Advanced Client-Side Exploitation with BeEF

In recent days, hackers can hack your phone with just one message. All your data can be stolen with just one click. Everything can be managed with just one tool. The tool's name is BeEF.




BeEF(Browser Exploitation Framework)

The Browser Exploitation Framework, or BeEF for short, is a penetration testing tool designed for testing and attacking web browsers. Using BeEF, we can fingerprint web browsers, profile users, and attack the browser to further our access to target systems.

In this blog, we cover the following topics:

  • Hooking browsers
  • Fingerprinting with BeEF
  • Browser exploitation
  • Automating attacks

Setting Up BeEF

The BeEF comes pre-installed with Kali Linux. If you are in another Linux Environment just follow these steps:

mrdev@kali:~# git clone https://github.com/beefproject/beef.git
mrdev@kali:~# cd beef
mrdev@kali:~/beef# bundle install
mrdev@kali:~/beef# ./beef         --> To Run BeEF


Configure username & Password

To run BeEF, it is important to configure the user name and password.  Run the following command:

mrdev@kali:~# cd /usr/share/beef-xss
mrdev@kali:~# nano config.yaml

From Here you have to change the username and password.


To save hit CTRL + X and hit Enter. Now run beef:

Using the BeEF Console

To run browser exploitation Framework menu > System services > beef start.


Now that BeEF is running, the next step is to launch a browser to access the admin console.


Using the URL from the last lab, we can start our Iceweasel browser and visit http://127.0.0.1:3000/ui/panel. This should redirect the browser to the authentication page for BeEF with the login box.

The credentials for BeEF are “mrdev” for the username and “beef” for the password. Once these are entered, the BeEF console should be displayed with the default right pane containing the “Getting Started” information. 



Hooking Browsers

To really explore BeEF, we need to have a browser hooked.  To Hook the browser you need to follow a few steps:

1. Create a new HTML/CSS page.

2. In at head tag you have to paste the script from the terminal. Watch my YouTube video to learn more.

3. Send the HTML file to the Apache folder and start the Apache server using the following command:

mrdev@kali:~# sudo mv hack.html /var/www/html
mrdev@kali:~# service apache2 start
Send the link to the victim through email or SMS. When the victim clicks on that link, we will be successfully connected to its system.

Watch the video till the end You will find out your answer.
Tags

You may like these posts

Show more

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.

If you have any doubts or any queries you can specify here.

#buttons=(Ok, Go it!) #days=(20)

Our website uses cookies to enhance your experience. Learn More
Ok, Go it!