table of Contents
Introduction to Beef working principle
Beef configure the IP address and default password
Use beef attack/attack process
1. Enter the username and password configured in config.xml to log in to the beef management console
2. Implant hook.js code in the website
5. Web page redirection, the target browser jumps to the web page you specify
6. Log in to the pop-up window to get the user name and password
beef introduction
BeeF is the most popular web framework VPN platform in Europe and the United States. Test systems such as parrot and kali integrate Beef, and Beef has many useful payloads. For example, through the simple vulnerability of XSS, BeeF can control the browser of the target host through a compiled javascript, obtain various information through the browser and scan the intranet information, which is very powerful.
Introduction to Beef working principle
1. Start beef and log in to the Web-beef of beef
2. Implant js code snippets in the code of web page Web1
3. User user1 accesses the web page through the browser
4. Beef will hijack user1's browser by implanting js code to obtain various information about the browser
5. On the Web-beef side, you can see a large amount of user1 information, as well as options for whether to be ***.
Use beef under kali
Generally speaking, ***os such as kali and parrot are integrated with beef. If your system is not installed, you can use the command to install it manually.
Installation directory and structure of beef
apt install beef-xss #安装beefsystemctl start beef-xss.service #开启beef systemctl stop beef-xss.service #关闭beef systemctl restart beef-xss.service #重启beef
Beef configure the IP address and default password
The BeeF configuration file under kali is in /usr/share/beef-xss/config.yaml, and other configuration files are also in subdirectories of this directory. In the future, when using certain functions, you need to modify the corresponding configuration files.
permitted_hooking_subnet: "0.0.0.0/0" #Specify a certain network segment, only browsers in this network segment can be hooked permitted_ui_subnet: "0.0.0.0/0" #Specify a network segment, only browsers in this network segment can access the management UI host: "0.0.0.0" #Set the host IP address of the beef server, if you have your own domain name, you can set your own domain name, if not, use the default port: "3000" #Set the port that the beef server listens to, the default is 3000, you can set it to 8080, pretend to be tomcat, remember that the port number needs to be greater than 1024 xhr_poll_timeout: 1000 #The time for the victim browser to poll the beef host. The default is 1 second, which can be set lower. public: "" #public hostname/IP address public_port: "" #experimental # This is only required for BeEF to run in a reverse proxy or NAT environment. web_ui_basepath: "/ui" #The URI of the management page, the default is /ui, it is recommended to modify it so that others will not find your management page hook_file: "/hook.js" The name of #hook_file, it is recommended to modify it, and it can be modified to jquery.js to improve concealment credentials: user: "beef" passwd: "beef" #Administration page login username and password, this must be changed, it is best to change both
Use beef*** process
Start beef
Start successfully
Access via web
1. Enter the username and password configured in config.xml to log in to the beef management console
2. Implant hook.js code in the website
As shown below:
3. If the client 192.168.107.110 visits this page, it will be hooked by beef, and a large amount of information of the browser will be obtained by beef
4. Get browser cookies
5. Web page redirection, the target browser jumps to the web page you specify
6. Log in to the pop-up window to get the user name and password
As shown in the figure below, give the target browser a pop-up window, pretending to be windows authentication, and defrauding the user name and password.
If the target browser is cheated and the user name and password are entered, we can obtain the user name and password entered by the other party on the beef side.
Module color and explanation
Internally, BeEF can detect which command modules can work in the currently victimized browser, and color it:
Green: The command module can run on the target browser, and the user will not feel any abnormality
Orange: The command module can be browsed in the target But the user may feel abnormal (for example, there may be pop-up windows, prompts, jumps, etc.)
Gray: the command module has not been verified against this target, that is, it is not known whether it can be run
Red: the command module is not applicable aims
