Monday, January 26, 2015

Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 2

In Part 1, we introduced you to BeEF's WebRTC extension as a solution for avoiding tracking of post-exploitation communication back to our BeEF server. In this post, we'll talk more about how this can be used during penetration testing. This will include further information about the extension and usage details for the console and RESTful API.

Tuesday, January 6, 2015

Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 1

Hi All, @xntrik here from sunny Australia. I hope you’ve all had a good New Year's and are ready to kick browser hacking into high gear for 2015. I had a thought that inspired me, and I wanted to share it here.

What if, to avoid tracking our post-exploitation communication back to our BeEF server, we were able to hook a bunch of browsers within an organisation, and make them talk to each other, instead of talking to our BeEF server? Perhaps we could keep one as the data channel (controlling peer)?

The answer is WebRTC. I recently had an amazing opportunity to present this at Kiwicon 2014, and I was keen to get the code into BeEF. This blog post provides a brief summary of WebRTC and how it works. Since there's quite a bit of ground to cover, this will be the first of a two part series.

Tuesday, June 24, 2014

Kali (formerly Backtrack) Linux & BeEF

Today's post is contributed by Ben Waugh (@bw_z).

BeEF is preinstalled on Kali linux distributions, allowing you to quickly use BeEF as part of your security testing toolkit.

 Running BeEF in Kali

Kali packages BeEF within the beef-xss service which can either be started from the command line, or the pre-populated menu item under Kali-Linux > Exploitation Tools > BeEF-XSS Framework. We don't recommend starting BeEF directly in Kali (using ruby beef) as this will not load BeEF with the required prerequisites.
You can start BeEF from the command line with; service beef-xss start

Stopping BeEF in Kali

Unfortunately, as the Kali GUI doesn't present the user with the ability to stop BeEF easily you have to stop the service manually by running: service beef-xss stop

Keeping Up to Date

To eliminate known issues and bugs, it's important to keep Kali and BeEF packages up to date. You can update both through the package manger by running apt-get update; apt-get upgrade

Known Issues

There are a small number of known issues running BeEF under the Kali distribution.

The most frequently encountered issue occurs when Kali loads the BeEF Admin GUI in your web browser when you start BeEF. We have found that the Firefox page often loads before BeEF has finished starting resulting in a 'server not found' error. You should be able to reload the page after a few moments to resolve the issue.

Also, we are currently aware of issues with some dependancies and ARM architectures. This has now been fixed, you can update to a working version by running apt-get update; apt-get upgrade 

Have any issues with Kali BeEF or suggestions? Please let us know on Twitter at @beefproject or on github!

Wednesday, March 19, 2014

Exploiting with BeEF Bind shellcode

Today's post contributed by Bart Leppens.

Some time ago Michele blogged about the BeEF bind shellcode that Ty Miller wrote for the BeEF project.  In the meantime we have committed the full source of this shellcode to the BeEF repository and it has been ported to  Linux x86 and x64 as well. So, next time you find an exploitable overflow in an application, why not give BeEF Bind a try?

Friday, July 5, 2013

A funny issue on BeEF keylogger spotted by Mario


Mario Heiderich, a good friend of mine, spotted a cool issue with the BeEF keylogger. He went “Armin Meiwes” on our favourite open source bovine. He found XSS in BeEF using <svg/onload=blah>. Well-done!

The BeEF team encourages security researchers to help out wherever possible. As such, we are announcing a BeEF bug bounty program. Each bug will receive a kilogram of Minotaur rump (depending upon supply ;-). Contact us if you would like to help out. We want to hear from you!

We're publishing the writeup about the bug Mario found and we're addressing how we fixed it in today's blog post.

Wednesday, June 26, 2013

The Internet of Things

We've heard a lot of people buzzing about this Internet of Things. So, we thought we'd offer you this without further comment:


Tuesday, June 18, 2013

Cross-domain communication with a JSP shell from a browser hooked with BeEF

If you're a penetration tester, you have surely played with webshells before. There are plenty of webshell examples in multiple languages (e.g. Java (JSP), ASP, ASP.NET, PHP). Most of these webshells, including the Metasploit ones, give you either a bind or reverse shell running as the web or application server user (e.g. Tomcat, Apache, IIS).

This works fine when you want to use our BeEF Bind custom shellcode to exploit compiled software (kudos to our friend Ty Miller), but what can you do if you're able to upload a webshell to the target and you want bi-directional communication with that from the hooked browser?

If your target is a Java Application Server, for instance JBoss or GlassFish (see the exploits we ported to BeEF for both of them, inside the exploit directory), you can deploy the following JSP shell I wrote for that purpose.