.

[Article]-Video Tutorials: New BeEF Hotness with Metasploit and Samurai

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Sep 19, 2009 2:24 am

[Article]-Video Tutorials: New BeEF Hotness with Metasploit and Samurai

Ryan's been a machine as of late. Here's a set of 3 videos for your hacking pleasure. HD Moore puts it best when he tweeted that what Ryan is doing is "Cool."

Permanent link: [Article]-Video Tutorials: New BeEF Hotness with Metasploit and Samurai


Image


A new version of the Browser Exploitation Framework (BeEF) has been released. This new release incorporates both my code from my Security B-Sides update of the ChicagoCon Talk "Cain Beef Hash: Snagging Hashes without Popping Boxes" as well as RSnake and Jabra's modules presented at Defcon. Enclosed in this update are some videos describing how to use the modules that I created which allow for realtime interaction with Metasploit. These modules directly communicate with Metasploit to setup the modules which will be used in further browser exploitation. These videos demonstrate how to use the Samurai WTF distribution's initial setup of BeEF, and to upgrade it to the latest version. Once you are upgraded to the latest version, there are 2 more videos, one to utilize the integration to do "point and click" browser autopwn from a browser hooked via XSS. The other example demonstrates how to leverage a domain's "Local Intranet" policy to capture NTLM/LM Challenge credentials with a static challenge, which can then be turned into usable credentials. The Metasploit code required for this to work is in the 3.3 dev trunk and was added in August after Defcon, so you may need to pull out of the dev trunk to have all of the pieces you need.

Wade Alcorn is the author and maintainer of BeEF and was a great help in getting these added. If you haven't checked out BeEF before watching these videos, hopefully you will check it out now. If you have more great ideas for ways to extend and contribute to the framework please do so. I also appreciate H D Moore's help in getting the Metasploit code to make all of this work seamlessly into the Metasploit trunk. You can find some additional videos of RSnake and Jabra's content on Vimeo.



Thanks Ryan.

And, as always, please post your thoughts, comments, suggestions and requests for future vids.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sat Sep 19, 2009 11:34 am

Re: [Article]-Video Tutorials: New BeEF Hotness with Metasploit and Samurai

Ryan,

great work as usual, keep it up.

And props to whoever made the msf-hacker/beef image :D
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Sep 19, 2009 11:43 am

Re: [Article]-Video Tutorials: New BeEF Hotness with Metasploit and Samurai

Don't forget the Samurai WTF on the monitor.  :o

Don
CISSP, MCSE, CSTA, Security+ SME
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sat Sep 19, 2009 11:50 am

Re: [Article]-Video Tutorials: New BeEF Hotness with Metasploit and Samurai

hah, I'd actually missed that feature.

Definitely nice work 8)

Return to Linn

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software