The Browser Hacker's Handbook by Wade Alcorn & Christian Frichot & Michele Orru

Author:Wade Alcorn & Christian Frichot & Michele Orru
Language: eng
Format: mobi
Publisher: John Wiley & Sons, Inc.
Published: 2014-02-24T05:00:00+00:00

Using BeEF with Metasploit

Integrating BeEF and Metasploit allows you to control a browser, fingerprint it, and get as much information as you can before you try to exploit it. Sometimes exploits fail, browsers crash, and you lose your control over those browsers you’ve targeted. This is where having more control over the browser is desirable. BeEF does this by calling Metasploit modules directly from within BeEF.

To enable Metasploit inside of BeEF, edit the config.yaml file in BeEF’s home directory and make the following change to set metasploit to true:

extension: requester: enable: true proxy: enable: true metasploit: enable: true social_engineering: true

You can find additional configuration values in the extensions/metasploit/config.yaml configuration file. This file contains settings for connecting to Metasploit, such as host, username, and password, which should all be updated if you use this configuration over the network. The following is a listing of possible configuration variables:

beef: extension: metasploit: name: 'Metasploit' enable: true host: "127.0.0.1" port: 55552 user: "msf" pass: "abc123" uri: '/api' ssl: false ssl_version: 'SSLv3' ssl_verify: true callback_host: "127.0.0.1" autopwn_url: "autopwn" auto_msfrpcd: false auto_msfrpcd_timeout: 120

Next, you need to launch Metasploit with msfconsole. Once it’s loaded, start the MSGRPC interface in Metasploit. The MSGRPC interface allows for remote commands to be issued to Metasploit. This is designed to help facilitate interactions with Metasploit from external applications, and it is also what allows Metasploit and BeEF to interact. To load the interface, execute the following command in msfconsole:

msf > load msgrpc Pass=abc123 [*] MSGRPC Service: 127.0.0.1:55552 [*] MSGRPC Username: msf [*] MSGRPC Password: abc123 [*] Successfully loaded plugin: msgrpc

In this instance, only the password needs to be specified. However, other variables can be set. The variables ServerHost and ServerPort set the IP and port that you would like to have the MSGRPC server listen on. User and Pass set the username and password for the connection. Finally, the URI can be set to have a different MSGRPC endpoint to make the server harder to find.

Now that MSGRPC is loaded, start BeEF at the command line, and you should see the following in the console output to indicate that Metasploit has loaded:

[ 0:20:32][*] Successful connection with Metasploit. [ 0:20:34][*] Loaded 237 Metasploit exploits. [ 0:20:34][*] BeEF is loading. Wait a few seconds... [ 0:20:35][*] 11 extensions enabled. [ 0:20:35][*] 410 modules enabled.

Now that BeEF has connected to the Metasploit server, BeEF has the ability to launch Metasploit commands itself. This will allow BeEF to set up exploit servers remotely so that everything but manipulating the shells can be managed from within BeEF. To actually execute the exploits after hooking a browser and selecting that hooked browser, navigate to the list of Metasploit commands available in the BeEF command window under the “Metasploit” tab. This tab holds all of the exploits that have been loaded from Metasploit and a best effort will be done to include the traffic light recommendations for each of the exploits as well. Because BeEF is designed to target browsers, only the Metasploit browser exploits will appear within BeEF.

For

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.