Friday, March 29, 2013

BeEF on Kali Linux

So, BeEF does not come pre-installed with Kali Linux... and that's bad, mkay?

But not all hope is lost, cause we have a nice package, so you can install it by issuing the following:

root@kali:/# apt-get update
root@kali:/# apt-get install beef-xss

There's also a package called "beef", but that's something completely different :)

BeEF will be installed under /usr/share/beef-xss and it's quite up-to-date (by the time of the post it's 0.4.4.1-alpha, and the latest BeEF is 0.4.4.4-alpha) too, but you will have no Metasploit Framework integration by default.

Let's fix that, by editing first the /usr/share/beef-xss/config.yaml file. You should have something like this:

#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file

beef:
    version: '0.4.4.1-alpha'
    debug: false

...

    # You may override default extension configuration parameters here
    extension:
        requester:
            enable: true
        proxy:
            enable: true
        metasploit:
            enable: false
        social_engineering:
            enable: true
        evasion:
            enable: false
        console:
             shell:
                enable: false
        ipec:
            enable: true

Obviously, we would like to change the metasploit part (line 20 and 21) to this:

        metasploit:
            enable: true

Next, we will edit the /usr/share/beef-xss/extensions/metasploit/config.yaml file and change it to this:

#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Enable MSF by changing extension:metasploit:enable to true
# Then set msf_callback_host to be the public IP of your MSF server
#
# Ensure you load the xmlrpc interface in Metasploit
# msf > load msgrpc ServerHost=10.211.55.2 Pass=abc123 ServerType=Web
# Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
# Also always use the IP of your machine where MSF is listening.
beef:
    extension:
        metasploit:
            name: 'Metasploit'
            enable: true
            host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            port: 55552
            user: "msf"
            pass: "abc123"
            uri: '/api'
            ssl: false
            ssl_version: 'SSLv3'
            ssl_verify: true
            callback_host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            autopwn_url: "autopwn"
            auto_msfrpcd: false
            auto_msfrpcd_timeout: 120
            msf_path: [ 
              {os: 'osx', path: '/opt/local/msf/'},
              {os: 'livecd', path: '/opt/metasploit-framework/'},
              {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
              {os: 'bt5', path: '/opt/framework3/msf3/'},
              {os: 'backbox', path: '/opt/metasploit3/msf3/'},
              {os: 'win', path: 'c:\\metasploit-framework\\'},
              {os: 'custom', path: '/usr/share/metasploit-framework/'}
            ] 

So you need to edit the lines host:callback_host:  (and put your IP address there) and  {os: 'custom', path: ''} (just paste the '/usr/share/metasploit-framework/' for the path)

Now, we are ready to start msfconsole, and load the msgrpc module like this:

msf> load msgrpc ServerHost=<PUT_YOUR_IP_ADDRESS_HERE> Pass=abc123

And now, we can start BeEF:

root@kali:/# cd /usr/share/beef-xss/
root@kali:/usr/share/beef-xss/# ./beef

Among the BeEF start-up messages, you should see something like:

[*] Successful connection with Metasploit.
[*] Loaded 232 Metasploit exploits.

Step 3: Profit :)

UPDATE: From the blog stats, I saw that couple of you were searching for the BeEF password too, the default one is user: beef, password: beef ;)

Happy hacking!

1 comment :

  1. Hello, thanks for the nice post,
    where u able to get this to work over WAN?
    thanks

    ReplyDelete