pwn 0.5.309 → 0.5.311

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 04b9816658aabc56840644ad45c4ad7a7acb67f2115027eaabdb2745c6305571
-  data.tar.gz: 2dfcea55bc83eefbb84e1bad2ee900d760acf8271a2ddac00badebe421411985
+  metadata.gz: cf124a838b0f13e7e6e2ac3d13d354fd885c07f7c71c24e05134cf33dd66ba10
+  data.tar.gz: 0e4413b5365adadf3d7fc688ccf372d6caf8145ba8876bb0c6d65b6145048279
 SHA512:
-  metadata.gz: dd2ef466bcb48f2110f569f25645213c9d3ab6e6d71dedbed6b465b46e3f85995d067f87708326009d14f23d8f84fbf28669d9114df3034afbd04a2495dc5fef
-  data.tar.gz: e3111e88a91cc06a6ee9a950feda54527918ab27b5c2cfaa174128dfcd79185acc6d8eef9c0592fe1a30a5c4d5c83a273359be5246ff9be89b8dc761e5231ec3
+  metadata.gz: caf9d4f9fd676258b3405562f9ece2e85cfedcce57e83360e4b536ab2222c25487ccf19c82d19d3a26f07311d8f635222c9ffd765404cbda42d357593ddbbd18
+  data.tar.gz: 5ff6987e379badb54018ea566e5f288188a7e99e3c40d6fc27b13189cdde1eb9e5d45a42d4b2b510cacb270ee79c0465a21f014903671b317164fb650bb3c3df

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.309]:001 >>> PWN.help
+pwn[v0.5.311]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.309]:001 >>> PWN.help
+pwn[v0.5.311]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.309]:001 >>> PWN.help
+pwn[v0.5.311]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/transparent_browser.rb

@@ -461,7 +461,8 @@ module PWN
       # Supported Method Parameters::
       # console_resp = PWN::Plugins::TransparentBrowser.console(
       #   browser_obj: browser_obj1,
-      #   js: 'required - JavaScript expression to evaluate'
+      #   js: 'required - JavaScript expression to evaluate',
+      #   return_to: 'optional - return to :console or :stdout (defaults to :console)'
       # )
 
       public_class_method def self.console(opts = {})
@@ -469,13 +470,20 @@ module PWN
         verify_devtools_browser(browser_obj: browser_obj)
 
         js = opts[:js] ||= "alert('ACK from => #{self}')"
+        return_to = opts[:return_to] ||= :console
+        raise 'ERROR: return_to parameter must be :console or :stdout' unless %i[console stdout].include?(return_to.to_s.downcase.to_sym)
 
         browser = browser_obj[:browser]
         case js
         when 'clear', 'clear;', 'clear()', 'clear();'
           script = 'console.clear()'
         else
-          script = "console.log(#{js})"
+          case return_to.to_s.downcase.to_sym
+          when :stdout
+            script = "return #{js}"
+          when :console
+            script = "console.log(#{js})"
+          end
         end
 
         console_resp = nil
@@ -511,29 +519,141 @@ module PWN
         )
 
         js = <<~JAVASCRIPT
-          // Select the target node to observe
+          // Select the target node to observe (replace 'target-id' with your element's ID or use document.body)
           const targetNode = document.getElementById(#{target}) || document.body;
 
-          // Configuration for observer
-          const config = { attributes: true, childList: true, subtree: true };
+          // Configuration for MutationObserver
+          const config = {
+            attributes: true, // Observe attribute changes
+            childList: true, // Observe additions/removals of child nodes
+            subtree: true, // Observe descendants
+            characterData: true, // Observe text content changes
+          };
 
