next, we're gonna use a tool called beef.
Beef is a tool which allows you to gain control over somebody's
It's very dangerous,
but there's a couple of steps we have to do
So first we'll need to build a malicious code.
Next, we have to make the girl, then finally said that you were all to a victim on 1/4 step profit.
So first, we're gonna start the beef application
from the applications Exploitation Tools menu.
Then after that, we're gonna browse to 1270.0 dot one with Port
force less. You lie four slash authentication and the user name and password will be beef. So you could do that.
So good applications
on beef excess framework.
Now, let's go over to our, uh we brought our
Type you I authentication and we have our beef page.
for the password of beef
here's an example of what the hook would be.
if you were attacking somebody, you would put your i P address in here.
The port 3000 hook that J s and you would send it to them.
Next, The malicious code will be need to be crafted. I do. That is, script source equals attacker I P
Port 3000 hooked at J s. This line could be family. You initially start beef up.
So you started up. You get hook an example. So the hook,
Well, then I need to be delivered.
This would be done by placing a horrible feel like we did with our prior example. Or it could be delivered
via a link. So you can either place it in a foreign field on as users go to that web page. They just keep getting hit one by one and just keep
becoming bots to beef, which is very dangerous.
However, if you just want to do a one off, you just send until one person boom, they get hit has an excellent tool
to test just how far somebody can interact with your network. So if you think oh, my intrusion prevention system are my intrusion detection system will stop somebody for being able to do this, test it out, see if somebody on the outside
can communicate and control somebody's Web browser from the inside of your network.
And then after we deliver the code, we're gonna wait for the victim to browse the site. And then once they dio, you'll get a confirmation we've shown here
in the browsers. So let's go
into the Web page, Browse to it on and see if we become a hoax browser. Alright, here we are, on the beef control panel. We can see that if there was any online browsers, they would show up here.
These are all the off lamb browsers. So
if you did have, ah,
a computer hooked at one time, that information will stay here for you
communicate with or attempt to communicate with another time. All right, so let's come back over to pen Tester Labs
and we're gonna put it in our script here.
May I? P address will be our local i p address of 192.168
Let's submit this query. Let's actually keep this and see what happens
when we get the poplar from before.
And I'm sure some of this information to be sent over now
Oh, look at that. We have a hoax browser
with this Hook browser. We can see all kinds of different information about it,
including the cookie hosts I p address.
So we know it's coming from
what websites coming from a pen tester lab's website in the I p. Just the websites coming from you, all kinds of nifty information.
So it's very, very awesome information you can get from this.
Now we have all these different awesome pieces of information about this
one thing we can do is with me wherever your logs, you see different events that have happened.
We also come over here to commands.
Now commands are a pretty awesome tool
because the commands less to do all of different things. For example, if we have a webcam hooked up to the browser,
we can actually take a picture through the individuals webcam we're using ah VM environment. So you will have to actually go into your
virtual environment system settings up at the top
and add USB device. If you want to be able, Thio, take a picture through your V m.
However, we're not gonna bother with all of that right now. So we do stuff on here.
That is Ah, it's pretty awesome. So we could play a sound of somebody over there.
Browser or weaken, do more malicious things.
Things like attempting a browser exploitation automatically
or running a bunch of different
cross site scripting
I got it. The individual.
person is vulnerable to it. If it's orange, you might be able to get it. If it's red year,
probably not gonna get it.
You could also do this to get network information as well. You do Pink Sweet sweeps internally on something. So if you want to get further information on somebody's network, you could have them
or go to a link that you have this exploit set up at. Then you can get further information about the persons
There's also social engineering tools in here as well. If you want to try to use
social engineering tools against individuals
in your network who you may be auditing,
so how do you use when these tools Well,
what's the text of extensions?
So you click on the item
and then you click Execute. Now it checks for Google Chrome Mozilla Firefox So we're not gonna get anything back really? For this one. But we see the command execute here.
And if you could go on and you'll get the command results
So let's, uh let's try to get
u R l Is that we've gone too.
So get visited. Your l's
execute come up here
and it's not an avant browser. So it did not work. But we can attempt, get visit domains. Let's execute that.
I'm a beer and executes.
We see pen testing labs freaking out up here because
basically go back and go over all of the different things that we've gone to. Look at that.
We've got a whole bunch of different domains, um,
many of which are false results.
It's just it's getting us onto that one.
So let's execute one of these. So we're gonna come over here, we're gonna click Spider on me.
We're gonna execute this, takes a picture of the victim's browser,
come over here to command one. Then we're gonna see the results.
It may take a second floor of the results to show up.
So after you collect something, do not necessarily just give up real quick because they will take a moment if it doesn't work the first time,
re executed a couple times on a CV game results.
Fourth attempt. We had
I have a picture of the block. So this isn't it
an excellent option to be able to steal
things that the person might have tighter might have up on their their browser at that time, which is
You can also attempt to steal any auto completes as well, so we can click execute on here, and we're gonna trust you only auto complete.
That may have been Ah,
Probably if I have, uh,
put any auto completes in. So it's dropped down here.
We'll execute that one.
do use your name or email,
So let's see if we get anything back. Command results got nothing for that one. Nothing
local thing about this is you can use it to test and find different
type of adults that may be on the browser as well. So I know I have fire below. I know I have firebug.
Let's do a detect here and see if it could find a firebug.
So it executes from over here Command, too. And look at that.
Firebug is enabled and in use.
So lots of things you can do with this
see how far you can get with this tool.
Keep poking around and, uh, try it out because it's awesome. All the different things you can. D'oh!
We also have the server itself here hooked.
So you can also do commands against the server
itself and trying information
from that Web server even further.
Did you get out? It's awesome.
So it was covered Well recovered how to exploit cross site scripting manually
using redirection and cookie theft. And then we also covered how to exploit cross site scripting with beef. Not be acting, everyone