Description:
BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public
Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more. The modules are aimed to be a representative set of current browser attacks - with the notable exception of launching
cross-site scripting viruses. You can download BeEF from
Bindshell.net.
Though BeEF can be used to exploit computers located anywhere on the Interent (e.g. by setting up a malicious site) and on the local LAN (e.g. use a simple MITM to send the payload), I particularly feel it would be very useful in compromising computers in hotspot destinations. Here is a simple use case - A hacker can setup a Honeypot advertising a local hotspot in the vicinity such as tmobile, google-wifi or starbucks. An unsuspecting user successfully connects to this honeypot and fires his browser to check his web email. The hacker re-directs the user and serves him a malicious page using BeEF. User gets 0wned :)
Below are 2 videos about the BeEF framework: First is a simple walk through on how to get started with BeEF on Backtrack 4 and how one can detect if the victim has flash and java installed. The second video is a demo of the MS09-002 exploit using BeEF.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: