BeEF Module Construction
Events: Submitted by Wade on 13-Jul-08 at 11:25am
BeEF modules consist of three basic files in a directory. The first is ‘name.txt’ which is just the name displayed in the framework’s menus. The next is ‘index.php’, this is the page displayed in BeEF when the menu item is selected. The third file is the ‘template.js’ which is the file that contains the JavaScript code sent to the target. Symmetric BeEF modules are trivial to implement.
Modules can get more complex by transmitting data back from the targets using API calls like return_result(). A great starting point to understand the framework APIs is the standard alert module that comes with BeEF.
PHP reverse shell
Events: Submitted by Wade on 09-Jan-08 at 12:14am
Pentestmonkey has a great tool called php-reverse-shell. It is for elevation from web server (PHP) upload access to a reverse bindshell. The script will open an outbound TCP connection from the webserver to a host and port of your choice.
BeEF in BackTrack3
Events: Submitted by Wade on 06-Nov-07 at 09:42am
Josh Abraham has added BeEF to BackTrack3. He has also created a tutorial with some of the basic functionality.
New password cracking tool Dnetj and updates to John The Ripper MPI
Events: Submitted by John on 08-Aug-07 at 05:51pm
For those people wanting to crack password hashes, there is a minor update (john-1.7.2-mpi5) to the MPI cluster patch for John The Ripper available Here as well as a completely new tool called Dnetj which is available Here
Dnetj is a client/server wrapper around John The Ripper that allows the use of a central server and any number of cracking nodes, in much the same way setiathome or distributed.net works.
The server loads a set of password hashes, and splits the available keyspace into "work units" of a configurable size. The clients connect and retrieve the hashes, as well as a set of work units to process. Once a client has processed some work units, it connects back to the server to submit the completed units as well as any passwords which have been cracked.
This is a very early release, and although functional there could well be bugs.
BeEF 0.3.2 Released
Events: Submitted by Wade on 19-Jul-07 at 07:55am
Version 0.3.2 of BeEF has been released.
John MPI Updated
Security: Submitted by John on 20-Apr-07 at 10:40pm
A new version of John The Ripper MPI (mpi4) is now available in the tools section...
This version includes:
Support for MacOSX/Intel, this support requires SSE2, as does MacOS itself.
Support for runtime status updates (send a SIGHUP to the running john processes).
Several minor bugfixes
Inter-protocol Exploitation and Communication papers
Security: Submitted by Wade on 19-Apr-07 at 02:04pm
Two papers are now available that demonstrate inter-protocol security issues - Inter-protocol Communication and Inter-protocol Exploitation. Among other things they show the practicality of encapsulating exploit code in one protocol to compromise a program which uses a different protocol.
An example is provided that shows how a web browser can launch a MetaSploit type exploit to own an Asterisk server. Of course, this raises concerns over the (in)effectiveness of firewalls against this attack.
BeEF 0.3.1.6 Released
Events: Submitted by Wade on 19-Mar-07 at 10:16am
The new version of BeEF has been released. BeEF 0.3.1.6 has new modules employing cutting edge exploitation techiques. It is the first framework/tool that can perform Inter-Protocol Communication and Inter-Protocol Exploitation. It can reach behind hardened firewalls and IDSs to launch ported exploits at arbitrary servers.
Manipulating FTP Clients Using The PASV Command Paper
Security: Submitted by Mark on 04-Mar-07 at 07:46pm
A common implementation flaw in FTP clients allows FTP servers to cause clients to connect to other hosts. This seemly small vulnerability has some interesting consequences for web browser security.
This paper discusses how the flaw affects Firefox, Opera and Konqueror.
This