All right. So we have the beef framework up and running in our browser. We've already launched it,
But let's follow our methodology. So we typically do our end map scan. Let's say I have a host already have some information that Port 25 is open and I want to figure out what the version is of that of whatever software is running on Port 25.
And I can see it's code crafter ability mail service, MTPD 2013.
We can do search ploy right. Search boy ability mail server 2013.
And we see that we have to exploits for persistent cross site scripting
vulnerabilities and there's a python script here. I can also go to that um, research for that and exploit DB.
This is what differentiates you from script kitties is the fact that you can look at this script
and this is what you need to do for SCP
and you need to start picking this apart. And I'm doing this early because there's an exploit public exploit module. But let's start thinking about this now.
I see a hard coded I p I need to change that. I see port 25. That's good. We already have port 25. I see an email address of user at hack dot local. Is that going to be the same for our environment?
So start thinking about it. You don't have to know python per se, but you should understand the underlying code
and be able to modify the code. Which is what I did. I took a look at the code and I said I need to change this to fit my environment. So let me show you my code.
modified the code and what I did
as I know that there's a user at local host and there's an admin at local host. My objective is to get the user name and password
And you can see here that the content type is text. Html. Which is important because it will do our script tag here
script document location and show you that in the slides
Is my controlled server 1921681228. And this index page.
So it should redirect the victim to are controlled page was gonna look a lot like the login page for this application.
So here is the victims I. P. Address Port 25. The login is user at local host already have this information, their passwords user and I'm sending it from user to admin.
So let's let's launch this and give it a go and see what happens.
So here we go. I'm launching this
here's my admin. He's going to log in or she
and they're going to go to inbox. They see they have a message and it says urgent. Please read well you know they've got to read it
and it says you've been logged out please log back in. Okay. Well and are my credentials again
Something's not working here. Let's go back. I don't know what's going on.
and we see we've hooked their browser here. Right
wow they're old school right.
This isn't the old school box the XP.
But we have a whole bunch of information here
and let's look at logs
and you can see here
that there's a whole bunch of information. It captures all the keystrokes on the page
So you can see that the user is admin and the password is password 12345.
and now I can log in
I can also do some other things
Like you know if you really like the big scary one
and I showed you before
just in case you get, you know
you want to you want to try and give it a try.
Let's see if that executes there you go.
Message from one page 1.
So I hope you see that beef is much more impactful on what you can do. There's a there's a bunch of other things you can do here.
But for my purposes as the attacker I have what I came for
I came for the user name and password
so play around with beef. Um see if you like it. And uh again is the client side attacks so you need someone to click on the link
What I also want to show you was
if we view the source of the page,
the script tag that I made on my evil page.
So I made it look like the login for this application but buried in all this script or all this. Html.
Is this script tag for my beef hook right there.
So sure a savvy victim will be able to see that, but it's too late for them.
But that's how I made that page.
All right. Hopefully that makes sense. But again, remember methodology, scan, enumerate, figure out the version and ultimately from that. Um, look at public exploit code
and modify it to fit your environment
grab the username and password of the victim.