The Browser Exploitation Framework (BeEF) – Part 1

转载 2015年07月07日 10:19:07

转自:http://resources.infosecinstitute.com/beef-part-1/


1. Introduction

We can categorize the BeEF social engineering framework as shown in the picture below:

We can read more about the mentioned frameworks, namely: SET (Social Engineering Framework), BeEF, Honeyd and Cree.py, on the Infosec Institutewebsite, where they are briefly described. .

We can use BeEF to host a malicious web site, which is then visited by the victim. The BeEF is used to send commands that will be executed on the web browser of the victim computer. The victim users will be added as zombies to the BeEF framework. When the attacker logs into to the BeEF server, he can then execute the modules against the specified victim user. An attacker can execute any module or write his own module, which enables him to execute an arbitrary command against the victim zombie.

Among all the actions that we can execute against the hooked target web browser are also the following actions: key logger, port scanner, browser exploitation tool, web proxy, etc.

2. BeEF

BeEF uses browser vulnerabilities to gain control of the target computer system. BeEF provides an API that we can use to write our own module to attack the target web browser. Therefore the BeEF provides the API that abstracts the complexity and makes possible the quick and effective creation of modules.

2.1. Installation

First, we must download and install the browser exploitation framework. We can do that by visiting the BeEF github webpage and execute the below commands.

To install the prerequisites, execute the below commands as root:

1
2
3
# apt-get install ruby1.9.1 ruby1.9.1-dev libsqlite3-dev sqlite3 sqlite3-doc rubygems1.8
# gem install bundler
# export PATH='$PATH:/var/lib/gems/1.8/bin'


Execute the below commands as a normal user to satisfy the rest of the dependencies:

1
2
3
4
# curl -L https://get.rvm.io | bash -s stable –ruby
# export PATH='$PATH:/usr/local/rvm/bin/'
# source /home/user/.rvm/scripts/rvm
# unset RUBYOPT && sudo env-update && gem -v

Download the BeEF framework:

To install the BeEF framework, we must first run the bundle command, which should install all the missing dependencies.

1
2
# cd beef/
# bundle install


A successful installation of all dependencies should look as below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# bundle install
Fetching gem metadata from http://rubygems.org/.......
Fetching gem metadata from http://rubygems.org/..
Installing addressable (2.2.8)
Installing ansi (1.4.3)
Installing daemons (1.1.9)
Installing data_objects (0.10.8)
Installing dm-core (1.2.0)
Installing dm-do-adapter (1.2.0)
Installing dm-migrations (1.2.0)
Installing do_sqlite3 (0.10.8) with native extensions
Installing dm-sqlite-adapter (1.2.0)
Installing eventmachine (0.12.10) with native extensions
Installing em-websocket (0.3.8)
Installing erubis (2.7.0)
Installing multipart-post (1.1.5)
Installing faraday (0.8.4)
Installing jsmin (1.0.1)
Installing json (1.7.5) with native extensions
Installing librex (0.0.68)
Installing msgpack (0.4.7) with native extensions
Installing msfrpc-client (1.0.1)
Installing multi_json (1.3.6)
Installing parseconfig (1.0.2)
Installing rack (1.4.1)
Installing rack-protection (1.2.0)
Installing simple_oauth (0.1.9)
Installing tilt (1.3.3)
Installing sinatra (1.3.2)
Installing term-ansicolor (1.0.7)
Installing thin (1.4.1) with native extensions
Installing twitter (3.6.0)
Using bundler (1.1.5)
Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.