-          // Callback for mutations
+          // Callback function to handle mutations
           const callback = (mutationList, observer) => {
-            for (const mutation of mutationList) {
+            console.group('DOM Mutation Detected');
+            mutationList.forEach((mutation, index) => {
+              console.log(`Mutation ${index + 1}:`, mutation.type);
+
               if (mutation.type === 'childList') {
-                console.log('Child node added/removed:', mutation);
+                if (mutation.addedNodes.length) {
+                  mutation.addedNodes.forEach((node) => {
+                    if (node.nodeType === Node.ELEMENT_NODE) {
+                      let logObj = {
+                        tagName: node.tagName,
+                        id: node.id || 'N/A',
+                        classList: node.className || 'N/A',
+                        outerHTML: node.outerHTML,
+                      };
+                      if (['SCRIPT', 'IFRAME', 'FRAME', 'OBJECT', 'EMBED', 'APPLET'].includes(node.tagName)) {
+                        console.warn('Potential XSS sink: Added', node.tagName, logObj);
+                      } else {
+                        console.log('Added Element:', logObj);
+                      }
+                    } else if (node.nodeType === Node.TEXT_NODE) {
+                      console.log('Added Text Node:', {
+                        textContent: node.textContent,
+                        parentTag: node.parentElement?.tagName || 'N/A',
+                      });
+                    }
+                  });
+                }
+                if (mutation.removedNodes.length) {
+                  mutation.removedNodes.forEach((node) => {
+                    if (node.nodeType === Node.ELEMENT_NODE) {
+                      console.log('Removed Element:', {
+                        tagName: node.tagName,
+                        id: node.id || 'N/A',
+                        classList: node.className || 'N/A',
+                        outerHTML: node.outerHTML,
+                      });
+                    } else if (node.nodeType === Node.TEXT_NODE) {
+                      console.log('Removed Text Node:', {
+                        textContent: node.textContent,
+                        parentTag: node.parentElement?.tagName || 'N/A',
+                      });
+                    }
+                  });
+                }
               } else if (mutation.type === 'attributes') {
-                console.log(`Attribute ${mutation.attributeName} modified:`, mutation);
+                let logObj = {
+                  element: mutation.target.tagName,
+                  id: mutation.target.id || 'N/A',
+                  attribute: mutation.attributeName,
+                  oldValue: mutation.oldValue,
+                  newValue: mutation.target.getAttribute(mutation.attributeName),
+                  outerHTML: mutation.target.outerHTML,
+                };
+                if (
+                  (mutation.attributeName === 'src' && ['SCRIPT', 'IFRAME', 'FRAME', 'OBJECT', 'EMBED'].includes(mutation.target.tagName)) ||
+                  (mutation.attributeName === 'href' && ['A', 'AREA', 'LINK'].includes(mutation.target.tagName)) ||
+                  (mutation.attributeName === 'action' && mutation.target.tagName === 'FORM') ||
+                  mutation.attributeName.startsWith('on') ||
+                  (mutation.attributeName === 'srcdoc' && mutation.target.tagName === 'IFRAME') ||
+                  (mutation.attributeName === 'data' && mutation.target.tagName === 'OBJECT') ||
+                  (mutation.attributeName === 'codebase' && mutation.target.tagName === 'OBJECT')
+                ) {
+                  console.warn('Potential XSS sink: Attribute change', logObj);
+                } else {
+                  console.log('Attribute changed:', logObj);
+                }
+              } else if (mutation.type === 'characterData') {
+                if (mutation.target.parentElement && mutation.target.parentElement.tagName === 'SCRIPT') {
+                  console.warn('Potential XSS sink: Script content changed', {
+                    scriptId: mutation.target.parentElement.id || 'N/A',
+                    oldValue: mutation.oldValue,
+                    newValue: mutation.target.textContent,
+                  });
+                } else {
+                  console.log('Text Content Changed:', {
+                    element: mutation.target.parentElement?.tagName || 'N/A',
+                    id: mutation.target.parentElement?.id || 'N/A',
+                    oldValue: mutation.oldValue,
+                    newValue: mutation.target.textContent,
+                    innerHTML: mutation.target.parentElement?.innerHTML || 'N/A',
+                  });
+                }
               }
-            }
+            });
+            console.groupEnd();
           };
 
