1 00:00:00,450 --> 00:00:08,220 ‫The browser exploitation framework, also known as beef, is a penetration testing tool that focuses 2 00:00:08,220 --> 00:00:13,800 ‫on the web browser amid growing concerns about web born attacks against clients. 3 00:00:13,830 --> 00:00:21,540 ‫Beef allows ethical hackers to assess the actual security posture of a target environment by using client 4 00:00:21,540 --> 00:00:27,910 ‫side attack vectors, so let's use the beef framework with stored excess. 5 00:00:29,670 --> 00:00:38,700 ‫Let's go to Carly, run Firefox and connect OWASP broken Web application using its IP address, or if 6 00:00:38,700 --> 00:00:45,870 ‫you defined like me using the domain address and click the -- vulnerable web application, log into 7 00:00:45,870 --> 00:00:51,900 ‫the application using admin, admin or user user credential, click excess stored link. 8 00:00:52,830 --> 00:00:56,790 ‫Now, we already know that this page includes stored excess vulnerability. 9 00:00:57,870 --> 00:00:59,060 ‫Let's see it again rapidly. 10 00:01:06,420 --> 00:01:12,990 ‫Now I go to my host machine, which is a Mac, open a browser and connect to a Wasp broken web application. 11 00:01:13,170 --> 00:01:19,650 ‫Now, because the domain name is not included into the host file of my host machine, I connect to the 12 00:01:19,650 --> 00:01:25,860 ‫application with its IP address this time and click -- Vulnerable Web Application Link. 13 00:01:27,030 --> 00:01:34,290 ‫When I click excess stored link as it's supposed to be, the script embedded by the collar user runs, 14 00:01:34,500 --> 00:01:36,750 ‫this is the nature of this stored excesses. 15 00:01:37,050 --> 00:01:40,200 ‫Go to the home page of the DVD for now. 16 00:01:41,070 --> 00:01:42,630 ‫And let's turn back to Carly. 17 00:01:45,250 --> 00:01:48,790 ‫So now is it time to start beef by clicking its icon? 18 00:01:50,370 --> 00:01:56,760 ‫We have to run the script code shown in the hook line inside the victim's browser, so I'll copy the 19 00:01:56,760 --> 00:01:57,330 ‫code now. 20 00:01:57,510 --> 00:02:00,570 ‫The beef interface runs in just a few seconds. 21 00:02:02,330 --> 00:02:03,780 ‫Log in using beef. 22 00:02:03,800 --> 00:02:04,730 ‫Beef credential. 23 00:02:07,260 --> 00:02:14,010 ‫And go back to the DVD tab now, I'll prepare a new message that will contain the hook script of the 24 00:02:14,010 --> 00:02:14,850 ‫B framework. 25 00:02:15,540 --> 00:02:17,550 ‫Right click and paste the code. 26 00:02:18,270 --> 00:02:23,100 ‫Here, we should write the IP address of the Beef Control Center, which is our calling machine. 27 00:02:23,880 --> 00:02:29,250 ‫Let's open a new terminal and run the ifconfig command to learn the IP address of Carly. 28 00:02:36,530 --> 00:02:42,200 ‫We exceed the maximum character length, right click on the message box and select Inspect Element, 29 00:02:43,130 --> 00:02:46,280 ‫make the value of the maxlength more than 70. 30 00:02:46,670 --> 00:02:48,170 ‫I think that'll be enough for this demo. 31 00:02:49,440 --> 00:02:51,590 ‫So now I complete the IP address. 32 00:02:53,360 --> 00:02:59,060 ‫And sign the guest book here, we have the second message and the script code, which was in the body 33 00:02:59,060 --> 00:03:06,110 ‫of the message, is executed in the browsers of each of the visitors in the beef control panel. 34 00:03:06,140 --> 00:03:13,040 ‫We have a victim browser that is Kali itself because as soon as a guest book is signed, the script 35 00:03:13,040 --> 00:03:14,420 ‫is executed in the browser. 36 00:03:15,500 --> 00:03:19,670 ‫Now I go to my host machine and visit the excess stored page. 37 00:03:20,820 --> 00:03:27,080 ‫Now the second message that means the hook script is executed in my host machines browser. 38 00:03:27,860 --> 00:03:28,640 ‫Go to Carly. 39 00:03:28,820 --> 00:03:32,180 ‫And in the beef control panel, my host machine is hooked. 40 00:03:33,480 --> 00:03:36,000 ‫There are a few tabs in the beef control panel. 41 00:03:37,350 --> 00:03:42,570 ‫The main tab displays information about the hooked browser after you've run some command modules. 42 00:03:43,620 --> 00:03:48,810 ‫Now, the Commands tab is where the modules can be executed against the hooked browser. 43 00:03:49,920 --> 00:03:52,920 ‫This is where most of the beef functionality resides. 44 00:03:54,300 --> 00:03:56,940 ‫Each command module has a traffic light icon. 45 00:03:58,560 --> 00:04:04,020 ‫A green light indicates that the command module works against the target and should be invisible to 46 00:04:04,020 --> 00:04:04,590 ‫the user. 47 00:04:05,800 --> 00:04:11,680 ‫The command modules with a grey light means that they are not yet verified against this target. 48 00:04:12,970 --> 00:04:19,480 ‫Yellow orange light indicates that the command module works against a target, but may be visible to 49 00:04:19,480 --> 00:04:26,080 ‫the user, and the red light means that the command module does not work against this particular target. 50 00:04:26,620 --> 00:04:31,090 ‫All right, let's run one of the command modules in the social engineering folder. 51 00:04:31,090 --> 00:04:33,940 ‫Select the Petty Theft Command module. 52 00:04:34,720 --> 00:04:39,850 ‫The module asks the user for their username and password using a floating div. 53 00:04:41,120 --> 00:04:45,050 ‫You can use this module for Facebook, LinkedIn, Windows, etc.. 54 00:04:46,260 --> 00:04:52,980 ‫So I'll choose Facebook for this example, while my host machine is selected on the left panel, I click 55 00:04:52,980 --> 00:04:57,120 ‫the Execute button at the bottom right hand corner of the page. 56 00:04:57,810 --> 00:05:01,830 ‫And look, we have a result in the module result history pain. 57 00:05:03,030 --> 00:05:07,740 ‫So when we go to the browser and my host machine, we'll see the Facebook dialog box. 58 00:05:08,850 --> 00:05:09,570 ‫Looks familiar. 59 00:05:10,170 --> 00:05:15,540 ‫It says my session has timed out and I should re-enter my username and password. 60 00:05:16,170 --> 00:05:17,610 ‫OK, let's log in. 61 00:05:28,830 --> 00:05:37,290 ‫Go back to Cali and in the beef control panel, we have the username and the password values pretty 62 00:05:37,290 --> 00:05:37,980 ‫slick, huh?