BeEF PHP Settings

Events: Submitted by Wade on 07-Dec-09 at 06:42pm

PHP in Fedora (Fedora 12 at least) has the short_open_tag turned off by default. In this state it will cause an error if you try to use BeEF. Thanks to Steve 'Ashcrow' Milner for pointing this out.

To fix this try the following change to the /etc/php.ini file:
-short_open_tag = Off
+short_open_tag = On

More BeEF Videos

Events: Submitted by Wade on 20-Sep-09 at 01:55am

Ryan Linn's efforts adding XML-RPC to BeEF and Metasploit allow the closer integration between the two tools. If you saw his presentation at DEFCON, you will already be aware of some of the new modules that have been rolled into the latest version of BeEF. He has put up a post and videos demonstrating his work.

The videos can be found here:

• NTLM Challenge Credential Theft with BeEF and Metasploit
• Executing Browser AutoPWN Through BeEF
• Upgrading BeEF in Samurai WTF

BeEF Videos

Events: Submitted by Wade on 20-Sep-09 at 01:04am

Jabra (who you will know from his input to various modules) has posted some of his BeEF videos from DEFCON and Black Hat. The videos have been available for a little while and if you haven't checked them out, you should.

The videos can be found here:

• MSF Browser Autopwn (M)
• Malicious Java Applet
• Detect Visited URLs
• Detect Virtual Machine
• Detect Software

New Version of BeEF

Events: Submitted by Wade on 18-Sep-09 at 02:24am

I have just released BeEF version 0.4. Get it here while it is hot. This version has more modules and a more flexible framework.

Enhancements in the latest version include:

• Integration with Metasploit via XMLRPC
• Mozilla extension exploitation support
• New browser functionality detection modules
• Tiered logging for module actions and results

Module: Software Detection

Events: Submitted by Wade on 17-Sep-09 at 06:38am

RSnake and Jabra presented at DEFCON on various decloaking methods. One technique demonstrated was employing SMB to enumerate software installed on the target machine.

The BeEF module seen in the demonstration can be downloaded from here.

Module: Get Internal IP Address

Events: Submitted by Wade on 10-Aug-09 at 06:20am

Here is a module (extract to the modules directory) that reveals the internal ip address of the machine running the web browser.

Module: Exploit for vtiger and a general DoS

Events: Submitted by Wade on 16-Jul-09 at 05:38am

Thanks Mark for sending over these two modules. The first will exploit the vtiger upload vulnerability. The other is a general DoS module which demonstrates how easy browsers can be rendered non-responsive.

To install download vtiger_upload.tar.gz and browser_dos_fun.tar.gz. Then extract them to the modules directory and simply refresh your browser.

Module: Redirect Page

Events: Submitted by Wade on 29-Jun-09 at 10:25pm

Here is a simple module that will redirect the zombies' pages to an arbitrary location. The location is set in the module configuration page BeEF - simply enter the URL, select the target zombies and click send.

Browser Caching Attacks

Events: Submitted by Wade on 12-Jun-09 at 12:46am

RSnake has a writeup of his technique for exploiting web browser caching to attack RFC1918 networks. The attack uses persistent JavaScript backdoors, long-term browser caching and RFC1918 collisions.

Module: Firefox Keygen DoS PoC

Events: Submitted by Wade on 03-Jun-09 at 02:43am

Download the latest BeEF module that will demonstrate kengen DoS in Firefox. Decompress the module into the 'module/symmetric' directory and the option in the menu will become available.