Bolder Security: Installing and Running BeEF on Linux

What is BeEF?
BeEF = Browser Exploitation Framework

Its purpose is primarily for Security Awareness Training. It is a great tool (website) to show the impact of a single seemingly innocent vulnerability - reflective or persistent cross-site scripting - caused by a lack of input validation and/or output escaping.

About BeEF

Excerpt from http://beefproject.com/ :

BeEF is a Security Tool The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

Instructions to Setup BeEF on Linux
These instructions are for Red Hat Linux but much of it will likely extend to your environment.
In order to install BeEF, you will need to get the latest BeEF source from git. Our Linux builds do not come with "git" so we will need to install it. BeEF also requires Ruby so we will also obtain, compile, and install the latest version of Ruby. Our Linux builds already have sqllite so no need to install there.

Install git on Linux

Step	Linux Command
Go to the root directory (or wherever you would like to install git)	cd /root/
Download the latest version of git (you can go the website to find out if there is a version newer than what i have here)	wget http://git-core.googlecode.com/files/git-1.7.9.5.tar.gz
Unzip the download	gunzip git-1.7.9.5.tar.gz
Untar the download	tar xvf git-1.7.9.5.tar
Delete the tar file since it is no longer needed	rm git-1.7.9.5.tar
Go into the new git folder	cd git-1.7.9.5
Build git	make prefix=/usr all
Once install completes, verify it is working	./git --version

Install Ruby on Linux

Ruby is required to run BeEF. Most versions of Red Hat Linux do not come with this. This will show you how to download, compile, and install the latest version of Ruby.

Step	Linux Command
Go to where you would like to install ruby (e.g. root folder)	cd /root/
Download the latest version of ruby. You can go to the website to see if there is a newer version available. This is the latest version at the time of this blog post	wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p125.tar.gz
Unzip the download	gunzip ruby-1.9.3-p125.tar.gz
Untar the download	tar xvf ruby-1.9.3-p125.tar
Remove the tar file since you no longer need it	rm ruby-1.9.3-p125.tar
Go to the new directory	cd ruby-1.9.3-p125
Compiling ruby: run configure	./configure
Compiling ruby: run make	make
Compiling ruby: install	make install
Verify the installation was successful by checking the version number	ruby -v [root@server ruby-1.9.3-p125]# ruby -v ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]

Obtain BeEF via git

Step	Linux Command
Go to the folder you would want the latest beef code to be downloaded to (e.g. /root)	d /root/
Run the git command (you may need to tailor this to wherever you installed git and the version number you installed). This will download the latest version of beef.	/root/git-1.7.9.5/git clone http://github.com/beefproject/beef

Install BeEF on Linux

Step	Linux Command
Go to wherever you installed beef (e.g. /root/beef)	cd /root/beef/)
Install the bundler tool, which will be used to install beef in the next step	gem install bundler [root@server beef]# gem install bundler /usr/local/lib/ruby/1.9.1/yaml.rb:56:in `': It seems your ruby installation is missing psych (for YAML output). To eliminate this warning, please install libyaml and reinstall your ruby. Fetching: bundler-1.1.3.gem (100%) Successfully installed bundler-1.1.3 1 gem installed Installing ri documentation for bundler-1.1.3... Installing RDoc documentation for bundler-1.1.3...
Install beef using "bundler"	bundle install [root@server beef]# bundle install /usr/local/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>': It seems your ruby installation is missing psych (for YAML output). To eliminate this warning, please install libyaml and reinstall your ruby. Fetching gem metadata from http://rubygems.org/......... Installing addressable (2.2.7) Installing ansi (1.4.2) Installing daemons (1.1.8) Installing data_objects (0.10.8) Installing dm-core (1.2.0) Installing dm-do-adapter (1.2.0) Installing dm-migrations (1.2.0) Installing do_sqlite3 (0.10.8) with native extensions Installing dm-sqlite-adapter (1.2.0) Installing erubis (2.7.0) Installing eventmachine (0.12.10) with native extensions Installing json (1.6.6) with native extensions Installing librex (0.0.65) Installing msgpack (0.4.6) with native extensions Installing msfrpc-client (1.0.1) Installing parseconfig (0.5.2) Installing rack (1.4.1) Installing rack-protection (1.2.0) Installing tilt (1.3.3) Installing sinatra (1.3.2) Installing term-ansicolor (1.0.7) Installing thin (1.3.1) with native extensions Using bundler (1.1.3) Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem

Configure BeEF

Configure BeEF to run on port 80 and also start directly from the server you have it installed on. Otherwise, you have to enter http://server/ui/authentication thus making it easier to access the site.
Note: I could not get the path to access beef reduced from http://server/ui/authentication to http://server/ -- perhaps this is an issue with the version of BeEF I installed with

Step	Linux Command
Modify the configuration file. Change port: "3000" to "80"	vi /root/beef/config.yaml http: debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace. host: "0.0.0.0" port: "80" <-----CHANGED # if running behind a nat set the public ip address here #public: "" dns: "localhost" panel_path: "/ui/panel" <-----I'D LIKE TO CHANGE THIS BUT IT ISN'T TAKING EFFECT hook_file: "/hook.js" hook_session_name: "BEEFHOOK" session_cookie_name: "BEEFSESSION"

Step

Linux Command

Modify the configuration file. Change port: "3000" to "80"

vi /root/beef/config.yaml

http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "80" <-----CHANGED
# if running behind a nat set the public ip address here
#public: ""
dns: "localhost"
panel_path: "/ui/panel" <-----I'D LIKE TO CHANGE THIS BUT IT ISN'T TAKING EFFECT
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"

Run BeEF in Background

Step	Linux Command
Go to beef installation folder (e.g. /root/beef)	cd /root/beef/
Start beef in background (by adding &)	./beef &

Start BeEF by Default on Linux

Step	Linux Command
Modify the /etc/rc.d/rc.local file. This file is for add-on startup scripts that run when the system reboots. This is important to ensure beef is always running	vi /etc/rc.d/rc.local
Add two lines: one to tell it to go inside the beef directory (for some reason you can't run it directly since it has hard-coded relative links thus must already be inside that directory) and then run beef in the background	cd /root/beef ./beef &

Update BeEF on Linux

Step	Linux Command
Go to directory beef is installed in (e.g. /root/beef).	cd /root/beef
Run 'git pull' to update to the latest revision. You may need to alter this to wherever you installed git and the specific version	/root/git-1.7.9.5/git pull

Thursday, March 29, 2012

Installing and Running BeEF on Linux