How do I accesss BeEF from outside the LAN

[Brolupyr777]

Hi, can someone please explain the solution to me in simple words, step by step since I am new in Linux and Github in general and would love that Thanks!

[bcoles]

It says that I don't have the permission

It is likely owned by root. You'll need to run the text editor as root, or copy the file somewhere else, edit it, then move it back with root privileges.

# copy it somewhere that is writable
cp /etc/beef-xss/config.yaml /tmp/config.yaml
# edit
gedit /tmp/config.yaml
# overwrite the old config
sudo mv /tmp/config.yaml /etc/beef-xss/config.yaml

[Brolupyr777]

Now do I just copy and paste the code?

[Brolupyr777]

`-- beef: version: 0.5.4.0-pre debug: false client_debug: false crypto_default_value_length: 80 credentials: user: beef passwd: beef restrictions: permitted_hooking_subnet:

• 0.0.0.0/0
• "::/0" permitted_ui_subnet:
• 0.0.0.0/0
• "::/0" excluded_hooking_subnet: [] api_attempt_delay: '0.05' http: debug: false host: 73.11.43.188 port: '3000' xhr_poll_timeout: 1000 allow_reverse_proxy: false hook_file: "/hook.js" hook_session_name: BEEFHOOK restful_api: allow_cors: false cors_allowed_domains: http://browserhacker.com websocket: enable: false port: 61985 secure: true secure_port: 61986 ws_poll_timeout: 5000 ws_connect_timeout: 500 web_server_imitation: enable: true type: apache hook_404: false hook_root: false https: enable: true public_enabled: true key: beef_key.pem cert: beef_cert.pem database: file: db/beef.db autorun: result_poll_interval: 300 result_poll_timeout: 5000 continue_after_timeout: true dns_hostname_lookup: false geoip: enable: true database: "/var/lib/GeoIP/GeoLite2-City.mmdb" integration: phishing_frenzy: enable: false extension: admin_ui: enable: true base_path: "/ui" demos:` Did I do it right?

[bcoles]

Now do I just copy and paste the code?

No. Read what the configuration. Understand what you're doing. Set the appropriate configuration settings.

[bcoles]

Did I do it right?

No

[Brolupyr777]

I can't find the public: host: ".ngrok.io" # public hostname/IP address port: "443" https: true and the: allow_reverse_proxy: true

[bcoles]

I can't find the public:

Here's the default configuration file.

https://github.com/beefproject/beef/blob/5fdd96f5761dfd0bfe36b9e24ab390c29194e349/config.yaml#L1-L159

Change the password. Then set the appropriate public settings for your ngrok host.

[Brolupyr777]

can I replace your with mine and then do the changes?

[bcoles]

can I replace your with mine and then do the changes?

Probably, yes. You will need to change the password and set the appropriate public settings for your ngrok host.

[Brolupyr777]

how do I get the IP of the web server

[bcoles]

how do I get the IP of the web server

Which IP of what web server and why?

[bcoles]

You literally only need to change the password and the public settings.

[Brolupyr777]

# HTTP server http: debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace. host: "0.0.0.0" port: "3000" The host

[Brolupyr777]

There is no public in the code that you gave me

[bcoles]

There is no public in the code that you gave me

Yes there is. The public section is commented out by default.

[Brolupyr777]

ok I see it

[bcoles]

how do I get the IP of the web server

Which IP of what web server and why?

The host

Don't change the host. it is unrelated. Change the password and set the appropriate public settings for your ngrok host.

[Brolupyr777]

ok

[Brolupyr777]

host: "<your-id>.ngrok.io" # public hostname/IP address

[Brolupyr777]

where do I get the id

[Brolupyr777]

is it the MY public IP?

