Thursday, March 29, 2012

Installing and Running BeEF on Linux

What is BeEF?
BeEF = Browser Exploitation Framework


Its purpose is primarily for Security Awareness Training. It is a great tool (website) to show the impact of a single seemingly innocent vulnerability - reflective or persistent cross-site scripting - caused by a lack of input validation and/or output escaping.


About BeEF

Excerpt from http://beefproject.com/ :

BeEF is a Security Tool The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. 
Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. 
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.


Instructions to Setup BeEF on Linux
These instructions are for Red Hat Linux but much of it will likely extend to your environment. 
In order to install BeEF, you will need to get the latest BeEF source from git. Our Linux builds do not come with "git" so we will need to install it. BeEF also requires Ruby so we will also obtain, compile, and install the latest version of Ruby. Our Linux builds already have sqllite so no need to install there.


Install git on Linux

Step
Linux Command
Go to the root directory (or wherever you would like to install git)cd /root/
Download the latest version of git (you can go the website to find out if there is a version newer than what i have here)wget http://git-core.googlecode.com/files/git-1.7.9.5.tar.gz
Unzip the downloadgunzip git-1.7.9.5.tar.gz
Untar the downloadtar xvf git-1.7.9.5.tar
Delete the tar file since it is no longer neededrm git-1.7.9.5.tar
Go into the new git foldercd git-1.7.9.5
Build gitmake prefix=/usr all
Once install completes, verify it is working./git --version

Install Ruby on Linux

Ruby is required to run BeEF. Most versions of Red Hat Linux do not come with this. This will show you how to download, compile, and install the latest version of Ruby.

Step
Linux Command
Go to where you would like to install ruby (e.g. root folder)cd /root/
Download the latest version of ruby. You can go to the website to see if there is a newer version available. This is the latest version at the time of this blog postwget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p125.tar.gz
Unzip the downloadgunzip ruby-1.9.3-p125.tar.gz
Untar the downloadtar xvf ruby-1.9.3-p125.tar
Remove the tar file since you no longer need itrm ruby-1.9.3-p125.tar
Go to the new directorycd ruby-1.9.3-p125
Compiling ruby: run configure./configure
Compiling ruby: run makemake
Compiling ruby: installmake install
Verify the installation was successful by checking the version numberruby -v

[root@server ruby-1.9.3-p125]# ruby -v
ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]

Obtain BeEF via git

Step
Linux Command
Go to the folder you would want the latest beef code to be downloaded to (e.g. /root)d /root/
Run the git command (you may need to tailor this to wherever you installed git and the version number you installed). This will download the latest version of beef./root/git-1.7.9.5/git clone http://github.com/beefproject/beef

Install BeEF on Linux

Step
Linux Command
Go to wherever you installed beef (e.g. /root/beef)cd /root/beef/)
Install the bundler tool, which will be used to install beef in the next stepgem install bundler

[root@server beef]# gem install bundler
/usr/local/lib/ruby/1.9.1/yaml.rb:56:in `':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
Fetching: bundler-1.1.3.gem (100%)
Successfully installed bundler-1.1.3
1 gem installed
Installing ri documentation for bundler-1.1.3...
Installing RDoc documentation for bundler-1.1.3...
Install beef using "bundler"bundle install


[root@server beef]# bundle install
/usr/local/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
Fetching gem metadata from http://rubygems.org/.........
Installing addressable (2.2.7)
Installing ansi (1.4.2)
Installing daemons (1.1.8)
Installing data_objects (0.10.8)
Installing dm-core (1.2.0)
Installing dm-do-adapter (1.2.0)
Installing dm-migrations (1.2.0)
Installing do_sqlite3 (0.10.8) with native extensions
Installing dm-sqlite-adapter (1.2.0)
Installing erubis (2.7.0)
Installing eventmachine (0.12.10) with native extensions
Installing json (1.6.6) with native extensions
Installing librex (0.0.65)
Installing msgpack (0.4.6) with native extensions
Installing msfrpc-client (1.0.1)
Installing parseconfig (0.5.2)
Installing rack (1.4.1)
Installing rack-protection (1.2.0)
Installing tilt (1.3.3)
Installing sinatra (1.3.2)
Installing term-ansicolor (1.0.7)
Installing thin (1.3.1) with native extensions
Using bundler (1.1.3)
Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem  

Configure BeEF

Configure BeEF to run on port 80 and also start directly from the server you have it installed on. Otherwise, you have to enter http://server/ui/authentication thus making it easier to access the site.
Note: I could not get the path to access beef reduced from http://server/ui/authentication to http://server/ -- perhaps this is an issue with the version of BeEF I installed with

Step
Linux Command
Modify the configuration file. Change port: "3000" to "80"vi /root/beef/config.yaml

http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "80" <-----CHANGED
# if running behind a nat set the public ip address here
#public: ""
dns: "localhost"
panel_path: "/ui/panel" <-----I'D LIKE TO CHANGE THIS BUT IT ISN'T TAKING EFFECT
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"

Run BeEF in Background

Step
Linux Command
Go to beef installation folder (e.g. /root/beef)cd /root/beef/
Start beef in background (by adding &) ./beef &

Start BeEF by Default on Linux

Step
Linux Command
Modify the /etc/rc.d/rc.local file. This file is for add-on startup scripts that run when the system reboots. This is important to ensure beef is always runningvi /etc/rc.d/rc.local
Add two lines: one to tell it to go inside the beef directory (for some reason you can't run it directly since it has hard-coded relative links thus must already be inside that directory) and then run beef in the backgroundcd /root/beef
./beef &


Update BeEF on Linux
Step
Linux Command
Go to directory beef is installed in (e.g. /root/beef).cd /root/beef
Run 'git pull' to update to the latest revision. You may need to alter this to wherever you installed git and the specific version/root/git-1.7.9.5/git pull

1 comment:

  1. I ran into the same problem "panel_path: "/ui/panel" <-----I'D LIKE TO CHANGE THIS BUT IT ISN'T TAKING EFFECT" because I use BeEF in my demo system behind a reverse proxy...

    Do you found a solution for this?
    Chris

    ReplyDelete