How to Use a Beef Module

We can categorize the Beef social engineering science framework equally shown in the motion picture below:

Nosotros can read more most the mentioned frameworks, namely: SET (Social Engineering Framework), BeEF, Honeyd and Cree.py, on the Infosec Plant website, where they are briefly described. .

Nosotros tin can employ BeEF to host a malicious web site, which is then visited by the victim. The BeEF is used to send commands that volition be executed on the web browser of the victim computer. The victim users volition exist added equally zombies to the Beefiness framework. When the aggressor logs into to the BeEF server, he can then execute the modules against the specified victim user. An attacker can execute any module or write his own module, which enables him to execute an capricious command confronting the victim zombie.

Amongst all the actions that we tin can execute against the hooked target spider web browser are also the post-obit deportment: primal logger, port scanner, browser exploitation tool, web proxy, etc.

BeEF

BeEF uses browser vulnerabilities to gain control of the target computer system. Beef provides an API that nosotros can utilise to write our own module to attack the target web browser. Therefore the BeEF provides the API that abstracts the complexity and makes possible the quick and effective creation of modules.

Installation

First, nosotros must download and install the browser exploitation framework. We can do that by visiting the Beefiness github webpage and execute the beneath commands.

To install the prerequisites, execute the below commands as root:

[bash]
# apt-go install ruby1.ix.1 ruby1.9.1-dev libsqlite3-dev sqlite3 sqlite3-dr. rubygems1.viii
# gem install bundler
# consign PATH='$PATH:/var/lib/gems/1.viii/bin'
[/fustigate]

Execute the below commands every bit a normal user to satisfy the rest of the dependencies:

[bash]
# curl -L https://get.rvm.io | fustigate -south stable –ruby
# consign PATH='$PATH:/usr/local/rvm/bin/'
# source /home/user/.rvm/scripts/rvm
# unset RUBYOPT && sudo env-update && gem -v
[/bash]

Download the Beef framework:

[patently]
# git clone https://github.com/beefproject/beef.git
[/plain]

To install the BeEF framework, we must first run the bundle command, which should install all the missing dependencies.

[bash]
# cd beefiness/
# bundle install
[/bash]

A successful installation of all dependencies should look as beneath:

[fustigate]
# package install
Fetching gem metadata from http://rubygems.org/…….
Fetching jewel metadata from http://rubygems.org/..
Installing addressable (2.2.8)
Installing ansi (ane.iv.3)
Installing daemons (1.ane.9)
Installing data_objects (0.10.8)
Installing dm-core (1.2.0)
Installing dm-practise-adapter (1.2.0)
Installing dm-migrations (1.ii.0)
Installing do_sqlite3 (0.x.8) with native extensions
Installing dm-sqlite-adapter (1.2.0)
Installing eventmachine (0.12.10) with native extensions
Installing em-websocket (0.iii.eight)
Installing erubis (2.seven.0)
Installing multipart-post (1.1.5)
Installing faraday (0.8.4)
Installing jsmin (i.0.1)
Installing json (1.7.5) with native extensions
Installing librex (0.0.68)
Installing msgpack (0.4.7) with native extensions
Installing msfrpc-client (1.0.1)
Installing multi_json (ane.3.6)
Installing parseconfig (one.0.2)
Installing rack (1.4.1)
Installing rack-protection (1.two.0)
Installing simple_oauth (0.1.9)
Installing tilt (1.three.3)
Installing sinatra (1.3.2)
Installing term-ansicolor (1.0.7)
Installing sparse (1.4.one) with native extensions
Installing twitter (iii.6.0)
Using bundler (1.i.5)
Your bundle is consummate! Apply `bundle show [gemname]` to meet where a bundled jewel is installed.
[/fustigate]

Update the Beefiness framework to the latest version:

[fustigate]
# ./update-beef
[/bash]

Later on all that the Beefiness framework should first ordinarily, like below:

[bash]
# ./beef
[ 9:thirteen:42][*] Browser Exploitation Framework (BeEF)
[ nine:13:42] | Version 0.4.three.7-blastoff
[ 9:13:42] | Website http://beefproject.com
[ nine:xiii:42] | Run 'beef -h' for basic assistance.
[ nine:thirteen:42] |_ Run 'git pull' to update to the latest revision.
[ 9:13:45][*] Beefiness is loading. Expect a few seconds…
[ nine:13:53][*] 8 extensions loaded:
[ 9:thirteen:53] | Autoloader
[ 9:13:53] | Events
[ 9:13:53] | Proxy
[ 9:13:53] | Requester
[ 9:xiii:53] | Admin UI
[ ix:13:53] | Console
[ 9:13:53] | Demos
[ 9:xiii:53] |_ XSSRays
[ 9:xiii:53][*] 122 modules enabled.
[ 9:xiii:53][*] 2 network interfaces were detected.
[ ix:13:53][+] running on network interface: 127.0.0.ane
[ 9:thirteen:53] | Hook URL: http://127.0.0.1:3000/hook.js
[ ix:xiii:53] |_ UI URL: http://127.0.0.1:3000/ui/panel
[ ix:13:53][+] running on network interface: 10.i.one.176
[ ix:thirteen:53] | Claw URL: http://10.ane.1.two:3000/claw.js
[ 9:xiii:53] |_ UI URL: http://10.1.one.2:3000/ui/panel
[ 9:13:53][*] RESTful API fundamental: 8f6d1d719227a0bc6b654e5682c2d73801d3cffc
[ 9:thirteen:53][*] HTTP Proxy: http://127.0.0.1:6789
[ 9:13:53][*] Beef server started (press control+c to stop)
[/bash]

We can come across that Beefiness is up and running correctly: it'southward running on all found network interfaces, so it is accessible from everywhere (not but localhost). From the Beef output, we can meet that the user interface panel is accessible on the URI: http://10.1.i.2:3000/ui/panel. If nosotros visit this spider web page, we're automatically redirected to the web page: http://127.0.0.ane:3000/ui/authentication, which looks like the picture below:

Great. Nosotros've successfully set-upwards the Beefiness exploitation framework. The default username and password are beefiness:beef. When nosotros've successfully authenticated, the beneath spider web folio is presented to the states:

We can run across that the web page offset greets u.s. and presents the basic data and getting started guide near Beefiness. We should read the getting started guide carefully since information technology provides enough details to get started with using the BeEF framework.

Getting Started

There are two demo pages currently available in the BeEF framework and are presented below:

a. Basic Demo Page

When the web page on the in a higher place film loads, our spider web browser is already hooked into the Beef framework and we tin can execute modules against information technology. The boosted links and form are nowadays for demonstration purposes of the diverse features of the BeEF framework, which nosotros won't discuss here. All that is important is that upon visiting the in a higher place web page, the browser is automatically hooked into the BeEF framework.

b. Butcher Demo Folio

This examples also automatically hooks the web browser into the Beef framework, so no additional steps are required. The additional elements on the web page are for demonstrating purposes simply.

On the left side of the BeEF user interface panel, nosotros can see "Online Browsers" and "Offline Browsers", which represent the hooked browsers, some of which are online and the others are offline; this depends on the polling activity of the victim web browser.

The getting started spider web folio also states that we tin can communicate with the hooked browser by clicking on ane of the browsers, upon which a new tab volition appear and volition look similar the flick below:

We tin can come across that each new tab representing a browser has five new tabs – summarized afterward [1]:

• Details

Displays information about the hooked browser, which we can run into in the film above.

• Logs:

Displays log entries of electric current hooked browser. We can meet this tab represented in the picture below:

• Commands

Here we tin execute modules against a web browser. Modules are able to execute any command that can be accomplished through Javascript. Each of the modules has an icon     represented with 1 of the colors listed beneath:

• Green : works against the target; invisible to the user.
• Orange : works confronting the target; visible to the user.
• Grey : must still be verified against the target.
• Red : does not work against the target.

We can run across this tab represented in the motion-picture show below. We have selected the "Browser – Hooked Domain – Play Sound" module.

• Rider

This tab allows u.s. to submit arbitrary HTTP requests on behalf of the hooked browser.

• XssRays

This tab can be used to check if the page where the browser is hooked is vulnerable to XSS attack. If nosotros correct-click on the hooked browser, a menu opens giving the states two options to cull from:

• Use every bit Proxy:

This selection allows us to use the hooked browser as a proxy.

• Launch XssRays on Hooked Domain

This launches the XSS vulnerability discovery on the spider web page. The XssRays tab mentioned above does the aforementioned thing, but nosotros tin utilise it to change options as well.

Conclusion

In this part we've installed the prerequisites for BeEF framework and Beefiness itself. Afterwards we connected to the BeEF framework in web browser and looked at the user interface and the options it allows us to use. We also discussed how the Beefiness framework should be used and what information technology can do.

In the next office of the tutorial nosotros'll wait at the "Commands" tab of the user interface where all the modules are stored.

Sources

Beefiness Getting Started Introduction Web Site

geisslerilthaddly.blogspot.com

Source: https://resources.infosecinstitute.com/topic/beef-part-1/

Share this post