Where's the BeEF?

Printable View

12-11-2008, 05:25 PM
imported_bulgin

Where's the BeEF?

Anyone have BeEF working on Backtrack 3 release? I followed the instructions and can access the BeEF server from a different machine on my local net, but the process of turning that other machine into a zombie doesn't happen. There must be something basic I'm missing here. Looks like a very interesting program but cannot get it to do anything.
12-11-2008, 07:51 PM
imported_pynstrom

Check out these videos:
http://vimeo.com/1554155
http://vimeo.com/1983922
BeEF works fine for me. You can also use an ettercap filter to place the beef script tag into the target browser without redirecting it.
12-12-2008, 07:18 PM
imported_bulgin

Pynstrom - thank you for those links to John Strands enlightening videos. They straightened me up and now I can fly right. In other words, I got it working on my local net thanks to those links.

The problem was there was no explicit instruction at the web site to actually enable the alert module so I was just following the directions to attach to 192.168.1.101 (machine running BeEF) without first enabling the actual alert module which is critical to make it work. That needs to be more clear on the instruction page at bindshell.net (I will email the appropriate people about that).

My question is when I run the bindshell exploit I'm getting a small blank box in the zombie window -- is that normal or what? The attacking BeEF machine wants input for the target machine (i.e., 192.168.1.100 and port, 4444), so am I now supposed to be able to connect to the on on port 4444? Indeed, a netstat -ant does not show port 4444 listening on the compromised machine but there is now a blank window/frame showing up on the zombie. Normally would you use netcat to bind to it?

Thanks!
12-13-2008, 04:16 AM
BigMac

you have to edit the file located /var/www/htdocs/beef/hook/xss-example.html

src="http://youripaddress . . . . . . .

then have your target connect to yourip/beef/hook/xss-example.html
12-13-2008, 10:34 AM
imported_bulgin

Thanks BigMac -- that helped. Now, the method to communicate with the zombie when using the bindshell. Any suggestions? How do you communicate with it in the iframe window that pops up on the zombie when running that exploit? Do you have any ideas? I just seem to get a pop up iframe window in the zombie and no directions on what to do next. The inter-protocol communication bindshell module looks like it's working properly but are those "commands" in the commands box on the BeEF server linux-specific or how does one get them to run, if you don't mind my asking.

Thank you.