Beef-XSS project "Authentication form not seen in Kali Linux"

[manopaul]

Running Beef from the menu in Kali Linux after update and upgrade does not show the login form in http://:3000/ui/panel or http://:3000/ui/authentication Only the BeEF logo image (of the bull) is shown. Did bleeding-edge-repo pull as well as uninstalled and reinstalled beef-xss but the issue was not fixed. After researching and trying for hours, I came about a workaround ... Finally from terminal, I ran 'ruby beef' command (prefix with ruby) instead of just './beef'in the beef-xss folder and then opened a browser and navigated to the http://:3000/ui/authentication and it worked. I wonder if it is a javacript bundling issue that generates the login form or a if has something to do with the ruby gems bundle (which were all checked but had no errors). Thank you for your support in advance. Mano 'dash4rk' Paul

[antisnatchor]

Hey man, this is an issue with Kali and ruby environment, it's not related to BeEF. The JavaScript for the UI is minified, and a specific gem is used for that. If the ruby environment is screwed (for instance if you don't use RVM, which set env vars and so on), some dependencies might not be resolved correctly.

See here: https://github.com/beefproject/beef/wiki/BeEF-and-Backtrack-5 You don't have these issues with any other linux/OSX with RVM. It even works on Windows :D

[wadealcorn]

@bw-z, have you got bandwidth to look into this?

[manopaul]

Hi Wade: So here is what happened. I used to be able to launch BeEF-XSS from the Kali Menu, but then after doing a apt-get update and apt-get upgrade from the bleeding-edge repo, when I launched BeEF from the Kali Menu, I would get the page http:///ui/panel redirect to ~/ui/authentication but the login form would not be displayed. All I would see is just the BeEF logo render. Checked view source and there it all looked like the page had completely loaded. From what I could tell from the src attribute, the login form seemed like it was dynamically generated using the js script (minified). I tried running ./beef from the beef-xss folder and it was the same issue. Went to an older Kali instance on a different box that was not updated yet and there was no problem. Upon doing the update and upgrade on that box, the same issue of missing login form was observed. After researching and trying for hours, what seemed to work was ... From terminal (not the the Kali menu), I ran 'ruby beef' command (prefixed with ruby) instead of just './beef' in the beef-xss folder and then opened a browser and navigated to the http://:3000/ui/authentication and it worked. Then when I used the Kali Linux menu, it worked as well. It seemed like the ruby prefix made a difference and so I dont think it may be a javacript bundling issue that generates the login form as much as it has to do with the ruby gems bundle. Thank you for your support in advance. Mano 'dash4rk' Paul

[wadealcorn]

@manopaul thanks for the additional information

[bw-z]

Hi @manopaul

Could you please try doing another apt-get update and upgrade?

If the issue persists please let me know which version of Kali you have running and on what platform?

[wadealcorn]

@manopaul can you please confirm them above?

[manopaul]

Sorry for the delay. Will look into this within the next couple of dates and update for sure. Thanks for following up.

On May 4, 2014, at 5:10 PM, Wade Alcorn notifications@github.com wrote:

@manopaul can you please confirm them above?

— Reply to this email directly or view it on GitHub.

[wadealcorn]

@manopaul thanks

[manopaul]

Hi Wade, @BWZ and team Just wanted to let you know that I did an apt-get update and did an upgrade and the issue that I was facing with the missing authentication form is no longer an issue. Thank you for all your help and I truly appreciate that you followed through and ensured that it was all good. I am impressed with your service. Thanks again Mano (@manopaul)

On May 4, 2014, at 5:12 PM, Wade Alcorn notifications@github.com wrote:

@manopaul thanks

— Reply to this email directly or view it on GitHub.

[bw-z]

Thanks @manopaul!

[joseph-kovacs]

This is still a major issue with BeEF. I just ran multiple installations on Ubuntu 14.04 and ran into two issues. The first was no log in window available due to missing the following file: /ui/media/javascript-min/web_ui_auth.js

Messing with RVM (https://rvm.io/rvm/install) a bit I could finally get it to show up, but log into the panel using beef/beef and the following file is missing making the panel unusable: /ui/media/javascript-min/web_ui_all.js

Has there been any solution to either of these issues?

[joseph-kovacs]

Found a solution:

rvm install 1.9.3-p484 rvm use 1.9.3 -- default See: https://github.com/beefproject/beef/blob/master/INSTALL.txt

It looks like BeEF is VERY dependent on that RVM version at least for Ubuntu.

[offensive-security]

RVM is definitely not a recommend solution for Kali and Beef. The issue for the bug described (https://bugs.kali.org/view.php?id=1130) was due to insufficient permissions on the /usr/share/beef-xss/extensions/admin_ui/media/javascript-min/ directory, and has been fixed in subsequent releases of Beef in Kali. Beef XSS works well in Kali-rolling now, by simply:

/etc/init.d/beef-xss start and then browsing to : http://localhost:3000/ui/authentication

[ziflar]

yes the problem appears when ruby is updated to the 2.3.0 version for the first installation of kali rolling, I proceeded as follows:: BEFORE DOING an apt-update,apt-upgrade,apt dist-upgrade.!!!!!!

             echo " ruby hold" | dpkg --set-selections
             echo " ruby2.2 hold" | dpkg --set-selections
             echo " ruby2.2-dev:amd64 hold" | dpkg --set-selections
             apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

I just block the ruby updating and it works fine

[Kuhicop]

I'm still having this issue in Parrot Any ideas? Thanks in advance!! <3

[wifiuk]

using kali 2018 latest versuion even using the following comman /etc/init.d/beef-xss start i see no login page only the bull logo

if you look at the page source its trying to load

but the error for that is

File not found: /javascript-min/web_ui_auth.js

[farsx]

@wifiuk I confirm the issue with latest kali-rolling.

@beefproject The problem seems to be the uglifier API that minify JS code: https://github.com/beefproject/beef/blob/836c0c97e51a750d417704faa0fc86ad1753b67c/extensions/admin_ui/api/handler.rb#L22

It throws this error: API Fire Error: SyntaxError: Unexpected token } in {:owner=>BeEF::Extension::AdminUI::API::Handler, :id=>18}.mount_handler()

As a quick-and-dirty workaround you can substitute the line: minified = Uglifier.compile(evaluated) with: minified = evaluated

[OfficialJrotich]

I have the same problem on Parrot Security GNU/Linux any help will be highly appreciated. Parrot Release 3.11 32-bit, Kernel Linux 4.14.0-parrot13-686-pae i686.

[bcoles]

@krazyghostcrawler this issue is closed. Please search the existing issues and if you don't find your answer then create a new issue.