[TUT] Exploiting XSS Vulnerabilities Using BeEF [Tutorial]
Hello Brothers. As I have seen there is not a tutorial about XSS exploiting via BeEF so I thought I would help you by bringing this.
This is for the people that claim XSS finds are useless and nothing can be exploited further than a simple JavaScript alert pop up. For those of you who do not already know today I will introduce you to a nifty tool called BeEF. It has a user friendly interface controlled via browser which is nice as its not just command line orientated. Start by first loading it from your box.
This is for the people that claim XSS finds are useless and nothing can be exploited further than a simple JavaScript alert pop up. For those of you who do not already know today I will introduce you to a nifty tool called BeEF. It has a user friendly interface controlled via browser which is nice as its not just command line orientated. Start by first loading it from your box.
Code:
$./beef
This tool is also found on Backtrack.
So we run it and are faced with this:
So we run it and are faced with this:
This pretty much just starts the server and has it ready for action. Now go to:
Code:
IP/beef/![[Image: screenshot_12.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_siR7fkfR7dLUfnl-hdzYLmHxWAJ1zIevRHtn3MPQ03tZQ7wOX_7-F9HVZZGe8YYOE58nP3UR6iozAvOxStsfOTNIbIFDGB-2DVPPwNf52aWN1GGuHn=s0-d)
Pretty self explanatory and as you see they provide you with a default login password. Once your satisfied with that click "apply config" and you will be logged into the BeEF interface with all of its capability's just waiting to catch zombies.
Play around and get used to the different features. I am not going to explain them. To start catching zombies you need to trigger the beefmagic.js.php file in the victims browser. This acts like a silent browser exploit. It has to be triggered via XSS though. Below is an example of how your evil script should look:
Play around and get used to the different features. I am not going to explain them. To start catching zombies you need to trigger the beefmagic.js.php file in the victims browser. This acts like a silent browser exploit. It has to be triggered via XSS though. Below is an example of how your evil script should look:
![[Image: screenshot_13.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uE2svGEtj93dq_yRB_puEOWt-nF3Nm9xECX4Ezvhf_F34izyjRCQ7PX3evEFrd0Dh8GJp4f4LavosqLMe16mNZXCMQV0piPH8Fj-UtsOMsUwW_VPtD=s0-d)
Once you have a zombie it will look like below:
![[Image: screenshot_14.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tEK9JTuoad_2wezIQg_92_vbE9nIUitktTGtw02EdY3izX6OiYjgEkk1I_Yner4iyAaHynXiRNpN5YtiF47P5kGwm_Soj4pC3NBjufEi347SlPDEE=s0-d)
From here its almost like a Trojan horse client. You can run commands and even Metasploit exploits against your victim. Other fun things include finger printing their machine. Creating pop ups to scare them. Capturing their logs 
and even using their browser as a proxy. So as you can see A LOT Of damage can be caused via XSS.
Use your imagination and this tool to the best of its capability's. It might prompt you to take these 'easy' level XSS challenges a step further.
Hope you's enjoyed and maybe learned something new.
and even using their browser as a proxy. So as you can see A LOT Of damage can be caused via XSS.Use your imagination and this tool to the best of its capability's. It might prompt you to take these 'easy' level XSS challenges a step further.
Hope you's enjoyed and maybe learned something new.
Thanks ![[hmmm]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tJgukxQHbP4FPWRjOyQ5YmXytFVlOvyj7LtzoHYkuxi-qn9AQirNtCt5CkMzKJukUNxjx3jStV6RIWpycWI1w2_3sT_aZgbduZ6NvTK-TtZQhSKimsxYfd=s0-d)
![Sqli from Android!!![Tutorial]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_spY114gglAfCgh6vXDU5gl9MMl_ycXdxftTYCJWk1hAvvE0GMcii4BE-1jWZDD06rM0F4TFi7oHOfmUke0_0pi9Y7bQwTWVFQ=s0-d)
![[TUT] Exploiting XSS Vulnerabilities Using BeEF [Tutorial]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tiNF12CmFKU8MeCcMdF8fehTpzk2xEbKohwIjO70Ug1qf4e-j1K17g04-7c17LIIy-R9RPWrHW0FwxBPKxIk85v68kMEIskmM=s0-d)
Hello everyone, I have tried blackhatservers@gmail.com and i have confirmed her good work among all of this hackers out there ,she helped me hack my cheating partner whatsapp, facebook and cell phone number. I listened to all his calls and I was able to get good evidence for my attorney for divorce. It was really a big surprise to me but glad I gave a try. Contact her for similar issues on blackhatservers@gmail.com and
ReplyDeleteconsider your big problem solved
DO YOU NEED A PROFESSIONAL HACKER?
