1
00:00:01,090 --> 00:00:06,230
And this lecture, I'd like to introduce you to a really cool framework called beef.

2
00:00:07,070 --> 00:00:10,520
Beef is short for the browser exploitation framework.

3
00:00:11,060 --> 00:00:18,200
It allows us to run a number of attacks on hooked browsers that would allow us to further exploit the

4
00:00:18,200 --> 00:00:24,860
target system to steal passwords or even gain full access or full control over the system.

5
00:00:26,040 --> 00:00:27,310
So right here, I might.

6
00:00:27,390 --> 00:00:28,560
My Karley machine.

7
00:00:29,020 --> 00:00:30,900
And we can go ahead and start.

8
00:00:30,940 --> 00:00:32,700
We have to do that.

9
00:00:32,760 --> 00:00:35,340
I'm going to click on all my applications.

10
00:00:36,030 --> 00:00:37,260
I'm gonna type beef.

11
00:00:38,740 --> 00:00:41,500
And I'm going to click on the first icon in here.

12
00:00:41,710 --> 00:00:45,100
Beef start, you can use the beef stop to stop it.

13
00:00:45,160 --> 00:00:47,620
But right now, we just want to start the framework.

14
00:00:47,800 --> 00:00:53,920
So we're going to click on the start now, because this is the first time we are on the framework.

15
00:00:54,220 --> 00:00:57,790
It's asking us to set a password for the default user.

16
00:00:58,300 --> 00:01:00,820
So go ahead and pick any password you want.

17
00:01:01,510 --> 00:01:05,980
And note, when you type the password, you will not see the characters on screen.

18
00:01:06,400 --> 00:01:11,440
This is a security feature so that the people around you will not see your password.

19
00:01:11,800 --> 00:01:16,120
So right now I actually typed my password, which you can't see anything on screen.

20
00:01:16,630 --> 00:01:23,430
I'm just going to hit enter and then it'll automatically start the beef framework for me and it will

21
00:01:23,440 --> 00:01:31,600
automatically start Firefox and go to the web interface that we can use to access beef and control the

22
00:01:31,600 --> 00:01:32,480
hooked browsers.

23
00:01:33,760 --> 00:01:39,010
As you can see, the first thing that they'll ask us is a user name and a password to log in to this

24
00:01:39,010 --> 00:01:40,030
web interface.

25
00:01:40,630 --> 00:01:48,490
The default user is beef B, E, F, and the password is the password that we just set in terminal.

26
00:01:50,130 --> 00:01:57,450
I'm going to hit enter to log in, and as you can see, we have the main user interface of beef.

27
00:01:59,020 --> 00:02:05,350
The main thing you can see here on the left is the online and the offline browsers and the online browsers,

28
00:02:05,590 --> 00:02:08,320
you'll see the browsers that are hooked to be afraid.

29
00:02:08,370 --> 00:02:14,800
Now that you can control and in the offline browsers, you'll see the browsers that you previously were

30
00:02:14,860 --> 00:02:15,970
able to control.

31
00:02:16,060 --> 00:02:19,250
So browsers that you previously hooked to beef.

32
00:02:20,620 --> 00:02:27,610
Now, in order to hook a browser to beef and be able to control it and run commands on it, you have

33
00:02:27,610 --> 00:02:32,200
to get that browser to execute a specific JavaScript code.

34
00:02:32,830 --> 00:02:39,940
So if we go back to the terminal window here that started before us and just scroll up, you'll see

35
00:02:39,940 --> 00:02:45,520
that it's given us the JavaScript code that we need to use to hook browsers to beef.

36
00:02:46,840 --> 00:02:52,620
As soon as this piece of code gets executed on a Web browser, you will see that Web browser here in

37
00:02:52,630 --> 00:02:58,750
the online browsers and you'll be able to execute a lot of really cool commands that will allow you

38
00:02:58,750 --> 00:03:00,490
to show Feek log in pages.

39
00:03:00,680 --> 00:03:06,010
It will allow you to show FEC updates and even gain full control over the target system.

40
00:03:06,970 --> 00:03:14,560
Now, because beef uses JavaScript, it'll work on any Web browser that supports JavaScript, regardless

41
00:03:14,650 --> 00:03:17,710
of what device this Web browser is running on.

42
00:03:18,160 --> 00:03:20,890
So it'll basically work on all modern browsers.

43
00:03:21,310 --> 00:03:23,920
So it'll work against phones, tablets.

44
00:03:24,160 --> 00:03:31,780
Smart TV is all operating systems used on PCs such as Linux, Windows, OS, X and so on.

45
00:03:32,110 --> 00:03:37,780
Literally, any browser that can run JavaScript will be able to run this code and therefore we'll be

46
00:03:37,780 --> 00:03:43,600
able to hook that browser to beef and do all of the cool things that you will learn and the next lectures.

