beefproject/beef

Error in ActiveX Command Execution module - urlencoded command

Open

#1,854 opened on 2020年1月14日

GitHub で見る
 (2 comments) (0 reactions) (0 assignees)JavaScript (1,992 forks)batch import
Good First IssueMediumModule

Repository metrics

Stars
 (8,637 stars)
PR merge metrics
 (平均マージ 11h 55m) (30d で 19 merged PRs)

説明

Module ActiveX Command Execution not works with "Initialize and script ActiveX controls not marked as safe for scripting" enabled. beef-0.5.0.0

Environment

What version/revision of BeEF are you using?

0.5.0.0

On what versionof Ruby?

ruby 2.5.7p206 (2019-10-01 revision 67816) [x86_64-linux-gnu]

On what browser?

IE11, with enabled initialize and scptring ...

On what operating system?

Win10 <- victim kali linux 2019 with latest updates <- beef framework

Configuration

Are you using a non-default configuration? no

Summary

Error in ActiveX Command Execution module. Only standalone commands execute. Command with space or any special characters not works.

Expected Behaviour

execute command on victim: cmd.exe /c "echo Hello from BeEF! & pause"

Actual Behaviour

not execute command

Additional Information

Resolve propose: in file https://github.com/beefproject/beef/blob/master/modules/exploits/local_host/activex_command_execution/command.js text in cmd variable is urlcoded. I changed line 9 to urldecode: var cmd = decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@cmd) %>')); to resolve issue. Now it works.

コントリビューターガイド