[bcoles]

host: "<your-id>.ngrok.io" # public hostname/IP address where do I get the id is it the MY public IP?

https://github.com/beefproject/beef/issues/2366#issuecomment-1073404215

[Brolupyr777]

` #

Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net

Browser Exploitation Framework (BeEF) - http://beefproject.com

See the file 'doc/COPYING' for copying permission

BeEF Configuration file

beef: version: '0.5.4.0'

More verbose messages (server-side)

 debug: false 
 # More verbose messages (client-side) 
 client_debug: false 
 # Used for generating secure tokens 
 crypto_default_value_length: 80 

 # Credentials to authenticate in BeEF. 
 # Used by both the RESTful API and the Admin interface 
 credentials: 
     user:   "beef" 
     passwd: "<My password>" 

 # Interface / IP restrictions 
 restrictions: 
     # subnet of IP addresses that can hook to the framework 
     permitted_hooking_subnet: ["0.0.0.0/0", "::/0"] 
     # subnet of IP addresses that can connect to the admin UI 
     #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"] 
     permitted_ui_subnet: ["0.0.0.0/0", "::/0"] 
     # subnet of IP addresses that cannot be hooked by the framework 
     excluded_hooking_subnet: [] 
     # slow API calls to 1 every  api_attempt_delay  seconds 
     api_attempt_delay: "0.05" 

 # HTTP server  
 http: 
     debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace. 
     host: "0.0.0.0" 
     port: "3000" 

     # Decrease this setting to 1,000 (ms) if you want more responsiveness 
     #  when sending modules and retrieving results. 
     # NOTE: A poll timeout of less than 5,000 (ms) might impact performance 
     #  when hooking lots of browsers (50+). 
     # Enabling WebSockets is generally better (beef.websocket.enable) 
     xhr_poll_timeout: 1000 

     # Host Name / Domain Name 
     # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS), 
     # These settings will be used to create a public facing URL 
     # This public facing URL will be used for all hook related calls 
     # set the public setting below: 
      public: 
         host: "faa6-73-11-43-188.ngrok.io" # public hostname/IP address 
         port: "443" # public port will default to 80 if no https 443 if https  
                   # and local if not set but there is a public host 
         https: true # true/false 

     # Reverse Proxy / NAT 
     # If you want BeEF to be accessible behind a reverse proxy or NAT, 
     #   set both the publicly accessible hostname/IP address and port below: 
     # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed 
     #   by altering the X-FORWARDED-FOR ip address in the request header. 
     allow_reverse_proxy: false 

     # Hook 
     hook_file: "/hook.js" 
     hook_session_name: "BEEFHOOK" 

     # Allow one or multiple origins to access the RESTful API using CORS 
     # For multiple origins use: "http://browserhacker.com, http://domain2.com" 
     restful_api: 
         allow_cors: false 
         cors_allowed_domains: "http://browserhacker.com" 

     # Prefer WebSockets over XHR-polling when possible. 
     websocket: 
         enable: false 
         port: 61985 # WS: good success rate through proxies 
         # Use encrypted 'WebSocketSecure' 
         # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF 
         secure: true 
         secure_port: 61986 # WSSecure 
         ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it 
         ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel 

     # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header) 
     web_server_imitation: 
         enable: true 
         type: "apache" # Supported: apache, iis, nginx 
         hook_404: false # inject BeEF hook in HTTP 404 responses 
         hook_root: false # inject BeEF hook in the server home page 
     # Experimental HTTPS support for the hook / admin / all other Thin managed web services 
     https: 
         enable: false 
         # Enabled this config setting if you're external facing uri is using https 
         public_enabled: false 
         # In production environments, be sure to use a valid certificate signed for the value 
         # used in beef.http.public (the domain name of the server where you run BeEF) 
         key: "beef_key.pem" 
         cert: "beef_cert.pem" 

 database: 
     file: "beef.db" 

 # Autorun Rule Engine 
 autorun: 
     # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval 
     # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually 
     # continue execution regardless of results. 
     # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout. 
     result_poll_interval: 300 
     result_poll_timeout: 5000 

     # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain. 
     # This is useful to call modules (nested-forward chain mode) that are not returning their status/results. 
     continue_after_timeout: true 

 # Enables DNS lookups on zombie IP addresses 
 dns_hostname_lookup: false 

 # IP Geolocation 
 geoip: 
     enable: true 
     # GeoLite2 City database created by MaxMind, available from https://www.maxmind.com 
     database: '/usr/share/GeoIP/GeoLite2-City.mmdb' 

 # Integration with PhishingFrenzy 
 # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy 
 # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser. 
 integration: 
     phishing_frenzy: 
         enable: false 

 # You may override default extension configuration parameters here 
 # Note: additional experimental extensions are available in the 'extensions' directory 
 #       and can be enabled via their respective 'config.yaml' file 
 extension: 
     admin_ui: 
         enable: true 
         base_path: "/ui" 
     demos: 
         enable: true 
     events: 
         enable: true 
     evasion: 
         enable: false 
     requester: 
         enable: true 
     proxy: 
         enable: true 
     network: 
         enable: true 
     metasploit: 
         enable: false 
     social_engineering: 
         enable: true 
     xssrays: 
         enable: true `

Good?

