Tuesday, October 30, 2012

Mission impossible: to install BeEF on a VPS with only 128Mb of RAM

Today's guest post contributed by Matteo Campofiorito:

Several weeks ago I received a free VPS from ChunkHost, my goal was to install an instance of BeEF but my VPS has limited resources. Is it even possible? Here is my VPS configuration:
  • OS: Ubuntu 12.04.1 LTS (Linux 3.2.0-29 x86_64)
  • RAM: 128 MB
  • storage: 3GB
At first, everything went fine following BeEF's installation instruction on GitHub. But, when I executed "bundle install," I received an error installing "eventmachine." I googled around for a solution and realized that my problem was the limited RAM. With only 128MB, g++ fails miserably when it tries to compile eventmachine.

But, extra RAM costs money, so I found a workaround: create a swap file of 512MB. I used "dd" to create the file (here is a good howto about swap file creation), then I activated it and added to my fstab. Then, bundle install succeeded, no error received!

This was the only problem I had with BeEF installation. Everything else went fine, and the program runs smoothly.

I hooked several browsers (2 Firefox, 1 Internet Explorer 9 and one Chrome instance), and there is  no slowness at all. The web UI feels responsive and so does the VPS. Here are some screenshots of the top command:

Before BeEF

After BeEF

During Hooking
I hope this helps you in your endeavors!

About Matteo:
Matteo is an open source addicted, security enthusiast and father of an awesome daughter. He works for one of the most important tech web sites in Italy, and in his spare time he writes his rambling thoughts on www.bufferoverflow.it You can reach him on Twitter as @matteoca

Thursday, October 11, 2012

BeEF and Pwnies - The Pwn Plug!

As a Pentester, you sometimes need to think out of the box and use multiple techniques in order to prove to a client that they are vulnerable even in their internal network.  I was recently working with a client which had a XSS vulnerability in one of their internal web applications that just was not accessible from the internet...

Until I introduced the client to BeEF and the Pwn Plug Elite.