2.2 Browser Hook with BeEF - Lab 2 Part 1

00:00

Hey, everyone, welcome back to the course. So in the last video, we did a simple, reflected cross site scripting attack. So if you haven't done that yet, go back to that video. And Paul is this one.

00:08

Now, I'm gonna be starting at the very beginning here. So if you did that lab and you just came right to this video, just go ahead and fast forward until you until you see me get into the actual lab environment and then we'll go ahead and get started. But for everybody else, I want to start at the very beginning here at his go from actually finding the lab again in the catalog and launching it.

00:27

So you should already be allowed to decide Marie and all you have to do. You'll see here and step to a long name. Actually, all you have to do, just type in a seven in the catalog that'll pull up the lab that we're looking for here, This one right here.

00:38

Go and click on that and then click the launch button

00:41

and we've got one more button to click a lunch item. But in here and that's gonna launch the lab for us. And as I mentioned in the last video takes about a minute or so to launch the labs. All brief pause here while we get it all loaded up.

00:52

All right, so you'll see that the lab has finally pulled up for me here again. One housekeeping on him. If you were starting fresh from the last video on, you did not just continue on through. Just remember that for these particular labs, we just need to mark your progress now, forthis lab in particular, I've kind of modified it. So this will not count for,

01:12

um,

01:14

the second lab. This will the third lab option that's inside of here. On the right side, it will cover the beef aspect of it. So you just want to make sure you're marking stuff as you complete certain task in it to get full credit. All the lab, you'll see that I won't do that because I don't really care. Doesn't matter to me on my end. But

01:32

if you want progress on the lab, just make sure you check these boxes here and you notice that will give you your progress down at the bottom here.

01:38

All right, So another very important thing. Log in with student instead of the user Callie lyrics. They seem to be the normal user name or password for Callie links with his route and tour. You'll actually want to use student for both the user name and password. So let's go and do that now.

01:53

And if it'll take the yes, there we go.

01:57

And the reason we do that is because we want to be able to access chrome. And if we log in with the traditional Kelly Olynyk slug in, it's not gonna have chromosome option in that particular instance.

02:07

So you'll see here once we log, and we do have the chrome icon on the top left here.

02:13

Go and click on that and that'll launch that to the mutual today page. Now, if you've continued on with last lap into this one, you'll be here on the Mattila Day. Paige already. So now you can go ahead and follow along, and we'll get started with this particular lap.

02:27

So screwed our lab documents. Here's we've already loved into our lab environment. We've logged into Callie Lennox again with student in student again. If you don't see, the crew might calm there you're in the wrong spot. So good lockout and log back in with student and student.

02:39

We've launched chrome, so the next thing we're gonna do is actually create a couple of user accounts here, Wouldn't create a victim account. And that will launch fire Fox. It will create a attacker account, and then we'll move forward with the left from there. So here in step number nine, we're gonna click on the log in register option at the top left. So it's this one right here.

02:58

And then our next step is to click on the please register here. Option at the bottom.

03:04

Let's go back to our lab document.

03:06

So now here, step 11. So we just did Step number 10 will click that register here. Option

03:10

here in step 11 for all those fields. We're gonna type in the word victim.

03:15

So for the user name the password that confirmed password and the signature. All those fields were just typing in the word victim

03:23

all over case

03:23

and you can click three x box or just use a tab key to move along to each box, which everyone works best for you.

03:31

All right, So once you've typed in victim in all of those, they're just click on that create account. But

03:38

all right, so now we want to actually lock in. That's a victim, a victim. So we're gonna click back on, log in register, and then we're just gonna logging is a victim. So click back on log and register at the top there, and then click victim

03:47

for user name. And then also for the password as well.

03:52

Then just say long in there

03:53

and you'll see at the top, right? I want to say never to that we don't care for. We really don't care for remembers a password or not. I want you to see there is that victim is the logged in user. So we know where we were successful with that.

04:04

So let's go back to our lab document here.

04:08

So now what we're gonna do is we're gonna launch fire Fox here in step number 16. Where Love's Fire, Fox. Then we're going to the same situation. We're gonna be creating a user account. That's the attacker account,

04:17

and then we'll log in as the attacker.

04:20

So it's going to do that now. This will cook on fire Fox here

04:25

could take a second or so to launch. You'll see it. A long stare for us is gonna move it over just a little bit.

04:30

All right, so now we're gonna click on log and register like we did before,

04:32

and we'll go down to the bottom here. It will click on the police register here. Option.

04:36

You're gonna expand this one out just a little bit as well.

04:41

And then what we're going to do is we're going thio. Guess it's not gonna cooperate here. Well, there we are.

