Download as PDF, PPTX
![BeEF mass_mailer
• curl -H "Content-Type: application/json;
charset=UTF-8" -d 'body' -X POST http://<BeEF>/api/
seng/send_mails?token=0fda00ea62a1102f
{ "template": "default",
"subject": "Hi from BeEF",
"fromname": "BeEF",
"link": "http://www.microsoft.com/",
"linktext": "http://beefproject.com",
"recipients": [{
"user1@gmail.com": "Michele",
"user2@antisnatchor.com": "Antisnatchor"
}]}
27](https://image.slidesharecdn.com/44con-2012imthebutcherwouldyoulikesomebeef-120907113322-phpapp01/75/I-m-the-butcher-would-you-like-some-BeEF-27-2048.jpg)
Uploaded byMichele Orru
I'm the butcher would you like some BeEF
This document describes using the Browser Exploitation Framework (BeEF) to conduct social engineering attacks. It introduces the creators and outlines how BeEF's web cloning and mass mailing extensions can be automated through a RESTful API to conduct phishing campaigns. Demostrations are provided of cloning a webpage to intercept login credentials, creating an HTML email template, and combining the extensions to send cloned phishing links at scale. The summary emphasizes automating social engineering attacks using BeEF's client-side exploitation abilities.
More Related Content
Similar to I'm the butcher would you like some BeEF
I'm the butcher would you like some BeEF
- 1. I’m the Butcher wouldyou like some BeEF? 7th Sept 2012 - London Michele ‘antisnatchor’ Orru Thomas MacKenzie 1
- 2. Who are we MicheleOrru The Butcher Thomas MacKenzie The Meat 2
- 3. Outline • A SocialEngineering real story • BeEF intro • The new BeEF Social Engineering extension • Having fun with the RESTful API 3
- 4. Social Engineering • “Socialengineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.” - Grandfather of all knowledge (Wikipedia). 4
- 5. Our Mission... • Taskedwith gathering as many usernames and passwords as possible in a small amount of time • Tried calling and pretending to be person of authority but awareness seemed to be higher 5
- 6. So... • We heardgreat things about S.E.T. • Decided to use that to clone the website (but found some bugs and limitations that almost made it unusable) 6
- 7. Mass-Mailer • With thehelp of a colleague we then created a basic mass-mailer that used personalization, HTML, pictures and had the ability to spoof the domain name (thanks to their SMTP server settings :-) 7
- 8. We Won 8
- 9. But The ITAdmin was like... • DO NOT CLICK ON THAT LINK 9
- 10. We then said(sending another email)... • DO CLICK ON THAT LINK 10
- 11. AND... WE WONAGAIN! 11
- 12. But... • We thoughtwe could do it better and integrate some awesome client-side exploitation whilst we were at it... 12
- 13. Meet BeEF • BrowserExploitation Framework • Pioneered by Wade Alcorn in 2005 • Powerful platform for Client-side pwnage, XSS post-exploitation and generally victim browser security-context abuse. • The framework allows the penetration tester to select specific modules (in real- time) to target each browser, and therefore each context. 13
- 14.
- 15.
- 16. Meet BeEF • Demo 16
- 17. Social Eng. extension •The idea was to have some BeEF functionality that can be called via the RESTful API, in order to automate: • sending phishing emails using templates, • cloning webpages, harvesting credentials • client-side pwnage 17
- 18. AND... WE DIDIT! 18
- 19.
- 20. BeEF web_cloner • Clonea webpage and serve it on BeEF, then automatically: • modify the page to intercept POST requests • add the BeEF hook to it • if the page can be framed, after POST interception load the original page on an overlay iFrame, otherwise redirect to original page 20
- 21. BeEF web_cloner •curl -H "Content-Type: application/json; charset=UTF-8" -d '{"url":"https:// login.yahoo.com/config/login_verify2", "mount":"/"}' -X POST http://<BeEF>/api/ seng/clone_page? token=53921d2736116dbd86f8f7f7f10e46f1 • If you register loginyahoo.com, you can specify a mount point of /config/ login_verify2, so the phishing url will be (almost) the same 21
- 22. BeEF web_cloner • Demo 22
- 23. BeEF mass_mailer • Doyour phishing email campaigns • get a sample email from your target (with company footer...) • copy the HTML content in a new BeEF email template • download images so they will be added inline! • add your malicious links/attachments • send the mail to X targets and have fun 23
- 24. BeEF mass_mailer • emailtemplates structure 24
- 25. BeEF mass_mailer • ‘default’template HTML mail 25
- 26. BeEF mass_mailer • howthe ‘default’ template email will look 26
- 27. BeEF mass_mailer • curl -H "Content-Type: application/json; charset=UTF-8" -d 'body' -X POST http://<BeEF>/api/ seng/send_mails?token=0fda00ea62a1102f { "template": "default", "subject": "Hi from BeEF", "fromname": "BeEF", "link": "http://www.microsoft.com/", "linktext": "http://beefproject.com", "recipients": [{ "user1@gmail.com": "Michele", "user2@antisnatchor.com": "Antisnatchor" }]} 27
- 28. BeEF mass_mailer • Demo 28
- 29. Combine everything FTW •Register your phishing domain • Point the A/MX records to a VPS where you have an SMTP server and BeEF • Create a BeEF RESTful API script that: • Clone a webpage link with web_cloner • Send X emails with that link with mass_mailer • Script intelligent attacks thanks to BeEF browser detection 29
- 30. Combine everything FTW • Last demo 30
- 31. BeEF web_cloner + mass_mailer + RESTful API = 31
- 32. Thanks • Wade tobe always awesome • The other BeEF guys: Brendan, Christian, Ben, Saafan, Ryan, Heather • A few new project joiners: Bart Leppens, gallypette, Quentin Swain • Tom Neaves for the butcher/hook images :D 32
- 33. Questions? 33