[bcoles]

Good?

Whitespace is important. The public key is not aligned properly.

[Brolupyr777]

what white space?

[bcoles]

what white space?

All white space is important.

In this instance, there is superfluous white space preceding the public key.

[Brolupyr777]

Can you show me the change?

[Brolupyr777]

`public: host: "faa6-73-11-43-188.ngrok.io" # public hostname/IP address port: "443" # public port will default to 80 if no https 443 if https

and local if not set but there is a public host

       https: true # true/false `

did that fix it?

[bcoles]

did that fix it?

I have no idea. it needs to be aligned properly. You've pasted it out of context.

[bcoles]

Can you show me the change?

Align the public key.

[Brolupyr777]

done, know what?

[Brolupyr777]

*now

[bcoles]

done, know what?

Start beef.

If you're using the beef-xss package from kali you can start the service with sudo service beef-xss start.

[Brolupyr777]

It says unable to connect

[Brolupyr777]

sorry nevermind

[Brolupyr777]

I have another one open already

[bcoles]

I have another one open already

You have another what open already? If beef-xss is already running you can restart it with sudo service beef-xss restart.

[Brolupyr777]

× beef-xss.service - beef-xss Loaded: loaded (/lib/systemd/system/beef-xss.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2022-03-20 21:20:10 PDT; 4s ago Process: 18137 ExecStart=/usr/share/beef-xss/beef (code=exited, status=1/FAILURE) Main PID: 18137 (code=exited, status=1/FAILURE) CPU: 749ms

[bcoles]

You broke something. Check the logs. sudo journalctl -u beef-xss

[Brolupyr777]

Mar 19 21:14:51 kali systemd[1]: Started beef-xss. Mar 19 21:14:56 kali beef[7623]: [21:14:53][] Browser Exploitation Framework (> Mar 19 21:14:56 kali beef[7623]: [21:14:53] | Twit: @beefproject Mar 19 21:14:56 kali beef[7623]: [21:14:53] | Site: https://beefproject.com Mar 19 21:14:56 kali beef[7623]: [21:14:53] | Blog: http://blog.beefprojec> Mar 19 21:14:56 kali beef[7623]: [21:14:53] |_ Wiki: https://github.com/bee> Mar 19 21:14:56 kali beef[7623]: [21:14:53][] Project Creator: Wade Alcorn (@W> Mar 19 21:14:56 kali beef[7623]: -- migration_context() Mar 19 21:14:56 kali beef[7623]: -> 0.0059s Mar 19 21:14:56 kali beef[7623]: == 1 CreateCommandModules: migrating =========> Mar 19 21:14:56 kali beef[7623]: -- create_table(:command_modules, {}) Mar 19 21:14:56 kali beef[7623]: -> 0.0005s Mar 19 21:14:56 kali beef[7623]: == 1 CreateCommandModules: migrated (0.0006s) > Mar 19 21:14:56 kali beef[7623]: == 2 CreateHookedBrowsers: migrating =========> Mar 19 21:14:56 kali beef[7623]: -- create_table(:hooked_browsers, {}) Mar 19 21:14:56 kali beef[7623]: -> 0.0008s Mar 19 21:14:56 kali beef[7623]: == 2 CreateHookedBrowsers: migrated (0.0009s) > Mar 19 21:14:56 kali beef[7623]: == 3 CreateLogs: migrating ===================> Mar 19 21:14:56 kali beef[7623]: -- create_table(:logs, {}) Mar 19 21:14:56 kali beef[7623]: -> 0.0008s Mar 19 21:14:56 kali beef[7623]: == 3 CreateLogs: migrated (0.0009s) ==========> Mar 19 21:14:56 kali beef[7623]: == 4 CreateCommands: migrating ===============> Mar 19 21:14:56 kali beef[7623]: -- create_table(:commands, {}) lines 1-23

[bcoles]

There should be a lot more logs. Look for an error. It is probably at the end.

