BeEF+Ettercap:Pwning Marriage


This is the best how-to’s website that I’ve ever seen, and I wanted to join it. It taught me a lot, but, because I’m here to learn too, please correct me if I’m wrong.

You probably know that Ettercap is a very powerful tool for man in the middle attacks.
You probably know that Browser Exploitation Framework (BeEF) is a very powerful tool for browser exploitation.
But, do you know how powerful tare they… together

This is my first how-to, so I wanted to start with something impressive, but easy to explain.
That’s the same for this attack: easy and fast, and also easy to automate with few lines of bash script.

The point of this how-to is demonstrating how to use an Ettercap filter to inject a BeEF hook, so that every time our victim opens the browser , his/her computer is automatically hooked in BeEF, wherever browses.

To follow this tutorial you need Kali Linux.
Note: this won’t work with HTTPS, you’ll need SSLstrip for that.

Step 1: Setup Ettercap

We first need to do some changes to the Ettercap configuration file. To work properly Ettercap needs root access.
In the terminal, type: vi /etc/ettercap/etter.conf

BeEF+Ettercap:Pwning Marriage

This should be the output:

BeEF+Ettercap:Pwning Marriage

Type i to edit the file.
Change ec-uid = 65534 to ec-uid = 0 and ec-gid = 65534 to ec-gid = 0 (as shown in the picture).
Then scroll down and find this:

BeEF+Ettercap:Pwning Marriage

Edit to this (uncomment last two lines):

BeEF+Ettercap:Pwning Marriage

To exit the editor, type esc, then :wq to save.
Ettercap is ready.

Step 2: Setup BeEF

To setup BeEF, type in the terminal: cd /usr/share/beef-xss, then ./beef.
This should be the output:

BeEF+Ettercap:Pwning Marriage

(The error you see is related to a Metasploit link I did, that won’t show)

You can now open Iceweasel and type in the URL bar: http: //127.0.0.1:3000/ui/panel and login with default username beef and default password beef.

You should see the following:

BeEF+Ettercap:Pwning Marriage

BeEF is ready.

Step 3: Create the Ettercap Filter.

Open LeafPad, or the text editor you prefer, and write:

BeEF+Ettercap:Pwning Marriage

Where MACHINEIP is your machine ip, you can find it with the command ifconfig, or by checking the ./beef results, there is the complete URL.

It tells ettercap that whenever it captures a TCP packet coming from port 80 it has to redirect the packet back within the ARP poisoning contest, but edited.

Save as beefhook.filter.
In the terminal, navigate to the beefhook.filter folder, for example if you have the .filter in /Desktop
cd /root/Desktop
then type:
etterfilter beefhook.filter
this should be the output:

BeEF+Ettercap:Pwning Marriage

As you noticed, a new file is created: filter.ef.
That’s the Ettercap filter.

Step 4: Start Ettercap and Load the Filter

To inject the filter in the victim’s browser sessions, I’m going to use the text interface of Ettercap,because it looks faster, however Ettercap GUI is better if your goal is to sniff packets.

In the terminal, type:
ettercap -T -q -F FILTERPATH -M ARP /VICTIMIP/ //

in our case:
ettercap -T -q -F /root/Desktop/filter.ef -M ARP /192.168.1.xxx/ //

BeEF+Ettercap:Pwning Marriage

-T:Starts the text interface.
-q:Less verbose, doesn’t show packet contents.
-F:Load filter at path.
-M:Attack type (ARP in this case)
/victim ip/ /victim 2/

BeEF+Ettercap:Pwning Marriage

Now everytime out victim goes to a HTTP site, the filter will be injected.
The only two problems:

  • If a web page uses instead of , just copy last if statement of the filter and paste under, replacing head with HEAD.
  • Sometimes, it could fail, for example looks like it doesn’t work very well on virtual machine, that’s why I recommend to install Kali Linux as a dual boot, or USB Live.
  • I hope this post will be useful, thank you for reading.
    Post in the comments about errors or mistakes I made.
    Sorry for eventual grammar errors, but I’m not mother tongue.

