commit
5d7cee9eba
|
@ -0,0 +1,69 @@
|
|||
# "X-Frame-Options" Scanner
|
||||
|
||||
- Title: "X-Frame-Options" Scanner
|
||||
- Author: TW-D
|
||||
- Version: 1.0
|
||||
- Category: Recon
|
||||
|
||||
## Description
|
||||
|
||||
Uses the "Microsoft Edge" web browser to search for web servers within
|
||||
a range of IPv4 addresses that do not have an "X-Frame-Options" header.
|
||||
|
||||
Then exports the results to a PDF file accessible in the Rubber Ducky.
|
||||
|
||||
The results contain the tested IPv4 addresses and the HTML rendering.
|
||||
|
||||
## Tested On
|
||||
|
||||
>
|
||||
> Microsoft Edge (Windows 10)
|
||||
>
|
||||
|
||||
| X-Frame-Options | Encryption | Detectable |
|
||||
| --- | --- | --- |
|
||||
| None | None | Yes |
|
||||
| Set to SAMEORIGIN | None | No |
|
||||
| Set to SAMEORIGIN | Self-Signed Certificate | No |
|
||||
|
||||
__NOTE :__ *All cases could not be tested.*
|
||||
|
||||
## Configuration
|
||||
|
||||
In the "payload.txt" file, replace the values of the following constants :
|
||||
|
||||
```
|
||||
|
||||
REM ---
|
||||
REM USB Rubber Ducky label.
|
||||
REM ---
|
||||
DEFINE #RD_LABEL DUCKY
|
||||
|
||||
REM ---
|
||||
REM Format of an allowed IPv4 address range.
|
||||
REM 192.168.0.X-192.168.0.Y where (X < Y)
|
||||
REM ---
|
||||
DEFINE #LAN 192.168.0.1-192.168.0.50
|
||||
|
||||
```
|
||||
|
||||
## Advanced Configuration
|
||||
|
||||
In the "main.js" file available in the "recon_files/assets/js/" directory,
|
||||
you can add new ports to be tested for each host :
|
||||
|
||||
```js
|
||||
if (LAN) {
|
||||
Promise.all(
|
||||
[
|
||||
...,
|
||||
recon('http', 8080),
|
||||
recon('https', 8443)
|
||||
]
|
||||
);
|
||||
}
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
At the root of the USB Rubber Ducky, copy the "recon_files/" folder.
|
|
@ -0,0 +1,40 @@
|
|||
REM TITLE : "X-Frame-Options" Scanner
|
||||
REM AUTHOR : TW-D
|
||||
REM TARGET : Microsoft Edge
|
||||
REM VERSION : 1.0
|
||||
REM CATEGORY : Recon
|
||||
REM REQUIREMENT : DuckyScript 3.0
|
||||
|
||||
ATTACKMODE HID STORAGE
|
||||
DELAY 10000
|
||||
|
||||
REM ---
|
||||
REM USB Rubber Ducky label.
|
||||
REM ---
|
||||
DEFINE #RD_LABEL DUCKY
|
||||
|
||||
REM ---
|
||||
REM Format of an allowed IPv4 address range.
|
||||
REM 192.168.0.X-192.168.0.Y where (X < Y)
|
||||
REM ---
|
||||
DEFINE #LAN 192.168.0.1-192.168.0.50
|
||||
|
||||
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||
|
||||
IF ( $_CAPSLOCK_ON ) THEN
|
||||
CAPSLOCK
|
||||
DELAY 500
|
||||
END_IF
|
||||
|
||||
IF ( $_NUMLOCK_ON == FALSE ) THEN
|
||||
NUMLOCK
|
||||
DELAY 500
|
||||
END_IF
|
||||
|
||||
GUI r
|
||||
DELAY 1500
|
||||
STRINGLN CMD /K "MODE CON:COLS=18 LINES=1 && FOR /F %d IN ('WMIC Volume GET DriveLetter^, Label^|FINDSTR "#RD_LABEL"') DO @SET RD_LABEL=%d"
|
||||
DELAY 2000
|
||||
STRINGLN START MSEDGE --headless --disable-gpu --run-all-compositor-stages-before-draw --print-to-pdf="%RD_LABEL%\loot_%RANDOM%.pdf" "%RD_LABEL%\recon_files\index.html?lan=#LAN" && EXIT
|
||||
|
||||
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -0,0 +1,25 @@
|
|||
body {
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
h1, #url {
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
#url {
|
||||
font-size: small;
|
||||
border-width: 1px;
|
||||
border-style: solid;
|
||||
border-color: white;
|
||||
color: whitesmoke;
|
||||
padding: 1vh 0 1vh 0;
|
||||
background-color: lightslategray;
|
||||
}
|
||||
|
||||
iframe {
|
||||
min-width: 100vw;
|
||||
max-width: 100vw;
|
||||
min-height: 98vh;
|
||||
max-height: 98vh;
|
||||
border-style: none;
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
const LAN = (new URLSearchParams(document.location.search).get('lan'));
|
||||
const OUTPUT = document.querySelector('#output');
|
|
@ -0,0 +1,15 @@
|
|||
async function recon(scheme, port) {
|
||||
for (let target of targets()) {
|
||||
let url, div, iframe;
|
||||
url = (scheme + '://' + target + ':' + port + '/');
|
||||
div = document.createElement('div');
|
||||
div.id = 'url';
|
||||
div.innerText = url;
|
||||
iframe = document.createElement('iframe');
|
||||
iframe.sandbox = 'allow-same-origin allow-scripts';
|
||||
iframe.src = url;
|
||||
OUTPUT.appendChild(div);
|
||||
OUTPUT.appendChild(iframe);
|
||||
await sleep();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
function sleep() {
|
||||
return(
|
||||
new Promise(
|
||||
resolve => setTimeout(resolve, 1250)
|
||||
)
|
||||
);
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
function targets() {
|
||||
let bounds, wholes, hosts;
|
||||
bounds = LAN.split('-');
|
||||
wholes = [bounds[0].split('.'), bounds[1].split('.')];
|
||||
hosts = [parseInt(wholes[0].pop()), parseInt(wholes[1].pop())];
|
||||
wholes = [wholes[0].join('.'), wholes[1].join('.')];
|
||||
if (wholes[0] === wholes[1]) {
|
||||
let whole, targets;
|
||||
whole = wholes[0];
|
||||
targets = new Array();
|
||||
for (let host = hosts[0]; host <= hosts[1]; host++) {
|
||||
targets.push(whole + '.' + host);
|
||||
}
|
||||
return(targets);
|
||||
} else {
|
||||
return(new Array());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
if (LAN) {
|
||||
Promise.all(
|
||||
[
|
||||
recon('http', 80),
|
||||
recon('https', 443)
|
||||
]
|
||||
);
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<link rel="stylesheet" type="text/css" href="./assets/css/style.css?version=1.0.0" />
|
||||
</head>
|
||||
<body>
|
||||
<main>
|
||||
<section>
|
||||
<h1>X-FRAME-OPTIONS Scanner</h1>
|
||||
<div id="output"></div>
|
||||
</section>
|
||||
</main>
|
||||
<script type="text/javascript" src="./assets/js/constants.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/functions/targets.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/functions/sleep.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/functions/recon.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/main.js?version=1.0.0"></script>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue