Hacking With BeEF (Browser Exploitation Framework)

Hey awl in diz tut i will be telling you all about an aww tool that is BeEF (Browser Exploitation Framework).

What Is BeEF

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. The Browser Exploitation Framework (BeEF) is a powerful professional security tool.

BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. 

    It has various uses.
    It can Port scan the zombie.(BeEF framework uses word zombies for targets/victims).
    It helps to foot print the zombie for various plugins and settings.
    It can exploit the browser vulnerabilities.
    It can be used as key logger.
    It can be used as a platform to check exploit behaviour under different browsers like IE, Firefox, Safari etc.

The good thing about BeEF, is that it is designed in a modular way (which makes addition of new exploits as easy as possible). Additionally, it is cross platform.

The functionality of the framework revolves around two components namely zombies and modules.

    Zombies are the prospective targets (browsers) which can be exploited/manipulated based up on their security posture.
    Modules are the functional parts of the framework. They let us use exploits, shells, port scanner etc.

Features of BeEf

BeEF is actively being developed by its developers. They have plans to incorporate many features. BeEF has following features right now in the PHP version.

1. Key logger
2. Bind shells
3. Port scanner
4. Clipboard theft
5. Tor detection
6. Integration with Metasploit Framework
7. Many browser exploitation modules
8. Browser functionality detection
9. Mozilla extension exploitation support

How Does It Works

 

BeEF is built on a client-server architecture and has two components namely :- User interface Communication server  User interface It has a very nice and easy to use User interface. This component acts an interface between BeEF framework, zombies (BeEFframework uses word zombies for targets/victims ) and the attacker. UI lets you select zombies, select modules, and configure various settings etc. Communication Server This component is the base of the framework. The communication Server communicates with the targets via the http protocol and takes care of everything the framework does. A typical scenario A attacker hosts a site using BeEF. Victim access the web page hosted by attacker. The web page triggers BeEF framework to send the instructions to the browser, to execute on the target machine. The user gets added into the zombie list of the framework. The whole process is invisible to the user.

 

Now attacker logs in to the BeEF server remotely and can run modules to get the desired outcome. He can redirect the victim to a malicious site, exploit vulnerable browser, log the browser activity etc. Usages are limit less and are only restricted by imagination/creativity of the attacker.

Installing Browser Exploitation Framework in BackTrack 

First Open Your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework>BeEF Installer 

 

Now Beef is Successfully Install in your system

 

Using BeEf (Browser Exploitation Framework )

Open your backtrack and Follow these path

 Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework>BeEF
 

 

 

Then copied the URL and launch it in the browser (The darkened one is my URL based on the IP of my virtual box machine yours will be different)

USERNAME and PASSWORD is Beef

 

 

 

Now send the link http://192.168.213.128:3000//demos/basic.html(IP must be yours) with any trick.

 

As soon as victim launched this link in his/her browser the you can access his/her system.

 

 

I will try to post more tutorials in BeEf with new things.