47
00:03:44,800 --> 00:03:50,440
So right now, it really depends on you and your imagination on how you're going to get this piece of

48
00:03:50,440 --> 00:03:52,720
code to run on our Web browser.

49
00:03:53,560 --> 00:03:59,980
If you're able to become the man in the middle, you can do DNS spoofing and redirect requests to a

50
00:03:59,980 --> 00:04:02,140
page that contains this code.

51
00:04:02,980 --> 00:04:09,880
Or you can inject this JavaScript in any Web page that the target loads using the JavaScript injection

52
00:04:09,880 --> 00:04:12,940
methods that we learned once you become the man in the middle.

53
00:04:14,020 --> 00:04:20,680
You can also exploit an ex, assess vulnerability and inject this code in a vulnerable Web page and

54
00:04:20,680 --> 00:04:21,970
you will learn how to do that.

55
00:04:22,030 --> 00:04:23,710
And the Web site hacking section.

56
00:04:24,190 --> 00:04:31,060
Or you can use social engineering and social engineer a target into loading a web page that contains

57
00:04:31,120 --> 00:04:32,110
our code.

58
00:04:32,830 --> 00:04:40,540
So all you'll need to do is think of a way to get a target to load a page that contains the Hook JavaScript

59
00:04:40,540 --> 00:04:40,900
code.

60
00:04:41,980 --> 00:04:47,380
Now, in this lecture, I'm gonna show you a very basic hook method that is really good for us to make

61
00:04:47,380 --> 00:04:50,170
sure that our system is working as expected.

62
00:04:50,650 --> 00:04:56,600
And this very page can also be used with method number one and method number four, because we're gonna

63
00:04:56,620 --> 00:04:59,230
have a demo page that contains the whole code.

64
00:04:59,590 --> 00:05:05,260
Therefore, you can either DNS pouffe targets to this page or social engineered them to this page.

65
00:05:05,530 --> 00:05:10,810
And once they load this page, the hook code will be executed on their browser and therefore they will

66
00:05:10,810 --> 00:05:15,820
be hooked to beef and we'll be able to run all of the commands that allow us to run.

67
00:05:16,630 --> 00:05:18,190
So let's go back to beef.

68
00:05:18,490 --> 00:05:23,760
And like I said, this is the code that we want our target browsers to load or execute.

69
00:05:24,190 --> 00:05:29,230
So I'm gonna copy it and I'm gonna go and open my file manager.

70
00:05:29,980 --> 00:05:36,580
And I want to go to my Web route so you can either press control L from your keyboard or click in here

71
00:05:36,730 --> 00:05:39,610
at the Path Bar and just press the forward slash.

72
00:05:40,390 --> 00:05:44,980
This will open a path text box where you can type the path that you want to go to.

73
00:05:45,340 --> 00:05:50,160
And I want to go to var w w w Hastey AML.

74
00:05:51,250 --> 00:05:52,450
Now as we learned before.

75
00:05:52,690 --> 00:05:54,070
This is the location.

76
00:05:54,160 --> 00:06:00,160
Where are the files for your web server are stored and the indexed that hasti email is the file that

77
00:06:00,160 --> 00:06:01,570
gets loaded by default.

78
00:06:01,750 --> 00:06:05,170
When someone loads your IP in their web browser.

79
00:06:06,070 --> 00:06:07,120
So I'm going to right.

80
00:06:07,120 --> 00:06:12,870
Click the indexed thirtyish email and I'm going to choose to open it with a text editor.

81
00:06:16,780 --> 00:06:21,550
And I'm simply going to remove all of this and piece the whole code in here.

82
00:06:22,300 --> 00:06:25,960
There is one thing that I want to modify is the IP in here.

83
00:06:26,620 --> 00:06:30,820
I'm going to replace this IP with the IP of my Karlee machine.

84
00:06:31,450 --> 00:06:34,750
As we learned before, you can get the IP using the conflict command.

85
00:06:35,050 --> 00:06:36,380
So I'm not going to do it right now.

86
00:06:36,430 --> 00:06:38,020
You should already know this by now.

87
00:06:38,350 --> 00:06:45,070
So I know my IP is 10, 20, 14 to 07 and that's it.

88
00:06:45,110 --> 00:06:46,000
We're ready to go.

89
00:06:46,360 --> 00:06:54,280
So if anybody now loads my IP address, which is 10 2014 to 07, I will have a Web server working on

90
00:06:54,280 --> 00:06:57,460
it which will load the index that takes them all by default.

91
00:06:57,820 --> 00:07:04,180
And when this file is loaded, it'll load the beef hook code and it'll hook that browser to beef, which

92
00:07:04,180 --> 00:07:07,450
will allow me to run a number of really cool commands.

