In the last post I explained all the basic things about BeEF and in this post I will go to the next step. I will show you how to add a BeEF hook to a website.Before continuing, you should know the basics of the framework. If you don’t, please go through my previous article.
The Video Tutorial
Setup the Webpage and Server
Now lets start. The first thing you need is a web page. In this tutorial, I will be using a HTML version of 2048 game. This game is available in github. You can clone it from here.
After cloning, move all the contents to /var/www/html/. If there is already an index.html in /var/www/html, remove it using the command rm /var/www/html/index.html before copying the new files.
Now start apache service, open a browser, type localhost in the URL bar and press enter. If everything is done correctly, you will be able to run the game in your browser.
Inject the Code Source in Webpage
Now its time to make our hands dirty. Fire up the terminal and start BeEF. In the terminal, you will see the link of hook.js file. Make a note of it as we will be using it later.
Now using your favorite text editor open /var/www/html/index.html. When you scroll down, you will find a list of URLs of java script codes. All you have to do is paste our hook.js files URL along ith other URLs.
Now, as explained in my previous post, open your browser, go to BeEF control panel, login with your credentials, sit back and relax. Our job is done here. Now whenever some one in your LAN issues your IP address in the browser, the game will load and the browser will be hooked with out the victim without alerting the victim.
Once the browser is hooked, you can use any attack module available in Browser.
Now Are you ready to take this to the next level? LETS TAKE IT OUTSIDE…
If you have any doubts or questions, let me know it in the comments.