Author Topic: Hack any browser using BeEF (Read 15855 times)

Griffon Bossi · « **Reply #15 on:** February 01, 2013, 11:01:56 pm »

alright. thanks

i have ubuntu however, i cant find the backtrack in applications. can someone help me out. (And sorry for being so needy, im very new to a lot of this.)

Staff Edit
Please use the Edit/Modify button instead of double posting

Why · « **Reply #16 on:** May 27, 2013, 09:22:59 pm »

Thanks for the TUT!

parad0x · « **Reply #17 on:** May 28, 2013, 10:02:45 am »

Quote from: Why on May 27, 2013, 09:22:59 pm

Thanks for the TUT!

Welcome, and post your intro.

scuarplex · « **Reply #18 on:** June 05, 2013, 10:14:31 pm »

I've used BeeF in a few Client Side attacks and my two cents are:

Change the default port to 443 or 80 so it doesn't get blocked by any Firewall (or upload it to a website).

When you get a new zombie make sure to use any of the persitence plug-in as a first measure.

Some AV's detect the js hook, so you might wanna touch it a little before deploying it.

0wn4g3 · « **Reply #19 on:** June 06, 2013, 03:31:25 pm »

I really don't understand how can you infect someone by giving the link that contains localhost's address. There should be an advanced configuration I think. It's not that easy
.

proxx · « **Reply #20 on:** June 06, 2013, 03:34:20 pm »

Quote from: 0wn4g3 on June 06, 2013, 03:31:25 pm

I really don't understand how can you infect someone by giving the link that contains localhost's address. There should be an advanced configuration I think. It's not that easy
.

There is nothing to understand , you cant.
Nothing advanced about it.

0wn4g3 · « **Reply #21 on:** June 06, 2013, 03:44:51 pm »

Quote from: proxx on June 06, 2013, 03:34:20 pm

There is nothing to understand , you cant.
Nothing advanced about it.

So there's nothing we can do in order to hack a browser remotely ?
Sorry for being so noob :\

Stackprotector · « **Reply #22 on:** June 06, 2013, 04:42:05 pm »

Quote from: 0wn4g3 on June 06, 2013, 03:44:51 pm

So there's nothing we can do in order to hack a browser remotely ?
Sorry for being so noob :\

No, and these hacks are usually somewhat buggy and will raise flags quickly. I advise you to learn Web development and then continue on to web security and you won't ever need to get headaches of a tool like this and call yourself a pro

proxx · « **Reply #23 on:** June 06, 2013, 04:42:35 pm »

Yes your being noob indeed, learn basic networking before starting to think about exploitation.
No offense intended but I believe that is the truth.

scuarplex · « **Reply #24 on:** June 06, 2013, 09:24:00 pm »

Common guys why is so hard to teach someone something new? This is the tutorial section and are ment to spread knowledge.

What's the point of having a tutorial section if we are going to criticize every one that makes a question?

Quote from: 0wn4g3 on June 06, 2013, 03:31:25 pm

I really don't understand how can you infect someone by giving the link that contains localhost's address. There should be an advanced configuration I think. It's not that easy
.

It's not that hard. When you start up BeeF directly connected to the internet, having an external IP associated to your network card (check it out with ifconfig and make sure to know what's the difference between an internal IP and a external IP), BeeF should give you URI with your external IP.

After you have this Script on the outside you could include it on a phishing, hack a site and put it into an iframe, create a domain with a fake site and spread it, or just raise an Apache in the same IP with a simple HTML with beef embedded and pass your IP with a http:// to a friend of yours to test this tool.

Of course you could learn a lot of Javascript, that would be pretty useful for you but this is a very complete suite for attacks and it saves a lot of time. There's no need to reinvent the wheel.

Perhaps the best would be that you spend hours, days, weeks, years reading and reading but this can be a fun way to learn asking yourself "Why this works like this?" "Why it isn't working?" and such.

Cheers

Conex · « **Reply #25 on:** June 06, 2013, 09:45:07 pm »

Very useful tool.

Thanks for the tutorial!

proxx · « **Reply #26 on:** June 06, 2013, 10:24:45 pm »

Quote from: scuarplex on June 06, 2013, 09:24:00 pm

Common guys why is so hard to teach someone something new? This is the tutorial section and are ment to spread knowledge.

What's the point of having a tutorial section if we are going to criticize every one that makes a question?

It's not that hard. When you start up BeeF directly connected to the internet, having an external IP associated to your network card (check it out with ifconfig and make sure to know what's the difference between an internal IP and a external IP), BeeF should give you URI with your external IP.

After you have this Script on the outside you could include it on a phishing, hack a site and put it into an iframe, create a domain with a fake site and spread it, or just raise an Apache in the same IP with a simple HTML with beef embedded and pass your IP with a http:// to a friend of yours to test this tool.

Of course you could learn a lot of Javascript, that would be pretty useful for you but this is a very complete suite for attacks and it saves a lot of time. There's no need to reinvent the wheel.

Perhaps the best would be that you spend hours, days, weeks, years reading and reading but this can be a fun way to learn asking yourself "Why this works like this?" "Why it isn't working?" and such.

Cheers

I just gave the dude the best advice I could possibly give.
Learning about basic networking would make the awnsers more than obvious.
Walk before you run.

RedBullAddicted · « **Reply #27 on:** June 07, 2013, 06:10:17 am »

Quote from: techb on January 16, 2013, 11:33:34 pm

BeEF seems pretty local. Meaning, be on the same network for this to work. Unless you did some port forwarding. In which case I would deff change the default port and un/pass. Since BeEF is a pen tool, I doubt rigorous fuzzing or exploiting has been done against it, so it can be vulnerable especially for outside attacks with the port forwards.

everything relevant to answer his question was already given by techb. Not sure if he did not read it or did not understand it. In the second case proxxs advice is the best one can give

Cheers,
RBA

kenjoe41 · « **Reply #28 on:** June 09, 2013, 02:57:29 pm »

According to the questions asked by this guy, i doubt he could understand a thing in techb's advice.
They should know most of us started like them but we followed the advice we were given. Hacking doesn't come in one day, it requires some intense reading and trying.
I advise them to visit the ebook section, build a few virtual labs and hack a little, then when things go awry, they can ask.

parad0x · « **Reply #29 on:** June 09, 2013, 04:21:07 pm »

Quote from: scuarplex on June 06, 2013, 09:24:00 pm

Common guys why is so hard to teach someone something new? This is the tutorial section and are ment to spread knowledge.

What's the point of having a tutorial section if we are going to criticize every one that makes a question?

It's ok to ask questions but its NOT OK to ask questions about what you don't even know a bit about.

Hey man, how can he understand to exploit something until he knows how the things work and the advices are given yo learn how these things work.

EvilZone

News:

Author Topic: Hack any browser using BeEF (Read 15855 times)

Griffon Bossi

Re: Hack any browser using BeEF

Why

Re: Hack any browser using BeEF

parad0x

Re: Hack any browser using BeEF

scuarplex

Re: Hack any browser using BeEF

0wn4g3

Re: Hack any browser using BeEF

proxx

Re: Hack any browser using BeEF

0wn4g3

Re: Hack any browser using BeEF

Stackprotector

Re: Hack any browser using BeEF

proxx

Re: Hack any browser using BeEF

scuarplex

Re: Hack any browser using BeEF

Conex

Re: Hack any browser using BeEF

proxx

Re: Hack any browser using BeEF

RedBullAddicted

Re: Hack any browser using BeEF

kenjoe41

Re: Hack any browser using BeEF

parad0x

Re: Hack any browser using BeEF