BeEF Project Home - GitHub - Source Control - Bug Reporting - Wiki - Twitter - YouTube - LinkedIn - Mailing List

Friday, April 13, 2012

Cloudy with a chance of BeEF

Running BeEF from a local workstation poses some problems during a penetration test: it doesn't have a static IP address, the workstation gets turned on and off, and it really doesn't demonstrate the impact of Internet-borne threats. Pentesters have been turning more and more to online VPS services, or Amazon's EC2. For example, check out the lightning talk that I did at CloudCamp: leveraging the "cloud" during penetration tests 

This is where the idea of running BeEF on an Amazon EC2 instance started to simmer.

These days, the BeEF project uses IaaS and other cloud-esque services for a lot of the work. We have our continuous integration server running tests against our github hosted source code, heck, even this blog utilises SaaS (note to readers: if you think *aaS isn't already used throughout your organisation, you are sorely mistaken).

So here's a quick and dirty method to get you running the latest version of BeEF with an Amazon EC2 instance in no time. Before we begin though, this installation method is heavily inspired from RVM's installation method, so this will look familiar to RVM users.

You might be thinking, why not just create a canned Amazon Machine Image (AMI) of BeEF? When we considered all the different Amazon regions in which we'd have to host an AMI image, this method was just as simple, especially when dealing with all the changes to the framework over time. This process is still in its infancy though, so expect it to change in the future as the framework matures.


Step 1:
Create a fresh "Amazon Linux AMI" instance (if you're impatient the c1.xlarge can be up and running in about 5 mins, otherwise you can use the smaller instances).

Step 2.
SSH into the instance

Step 3.
At the prompt:
$ bash < <(curl -s https://raw.github.com/xntrik/beefcloud/master/beef-installer)

Step 4.
Re-activate rvm:
$ source ~/.bash_profile

Step 5.
Change into the beef folder:
$ cd beef

Step 6.
Run beef:
$ ./beef

Step 7.
...

Step 8.
Profit!

Under the hood, the beef-installer script is simply:
  1. Installing dependencies with yum
  2. Downloading RVM
  3. Installing RVM
  4. Using RVM to install OpenSSL and Ruby 1.9.2
  5. Installing the 'bundler' gem (required for BeEF)
  6. Cloning the latest BeEF from github
  7. Going into the beef folder
  8. Running bundler to install BeEF's gem dependencies
Hope you guys find this useful.
Posted by at 1:16 AM
Labels: , , , , , , ,

3 comments:

  2. Profit! .. we find that's many people's favourite step.

    ReplyDelete

  3. This is a really good idea and I've been running BeEF on a Amazon Linux AMI for a week or so. Inevitably I lose the SSH terminal sometimes so I can no longer monitor the beef activity. More serious than that, How do I gently stop beef from a new terminal window without leaving a whole bunch of stuff hanging. 'kill beef' causes a whole bunch of problems :(

    ReplyDelete

Subscribe to: Post Comments (Atom)