Thursday, October 11, 2012

BeEF and Pwnies - The Pwn Plug!

As a Pentester, you sometimes need to think out of the box and use multiple techniques in order to prove to a client that they are vulnerable even in their internal network.  I was recently working with a client which had a XSS vulnerability in one of their internal web applications that just was not accessible from the internet...

Until I introduced the client to BeEF and the Pwn Plug Elite.

I knew I could use BeEF to show the client the vulnerability, but, I needed the BeEF server to be accessible on their internal network. That was where the Pwn Plug came to mind. But, it did not come with BeEF out of the box. With BeEF being so flexible I was able to install it on the Pwn Plug and I wanted to share how I did that.

Here is the code to install all the requirements and setup the beef_launcher script.

All the commands should be typed while logged in to the Pwn Plug.


# update and install requirements
sudo apt-get update
sudo apt-get install curl git-core ruby subversion
sudo apt-get libssl-dev libsqlite3-dev ruby1.9.2

# PwnPlug 1.1.1 has a directory called storage 
# that is on the SD CARD with Metaspolit
cd /storage/

# Downloading rvm-installer
# bash >> curl would not work
curl -sk >> rvm-installer
chmod +x rvm-installer

# /usr/local/rvm is the install location
echo '[[ -s "/usr/local/rvm/scripts/rvm" ]] && . "/usr/local/rvm/scripts/rvm"' >> ~/.bashrc
source ~/.bashrc
source /usr/local/rvm/scripts/rvm

# Installing rvm....
/usr/local/rvm/scripts/rvm install 1.9.2

# q needs to be pressed during install 
rvm use 1.9.2 --default

# Download BeEF..
git clone git://
cd beef

# Installing Ruby Gems
gem install bundler
bundle install

The script should be created separately.

# create in pentest / folder 

export gem paths
export GEM_PATH=/usr/local/rvm/gems/ruby-1.9.2-p320/gems/
export GEM_HOME=/usr/local/rvm/gems/ruby-1.9.2-p320/gems/

# enter beef directory
cd /storage/beef

# print default password information
echo 'DEFAULT USER/PASSWORD: beef/beef'
echo ''

# launch
ruby-1.9.2-p320 beef –x

#end of

And now...

#make /pentest/beef_launcher executable
chmod +x /pentest/

#To run beef type

By installing BeEF onto the Pwn Plug I was able to inject the BeEF hook into the vulnerable web application and remotely control users’ browsers thanks to the tunneling ability of the Pwn Plug. I couldn’t have landed the contract without the use of BeEF and the Pwn Plug.

This post contributed by:

Tobias Mccurry
Independent Security Consultant
Twitter - @lordsaibat
LinkedIn -

We have it on good authority from the Pwnie Express team that BeEF might be integrated in one or more of the Pwn Plugs soonish. Exciting! Keep an ear to the ground. You'll hear us running.


  1. Good site with informative post. I am looking forward for more posts,. Keep sharing and spreading knowledge. thanks :)

    Assignment writing service reviews

  2. This Browser Exploitation Framework project is good to reduce the vulnerabilities that we are prone. Great suggestions that you have made to remove the threats even in the network we use.term paper writing service reviews

  3. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work.
    hotmail login | red ball

  4. I think the BeEF server will help the users to access the high speed internet. The code for installing the sever is given here so it is very easier for the user to install.
    essay writers uk

  5. Thank you for your information that you've shared. It's really helpful for me.
    * hotmail sign

  6. Thank you for this tremendous and informative post. pay to do my essay is the service to help students. If you want to avail this, get it now.

  7. The blog or and best that is extremely useful to keep I can share the ideas of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    animal jam | five nights at freddy's | hotmail login


  8. there will replica rolex always be accompanied by his father's shadow, replica watches
    xsilent but powerful, escort for you, with you gallop blue sky.Time to praise the father of love replica watches uk Father's Day masterpiece watch selection