[Brolupyr777]

there is like over 10000 lines It will take me forever to scroll

[Brolupyr777]

is there a different way

[Brolupyr777]

?

[bcoles]

You can page through the logs faster by pressing space. You can also pipe the results to tail journalctl -u beef-xss | tail or pipe to a file and open it in a text editor journalctl -u beef-xss > logfile.

[Brolupyr777]

Mar 20 21:18:58 kali systemd[1]: beef-xss.service: Failed with result 'exit-code'. Mar 20 21:19:14 kali systemd[1]: Started beef-xss. Mar 20 21:19:15 kali beef[18023]: /usr/share/beef-xss/core/main/configuration.rb:201:in block in get': undefined method[]' for nil:NilClass (NoMethodError) Mar 20 21:19:15 kali beef[18023]: from /usr/share/beef-xss/core/main/configuration.rb:200:in each' Mar 20 21:19:15 kali beef[18023]: from /usr/share/beef-xss/core/main/configuration.rb:200:ininject' Mar 20 21:19:15 kali beef[18023]: from /usr/share/beef-xss/core/main/configuration.rb:200:in get' Mar 20 21:19:15 kali beef[18023]: from /usr/share/beef-xss/beef:90:in

' Mar 20 21:19:15 kali beef[18023]: [21:19:15][!] Fatal Error: cannot load configuration file '/usr/share/beef-xss/./config.yaml' : uninitialized class variable @@instance in BeEF::Core::Configuration Mar 20 21:19:15 kali beef[18023]: Did you mean? instance_of? Mar 20 21:19:15 kali beef[18023]: [21:19:15][!] ["/usr/share/beef-xss/core/main/configuration.rb:16:in instance'", "/usr/share/beef-xss/core/ruby/print.rb:38:inprint_debug'", "/usr/share/beef-xss/core/main/configuration.rb:48:in resc> Mar 20 21:19:15 kali systemd[1]: beef-xss.service: Main process exited, code=exited, status=1/FAILURE Mar 20 21:19:15 kali systemd[1]: beef-xss.service: Failed with result 'exit-code'. Mar 20 21:20:09 kali systemd[1]: Started beef-xss. Mar 20 21:20:10 kali beef[18137]: /usr/share/beef-xss/core/main/configuration.rb:201:inblock in get': undefined method []' for nil:NilClass (NoMethodError) Mar 20 21:20:10 kali beef[18137]: from /usr/share/beef-xss/core/main/configuration.rb:200:ineach' Mar 20 21:20:10 kali beef[18137]: from /usr/share/beef-xss/core/main/configuration.rb:200:in inject' Mar 20 21:20:10 kali beef[18137]: from /usr/share/beef-xss/core/main/configuration.rb:200:inget' Mar 20 21:20:10 kali beef[18137]: from /usr/share/beef-xss/beef:90:in <main>' Mar 20 21:20:10 kali beef[18137]: [21:20:10][!] Fatal Error: cannot load configuration file '/usr/share/beef-xss/./config.yaml' : uninitialized class variable @@instance in BeEF::Core::Configuration Mar 20 21:20:10 kali beef[18137]: Did you mean? instance_of? Mar 20 21:20:10 kali beef[18137]: [21:20:10][!] ["/usr/share/beef-xss/core/main/configuration.rb:16:ininstance'", "/usr/share/beef-xss/core/ruby/print.rb:38:in print_debug'", "/usr/share/beef-xss/core/main/configuration.rb:48:inresc> Mar 20 21:20:10 kali systemd[1]: beef-xss.service: Main process exited, code=exited, status=1/FAILURE Mar 20 21:20:10 kali systemd[1]: beef-xss.service: Failed with result 'exit-code'.

[bcoles]

Your configuration file is malformed.

[Brolupyr777]

meaning?

[bcoles]

meaning?

Your configuration file is not formatted correctly.

[Brolupyr777]

How do I fix it?