Friday, March 29, 2013

BeEF on Kali Linux

So, BeEF does not come pre-installed with Kali Linux... and that's bad, mkay?

But not all hope is lost, cause we have a nice package, so you can install it by issuing the following:

root@kali:/# apt-get update
root@kali:/# apt-get install beef-xss

There's also a package called "beef", but that's something completely different :)

BeEF will be installed under /usr/share/beef-xss and it's quite up-to-date (by the time of the post it's 0.4.4.1-alpha, and the latest BeEF is 0.4.4.4-alpha) too, but you will have no Metasploit Framework integration by default.

Let's fix that, by editing first the /usr/share/beef-xss/config.yaml file. You should have something like this:

#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file

beef:
    version: '0.4.4.1-alpha'
    debug: false

...

    # You may override default extension configuration parameters here
    extension:
        requester:
            enable: true
        proxy:
            enable: true
        metasploit:
            enable: false
        social_engineering:
            enable: true
        evasion:
            enable: false
        console:
             shell:
                enable: false
        ipec:
            enable: true

Obviously, we would like to change the metasploit part (line 20 and 21) to this:

        metasploit:
            enable: true

Next, we will edit the /usr/share/beef-xss/extensions/metasploit/config.yaml file and change it to this:

#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Enable MSF by changing extension:metasploit:enable to true
# Then set msf_callback_host to be the public IP of your MSF server
#
# Ensure you load the xmlrpc interface in Metasploit
# msf > load msgrpc ServerHost=10.211.55.2 Pass=abc123 ServerType=Web
# Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
# Also always use the IP of your machine where MSF is listening.
beef:
    extension:
        metasploit:
            name: 'Metasploit'
            enable: true
            host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            port: 55552
            user: "msf"
            pass: "abc123"
            uri: '/api'
            ssl: false
            ssl_version: 'SSLv3'
            ssl_verify: true
            callback_host: "<PUT_YOUR_IP_ADDRESS_HERE>"
            autopwn_url: "autopwn"
            auto_msfrpcd: false
            auto_msfrpcd_timeout: 120
            msf_path: [ 
              {os: 'osx', path: '/opt/local/msf/'},
              {os: 'livecd', path: '/opt/metasploit-framework/'},
              {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
              {os: 'bt5', path: '/opt/framework3/msf3/'},
              {os: 'backbox', path: '/opt/metasploit3/msf3/'},
              {os: 'win', path: 'c:\\metasploit-framework\\'},
              {os: 'custom', path: '/usr/share/metasploit-framework/'}
            ] 

So you need to edit the lines host:callback_host:  (and put your IP address there) and  {os: 'custom', path: ''} (just paste the '/usr/share/metasploit-framework/' for the path)

Now, we are ready to start msfconsole, and load the msgrpc module like this:

msf> load msgrpc ServerHost=<PUT_YOUR_IP_ADDRESS_HERE> Pass=abc123

And now, we can start BeEF:

root@kali:/# cd /usr/share/beef-xss/
root@kali:/usr/share/beef-xss/# ./beef

Among the BeEF start-up messages, you should see something like:

[*] Successful connection with Metasploit.
[*] Loaded 232 Metasploit exploits.

Step 3: Profit :)

UPDATE: From the blog stats, I saw that couple of you were searching for the BeEF password too, the default one is user: beef, password: beef ;)

Happy hacking!

Tuesday, March 5, 2013

Installing pyrit on Windows (with cygwin)


Preface

If you are as unfortunate as I am and you need to use Windows (for some reason) to install pyrit, you will probably have a bad time. However! :) I figured out how to make it work, at least for CPU-based cracking. I used cygwin, but it should be possible with MinGW too.

GPU-based cracking will be a lot (and I mean A LOT) more difficult though. I have found a ticket on pyrit's webpage ([3] and also a Google Groups thread on [4]) that is not really promising, but I would like to try it later and see if it's really impossible to make it work with GPU acceleration.

Installation steps

So, here are the steps (based on [1] and [2]):

  1. Install cygwin from cygwin.com (download: http://cygwin.com/setup-x86.exe or http://cygwin.com/setup-x86_64.exe)! Make sure that you install gcc, cc, openssl, svn!
  2. Download and unzip the Winpcap developer pack. By the time of this post, the most recent version was the following: http://www.winpcap.org/install/bin/WpdPack_4_1_2.zip
  3. Copy libraries like this:
    WpdPack\Lib\libpacket.a to cygwin\lib\
    WpdPack\Lib\libwpcap.a to cygwin\lib\
  4. Rename cygwin\lib\libwpcap.a to cygwin\lib\libpcap.a
  5. Copy all headers from WpdPack\Include to cygwin\usr\include\
  6. Make sure you have installed Winpcap libraries and that they are in your path by typing:
    which Packet.dll
    which wpcap.dll
    For me they are under /cygdrive/c/WINDOWS/system32/
  7. Download pyrit source (svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit)
  8. I think the next step is no longer needed (I took it from [1]): modify ./pyrit/cpyrit/setup.py adding a reference to lib crypto (now, originaly it's: libraries = ['crypto', 'pcap'], so I have changed it to libraries = ['ssl', 'crypto', 'pcap'],)
  9. ./setup.py build
  10. ./setup.py install
  11. pyrit.py benchmark
    should give you something similar to this:


References