Step 1:Start Cooking BeEF
Begin the BeEF benefit by going to “Applications” – > “Kali Linux” – > “Framework Services” – > “Hamburger” – > “meat begin.”
The BeEF server can be gotten to by means of any program on our localhost (127.0.0.1) web server at port 3000. To get to its verification page, go to:
http://localhost:3000/ui/confirmation
The default qualifications are “meat” for both username and secret word.
Fantastic! Presently you have effectively signed into BeEF and are prepared to start utilizing this intense stage to hack internet browsers.
Note that in the screen capture underneath that my nearby program, 127.0.0.1, shows up in the left hand “Snared Browsers” traveler after I tapped on the connection to the demo page. Meat additionally shows its “Beginning” window to one side.
Table of Contents
Step 3 :Viewing Browser Details
On the off chance that I tap on the neighborhood program, it will give more decisions to the privilege including a “Subtle elements” window where we can get every one of the particulars of that program. Since I am utilizing the Iceweasel program incorporated with Kali, which is based upon Firefox, it demonstrates to me that the program is Firefox.
It likewise demonstrates to me the variant number (24), the stage (Linux i686), any segments (Flash, web attachments, and so forth.), and more data that we will have the capacity to use in later web application hacks.
Step 4 :Hooking a Browser
The way to progress with BeEF is to “snare” a program. This essentially implies we require the casualty to visit a powerless web application. This infused code in the “snared” program at that point reacts to directions from the BeEF server. From that point, we can complete various malignant things on the casualty’s PC.
Meat has a JavaScript record called “hook.js,” and on the off chance that we can get the casualty to execute it in a powerless web application, we will snare their program! In future instructional exercises, we will take a gander at different approaches to get the casualty’s program snared.
Step 5 :Running Commands in the Browser
In the screen capture beneath, I have “snared” an Internet Explorer 6 program on an old Windows XP on my LAN at IP 192.168.89.191.
Presently, that we have snared the casualty’s program, we can utilize various inherent directions that can executed from the casualty’s program. The following are only a couple of models; there are numerous others.
- Get Visited Domains
- Get Visited URLs
- Webcam
- Get All Cookies
- Snatch Google Contacts
- Screen capture
In the screen capture beneath, I chose the “Webcam” order that a significant number of you might be keen on. As should be obvious, when I execute this direction, an Adobe Flash discourse box will fly up on the screen of the client asking, “Permit Webcam?” If they click “Permit,” it will start to return pictures from the casualty’s machine to you.
Obviously, the content can be altered, so be innovative. For example, you could modify the catch to state “You have recently won the lottery! Snap here to gather your rewards!” or “Your product is outdated. Snap here to refresh and keep your PC secure.” Other such messages may allure the casualty to tap on the container.
Step 6 : Getting Cookies
Once we have the browser hooked, there is almost unlimited possibilities of what we can do. If we wanted the cookies of the victim, we can go to “Chrome Extensions” and select “Get All Cookies” as shown in the screenshot below.
BeEF is an extraordinary and powerful tool for exploiting web browsers. In addition to what I have shown you here, it can also be used to leverage operating system attacks. We will be using it and other tools in my new series on hacking web applications, mobile devices, and Facebook, so keep coming back, my greenhorn hackers.
