beef over wan/serveo - hook not working

[pentesterkalilinux]

Hey guys !

Im using Beef over Wan (https://github.com/stormshadow07/BeeF-Over-Wan) to be able to use Beef over Wan without port-forwarding. I'm also using serveo(https://serveo.net). I use "ssh -R 80:localhost:80 -R 8090:localhost:3000 serveo.net" to create the Urls. After that I get two URLs. One for the target and one for the admin console. I can login to the beef admin console using the serveo link. When I click the target-link on the target pc I can see in the serveo console that the target has accessed the link. Somehow the target is not getting hooked. I can't see the target PC in the "Online" Tab of Beef.

Can you tell me what im doing wrong ?

[bcoles]

I haven't used serveo, however it's likely similar to ngrok.

This may be of use:

• https://github.com/beefproject/beef/wiki/FAQ#how-do-i-configure-beef-with-ngrok

[pentesterkalilinux]

I haven't used serveo, however it's likely similar to ngrok.

This may be of use:

* https://github.com/beefproject/beef/wiki/FAQ#how-do-i-configure-beef-with-ngrok

Thanks for your reply. With ngrok I cant even access the admin console thats why I use serveo. I've already tried the config from the link you've posted. Problem is if i start it up with "ngrok http 3000" I only get one link but I need two links(target/admin) for Beef over Wan.

[bcoles]

Why do you need two links? Both the hook URL and admin UI are hosted on the same port. Ideally, the AdminUI should not be exposed at all.

It's possible that your issues are due to using IPv6.

[bcoles]

Setting debug: true in config.yaml may offer some insight.

Another user encountered issues with IPv6 and ngrok: https://github.com/beefproject/beef/issues/1672#issuecomment-464561164

Unfortunately IPv6 is not supported #519. This is problematic, as IPv6 address will never match the permitted_ui_subnet directive, so all connections will be blocked.

If you can't force the use of IPv4, you'll have to patch BeEF manually. Unfortunately there's no flags to disable the permitted_ui_subnet completely (yet).

In core/main/rest/api.rb:

diff --git a/core/main/rest/api.rb b/core/main/rest/api.rb
index fb1646d4..105f3ba2 100644
--- a/core/main/rest/api.rb
+++ b/core/main/rest/api.rb
@@ -63,15 +63,7 @@ module BeEF
       # This is from extensions/admin_ui/controllers/authentication/authentication.rb
       #
       def self.permitted_source?(ip)
-        # get permitted subnet
-        permitted_ui_subnet = BeEF::Core::Configuration.instance.get("beef.restrictions.permitted_ui_subnet")
-        target_network = IPAddr.new(permitted_ui_subnet)
-
-        # test if supplied IP address is valid dot-decimal format
-        return false unless ip =~ /\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\z/
-
-        # test if ip within subnet
-        return target_network.include?(ip)
+        return true
       end

       #

In extensions/admin_ui/controllers/authentication/authentication.rb:

diff --git a/extensions/admin_ui/controllers/authentication/authentication.rb b/extensions/admin_ui/controllers/authentication/authentication.rb
index 573456df..bd006fa0 100644
--- a/extensions/admin_ui/controllers/authentication/authentication.rb
+++ b/extensions/admin_ui/controllers/authentication/authentication.rb
@@ -47,12 +47,6 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
     ua_ip = @request.ip # get client ip address
     @body = '{ success : false }' # attempt to fail closed

-    # check if source IP address is permited to authenticate
-    if not permited_source?(ua_ip)
-      BeEF::Core::Logger.instance.register('Authentication', "IP source address (#{@request.ip}) attempted to authenticate but is not within permitted subnet.")
-      return
-    end
-
     # check if under brute force attack
     return if not BeEF::Core::Rest.timeout?('beef.extension.admin_ui.login_fail_delay',
                                             @session.get_auth_timestamp(),

Note that this will remove the IP address based access controls. Ensure you use a strong username and password!!!

[bcoles]

This thread may also be of use: https://github.com/beefproject/beef/issues/1489

Specifically: https://github.com/beefproject/beef/issues/1489#issuecomment-358537424

[pentesterkalilinux]

Ok, I'm using the same url for target/admin with ngrok now.(like you recommended). The problem remains if I try to login it says "invalid username or password". I will have a look at the other things you've just posted. Thanks for the help!

