Hacking Using Beef-Xss
2015-04-29 13:47
274 查看
1、环境
hacker:192.168.133.128 os:Kalivictims:192.168.133.1 os:win8
2、前期配置
首先进入beef-xss主目录,编辑配置文件,将metasploit功能打开![](https://images0.cnblogs.com/blog2015/741728/201504/291341282249693.png)
![](https://images0.cnblogs.com/blog2015/741728/201504/291341357865915.png)
然后修改beef-xss连接metasploit的配置文件
![](https://images0.cnblogs.com/blog2015/741728/201504/291341587249441.png)
![](https://images0.cnblogs.com/blog2015/741728/201504/291342066936606.png)
修改custom path
![](https://images0.cnblogs.com/blog2015/741728/201504/291343275217647.png)
打开metasploit进行连接数据库,否则beef-xss依旧不能使用metasploit
![](https://images0.cnblogs.com/blog2015/741728/201504/291343374437481.png)
前期配置完成了,我们就可以打开我们的beef-xss了
![](https://images0.cnblogs.com/blog2015/741728/201504/291343435993635.png)
![](https://images0.cnblogs.com/blog2015/741728/201504/291343520524186.png)
访问:your ip:3000/ui/panel 用户 beef 密码beef
![](https://images0.cnblogs.com/blog2015/741728/201504/291344020992450.png)
登陆成功以后:
![](https://images0.cnblogs.com/blog2015/741728/201504/291344128027113.png)
我们这个时候可以使用本机来测试:your ip/demos/butcher/index.html
![](https://images0.cnblogs.com/blog2015/741728/201504/291344196462423.png)
这个时候我们的Beef监控到
![](https://images0.cnblogs.com/blog2015/741728/201504/291344309113514.png)
3、攻击
攻击的方式很多,你可以把这个链接发给其他人或者![](https://images0.cnblogs.com/blog2015/741728/201504/291344386308922.png)
反射型XSS,很简单的!然后我们去看
![](https://images0.cnblogs.com/blog2015/741728/201504/291344455521975.png)
![](https://images0.cnblogs.com/blog2015/741728/201504/291344532554155.png)
由于没有找到合适的漏洞,所以暂时就到这里了~~~
后面我应该还会增加一个利用beef进行钓鱼的文章,欢迎大家多多交流~~~~
相关文章推荐
- Hacking-jBoss-using-a-Browser
- hacking remote systems using Armitage
- Using -Xss to adjust Java default thread stack size
- Ajax hacking with XSS
- Using XSS to bypass CSRF protection
- Using setJavaScriptEnabled can Introduce XSS Vulnerabilities into&
- Bypass XSS filters using data URIs
- Information Gathering using theHarvester in Kali Linux - See more at: http://www.hacking-tutorial.co
- Ajax hacking with XSS
- XSS框架之安装BEEF
- Beef-xss
- 15 Step To Hacking Windows Using Social Engineering Toolkit And Backtrack 5
- Using setJavaScriptEnabled can introduce XSS vulnerabilities into you application
- Hacking Java Applications using JavaSnoop
- BeEF+metasploit XSS attack
- Using Content Security Policy to Prevent Cross-Site Scripting (XSS)
- Website Password hacking using WireShark
- Detecting and Exploiting XSS Injections using XSSer Tool
- Hacking website using SQL Injection -step by step guide
- Download Hacking Team Database from torrent using magnet link