Beef is introduced
BeeF is the most popular penetration testing platform for Web frameworks in Europe and the United States. Parrot and Kali penetration testing systems integrate BeeF, and BeeF has a lot of payload.
For example, with the simplicity of XSS, BeeF can control the target host’s browser through a piece of javascript written to retrieve information from the browser and scan the Intranet, which is very powerful.
Introduction to the working principle of BEEF
1. Start beef and log in to web-beef
2. Embed JS code segments in the code of Web1
3. User user1 accesses the web page through a browser
4. Beef hijacks User1’s browser by embedding JS code to obtain various information about the browser
5. You can see a lot of user1 information on the web-beef side, as well as options for whether or not user1 can be penetrated, etc.
Use beef under kali
In general, penetration OS such as Kali and Parrot are integrated with Beef and can be installed manually using commands if your system is not already installed.
Installation directory and structure of BEEF
Service # open beef systemctl stop beef- XSS. Service # open beef systemctl Restart beef- XSSCopy the codeBeef Configure the IP address and default password
The BeeF configuration file under kali is in /usr/share/beef-xss/config aml. Other configuration files are also in the subdirectory of this directory and need to be modified later when some functions are used.
Permitted_hooking_subnet: "0.0.0.0/0" # specify a certain network segment. Only browsers in this network segment can be hook permitted_ui_subnet: Host: "0.0.0.0" # Set the host IP address of the beef server. If you have your own domain name, you can set your own domain name. If you do not have your own domain name, use the default port: > 1024 xhr_poll_timeout = 1024 xhr_poll_timeout = 1024 xhr_poll_timeout = 1024 1000 # victimized browser polling beef host time, default is 1 second, can be set to lower. Public: "" #public hostname/IP address public_port: "" #experimental this is required to run BeEF in a reverse proxy or NAT environment. Web_ui_basepath: "/ UI "# admin page URI, default is/UI, recommended change, so that no one can find your admin page hook_file: The credentials: user: "beef" passwd: "/ hook_file "#hook_file "Beef" # Manage the login username and password of the page, this must be changed, both are bestCopy the codeUse the BEEF penetration test process
Start the beef
Start-up success
Access through the Web
1. Enter the user name and password configured in config. XML to log in to the BEEF management console
2. Hook. Js code in the website
The diagram below:
3, client 192.168.107.110, visit this page, will be beef hook,
Much of the browser’s information is captured by Beef
4. Obtain the browser cookie
5, web redirection, the target browser redirects to the web page you specify
6. Login window, obtain the user name and password
As shown below, give the target browser a popover,
To install as Windows authentication, get the username and password.
If the target browser accepts and enters the username and password,
On the beef side, we can obtain the user name and password entered by the other party.
Module color and explanation
Internally, BeEF detects which command modules work in the current browser and is color-coded: green: Command modules run on the target browser and the user will not feel anything unusual orange: The command module can run on the target browser, but the user may feel abnormal (such as pop-up window, prompt, jump, etc.). Gray: The command module has not verified the target, that is, it does not know whether the command module can run. Red: The command module is not applicable to the target