[bcoles]

Sounds like IPv6 issues, but maybe not. Debug output would help. Check the console to see if the attempted login came from an IPv6 address.

Exposing the AdminUI is not advised, but if you absolutely have to use a service such as ngrok/serveo, then you don't have much choice. Be sure to change the path to something other than /ui, as per: https://github.com/beefproject/beef/wiki/Configuration#admin-ui

This won't prevent attacks against the REST API, so be sure to set a strong password. Changing the username wouldn't hurt either.

[pentesterkalilinux]

Where do I get the debug output ?

I've also set the public URL to the ngrok URL and the port to 80. Still no login possible.

[bcoles]

Set debug: true in config.yaml. Debug output is printed to the terminal.

[pentesterkalilinux]

Does this also apply for the beef-over-wan terminal ? Since im not using the beef terminal.

[bcoles]

I have no idea. BeeF-Over-Wan is not an official BeEF utility.

[pentesterkalilinux]

Ok this is what I did. 1) config.yaml: public: 66762rz4665.ngrok.io public_port:80 ->saved it 2) started up Beef-Over-Wan using the same url for target/admin(ngrok http 3000) 3) cant login. I get no debug window only ngrok terminal showing: GET ui/media/images/default/panel -> 304 Not Modified

[bcoles]

That's not something I can help with. I need debug output.

The BeeF-Over-Wan utility adds extra complexity to troubleshooting. I'd recommend testing without it.

Have you tried also changing BeEF's listening port to 80, rather than 3000, as per https://github.com/beefproject/beef/issues/1489#issuecomment-358537424 ?

[pentesterkalilinux]

I also tried to set it to port 80 (like the post recommended) and now i get this error "Not found" like the other guy posted.

[pentesterkalilinux]

What I've tried so far:

BeeF-Over-Wan: serveo(same link for target/admin) -> admin login works, hook "Not Found" serveo(1link target/1link admin) -> admin login works, hook url works but no target is getting hooked

ngrok(same link for target/admin) -> admin login doesnt work,hook "Not Found" ngrok(1link target/1link admin) -> admin login doesnt work,hook "Not Found"

Beef:(setting port to 80) serveo(same link for target/admin) -> admin "Not found", hook "Not Found"

Beef(Host in LAN/Target in LAN): Everything works fine.

So basically nothing seems to work(except in LAN). I hope I'll figure it out eventually. Thanks for your help!

[bcoles]

You'll get a lot further with debug output.

[pentesterkalilinux]

Theres no debug output when i use BoW.

[pentesterkalilinux]

Ok i tried it with beef(not BoW) and ngrok. I can see no debug output.

Theres only this "Opening WEB UI..." and then theres nothing.

It starts with 127.0.0.1(which works) and after that I exchang it withthe ngrok link(which wont let me login).

[bcoles]

Opening WEB UI... is not something BeEF says. I'm guessing you're using BeEF from an operating system package (beef-xss ?)

I can't help without debug output. If I had to guess, I would guess that your issue is IPv6 related. Perhaps try the IPv6 patch above. That said, exposing the AdminUI is probably a bad idea anyway.

[pentesterkalilinux]

Opening WEB UI... is not something BeEF says. I'm guessing you're using BeEF from an operating system package (beef-xss ?)

I can't help without debug output. If I had to guess, I would guess that your issue is IPv6 related. Perhaps try the IPv6 patch above. That said, exposing the AdminUI is probably a bad idea anyway.

Yes of course. I'm using it inside Kali Linux.

[pentesterkalilinux]

Ok, I#ll managed to start it via console. It says (for ngrok login): "Event: IP source address(mac-adress) attempted to authenticate but is not within permitted subnet"

[bcoles]

Ok, I#ll managed to start it via console. It says (for ngrok login): "Event: IP source address(mac-adress) attempted to authenticate but is not within permitted subnet"

That's an IPv6 address, rather than a MAC address. You'll need to patch out the permitted_ui_subnet code as per the patch above.

[pentesterkalilinux]

Ok, thank you. I have to leave now but I'll try to get it to work the next days. I' ll let you know if I managed to make it run. Thanks again for your help!

[bcoles]

No worries. The permitted_ui_subnet code is dumb and buggy and needs to be replaced. Unfortunately, there's other issues which are higher priority (who uses IPv6 anyway? /jokes)

[pentesterkalilinux]

I couldn't wait. So I gave it a try. I got it to go(could log into admin console) but now when I start the hook on the target pc it says "Event: Attempted hook from out of target range browser(IP adress) rejected" :(

[bcoles]

Ah yeah, the permitted_hooking_subnet is similar code. Same problems.

This should fix it:

diff --git a/core/main/handlers/hookedbrowsers.rb b/core/main/handlers/hookedbrowsers.rb
index 873c0230..d229f7ff 100644
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -28,14 +28,6 @@ module Handlers
       #@response = Rack::Response.new(body=[], 200, header={})
       config = BeEF::Core::Configuration.instance

-      # @note check source ip address of browser
-      permitted_hooking_subnet = config.get('beef.restrictions.permitted_hooking_subnet')
-      target_network = IPAddr.new(permitted_hooking_subnet)
-      if not target_network.include?(request.ip)
-        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from out of target range browser (#{request.ip}) rejected.")
-        error 500
-      end
-
       # @note get zombie if already hooked the framework
       hook_session_name = config.get('beef.http.hook_session_name')
       hook_session_id = request[hook_session_name]

[pentesterkalilinux]

Wow that actually seems to work. Yay! Atleast for beef with one ngrok URL. I'll also try the next few days if i can get it to go with serveo and BoW aswell. Thanks alot for your help !

[bcoles]

Cool. If you have any issues please create a new issue. Closing this issue.

I've added an issue to add a log file, which will make debugging in these situations easier. #1698

The issues with IPv6 can be resolved by augmenting the permitted_ui_subnet and permitted_hookig_subnet config directives to accept multiple values, rather than a single string. This is tracked in #519 #1319

[pretech86]

@pentesterkalilinux i have the same problem do you solved it ? can you help me ? thanks a lot

[azamet90]

@pentesterkalilinux i have the same problem do you solved it ? can you help me ? thanks a lot

did u solve this problem? beef over wan is not working so good too... without it how to do this? (this question after 2 years...

[ChillVibesMushroom]

Cool. If you have any issues please create a new issue. Closing this issue.

I've added an issue to add a log file, which will make debugging in these situations easier. #1698

The issues with IPv6 can be resolved by augmenting the permitted_ui_subnet and permitted_hookig_subnet config directives to accept multiple values, rather than a single string. This is tracked in #519 #1319

So basically we just have to modify the code in config.yaml with the snippets to gave us and then attempt to Hooke a browser

[efeobhokhan123]

Thanks for your answers it's really helpful, but I have linked it with ngrok but still not working though I haven't payed for ngrok servers thought it was free like Serveo. All this are free port forwarding servers right? Please I need your help

[bcoles]

Thanks for your answers it's really helpful, but I have linked it with ngrok but still not working

There is nothing anyone can do to help as you have provided no information. Why is it not working?

All this are free port forwarding servers right? Please I need your help

Instead of abusing free services, why not pay for a VPS like a normal person?

[efeobhokhan123]

Please I need your assistance can't we talk on WhatsApp please

[bcoles]

Please I need your assistance can't we talk on WhatsApp please

No but there is a Discord server.

https://discord.gg/HEnk7K9M

[efeobhokhan123]

Please my discord link got expired cani have a new link

[bcoles]

Please my discord link got expired cani have a new link

No. The answer to your question is here:

• https://github.com/beefproject/beef/wiki/Using-BeEF-With-NGROK

[efeobhokhan123]

Please I don't know what to do I need your guidance and support please

[efeobhokhan123]

I have a screenshot to show you please

[bcoles]

Please I don't know what to do I need your guidance and support please I have a screenshot to show you please

The BeEF configuration file is config.yaml.

• https://github.com/beefproject/beef/wiki/Configuration
• https://github.com/beefproject/beef/blob/master/config.yaml

It is a plain text file in YAML format. You can edit text file using a text editor.

When using ngrok you need to edit the file as described:

• https://github.com/beefproject/beef/wiki/Using-BeEF-With-NGROK

[bcoles]

This issue was closed 4 years ago. If you have an issue create a new issue and be sure to provide sufficient information to reproduce the issue.