    It’s Now Completely Legal to Unlock Your Cell Phone??President Obama Signs Bill

    Update: August 1, 2014 Earlier today, President Obama signed into law the Unlocking Consumer Choice and Wireless Competition Act, making the act of unlocking your unsubsidized cell phone 100% legal. According to the White House, “the bill not only restores the rights of consumers to unlock their phones, but ensures that they can receive help doing so if they lack the technological savvy to unlock on their own.” Chalk this one as a major victory for consumers, and one of the now seemingly rare cases of our government coming together for the good of the people Continue reading

    Hack Like a Pro: How to Find Website Vulnerabilities Using Wikto

    Welcome back, my hacker novitiates! When we are trying to find vulnerabilities in a website to attack, we need a solid web server vulnerability scanner. Internet-facing web apps can open enormous opportunities for us as they are often riven with vulnerabilities and can often offer an entire point to the internal network and resources. Previously, I had showed you how to use nikto in Kali to find website vulnerabilities, but here I will show you a Windows-based tool called Wikto that includes all of the capabilities of the command-line nikto Perl script but with an easy-use GUI and extended features. Continue reading

    It Is Now Completely Legal to Unlock Your Cell Phone??President Obama Signs Bill

    Update: August 1, 2014 Earlier today, President Obama signed into law the Unlocking Consumer Choice and Wireless Competition Act, making the act of unlocking your unsubsidized cell phone 100% legal. According to the White House, “the bill not only restores the rights of consumers to unlock their phones, but ensures that they can receive help doing so if they lack the technological savvy to unlock on their own.” Chalk this one as a major victory for consumers, and one of the now seemingly rare cases of our government coming together for the good of the people. End Update Beginning early last year, fed-up consumers started a petition on WhiteHouse.gov to bring the freedom to unlock back to those who have paid for devices and want to take them to other carriers. Continue reading

    Linux Foundation Offering Free Linux Intro Course on August 1st (Normally $2,400!)

    To spread awareness and familiarity with the Linux OS, on August 1st the Linux Foundation is temporarily offering a free online course and certification program on edX that usually costs around $2,400 on their own training website. The course is entirely self-paced and online Continue reading

    Hack Like a Pro: How to Crack Passwords, Part 3 (Using Hashcat)

    Welcome back, my greenhorn hackers! Continuing with my series on how to crack passwords, I now want to introduce you to one of the newest and best designed password crackers out therehashcat. The beauty of hashcat is in its design, which focuses on speed and versatility Continue reading

    Hack Like a Pro: How to Crack Passwords, Part 2 ( Cracking Strategy)

    Welcome back, my hacker apprentices! Last week, I started off my password cracking series with an introduction on the principles and technologies involved in the art of cracking passwords. In past guides, I showed some specific tools and techniques for cracking Windows, online, Wi-Fi, Linux, and even SNMP passwords. This series is intended to help you hone your skills in each of these areas and expand into some, as yet, untouched areas. Continue reading

    Hack Like a Pro: How to Crack Passwords, Part 2 (Developing Your Cracking Strategy)

    Welcome back, my hacker apprentices! Last week, I started off my password cracking series with an introduction on the principles and technologies involved in the art of cracking passwords. In past guides, I showed some specific tools and techniques for cracking Windows, online, Wi-Fi, Linux, and even SNMP passwords. Continue reading

    Congress & President Obama Are About to Make Cell Phone Unlocking a Breeze

    Beginning early last year, fed-up consumers started a petition on WhiteHouse.gov to bring the freedom to unlock back to those who have paid for devices and want to take them to other carriers. Continue reading

    Hack Like a Pro: How to Find Exploits Using the Exploit Database in Kali

    Welcome back, my budding hackers! When we are looking for ways to hack a system, we need a specific exploit to take advantage of a certain vulnerability in the operating system, service, or application. Although I have shown you multiple ways to exploit systems here in Null Byte, there are still many more exploits available that I have not yet shown you. Remember, exploitation is very specific, there is no one silver bullet that will allow you to exploit all systems. Continue reading