Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review use of globals for determining working directory, module loading, extension loading, etc #2283

Open
bcoles opened this issue Jan 24, 2022 · 0 comments
Open

Review use of globals for determining working directory, module loading, extension loading, etc #2283

bcoles opened this issue Jan 24, 2022 · 0 comments
Labels
Code Quality

Comments

@bcoles
Copy link
Collaborator

bcoles commented Jan 24, 2022
edited

BeEF uses $root_dir and $home_dir global variables to define the BeEF root directory and user's home directory respectively.

beef/beef

Lines 38 to 40 in 124c9d6

$root_dir = File.join(File.expand_path(File.dirname(File.realpath(__FILE__))), '.')
$:.unshift($root_dir)
$home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze

These globals are also referenced throughout the codebase.

# grep -rn "\$root_dir" core/ extensions/ modules/
core/main/configuration.rb:21:      #        by default loads $root_dir/config.yaml
core/main/configuration.rb:245:        Dir.glob("#{$root_dir}/extensions/*/config.yaml") do |cf|
core/main/configuration.rb:252:          y['beef']['extension'][y['beef']['extension'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(%r{#{$root_dir}/}, '')
core/main/configuration.rb:263:        module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
core/main/configuration.rb:271:          y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub('config.yaml', '').gsub(%r{#{$root_dir}/}, '')
core/main/command.rb:232:        component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
core/main/network_stack/websocket/websocket.rb:32:            cert_key = File.expand_path cert_key, $root_dir unless cert_key.start_with? '/'
core/main/network_stack/websocket/websocket.rb:39:            cert = File.expand_path cert, $root_dir unless cert.start_with? '/'
core/main/server.rb:121:        cert_key = File.expand_path cert_key, $root_dir unless cert_key.start_with? '/'
core/main/server.rb:128:        cert = File.expand_path cert, $root_dir unless cert.start_with? '/'
core/main/handlers/modules/legacybeefjs.rb:19:            beef_js_path = "#{$root_dir}/core/main/client/"
core/main/handlers/modules/legacybeefjs.rb:128:            component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
core/main/handlers/modules/beefjs.rb:19:            beef_js_path = "#{$root_dir}/core/main/client/"
core/main/handlers/modules/beefjs.rb:128:            component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
core/main/autorun_engine/rule_loader.rb:84:          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
core/module.rb:94:      mod_path = "#{$root_dir}/#{config.get("#{mod_str}.path")}/module.rb"
core/extension.rb:37:      if File.exist? "#{$root_dir}/extensions/#{ext}/extension.rb"
core/extension.rb:38:        require "#{$root_dir}/extensions/#{ext}/extension.rb"
extensions/social_engineering/powershell/bind_powershell.rb:50:          ps_payload_path = "#{$root_dir}/extensions/social_engineering/powershell/powershell_payload"
extensions/evasion/evasion.rb:36:            unless File.exist?("#{$root_dir}/extensions/evasion/obfuscation/#{technique}.rb")
extensions/metasploit/api.rb:30:            path = "#{$root_dir}/#{BeEF::Core::Configuration.instance.get('beef.extension.metasploit.path')}/msf-exploits.cache"
extensions/admin_ui/classes/httpcontroller.rb:131:          template_ui = "#{$root_dir}/extensions/admin_ui/controllers/#{class_s}/#{function_name}.html"
extensions/admin_ui/api/handler.rb:127:            Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].sort.each do |http_module|
modules/exploits/firephp/module.rb:16:    f = File.open("#{$root_dir}/modules/exploits/firephp/payload.js")
modules/exploits/rfi_scanner/command.js:39:  File.open("#{$root_dir}/modules/exploits/rfi_scanner/rfi.txt", 'r') do |file_handle|
modules/exploits/shell_shock_scanner/command.js:40:  File.open("#{$root_dir}/modules/exploits/shell_shock_scanner/shocker-cgi_list", 'r') do |file_handle|
modules/social_engineering/firefox_extension_dropper/module.rb:32:    mod_path = "#{$root_dir}/modules/social_engineering/firefox_extension_dropper"
modules/social_engineering/firefox_extension_dropper/module.rb:70:    bind_extension.set :extension_path, "#{$root_dir}/modules/social_engineering/firefox_extension_dropper/extension/#{@xpi_name}.xpi"
modules/social_engineering/simple_hijacker/command.js:19:              tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{@choosetmpl}.js"
modules/social_engineering/simple_hijacker/module.rb:18:      tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{template}.js"
modules/social_engineering/firefox_extension_reverse_shell/module.rb:34:    mod_path = "#{$root_dir}/modules/social_engineering/firefox_extension_reverse_shell"
modules/social_engineering/firefox_extension_reverse_shell/module.rb:63:    bind_extension.set :extension_path, "#{$root_dir}/modules/social_engineering/firefox_extension_reverse_shell/extension/#{@xpi_name}.xpi"
modules/social_engineering/firefox_extension_bindshell/module.rb:33:    mod_path = "#{$root_dir}/modules/social_engineering/firefox_extension_bindshell"
modules/social_engineering/firefox_extension_bindshell/module.rb:60:    bind_extension.set :extension_path, "#{$root_dir}/modules/social_engineering/firefox_extension_bindshell/extension/#{@xpi_name}.xpi"
modules/social_engineering/ui_abuse_ie/module.rb:23:    popunder = File.read("#{$root_dir}/modules/social_engineering/ui_abuse_ie/popunder.html")
modules/browser/fingerprint_browser/command.js:11:      f = "#{$root_dir}/modules/browser/fingerprint_browser/fingerprint2.js"

# grep -rn "\$home_dir" core/ extensions/ modules/
core/logger.rb:15:      @logger ||= Logger.new("#{$home_dir}/beef.log").tap do |log|
modules/host/get_wireless_keys/module.rb:15:    filename = "#{$home_dir}/exported_wlan_profiles_#{ip}_-_#{timestamp}_#{@datastore['cid']}.xml"
modules/browser/spyder_eye/module.rb:28:      filename = "#{$home_dir}/screenshot_#{ip}_-_#{timestamp}_#{@datastore['cid']}.png"

This approach is inconsistent. Investigate a cleaner approach. One option would be to build BeEF as a Ruby gem and using helpers which refer to the gem's root directory.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Code Quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bcoles