What else can we do? Glad you asked! In Kali, start BeEF (Browser Exploitation Framework) In Kali, open Firefox and open http://localhost:3000/ui/panel This is your administration panel In any browser, visit http://<ip>:3000/demos/basic.html ‘Hooking’ a user = taking control of their browser XSS doesn’t look so innocuous now, does it? BeEF Lab
http://127.0.0.1:3000/demos/basic.html Explore: What can you do to the hooked browser? Play a sound? (turn volume on). Fake popup? (lastpass?) Anything interesting in Social Engineering? BeEF Lab In Kali, Start BeEf (attacker) if you can not login to beef then try these steps.