Friday, March 29, 2013

BeEF on Kali Linux

So, BeEF does not come pre-installed with Kali Linux... and that's bad, mkay?

But not all hope is lost, cause we have a nice package, so you can install it by issuing the following:

root@kali:/# apt-get update
root@kali:/# apt-get install beef-xss

There's also a package called "beef", but that's something completely different :)

BeEF will be installed under /usr/share/beef-xss and it's quite up-to-date (by the time of the post it's, and the latest BeEF is too, but you will have no Metasploit Framework integration by default.

Let's fix that, by editing first the /usr/share/beef-xss/config.yaml file. You should have something like this:

# Copyright (c) 2006-2013 Wade Alcorn -
# Browser Exploitation Framework (BeEF) -
# See the file 'doc/COPYING' for copying permission
# BeEF Configuration file

    version: ''
    debug: false


    # You may override default extension configuration parameters here
            enable: true
            enable: true
            enable: false
            enable: true
            enable: false
                enable: false
            enable: true

Obviously, we would like to change the metasploit part (line 20 and 21) to this:

            enable: true

Next, we will edit the /usr/share/beef-xss/extensions/metasploit/config.yaml file and change it to this:

# Copyright (c) 2006-2013 Wade Alcorn -
# Browser Exploitation Framework (BeEF) -
# See the file 'doc/COPYING' for copying permission
# Enable MSF by changing extension:metasploit:enable to true
# Then set msf_callback_host to be the public IP of your MSF server
# Ensure you load the xmlrpc interface in Metasploit
# msf > load msgrpc ServerHost= Pass=abc123 ServerType=Web
# Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
# Also always use the IP of your machine where MSF is listening.
            name: 'Metasploit'
            enable: true
            host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            port: 55552
            user: "msf"
            pass: "abc123"
            uri: '/api'
            ssl: false
            ssl_version: 'SSLv3'
            ssl_verify: true
            callback_host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            autopwn_url: "autopwn"
            auto_msfrpcd: false
            auto_msfrpcd_timeout: 120
            msf_path: [ 
              {os: 'osx', path: '/opt/local/msf/'},
              {os: 'livecd', path: '/opt/metasploit-framework/'},
              {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
              {os: 'bt5', path: '/opt/framework3/msf3/'},
              {os: 'backbox', path: '/opt/metasploit3/msf3/'},
              {os: 'win', path: 'c:\\metasploit-framework\\'},
              {os: 'custom', path: '/usr/share/metasploit-framework/'}

So you need to edit the lines host:callback_host:  (and put your IP address there) and  {os: 'custom', path: ''} (just paste the '/usr/share/metasploit-framework/' for the path)

Now, we are ready to start msfconsole, and load the msgrpc module like this:

msf> load msgrpc ServerHost=<PUT_YOUR_IP_ADDRESS_HERE> Pass=abc123

And now, we can start BeEF:

root@kali:/# cd /usr/share/beef-xss/
root@kali:/usr/share/beef-xss/# ./beef

Among the BeEF start-up messages, you should see something like:

[*] Successful connection with Metasploit.
[*] Loaded 232 Metasploit exploits.

Step 3: Profit :)

UPDATE: From the blog stats, I saw that couple of you were searching for the BeEF password too, the default one is user: beef, password: beef ;)

Happy hacking!

Tuesday, March 5, 2013

Installing pyrit on Windows (with cygwin)


If you are as unfortunate as I am and you need to use Windows (for some reason) to install pyrit, you will probably have a bad time. However! :) I figured out how to make it work, at least for CPU-based cracking. I used cygwin, but it should be possible with MinGW too.

GPU-based cracking will be a lot (and I mean A LOT) more difficult though. I have found a ticket on pyrit's webpage ([3] and also a Google Groups thread on [4]) that is not really promising, but I would like to try it later and see if it's really impossible to make it work with GPU acceleration.

Installation steps

So, here are the steps (based on [1] and [2]):

  1. Install cygwin from (download: or! Make sure that you install gcc, cc, openssl, svn!
  2. Download and unzip the Winpcap developer pack. By the time of this post, the most recent version was the following:
  3. Copy libraries like this:
    WpdPack\Lib\libpacket.a to cygwin\lib\
    WpdPack\Lib\libwpcap.a to cygwin\lib\
  4. Rename cygwin\lib\libwpcap.a to cygwin\lib\libpcap.a
  5. Copy all headers from WpdPack\Include to cygwin\usr\include\
  6. Make sure you have installed Winpcap libraries and that they are in your path by typing:
    which Packet.dll
    which wpcap.dll
    For me they are under /cygdrive/c/WINDOWS/system32/
  7. Download pyrit source (svn checkout pyrit)
  8. I think the next step is no longer needed (I took it from [1]): modify ./pyrit/cpyrit/ adding a reference to lib crypto (now, originaly it's: libraries = ['crypto', 'pcap'], so I have changed it to libraries = ['ssl', 'crypto', 'pcap'],)
  9. ./ build
  10. ./ install
  11. benchmark
    should give you something similar to this: