Thursday, October 11, 2012

BeEF and Pwnies - The Pwn Plug!

As a Pentester, you sometimes need to think out of the box and use multiple techniques in order to prove to a client that they are vulnerable even in their internal network.  I was recently working with a client which had a XSS vulnerability in one of their internal web applications that just was not accessible from the internet...

Until I introduced the client to BeEF and the Pwn Plug Elite.

I knew I could use BeEF to show the client the vulnerability, but, I needed the BeEF server to be accessible on their internal network. That was where the Pwn Plug came to mind. But, it did not come with BeEF out of the box. With BeEF being so flexible I was able to install it on the Pwn Plug and I wanted to share how I did that.

Here is the code to install all the requirements and setup the beef_launcher script.

All the commands should be typed while logged in to the Pwn Plug.


# update and install requirements
sudo apt-get update
sudo apt-get install curl git-core ruby subversion
sudo apt-get libssl-dev libsqlite3-dev ruby1.9.2

# PwnPlug 1.1.1 has a directory called storage 
# that is on the SD CARD with Metaspolit
cd /storage/

# Downloading rvm-installer
# bash >> curl would not work
curl -sk >> rvm-installer
chmod +x rvm-installer

# /usr/local/rvm is the install location
echo '[[ -s "/usr/local/rvm/scripts/rvm" ]] && . "/usr/local/rvm/scripts/rvm"' >> ~/.bashrc
source ~/.bashrc
source /usr/local/rvm/scripts/rvm

# Installing rvm....
/usr/local/rvm/scripts/rvm install 1.9.2

# q needs to be pressed during install 
rvm use 1.9.2 --default

# Download BeEF..
git clone git://
cd beef

# Installing Ruby Gems
gem install bundler
bundle install

The script should be created separately.

# create in pentest / folder 

export gem paths
export GEM_PATH=/usr/local/rvm/gems/ruby-1.9.2-p320/gems/
export GEM_HOME=/usr/local/rvm/gems/ruby-1.9.2-p320/gems/

# enter beef directory
cd /storage/beef

# print default password information
echo 'DEFAULT USER/PASSWORD: beef/beef'
echo ''

# launch
ruby-1.9.2-p320 beef –x

#end of

And now...

#make /pentest/beef_launcher executable
chmod +x /pentest/

#To run beef type

By installing BeEF onto the Pwn Plug I was able to inject the BeEF hook into the vulnerable web application and remotely control users’ browsers thanks to the tunneling ability of the Pwn Plug. I couldn’t have landed the contract without the use of BeEF and the Pwn Plug.

This post contributed by:

Tobias Mccurry
Independent Security Consultant
Twitter - @lordsaibat
LinkedIn -

We have it on good authority from the Pwnie Express team that BeEF might be integrated in one or more of the Pwn Plugs soonish. Exciting! Keep an ear to the ground. You'll hear us running.


  1. Good site with informative post. I am looking forward for more posts,. Keep sharing and spreading knowledge. thanks :)

    Assignment writing service reviews

  2. This Browser Exploitation Framework project is good to reduce the vulnerabilities that we are prone. Great suggestions that you have made to remove the threats even in the network we use.term paper writing service reviews

  3. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work.
    hotmail login | red ball

  4. I think the BeEF server will help the users to access the high speed internet. The code for installing the sever is given here so it is very easier for the user to install.
    essay writers uk

  5. Thank you for your information that you've shared. It's really helpful for me.
    * hotmail sign

  6. Thank you for this tremendous and informative post. pay to do my essay is the service to help students. If you want to avail this, get it now.

  7. The blog or and best that is extremely useful to keep I can share the ideas of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    animal jam | five nights at freddy's | hotmail login


  8. there will replica rolex always be accompanied by his father's shadow, replica watches
    xsilent but powerful, escort for you, with you gallop blue sky.Time to praise the father of love replica watches uk Father's Day masterpiece watch selection

  9. Thanks for sharing this great. Keep sharing more useful and conspicuous stuff like this. Thank you so much

  10. Awesome and incredible site. I am intrigued all that much in the topic of your online journal, its my first visit upload to instagram

  11. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work instagram online

  12. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work. instagram online

  13. In order to access Gmail, you need to create a google account first. you heard it. So howcreate gmail account
    create new gmail account do you think you can create a new Gmail account. Just follow the steps.

  14. i dont think that i can make it like this anyway in my lifetime :( it is saddening but i will do try all my best. thank you for teaching.
    dissertation Writing Service

  15. Really cool post. It's truly extremely pleasant and valuable post.Thanks for offering this to us! it's my first visit. Custom Essay Writing Service

  16. Your sharing of this content is very interesting. I like it very much. Hopefully I will be able to read more post from you. Write My Essays

  17. Interesting post! This is really helpful for me. I like it! Thanks for sharing! How to Write A+ Essays

  18. The first time I saw this website, I was immediately attracted to zoom. Moreover, all mortgage & tax arrears the information is in my opinion quite interesting and intriguing. I hope you construction loan with mortgage also visit my website and pass judgment on Costa Calida my website. Thanks.

  19. Jual Obat Aborsi Cytotec, Cara Aborsi Ampuh Penggugur Kandungan Janin, Obat Aborsi, Jual Obat Aborsi Asli Ampuh, Jual Obat Aborsi Cytotec Murah, Jual Cytotec, Cytotec Asli, Obat Penggugur Janin, Obat Penggugur Kandungan, Obat Peluntur Jani, Obat Peluntur Kandungan

  20. hi.. hey .. using this development software is easy and simple to put it on the selection of the most popular amateurs or professionals write my essay, hoping to start their career in the app development loan terms

  21. I have read you post, Great work you really did it very well. Keep working like this and sharing informative posts like
    this one. keep it up. I'm waiting for your next post...
    edmonton real estate board

  22. It is imperative that we read blog post very carefully. I am already done it and find that this post is really amazing. psd to responsive html

  23. Great tips I have noted all in my diary I'll use your all tips as you mentioned I really like your article I was searching on this topic as I'm working on this topics too. you can see my work but yours is too good I personally appreciate you for this. Keep working like

  24. I have read some of your blogs and I found all of them very much expressive and easy to understand. Some people have it very clear in their mind that how to express the ideas and views. I think you are one of them. Thank you for this.
    sharia compliant vehicle finance

  25. Spot on with this write-up, I truly feel this web site needs far more attention. I’ll probably be returning to see more, thanks for the information!
    Cargo Management Software

  26. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    Selenium with python Training in Electronic City

  27. Java Assignment help
    You should try to keep your article short. If you want to finish in lessen time. Make sure worlds limit should not exceed more than 500 words. Try to add only relevant data and information. If you feel that you are stuck, you can take assignment help online to get a proper idea. There are several web services which can help you to find out a suitable solution to your problems.