04:46

Uh, what we're gonna do now is what is gonna do the same thing here for attacker. We're gonna put in attacker for the word and create that user account. Same thing for the password in all these fields.

05:02

And obviously, if an attacker was really doing this, they're not gonna call themselves attacker unnecessarily. But you never know. So we're gonna click on the create account, but in there that's created our attacker account. Now we're gonna go back to log in, register at the top,

05:15

and our next step here is just loving and as the attacker.

05:18

So just like we did with the victim, we're just gonna lock in is the attacker.

05:25

And if we look at the top right here,

05:27

what's that? Little pop up goes away. We'll see that we are loved. Dennis, the attacker at the top, right?

05:31

All right, so let's go back to our lab document.

05:35

So loving to see a tapper attacker. We kind of skipped a lot of these steps here. We went through him verbally. We're all the way through those steps here. We're not loved in this. The attacker down here in step 24.

05:46

So the next thing we're to do is we're gonna launch a terminal window and run a tool called Beef, Eh? So if you don't know anything about beef, it's, ah, basically stance for the browser explode. Jason frame work. It's a fun little tool to use for Web attacks. And by the way, Joe Perry has a breaking stuff with Joe Siri's video

06:02

on beef. So you could find that in catalog now actually mentioned that

06:06

in our conclusion, video is kind of a next step for you to do. I definitely recommend you check out that video and his Siri's in general. So quick. Plug for Joe there. Let's get back to our lab.

06:15

So as I mentioned, we're gonna launch terminal windows. You just click the little black box of the left side here,

06:21

and then we're gonna go ahead and run our beef command and run our beef tool. So we're in a type in pseudo space beef dash X s s again ex assesses for cross *** scripting. If you haven't been watching these videos and you don't know what that is, that's what we're doing here.

06:36

All right, So, pseudo space beef dash excess s and then disperse entered a keyboard. It's gonna take a moment for it to actually go ahead and launch for us. Morton does you'll see it? A Launch it inside of fire Fox. Something else that you wanna be aware of that will be doing next is here. At the example.

06:54

We're actually gonna be copying this script right here and pasting it. So

06:57

go ahead and reduce this down so we can see everything else here

07:00

and pull it back a little bit. Here, make beef a little smaller.

07:05

All right, so we've got our log in screen here, and these never password is just be feels here in Step 27. We're just gonna log in with user name of beef and password of beef.

07:16

All right, so let's do that now.

07:18

And we're just going to say log.

07:21

And we could just close that little pop up there. We don't care about that. And now we're gonna get to these in just a second. The online and offline browsers. We have some steps we need to do. First, let's go back to our lab document here.

07:32

So, as I mentioned, we're gonna give back to the terminal window. We're gonna copy that script that I mentioned. This one right here. It's under the example one and then we're gonna highlight that right click and copy it. And then we're gonna go to the Firefox would know where were the attacker? So where were still loved it as the attacker, we're gonna navigate to this spot on the word of pace the script in there,

07:50

and then we're gonna save it.

07:54

And then we're gonna close that session. So a lot of steps here,

07:56

and then we're gonna go back thio chrome and navigate as the victim. And then we'll come back to beef in just a little bit. So a lot of steps there, we'll go through. We're not gonna come back to the step by step guy. We're just gonna actually go through those steps.

08:11

All right? So first step here is just copying this script here. What is gonna highlight it, as I mentioned,

08:16

And then just right click and copy,

08:18

and then we're gonna go back to our fire. Fox would know. So it's gonna be this one here, and you'll see it's fire Fox. And that's where we're loved. It is the attacker.

08:24

All right. So, again, that's where we want to navigate to this whole lost 2017 than the cross site scripting one. That a 71 then persistent

08:33

second order for Then finally, add to your block.

08:39

So kind of like we had done it, the last lab will navigate with our little menu options here.

08:45

And we're going to persistent second order and then add to your vlog

08:48

that'll take us to a page you'll see here where we can actually paste in our script. So again, we're gonna right click and then paste.

08:54

And then we're just gonna click the Save Blawg entry button.

08:58

All right, so we've saved that There.

09:01

Now we're gonna do is close the attacker session for Firefox. We're just gonna x out of this here.

09:07

And our next step here is going to chrome so that so again, we're loving this a victim.

09:11

So let's go to that. No,

09:15

you click on her crew. There it is.

09:18

All right, so now it's a victim. What we're gonna do is we're gonna follow similar steps. We're gonna go all the way to the Lost 2017 a seven cross site scripting, persistent second order, and then our difference years, we're gonna click on the view Someone's blawg option.

09:30

So let's go and do that now.

09:33

So I lost 2017 a seven, the cross site scripting persistent second order. And then we want to select the second option here. The view, Someone's blawg.