_token')
16
          halt 401 unless BeEF::Core::Rest.permitted_source?(request.ip)
17
          headers 'Content-Type' => 'application/json; charset=UTF-8',
18
                  'Pragma' => 'no-cache',
19
                  'Cache-Control' => 'no-cache',
20
                  'Expires' => '0'
21
        end
22

23
        # @note Binds a local file to a specified path in BeEF's web server
24
        # Note: 'local_file' expects a file from the /extensions/social_engineering/droppers directory.
25
        # Example usage:
26
        # curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mount":"/dropper","local_file":"dropper.exe"}'
27
        # -X POST -v http://10.0.60.10/api/server/bind?token=xyz
28

29
        post '/bind' do
30
          request.body.rewind
31
          begin
32
            data = JSON.parse request.body.read
33
            mount = data['mount']
34
            local_file = data['local_file']
35

36
            droppers_dir = "#{File.expand_path(__dir__)}/../../../../extensions/social_engineering/droppers/"
37

38
            if File.exist?(droppers_dir + local_file) && Dir.entries(droppers_dir).include?(local_file)
39
              f_ext = File.extname(local_file).gsub('.', '')
40
              f_ext = nil if f_ext.empty?
41
              BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind("/extensions/social_engineering/droppers/#{local_file}", mount, f_ext)
42
              status 200
43
            else
44
              halt 400
45
            end
46
          rescue StandardError
47
            error 400
48
          end
49
        end
50

51
        get '/mounts' do
52
          { 'mounts' => http_server.mounts }.to_json
53
        end
54

55
        get '/version' do
56
          { 'version' => config.get('beef.version') }.to_json
57
        end
58
      end
59
    end
60
  end
61
end
62

63
Product

Resources

Company
