Friday, April 13, 2012

Cloudy with a chance of BeEF

Running BeEF from a local workstation poses some problems during a penetration test: it doesn't have a static IP address, the workstation gets turned on and off, and it really doesn't demonstrate the impact of Internet-borne threats. Pentesters have been turning more and more to online VPS services, or Amazon's EC2. For example, check out the lightning talk that I did at CloudCamp: leveraging the "cloud" during penetration tests 

This is where the idea of running BeEF on an Amazon EC2 instance started to simmer.

These days, the BeEF project uses IaaS and other cloud-esque services for a lot of the work. We have our continuous integration server running tests against our github hosted source code, heck, even this blog utilises SaaS (note to readers: if you think *aaS isn't already used throughout your organisation, you are sorely mistaken).

So here's a quick and dirty method to get you running the latest version of BeEF with an Amazon EC2 instance in no time. Before we begin though, this installation method is heavily inspired from RVM's installation method, so this will look familiar to RVM users.

You might be thinking, why not just create a canned Amazon Machine Image (AMI) of BeEF? When we considered all the different Amazon regions in which we'd have to host an AMI image, this method was just as simple, especially when dealing with all the changes to the framework over time. This process is still in its infancy though, so expect it to change in the future as the framework matures.


Step 1:
Create a fresh "Amazon Linux AMI" instance (if you're impatient the c1.xlarge can be up and running in about 5 mins, otherwise you can use the smaller instances).

Step 2.
SSH into the instance

Step 3.
At the prompt:
$ bash < <(curl -s https://raw.github.com/xntrik/beefcloud/master/beef-installer)

Step 4.
Re-activate rvm:
$ source ~/.bash_profile

Step 5.
Change into the beef folder:
$ cd beef

Step 6.
Run beef:
$ ./beef

Step 7.
...

Step 8.
Profit!

Under the hood, the beef-installer script is simply:
  1. Installing dependencies with yum
  2. Downloading RVM
  3. Installing RVM
  4. Using RVM to install OpenSSL and Ruby 1.9.2
  5. Installing the 'bundler' gem (required for BeEF)
  6. Cloning the latest BeEF from github
  7. Going into the beef folder
  8. Running bundler to install BeEF's gem dependencies
Hope you guys find this useful.

11 comments:

  1. Profit! .. we find that's many people's favourite step.

    ReplyDelete
  2. This is a really good idea and I've been running BeEF on a Amazon Linux AMI for a week or so. Inevitably I lose the SSH terminal sometimes so I can no longer monitor the beef activity. More serious than that, How do I gently stop beef from a new terminal window without leaving a whole bunch of stuff hanging. 'kill beef' causes a whole bunch of problems :(

    ReplyDelete
    Replies
    1. Ok got it. Start BeEF with
      screen ./beef
      Then ctrl-d to quit the screen session. To get it back use
      screen -r
      Stopping BeEF gently is
      kill -sigint
      And restart cleanly
      ./beef --reset

      Delete
  3. This comment has been removed by the author.

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete


  5. Thanks for posting this useful content, Good to know about new things here, Let me share this, . CCNA training in pune

    ReplyDelete
  6. I have read your article, it make t shirts is very informative and helpful for me.I admire the valuable information you offer in your articles. Thanks for posting it

    ReplyDelete
  7. Hats off to your presence of mind..I really enjoyed reading your blog. I really appreciate your information which you shared with us.
    Aws Online Training

    ReplyDelete
  8. The first time I saw this website, I was immediately attracted to zoom. Moreover, all the information is in my opinion quite interesting and intriguing. I hope you also visit my website and pass judgment on Costa Calida my website. Thanks.

    ReplyDelete