DeleteHiring a hacker these days is a bit difficult because lots of people fall for scams. Does that mean there aren't real hackers online? NO definitely!!
We prove ourselves beyond reasonable doubts on all Hacking jobs. Be sure you are making the right decision. Don't just make payment without knowing what approach specifically. You need a professional hacker?
We have a list of hackers on our platform of which we will recommend to you after you contact us:
1. Alexander D.
Specialties: Ethical Hacker, Penetration Tester and Malware Removal Expert: Information Security, Network Security, Penetration Testing, Internet Security bypass, Vulnerability Assessment, Wireless Security bypass, and Website hacking.
Country: Ukraine
$35/hr
2. Adrian R.
Specialties: Experienced Manager and Penetration Tester with a DevSecOps Background: Network Security, Penetration Testing, Linux System Administration, Python, Product Management, Project Management, Windows Administration.
Country: United States
$50/hr
3. Matthew M.
Professional Penetration Tester & Information Security Expert
Specialties :Information Security, Network Security, Penetration Testing, Security Analysis, Internet Security, Digital Forensics, Ethical Hacking, Web Application Security.
Country: United States
$120/hr
4. Micheal K.
Specialties: Penetration Tester (Ethical Hacker):
Network Security, Network Pentesting, Network Monitoring.
Country: United states.
$150/hr
And a lot of other team members to be mentioned.
Be safe out there!
YOU CAN CONTACT US AT
Email: contracthacks@gmail.com
303 Second St., Suite 900 South Tower,
San Francisco, CA 94107
BITCOIN WALLETS SUPPORT TEAM
DeleteDO YOU KNOW that there are thousands of "Request Tickets" sent every single day to support teams on bitcoin trading platforms? For example; COINBASE, BLOCKCHAIN, PAXFUL, REMITANO, LUNO, HITBTC, BINANCE, LOCALBITCOINS, KPAKEN, BITFINEX and so many more!
Now how do you expect them to answer you in few minutes and solve your problems 100%?!
How long will you wait?
Today's support team on different bitcoin trading platforms are not completely reliable as you will be told to hold on and you will be attended to probably after a month because there are thousands of customers to attend to.
On different platforms of bitcoin trading, a team of professional hackers came together on contract to provide swift help to Bitcoin traders having any issues with their accounts which were not attended to by their Support Team on their trading platform.
The purpose of this team is to manage customer queries by using the RIGHT TOOLS we need to delight our customers without compromising on quality in order not to make customers feel challenged to gain our assistance!
Our team support doesn't stop at asking mere questions. They take your feedback, mix it with some crypto insights and turn it into a better experience for our users every single day!
LOST ID OR PASSWORD
SMARTPHONE HACKING
DELETED MESSAGES
CLEARING OF CRIMINAL RECORDS
LOST EMAIL ACCOUNTS
LOST FACEBOOK ACCOUNTS
HACKED ACCOUNT RECOVERY
STOLEN BITCOINS
PHISHING OF BITCOIN ACCOUNT
LOGIN ERRORS
SCAM DURING BITCOIN TRADINGS
And any other issue can be resolved by us without stress. Chat with us. Thousands of customer issues are resolved within minutes every day!
For the fastest resolution to all issues, please contact our Support Center prior to submitting a request.
To assist us in resolving your issue as quickly as possible, please provide specific information such as digital currency addresses, payment codes, or the exact error message displayed!
Contact our support team for further assistance:
Cryptoteamsupport@protonmail.com
Contracthacks@gmail.com
Hacktech@hackermail.com
303 Second St., Suite 900 South Tower,
San Francisco, CA 94107
CRYPTO ACCOUNT TAKEOVER (ATO) FAKE INVESTMENT & OTHER TROUBLESHOOT . attacks are on the rise and they are costing individuals, businesses, and organizations significant financial and damage that are often difficult to recover quickly. When it comes to Binary Options, there are quite people who have been taken for a ride by a Brokers and at a result of this many have lost a large amount of money to Fake Binary Option Scammers
DeleteCybercriminals use stolen credentials such as usernames and passwords obtained by malware and social engineering to gain sensitive information, and they’re using that same data to access websites and banks/Bitcoin accounts wallet to transfer money, execute fraudulent transactions and bring people down to a Zero point financially.
