Difference between revisions of "BeEF"
| Line 53: | Line 53: | ||
[[File:fh-cafmpuswien.jpg| | [[File:fh-cafmpuswien.jpg|150px|thumb|Example|left|result]] | ||
=== Result === | === Result === | ||
Revision as of 12:31, 10 July 2021
Summary
Browser Exploitation Framework (BeEF) allows the user to start client-side-attacks, assess the security of the browser and the possible effects on the network to be tested.
Requirements
As part of this guide, I used Kali (Kali GNU/Linux Rolling 5.10.0-kali3-amd64) as the OS, so it was already preinstalled. I installed Kali on a Virtual machine (VMware® Workstation 15 Pro 15.5.5 build-16285975).
Example
For example, we only have just the domain information of the target system. And we would like to know more about this system, like name server, etc.
Let's use fh-campuswien.ac.at as our example domain:
Start: Open the BeEF service and authenticate
After the beef service has started, you have to log into the service. Default credentials are 'beef' for username and 'beef' for the password.
Hook Target Browser
For practicing purposes BeEF provides a localhost webpage.
Get mail server (MX)
Let's get information about the mail server. Again right-click to the domain icon and then select "To DNS Name - MX (mail server)".
Result
The result is a graph were all above mentioned information and their relationships are shown:
Courses
- WFP-1