Events: Submitted by Wade on 29-Jun-09 at 10:25pm
Here is a simple module that will redirect the zombies' pages to an arbitrary location. The location is set in the module configuration page BeEF - simply enter the URL, select the target zombies and click send.
Events: Submitted by Wade on 12-Jun-09 at 12:46am
RSnake has a writeup of his technique for exploiting web browser caching to attack RFC1918 networks. The attack uses persistent JavaScript backdoors, long-term browser caching and RFC1918 collisions.
Module: Firefox Keygen DoS PoC
Events: Submitted by Wade on 03-Jun-09 at 02:43am
Download the latest BeEF module that will demonstrate kengen DoS in Firefox. Decompress the module into the 'module/symmetric' directory and the option in the menu will become available.
Module: Chrome "throw exception" Memory Exhaustion DoS PoC
Events: Submitted by Wade on 02-May-09 at 12:50am
The Google chrome browser is vulnerable to a memory exhaustion based denial of service. Here is a proof of concept ported to a BeEF module.
Note that BeEF currently displays Google Chrome as Safari due its useragent string.
Module: IE Unsafe ActiveX Control Detection
Events: Submitted by Wade on 26-Apr-09 at 04:04am
Remote detection through IE (of the availability) of unsafe ActiveX controls is achievable. A script can attempt to access an unsafe control and then check if it succeeds. That is exactly what this new BeEF module does.
Events: Submitted by Wade on 19-Apr-09 at 06:19am
Under some circumstances in Internet Explorer, JavaScript can determine if the browser is in a virtual machine. Scripting can do this by checking the MAC address. For a successful detection (and worse) the configuration option "Initialize and script ActiveX controls not marked as safe for scripting" must be enabled. When enabled, Internet Explorer will alert the user of the insecure configuration. So this is not exactly stealthy.
I have a BeEF module that will do the detection. Just decompress it and put the module into the 'module/symmetric' directory. The menu option will automatically be displayed in the modules menu.
Module: Mozilla Firefox XSL Parsing Remote Memory Corruption PoC
Events: Submitted by Wade on 29-Mar-09 at 02:35pm
I have just created a BeEF module for the Mozilla Firefox XSL Parsing Remote Memory Corruption Proof of Concept. When executed it will crash the Firefox zombie. So don't expect to see the zombie in BeEF afterward.
InfoSec World 2009 - Browser Security
Security: Submitted by Wade on 24-Mar-09 at 03:07am
Interested in Browser Security? Josh Abraham has published his InfoSec World presentation - Total Browser Pwnag3.
Update: The Demos are available here.
Events: Submitted by Wade on 17-Mar-09 at 03:35am
This module checks if QuickTime is available in the browser. Like the other modules, to update BeEF, just copy it to the modules/symmetric directory and match the permissions.
Events: Submitted by Wade on 06-Mar-09 at 08:44pm
The autorun modules execute immediately upon a zombie connecting to the BeEF server. This JavaScript Autorun Module is a lot more flexible than the current ones included in the framework. It provides two configurable options. The first is a regexp that will be compared against the zombie's useragent and, if it evaluates to true, the second (standard JavaScript) is executed.