Beef commands


  • Owning Firefox & Chrome Browsers using Kali and BeEF
  • The browser exploitation framework (BeEF) – Part 1
  • This feature has been disabled by the administrator
  • BEeF Hacking Framework Tutorial [5 Easy Steps]
  • BeEF (The Browser Exploitation Framework) Free Download 2021
  • Browser Exploitation Framework Project – BeEF
  • Shellshock Exploitation: Using BeEF Framework
  • Owning Firefox & Chrome Browsers using Kali and BeEF

    The default username and password are beef:beef. We should read the getting started guide carefully since it provides enough details to get started with using the BeEF framework. Getting Started There are two demo pages currently available in the BeEF framework and are presented below: a.

    Basic Demo Page When the web page on the above picture loads, our web browser is already hooked into the BeEF framework and we can execute modules against it. All that is important is that upon visiting the above web page, the browser is automatically hooked into the BeEF framework. Butcher Demo Page This examples also automatically hooks the web browser into the BeEF framework, so no additional steps are required. The additional elements on the web page are for demonstrating purposes only.

    The getting started web page also states that we can communicate with the hooked browser by clicking on one of the browsers, upon which a new tab will appear and will look like the picture below: We can see that each new tab representing a browser has five new tabs — summarized after [1]: Details Displays information about the hooked browser, which we can see in the picture above.

    Logs: Displays log entries of current hooked browser. We can see this tab represented in the picture below: Commands Here we can execute modules against a web browser. Modules are able to execute any command that can be achieved through Javascript. Each of the modules has an icon represented with one of the colors listed below: Green : works against the target; invisible to the user. Orange : works against the target; visible to the user. Grey : must yet be verified against the target.

    Red : does not work against the target. We can see this tab represented in the picture below. XssRays This tab can be used to check if the page where the browser is hooked is vulnerable to XSS attack. If we right-click on the hooked browser, a menu opens giving us two options to choose from: Use as Proxy: This option allows us to use the hooked browser as a proxy. The XssRays tab mentioned above does the same thing, but we can use it to change options as well.

    Afterwards we connected to the BeEF framework in web browser and looked at the user interface and the options it allows us to use. We also discussed how the BeEF framework should be used and what it can do.

    The browser exploitation framework (BeEF) – Part 1

    In this tutorial, I will be using Kali there no difference weather you use Kali or Parrot the tutorial will still take the same steps. BeEF runs a web server at port This section shows victims hooked status. Forwarding Ports In this tutorial we will be using BeEF inside of our home network using localhost if you intend for users outside the network to connect back to BeEF you will need to open ports within your routers configuration. BeEF is an extremely powerful tool and can gather a lot of information about the target.

    Once BeEF has hooked a target web browser it also allows for additional commands and modules to be executed against the target. To successfully attack a browser we will need to add BeEF hook to a Web page that the victim will visit there are many methods of delivering a JavaScript Payload. The easiest way is to include the JavaScript hook in the Head of a web page. After the target visits the compromised web page thier browser will be hooked.

    You will see the hooked browsers IP address and Operating System Platform hovering over target hooked browser will provide information about the target system we can then click on the hooked browser and gain further information and preform further attacks on the system.

    In the screen shot below we can see BeEF has hooked a target browser and its online from here we can find out information such as The Browsers version plug ins that the browser is using and various information about the target system and its software. The screen shot below shows Logs from the target system such as mouse movement double clicks and other activity logs created by the target system.

    You might notice that some of the commands have different colored icons next to them. If you click back to the Getting Started tab, it will explain what each of the colors represents. Each command module has a traffic light icon, which is used to indicate the following: The command module works against the target and should be invisible to the user The module works against the target, but may be visible to the user The command module is yet to be verified against this target The command module does not work against this target BeEF also also us to send interactive shell commands to the target system the following screen shot below shows BeEF interactive shell.

    Conclusion JavaScript can be very powerful its always wise to take precautions when visiting various websites. Even if the website is known to be trusted it can still be a threat to Watering Hole attacks. Hope this article helpful for you. Millions of people visit Hackonology! Let's be a part of Hacker's Community!

    This feature has been disabled by the administrator

    The screen shot below shows Logs from the target system such as mouse movement double clicks and other activity logs created by the target system.

    BEeF Hacking Framework Tutorial [5 Easy Steps]

    You might notice that some of the commands have different colored icons next to them. If you click back to the Getting Started tab, it will explain what each of the colors represents. Each command module has a traffic light icon, which is used to indicate the following: The command module works against the target and should be invisible to the user The module works against the target, but may be visible to the user The command module is yet to be verified against this target The command module does not work against this target BeEF also also us to send interactive shell commands to the target system the following screen shot below shows BeEF interactive shell.

    Conclusion JavaScript can be very powerful its always wise to take precautions when visiting various websites.

    BeEF (The Browser Exploitation Framework) Free Download 2021

    Even if the website is known to be trusted it can still be a threat to Watering Hole attacks. From here you can see the hacked browsers both online and offline. Advertisement Step 3: Hooking the target web browser Once we have logged into beef hacking framework UI, we now have to create a hook from which we will be able to attack the victim.

    The hook script looks like this. As you can see we have our victims web browser hooked. This aids in making the attack more stealth.

    Browser Exploitation Framework Project – BeEF

    Beef hacking framework also acts as an advanced keylogger and it is able to collect the keys that have been clicked by a victim while using the browser this makes it more dangerous. Summary Beef hacking framework is a powerful tool that can be leveraged by systems security professionals to try and design systems especially web apps which are safe for use by the end user. You can grab the HTML of the webpage that the victim is on: And then change any links on the page in realtime, without the user ever knowing, to point to wherever you want the victim to go.

    You can also send custom Javascript, or even tie it in with Metasploit to attempt to get a remote shell.

    Shellshock Exploitation: Using BeEF Framework

    As you can see, an attacker having control over the browser can be very bad. The attacks are color coded as to the chance that they might work. But I did notice that some attacks that were marked red did in fact work, while some marked green did not. I also noticed that newer browsers seemed to stop some of the attacks, but XP was still pretty open as to what would work against it. I tried these attacks against a Windows 7 system and nothing was displayed: A hook was created, but only lasted for about a second or two before it was dropped.


    thoughts on “Beef commands

    1. In it something is. I thank for the help in this question, now I will not commit such error.

    Leave a Reply

    Your email address will not be published. Required fields are marked *