Attacking with BeEF
In previous chapters, we saw what BeEF (the Browser Exploitation Framework) is capable of. In this recipe, we will use it to send a malicious browser extension, which when executed, will give us a remote bind shell to the system.
Getting ready
We will need to install Firefox in our Windows client for this recipe.
How to do it...
- Start your BeEF service. In a root terminal, type the following:
cd /usr/share/beef-xss/ ./beef
- We will use the BeEF's advanced demo page to hook our client. In the Windows Client VM, open Firefox and browse to
http://192.168.56.1:3000/demos/butcher/index.html
. - Now, login to the BeEF's panel (
http://127.0.0.1:3000/ui/panel
). We must see the new hooked browser there. - Select the hooked Firefox and navigate to Current Browser | Commands | Social Engineering | Firefox Extension (Bindshell).
As it is marked orange (the command module works against the target, but may be visible to the user), we may need to work on social engineering to make the...