Browser Hooking + Credential Theft

The purpose of this post is to demonstrate how credentials can be stolen by combining 3 techniques: Man-in-The-Middle (MiTM) attack, Browser Hooking, and Social Engineering.

The setup here is that an attacker has (theoretically) gained access to the victim’s network.  Obviously there are many ways this could be accomplished but it could be as simple as the attacker and the victim using the same wireless network at a coffee shop.

Attacker box is running Kali Linux with an IP address of 172.17.130.69
Victim is running a fully patched Windows 7 OS with fully patched IE 11  with an IP address of 172.17.130.44

The first thing we do is start up the BeEF Framework on our Kali box. BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Capture1

After it’s running, we need to make note of the “Hook URL” and the “UI URL” that begin with 172.X.X.X.

Capture2

We login to the BeEF Framework website by browsing to the “UI URL” that we made note of in the previous step.  The default username/password is: beef/beef

Capture3

Once logged in, we see the below screen.

Capture4

Inside another terminal (don’t close the one used to start up BeEF), we need to discover the default gateway on the network and also a victim in order to perform the MiTM attack. The below command will give us the info we need.

Capture5

We can also now nmap the subnet to find a suitable victim.

Capture6

Rather than unnecessarily disclose an entire subnet’s worth of devices for this post, I’m choosing to focus on my Windows 7 test box, which is listed below.

Capture7

We now have sufficient information to implement our MiTM attack while also simultaneously injecting the “Hook URL” into the victim’s packet stream. The technique used to achieve the MiTM attack is a simple ARP spoof.  MiTMf (as seen in the terminal window below) is the tool used to achieve both attacks.  I don’t believe this comes with Kali Linux and  can be downloaded/installed using apt-get install mitmf (I think).

Capture8

Below is the output of the executed command.

Capture9

On our Windows 7 box, we can see/verify/note it’s IP configuration.

Capture10

Again, on our Window’s 7 box, we open IE 11 – which stupidly defaults to non-secured MSN homepage…

Capture10.2

As we do that, we can see on our Kali box that the browser has now been effectively “hooked”.

Capture11

Now that the browser has been hooked, we have many options available to use within the BeEF Framework. Below I’ve chosen to use a module that will attempt to “trick” (social engineering) the victim into inputting their Facebook credentials into a pop-up window.

Capture12.2

Back on our Windows 7 box, we see that the browser has been presented the victim with the credential box.

Capture13

If the victim inputs anything into the input fields, that data is captured and able to viewed within BeEF – as seen below.

Capture14

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s