-          // Create and start observer
+          // Create and start the MutationObserver
           const observer = new MutationObserver(callback);
           observer.observe(targetNode, config);
+
+          // Optional: Add event listeners to capture user interactions
+          const logUserInteraction = (event) => {
+            console.group('User Interaction Detected');
+            console.log('Event Type:', event.type);
+            console.log('Target:', {
+              tagName: event.target.tagName,
+              id: event.target.id || 'N/A',
+              classList: event.target.className || 'N/A',
+              value: 'value' in event.target ? event.target.value : 'N/A',
+              innerHTML: event.target.innerHTML || 'N/A',
+            });
+            console.groupEnd();
+          };
+
+          // Attach listeners for keyboard and click events
+          document.addEventListener('input', logUserInteraction); // For form inputs, contenteditable
+          document.addEventListener('click', logUserInteraction); // For clicks
+
+          // Function to stop the observer (run in console when needed)
+          window.hide_dom_mutations = () => {
+            observer.disconnect();
+            document.removeEventListener('input', logUserInteraction);
+            document.removeEventListener('click', logUserInteraction);
+            console.log('MutationObserver and event listeners stopped.');
+          };
+
+          // Log instructions to console
+          console.log('MutationObserver started. To stop, run: hide_dom_mutations()');
         JAVASCRIPT
 
-        console(browser_obj: browser_obj, js: 'console.clear();')
+        console(browser_obj: browser_obj, js: 'clear();')
         browser = browser_obj[:browser]
         browser.execute_script(js)
       rescue StandardError => e
@@ -542,54 +662,33 @@ module PWN
 
       # Supported Method Parameters::
       # console_resp = PWN::Plugins::TransparentBrowser.hide_dom_mutations(
-      #   browser_obj: browser_obj1,
-      #   target: 'optional - target JavaScript node to observe (defaults to document.body)'
+      #   browser_obj: browser_obj1
       # )
 
       public_class_method def self.hide_dom_mutations(opts = {})
         browser_obj = opts[:browser_obj]
         verify_devtools_browser(browser_obj: browser_obj)
 
-        target = opts[:target] ||= 'undefined'
-
         jmp_devtools_panel(
           browser_obj: browser_obj,
           panel: :console
         )
 
         js = <<~JAVASCRIPT
-          // Select the target node to observe
-          const targetNode = document.getElementById(#{target}) || document.body;
-
-          // Configuration for observer
-          const config = { attributes: true, childList: true, subtree: true };
-
-          // Callback for mutations
-          const callback = (mutationList, observer) => {
-            for (const mutation of mutationList) {
-              if (mutation.type === 'childList') {
-                console.log('Child node added/removed:', mutation);
-              } else if (mutation.type === 'attributes') {
-                console.log(`Attribute ${mutation.attributeName} modified:`, mutation);
-              }
-            }
-          };
-
-          // Create and start observer
-          const observer = new MutationObserver(callback);
-          observer.observe(targetNode, config);
-
-          // Later, stop observing if needed
-          observer.disconnect();
+          if (typeof hide_dom_mutations === 'function') {
+            hide_dom_mutations();
+            console.log('DOM mutation observer and event listeners disabled.');
+          } else {
+            console.log('Error: hide_dom_mutations function not found. DOM mutation observer was not active.');
+          }
         JAVASCRIPT
 
-        console(browser_obj: browser_obj, js: 'console.clear();')
+        console(browser_obj: browser_obj, js: 'clear();')
         browser = browser_obj[:browser]
         browser.execute_script(js)
       rescue StandardError => e
         raise e
       end
-
       # Supported Method Parameters::
       # PWN::Plugins::TransparentBrowser.update_about_config(
       #   browser_obj: browser_obj1,

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.309'
+  VERSION = '0.5.311'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.309
+  version: 0.5.311
 platform: ruby
 authors:
 - 0day Inc.