93
00:07:08,510 --> 00:07:14,120
Now, before loading this page, we need to start our Web server and as we learned before we can do

94
00:07:14,120 --> 00:07:22,610
this by doing service Apache to start and now my Apache Web server is running.

95
00:07:23,000 --> 00:07:30,770
And if I go to my Windows machine in here and simply just go to the address of my Web server, which

96
00:07:30,770 --> 00:07:35,480
is 10, 20, 14, two oh seven.

97
00:07:37,010 --> 00:07:39,230
Now, as you can see, we'll get a blank page.

98
00:07:39,320 --> 00:07:43,100
That's fine, because our page contains nothing but the code.

99
00:07:43,310 --> 00:07:47,780
You could actually have a proper Hastey airmail page and just put the whole code at the end or at the

100
00:07:47,780 --> 00:07:48,260
start.

101
00:07:48,740 --> 00:07:51,050
But this will do for testing for now.

102
00:07:51,820 --> 00:08:00,440
And if we go back here and go to the beef interface, if we look at the online browsers, you'll see

103
00:08:00,440 --> 00:08:04,840
we have the IP address of my target, which is 10 2014 to 06.

104
00:08:05,120 --> 00:08:08,330
This is the IP address of the Windows machine.

105
00:08:09,260 --> 00:08:15,920
And right now, if I click on it, you'll see I'll have a number of tabs in here which will allow us

106
00:08:15,920 --> 00:08:18,830
to do various things in the home.

107
00:08:18,860 --> 00:08:23,720
And the details you'll see, we have information about the browser of the target.

108
00:08:24,350 --> 00:08:28,260
For example, you can see that it doesn't have a VLCC plugin installed.

109
00:08:28,850 --> 00:08:30,290
It supports WebSocket.

110
00:08:30,800 --> 00:08:34,950
If you scroll down, you can see the user agent, which is Mozilla five.

111
00:08:35,300 --> 00:08:39,200
It's running on Windows and A. 64 bit architecture.

112
00:08:39,860 --> 00:08:44,000
Again, if you keep going down, you can see the cookies.

113
00:08:44,750 --> 00:08:46,220
You can see the hostname.

114
00:08:47,090 --> 00:08:53,710
You can see the screen size and a lot of other information that can be useful when it comes to exploit.

115
00:08:53,720 --> 00:08:57,440
And a target of the lock step in here.

116
00:08:57,560 --> 00:09:01,160
You'll see logs of all the events that happened in the browser.

117
00:09:01,370 --> 00:09:05,390
And if you execute commands, you'll see logs in here for these commands.

118
00:09:07,090 --> 00:09:11,770
The command stub is the one that we're going to be using the most and the next lectures.

119
00:09:12,520 --> 00:09:15,370
This will allow you to run various commands on the target.

120
00:09:15,430 --> 00:09:18,970
Like I said, you can run information gathering commands.

121
00:09:19,030 --> 00:09:21,940
You can run commands to inject other JavaScript codes.

122
00:09:22,180 --> 00:09:26,130
You can run commands to steal passwords using fake Loggins.

123
00:09:26,140 --> 00:09:31,750
You can run fake updates and get your target to download the backdoor and hack their computer.

124
00:09:32,140 --> 00:09:37,420
There are a lot of really cool things that you can do, and I will walk you through some of the best

125
00:09:37,420 --> 00:09:39,010
ones and the next lecture's.

126
00:09:40,590 --> 00:09:46,390
And the proxy tab, you can configure and use a browser as a proxy.

127
00:09:47,320 --> 00:09:55,480
The x x rays will show you off the hook page contains any X assess vulnerabilities and the network tab

128
00:09:55,720 --> 00:09:58,570
will give you an overview of the current network.

129
00:09:58,960 --> 00:10:02,260
So right now, you can see we have the target running windows.

130
00:10:02,500 --> 00:10:06,310
We have his browser, which is hooked to be it to us.

131
00:10:06,580 --> 00:10:12,190
And then from here, we'll be able to, like I said, launch a number of really cool commands that can

132
00:10:12,190 --> 00:10:16,540
be used to do so many things and further exploit the target system.

133
00:10:17,870 --> 00:10:25,580
Wants done with using beef, you can click on log out to log out and then go to your all applications,

134
00:10:26,480 --> 00:10:33,440
look for beef and click on Beef, Stop to stop the service from running in the background.

135
00:10:34,810 --> 00:10:36,100
So that's it for this lecture.

136
00:10:36,130 --> 00:10:42,880
I just wanted to give you a quick overview on beef and in the next lectures we'll see how we can use

137
00:10:42,880 --> 00:10:49,780
it to steal credentials, get screen shots, gather information, and even gain full control over hooked

138
00:10:49,780 --> 00:10:50,380
browser's.