Friday, March 29, 2013

BeEF on Kali Linux

So, BeEF does not come pre-installed with Kali Linux... and that's bad, mkay?

But not all hope is lost, cause we have a nice package, so you can install it by issuing the following:

root@kali:/# apt-get update
root@kali:/# apt-get install beef-xss

There's also a package called "beef", but that's something completely different :)

BeEF will be installed under /usr/share/beef-xss and it's quite up-to-date (by the time of the post it's, and the latest BeEF is too, but you will have no Metasploit Framework integration by default.

Let's fix that, by editing first the /usr/share/beef-xss/config.yaml file. You should have something like this:

# Copyright (c) 2006-2013 Wade Alcorn -
# Browser Exploitation Framework (BeEF) -
# See the file 'doc/COPYING' for copying permission
# BeEF Configuration file

    version: ''
    debug: false


    # You may override default extension configuration parameters here
            enable: true
            enable: true
            enable: false
            enable: true
            enable: false
                enable: false
            enable: true

Obviously, we would like to change the metasploit part (line 20 and 21) to this:

            enable: true

Next, we will edit the /usr/share/beef-xss/extensions/metasploit/config.yaml file and change it to this:

# Copyright (c) 2006-2013 Wade Alcorn -
# Browser Exploitation Framework (BeEF) -
# See the file 'doc/COPYING' for copying permission
# Enable MSF by changing extension:metasploit:enable to true
# Then set msf_callback_host to be the public IP of your MSF server
# Ensure you load the xmlrpc interface in Metasploit
# msf > load msgrpc ServerHost= Pass=abc123 ServerType=Web
# Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
# Also always use the IP of your machine where MSF is listening.
            name: 'Metasploit'
            enable: true
            host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            port: 55552
            user: "msf"
            pass: "abc123"
            uri: '/api'
            ssl: false
            ssl_version: 'SSLv3'
            ssl_verify: true
            callback_host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            autopwn_url: "autopwn"
            auto_msfrpcd: false
            auto_msfrpcd_timeout: 120
            msf_path: [ 
              {os: 'osx', path: '/opt/local/msf/'},
              {os: 'livecd', path: '/opt/metasploit-framework/'},
              {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
              {os: 'bt5', path: '/opt/framework3/msf3/'},
              {os: 'backbox', path: '/opt/metasploit3/msf3/'},
              {os: 'win', path: 'c:\\metasploit-framework\\'},
              {os: 'custom', path: '/usr/share/metasploit-framework/'}

So you need to edit the lines host:callback_host:  (and put your IP address there) and  {os: 'custom', path: ''} (just paste the '/usr/share/metasploit-framework/' for the path)

Now, we are ready to start msfconsole, and load the msgrpc module like this:

msf> load msgrpc ServerHost=<PUT_YOUR_IP_ADDRESS_HERE> Pass=abc123

And now, we can start BeEF:

root@kali:/# cd /usr/share/beef-xss/
root@kali:/usr/share/beef-xss/# ./beef

Among the BeEF start-up messages, you should see something like:

[*] Successful connection with Metasploit.
[*] Loaded 232 Metasploit exploits.

Step 3: Profit :)

UPDATE: From the blog stats, I saw that couple of you were searching for the BeEF password too, the default one is user: beef, password: beef ;)

Happy hacking!

1 comment :

  1. Hello, thanks for the nice post,
    where u able to get this to work over WAN?