BeEF Framework Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:01
All right. So we have the beef framework up and running in our browser. We've already launched it,
00:07
But let's follow our methodology. So we typically do our end map scan. Let's say I have a host already have some information that Port 25 is open and I want to figure out what the version is of that of whatever software is running on Port 25.
00:24
And I can see it's code crafter ability mail service, MTPD 2013.
00:30
We can do search ploy right. Search boy ability mail server 2013.
00:37
And we see that we have to exploits for persistent cross site scripting
00:42
vulnerabilities and there's a python script here. I can also go to that um, research for that and exploit DB.
00:51
This is what differentiates you from script kitties is the fact that you can look at this script
00:57
and this is what you need to do for SCP
00:59
and you need to start picking this apart. And I'm doing this early because there's an exploit public exploit module. But let's start thinking about this now.
01:07
I see a hard coded I p I need to change that. I see port 25. That's good. We already have port 25. I see an email address of user at hack dot local. Is that going to be the same for our environment?
01:21
So start thinking about it. You don't have to know python per se, but you should understand the underlying code
01:26
and be able to modify the code. Which is what I did. I took a look at the code and I said I need to change this to fit my environment. So let me show you my code.
01:37
So what I did
01:40
is I
01:42
modified the code and what I did
01:48
as I know that there's a user at local host and there's an admin at local host. My objective is to get the user name and password
01:55
of the admin user.
01:57
And you can see here that the content type is text. Html. Which is important because it will do our script tag here
02:05
script document location and show you that in the slides
02:07
Is my controlled server 1921681228. And this index page.
02:14
So it should redirect the victim to are controlled page was gonna look a lot like the login page for this application.
02:23
So here is the victims I. P. Address Port 25. The login is user at local host already have this information, their passwords user and I'm sending it from user to admin.
02:35
So let's let's launch this and give it a go and see what happens.
02:38
So here we go. I'm launching this
02:42
and I'm hoping
02:45
I'm hoping
02:46
here's my admin. He's going to log in or she
02:57
and they're going to go to inbox. They see they have a message and it says urgent. Please read well you know they've got to read it
03:05
so they click
03:07
and it says you've been logged out please log back in. Okay. Well and are my credentials again
03:15
Okay
03:15
click login.
03:19
Something's not working here. Let's go back. I don't know what's going on.
03:24
So if we go back
03:29
let's take a look
03:30
and beef
03:31
and we see we've hooked their browser here. Right
03:35
and an explorer
03:37
wow they're old school right.
03:38
This isn't the old school box the XP.
03:42
But we have a whole bunch of information here
03:45
and let's look at logs
03:49
and you can see here
03:51
that there's a whole bunch of information. It captures all the keystrokes on the page
03:57
So you can see that the user is admin and the password is password 12345.
04:02
So if I wanted to
04:05
I could then go,
04:11
It's on port 8000
04:15
and now I can log in
04:19
is the admin.
04:21
Here we go.
04:24
I can also do some other things
04:27
Like you know if you really like the big scary one
04:31
and I showed you before
04:33
create alert dialog
04:36
just in case you get, you know
04:39
you want to you want to try and give it a try.
04:43
Let's see if that executes there you go.
04:45
Message from one page 1.
04:47
So I hope you see that beef is much more impactful on what you can do. There's a there's a bunch of other things you can do here.
04:55
But for my purposes as the attacker I have what I came for
04:59
I came for the user name and password
05:01
and I got it
05:02
so play around with beef. Um see if you like it. And uh again is the client side attacks so you need someone to click on the link
05:12
and execute it.
05:14
What I also want to show you was
05:17
if we're here,
05:19
if we view the source of the page,
05:26
I should see
05:30
here. It is
05:31
the script tag that I made on my evil page.
05:34
So I made it look like the login for this application but buried in all this script or all this. Html.
05:42
Is this script tag for my beef hook right there.
05:46
So sure a savvy victim will be able to see that, but it's too late for them.
05:53
But that's how I made that page.
05:56
All right. Hopefully that makes sense. But again, remember methodology, scan, enumerate, figure out the version and ultimately from that. Um, look at public exploit code
06:08
and modify it to fit your environment
06:11
and then
06:12
grab the username and password of the victim.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By