先把老外的这个教程贴在这里,按着这个基本就可以操作了,如果对自己的技术不放心的,一定要看完,我后面会写我操作时遇到的问题!
Installing BeEF on ubuntu 18.04
While working on a VM for a class, I had the opportunity to install BeEF for the students. This was the first VM I have built using Ubuntu 18.04, so I expected there to be a few hiccups along the way. The good news is that the process was pretty straight forward and simple. Here are the steps to getting this up and running on Ubuntu 18.04.
I started off by creating a new virtual machine using Ubuntu 18.04. I won’t go through the steps of creating a new virtual machine image, but the takeaway here is that I am starting with a fresh Ubuntu system.
The BeEF team has put together some simple instructions for installing the application (https://github.com/beefproject/beef/wiki/Installation). This walk through follows these instructions pretty close, with one exception to clear up an error we will see along the way (or at least an error I saw).
The first thing I am going to do is install Ruby on my Ubuntu 18.04 image. To do this we want to run the following command:
sudo apt install ruby ruby-dev
<copy者注:其实这个应该是默认安好了的>
The next step is to get the BeEF source files. We will get these from git. If you haven’t installed git, make sure to run the following command first:
sudo apt install git
Once git is available, we can clone the git project with the following command:
git clone https://github.com/beefproject/beef
This will download the source files for BeEF. Next, move into the beef directory:
cd beef
This is where the I started to run into an issue. The original beef instructions say to just run:
sudo ./install
There is probably a way to fix this permission error without running as sudo… but I didn’t investigate that further.
Once the installation was successfully completed, I ran:
./beef
I was quickly greeted with the following error:
demo@ubuntu:~/beef$ ./beef
Traceback (most recent call last):
4: from ./beef:44:in `<main>’
3: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require’
2: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require’
1: from /home/demo/beef/core/loader.rb:17:in `‘
/home/demo/beef/core/loader.rb:17:in `require’: cannot load such file — xmlrpc/client (LoadError)
After digging around, I found that ubuntu 18.04 by default installs Ruby 2.5, which apparently doesn’t have the xmlrpc/client embedded. To fix this, we just need to tell BeEF that it needs this gem. To fix this, I modified the Gemfile file following these steps:
rm Gemfile.lock
Do this first to remove the lock file. Click Y to remove it.
sudo nano Gemfile
In the file, add the following line:
gem ‘xmlrpc’
Save the file and re-run the installation:
sudo ./install
At this point, the installation should be successful. Try running the following command:
./beef
You should see something like the following:
demo@ubuntu:~/beef$ ./beef
[ 6:41:32][*] Browser Exploitation Framework (BeEF) 0.4.7.0-alpha
[ 6:41:32] | Twit: @beefproject
[ 6:41:32] | Site: https://beefproject.com
[ 6:41:32] | Blog: http://blog.beefproject.com
[ 6:41:32] |_ Wiki: https://github.com/beefproject/beef/wiki
[ 6:41:32][*] Project Creator: Wade Alcorn (@WadeAlcorn)
[ 6:41:33][*] BeEF is loading. Wait a few seconds...
[ 6:41:38][*] 8 extensions enabled.
[ 6:41:38][*] 301 modules enabled.
[ 6:41:38][*] 2 network interfaces were detected.
[ 6:41:38][*] running on network interface: 127.0.0.1
[ 6:41:38] | Hook URL: http://127.0.0.1:3000/hook.js
[ 6:41:38] |_ UI URL: http://127.0.0.1:3000/ui/panel
[ 6:41:38][*] running on network interface: 192.168.116.139
[ 6:41:38] | Hook URL: http://192.168.116.139:3000/hook.js
[ 6:41:38] |_ UI URL: http://192.168.116.139:3000/ui/panel
[ 6:41:38][!] Warning: Default username and weak password in use!
[ 6:41:38] |_ New password for this instance: ec04906c30d928fb857
[ 6:41:38][*] RESTful API key: 6bd0b11e772df40
[ 6:41:38][*] HTTP Proxy: http://127.0.0.1:6789
[ 6:41:38][*] BeEF server started (press control+c to stop)
Notice that there is a “New password” configured here. This is because by default beef sets the username/password to beef/beef. As this is a default, hard-coded password, it is insecure. To fix this, beef detects the default and creates a new temp password to protect the instance. It is recommended to update the username and password to your instance.
Updating the Password
To change the password stop beef by typing ctrl+c. Now, we will edit the config.yaml file:
sudo nano config.yaml
You should see something like this:
beef:
version: '0.4.7.0-alpha'
# More verbose messages (server-side)
debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80
# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin interface
credentials:
user: "beef"
passwd: "beef"
# Interface / IP restrictions
Modify the user and passwd fields to your own values and then save the file using ctrl+x.
When you restart BeEF and go to the ui panel you should now be able to login with your new credentials.
Notes
There should be a way to install the application without using sudo ./install. This should be checked so you don’t install using root permissions. This is a non-production image for me to use for student training.
Make sure you change the default username and password to help lock down your instance.
This tutorial is for educational purposes only. Hacking without permission is illegal and should not be done.
我靠,执行那个install真的慢,而且还报错说什么什么没安上之类的,我执行了好几遍最后终于安装成功了。吐槽完毕,开始我的表演秀~
首先上边这个教程我这个四级没过的都能看懂,大家就看那个就好了,我主要说一些不顺利的地方:
1、./install执行太慢且容易失败
我执行完 sudo ./install之后,过了很长很长时间,长到我以为要失败了。然后…
然后,还就真失败了,提示的内容大概就是,有一些什么东西没有安上之类的,然后我并没有鸟他,因为我实在没办法再等那么久了,然后我直接执行了./beef,然后就提示了这个:
d@g:~/softs/beef$ ./beef
Could not find gem 'thin' in any of the gem sources listed in your Gemfile.
Run `bundle install` to install missing gems.
我直接二话没说执行了:
bundle install
<作者注:这个命令不需要加sudo,我开始以为需要权限,加了一个,然后系统提示:>
d@g:~/softs/beef$ sudo bundle install
Don’t run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
然后执行bundle install就安装成功了:
d@g:~/softs/beef$ bundle install
Fetching gem metadata from your community gem host.
...
Bundle complete! 41 Gemfile dependencies, 79 gems now installed.
Gems in the groups test and development were not installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
2、确实需要修改密码
我一开始觉得,默认就挺好的,结果:
d@g:~/softs/beef$ ./beef
[21:51:23][!] ERROR: Default username and password in use!
[21:51:23] |_ Change the beef.credentials.passwd in config.yaml
那就按照老外说的,改!
sudo gedit config.yaml
我试试只改其中的一个行不行
3、确实不需要添加他说的那个gem ‘xmlrpc’以及不用删那个Gemfile.lock文件
我用户名没变,改了个密码,然后直接在beef/目录下执行./beef ,就,就成功了!
这不就好起来了吗,哈哈哈
不是,我就想问,这很难吗?
这不是有手就行???
中国都没一个好教程,还得翻出去找,荒唐!
疯狂狗头
4、怎么使用
进目录,运行那个beef,然后进浏览器打开链接,这我真不想说了。
我想说的是,这个:
我们需要修改配置文件,把主机ip改成我们物理机的ip
至此,就可以正常使用了。感兴趣的可以用我的靶场试一下,欢迎来白嫖,我自己的服务器:
http://duola.zgjo.xyz/
更加详细的教程就看这个吧,在我笔记里吃灰很久了:
BeEF的使用-谢公子安全
太不容易了~
公众号:「白帽子续命指南」
447
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
