Welcome back everyone. As many of you know, reconnaissance is extremely important in any successful hack. Without proper reconnaissance, we won't know what we're about to get into, literally.
Among the vast ocean of information we need about our target, operating system is definitely required. If we don't know the OS, we're half blind! The process of identifying our targets operating system is known as OS fingerprinting.
BeEF stands for Browser (Other e) Exploitation Framework. It allows us to "hook" into the victim's browser and cause all sorts of mayhem. You may remember that we've previously used BeEF to take photos through a webcam. This is just a taste of what BeEF is capable of.
If we're going to use BeEF, we might want to start it first! For those of you using Kali 2.0, BeEF is conveniently located on the dock to the side of the desktop:
For those of you still using Kali 1.X, you can start BeEF with the following:
- Start BeEF with this command: service beef-xss start
- Navigate to the login page at 127.0.0.1:3000/ui/authentication
Now we all should be at the authentication page for BeEF, which should look something like this:
Now, the default user name and password are both beef, let's log in with these credentials and start our recon!
Alright, we can see here that we only have one victim, this was the victim from our last BeEF tutorial. Now let's go ahead and navigate our victim to the BeEF demo page:
Now that we've loaded the demo page, we should see our victim appear under "Hooked Browsers" in our BeEF window:
We've found our desired module, now let's take a look at the description:
It simply tells us that whatever we script into the text field will be executed against the victims browser, it also comes with some sample code.
Now that we've added our little snippet of code, let's press the "execute" button at the bottom right of the BeEF window and evaluate our result!
Now, we have our execution result, we just need to evaluate it. Let's select the command we just ran from the menu to the left and take a look at the returned result:
In our result we can see the words "Windows NT 10.0". This is our user-agent string. It is normally used to properly respond to a host, but in our case, it tells a different story.
We can do a very quick search for user-agent strings, and cross reference our result with what we find. When searching for "Windows NT 10.0", we can easily discover that this is the user-agent string for Windows 10! We've successfully identified our victims OS! Now, let's wrap all this up, shall we?
There are far better ways to fingerprint a victims OS, but this just shows that we can get creative with it. Creativity is essential in the mind of a hacker!
Leave any questions and/or concerns you have in the comments below and I'm positive they'll be addressed.
Thank you for reading!