Update the BeEF framework to the latest version:

1
# ./update-beef

After all that the BeEF framework should start normally, like below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# ./beef
[ 9:13:42][*] Browser Exploitation Framework (BeEF)
[ 9:13:42] | Version 0.4.3.7-alpha
[ 9:13:42] | Website http://beefproject.com
[ 9:13:42] | Run 'beef -h' for basic help.
[ 9:13:42] |_ Run 'git pull' to update to the latest revision.
[ 9:13:45][*] BeEF is loading. Wait a few seconds...
[ 9:13:53][*] 8 extensions loaded:
[ 9:13:53] | Autoloader
[ 9:13:53] | Events
[ 9:13:53] | Proxy
[ 9:13:53] | Requester
[ 9:13:53] | Admin UI
[ 9:13:53] | Console
[ 9:13:53] | Demos
[ 9:13:53] |_ XSSRays
[ 9:13:53][*] 122 modules enabled.
[ 9:13:53][*] 2 network interfaces were detected.
[ 9:13:53][+] running on network interface: 127.0.0.1
[ 9:13:53] | Hook URL: http://127.0.0.1:3000/hook.js
[ 9:13:53] |_ UI URL: http://127.0.0.1:3000/ui/panel
[ 9:13:53][+] running on network interface: 10.1.1.176
[ 9:13:53] | Hook URL: http://10.1.1.2:3000/hook.js
[ 9:13:53] |_ UI URL: http://10.1.1.2:3000/ui/panel
[ 9:13:53][*] RESTful API key: 8f6d1d719227a0bc6b654e5682c2d73801d3cffc
[ 9:13:53][*] HTTP Proxy: http://127.0.0.1:6789
[ 9:13:53][*] BeEF server started (press control+c to stop)

We can see that BeEF is up and running correctly: it’s running on all found network interfaces, so it is accessible from everywhere (not only localhost). From the BeEF output, we can see that the user interface panel is accessible on the URI:http://10.1.1.2:3000/ui/panel. If we visit this web page, we’re automatically redirected to the web page: http://127.0.0.1:3000/ui/authentication, which looks like the picture below:

Great. We’ve successfully set-up the BeEF exploitation framework. The default username and password are beef:beef. When we’ve successfully authenticated, the below web page is presented to us:

We can see that the web page first greets us and presents the basic information and getting started guide about BeEF. We should read the getting started guide carefully since it provides enough details to get started with using the BeEF framework.

2.2. Getting Started

There are two demo pages currently available in the BeEF framework and are presented below:

a. Basic Demo Page

When the web page on the above picture loads, our web browser is already hooked into the BeEF framework and we can execute modules against it. The additional links and form are present for demonstration purposes of the various features of the BeEF framework, which we won’t discuss here. All that is important is that upon visiting the above web page, the browser is automatically hooked into the BeEF framework.

b. Butcher Demo Page

This examples also automatically hooks the web browser into the BeEF framework, so no additional steps are required. The additional elements on the web page are for demonstrating purposes only.

On the left side of the BeEF user interface panel, we can see “Online Browsers” and “Offline Browsers”, which represent the hooked browsers, some of which are online and the others are offline; this depends on the polling activity of the victim web browser.

The getting started web page also states that we can communicate with the hooked browser by clicking on one of the browsers, upon which a new tab will appear and will look like the picture below:

We can see that each new tab representing a browser has five new tabs – summarized after [1]:

  • Details

Displays information about the hooked browser, which we can see in the picture above.

  • Logs:

Displays log entries of current hooked browser. We can see this tab represented in the picture below:

  • Commands

Here we can execute modules against a web browser. Modules are able to execute any command that can be achieved through Javascript. Each of the modules has an icon     represented with one of the colors listed below:

  • Green : works against the target; invisible to the user.
  • Orange : works against the target; visible to the user.
  • Grey : must yet be verified against the target.
  • Red : does not work against the target.

We can see this tab represented in the picture below. We have selected the “Browser – Hooked Domain – Play Sound” module.

  • Rider

This tab allows us to submit arbitrary HTTP requests on behalf of the hooked browser.

  • XssRays

This tab can be used to check if the page where the browser is hooked is vulnerable to XSS attack. If we right-click on the hooked browser, a menu opens giving us two options to choose from:

  • Use as Proxy:

This option allows us to use the hooked browser as a proxy.

  • Launch XssRays on Hooked Domain

This launches the XSS vulnerability discovery on the web page. The XssRays tab mentioned above does the same thing, but we can use it to change options as well.

3. Conclusion

In this part we’ve installed the prerequisites for BeEF framework and BeEF itself. Afterwards we connected to the BeEF framework in web browser and looked at the user interface and the options it allows us to use. We also discussed how the BeEF framework should be used and what it can do.

In the next part of the tutorial we’ll look at the “Commands” tab of the user interface where all the modules are stored.

References

[1] BeEF Getting Started Introduction Web Site, accessible on http://127.0.0.1:3000/ui/panel.


kali beef-xss结合metasploit配置

安装kali linux之后 第一步:切换更新源进行系统软件更新,编辑系统源文件:vi /etc/apt/sources.list 把官方源进行注释,并且加上国内更新源,因为国内的更快,我...
  • u013526533
  • u013526533
  • 2016年09月06日 14:53
  • 1660

How to Use beEF (Browser Exploitation Framework)

http://null-byte.wonderhowto.com/how-to/use-beef-browser-exploitation-framework-0147209/ 'm sti...
  • mydriverc2
  • mydriverc2
  • 2014年12月16日 21:32
  • 676

初探BeEF

BT5r3下BeEF携手Metaspliot的搭建与对XPSP1的测试
  • xihuanqiqi
  • xihuanqiqi
  • 2013年12月04日 09:55
  • 16923

【安全牛学习笔记】存储型XSS和BEEF浏览器攻击框架

存储型XSS                                                               长期存储于服务器端                   ...
  • edu_aqniu
  • edu_aqniu
  • 2017年09月30日 15:30
  • 1000

BEEF的搭建与使用

安装与搭建 beef是ruby写的,在windows下安装beef还是有些麻烦的,需要装很多东西。 源码在github googlecode等地方均有下载 http://code.googl...
  • wangyi_lin
  • wangyi_lin
  • 2013年07月17日 09:05
  • 8117

xss利用之kali神器beef

1、beef基本配置 BeEF在Kali下默认安装,直接找到对应图标启动即可,但是默认设置未同Metasploit关联,无法使用msf模块,因此需要作如下配置连接msf 1、修改config....
  • jiangliuzheng
  • jiangliuzheng
  • 2016年07月14日 16:48
  • 10705

使用Beef劫持客户端浏览器并进一步使用Beef+msf拿客户端shell

利用Beef劫持客户端浏览器   环境: 1.Kali(使用beef生成恶意代码,IP:192.168.114.140) 2.一台web服务器(留言板存在XSS跨站脚本漏洞,IP:192.168.11...
  • MickeyMouse1928
  • MickeyMouse1928
  • 2017年04月08日 14:13
  • 9105

教你玩BeEF

Kali-linux之渗透突破 BeEF:是比较著名的一个xss利用框架,它是交互界面友好,高度集成,开源的一个项目!和国外其他渗透测试项目一样,它也可以和其他很多工具结合使用,如MSF.   ...
  • hard_lushunming
  • hard_lushunming
  • 2015年09月29日 00:53
  • 1697

Metasploit之Post Exploitation

参考: https://www.offensive-security.com/metasploit-unleashed/windows-post-gather-modules/autoroute这个...
  • caiqiiqi
  • caiqiiqi
  • 2017年06月17日 03:51
  • 494

内网渗透一:利用Xss漏洞进入内网

0x01:科普 Beef目前欧美最流行的WEB框架攻击平台,全称:The Browser Exploitation Framework Project. Beef利用简单的XSS漏洞,通过一段编写好的...
  • xysoul
  • xysoul
  • 2015年05月02日 14:59
  • 2934
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:The Browser Exploitation Framework (BeEF) – Part 1
举报原因:
原因补充:

(最多只允许输入30个字)