D-hackers is a multinational equipped Hackers come together as a team to track down & to recover whatever that has being stolen from you from the most difficult internet SCAMMERS. NOTE!! We've received countless heartbreaking reports of notorious cyber scammers and we’ve successful recover them back.
contact us on
1⃣Binary Recovery.
2⃣Files Recovery
3⃣School Grades Change & Exam Questions
4⃣Password Bypass / Recovery
5⃣Malware Removal / Criminal Record Expunge
6⃣Blank ATM Card
7⃣Social Media Hack
8⃣Remote Mobile Monitoring & Hacking
9⃣ Credit Repair
🔟Private Key Reset
Relate whatever it is to City Center Of Binary Option Service & allow us give you positive result with our hacking skills. Visit our BLOG page Dhackerspot.com
Email 📩 binaryoptionservice01@gmail.com pointekhack@gmail.com cyberhackertap@gmail.com we Guarantee you up to %85
REMEMBER YOUR HAPPINESS IS OUR PRIDE
CRYPTO ACCOUNT TAKEOVER (ATO) FAKE INVESTMENT & OTHER TROUBLESHOOT . attacks are on the rise and they are costing individuals, businesses, and organizations significant financial and damage that are often difficult to recover quickly. When it comes to Binary Options, there are quite people who have been taken for a ride by a Brokers and at a result of this many have lost a large amount of money to Fake Binary Option Scammers
DeleteCybercriminals use stolen credentials such as usernames and passwords obtained by malware and social engineering to gain sensitive information, and they’re using that same data to access websites and banks/Bitcoin accounts wallet to transfer money, execute fraudulent transactions and bring people down to a Zero point financially.
D-hackers is a multinational equipped Hackers come together as a team to track down & to recover whatever that has being stolen from you from the most difficult internet SCAMMERS. NOTE!! We've received countless heartbreaking reports of notorious cyber scammers and we’ve successful recover them back.
contact us on
1⃣Binary Recovery.
2⃣Files Recovery
3⃣School Grades Change & Exam Questions
4⃣Password Bypass / Recovery
5⃣Malware Removal / Criminal Record Expunge
6⃣Blank ATM Card
7⃣Social Media Hack
8⃣Remote Mobile Monitoring & Hacking
9⃣ Credit Repair
🔟Private Key Reset
Relate whatever it is to City Center Of Binary Option Service & allow us give you positive result with our hacking skills. Visit our BLOG page Dhackerspot.com
Email 📩 binaryoptionservice01@gmail.com iPhancyberhack@gmail.com cyberhackertap@gmail.com we Guarantee you up to %85
REMEMBER YOUR HAPPINESS IS OUR PRIDE
Contact Vigilante Hacktivist today! at jakub.maciejewskiATyandex.com Anonymous Hacktivist is Here to HELP you! Report any injustice from anyone or any hacker.University grades changing Facebook hack,Email interception hack,Email accounts hack,Grade,Changes hack,Website crashed hack,Word Press Blogs hack,Retrieval of lost file/documents, Erase criminal records hack,Databases hack,Sales of Dumps cards of all kinds,Untraceable Ip,Bank accounts hack,Individual computers hack,Websites hack, Control devices remotely hack,Burner Numbers hack,Verified Paypal Accounts hack.
ReplyDeleteI strongly advice you to CONTACT CYBERHACKANSWERS@GMAIL.COM if you suspect your partner cheating on you last week a friend referred me to them and greatly they gave me access into his cell phone and all his social media accounts such as facebook WhatsApp and so much more Nobody deserves to be cheated on if you have got similar problem now start by sending them an Email stating what you want they would help you or call +1 518 633 5229
ReplyDeletehello everyone. I want to recommend (gadgethacksolutions) on instagram or WhatsApp : +12678773020 for helping me getting access to my girlfriends mobile phone. He was reliable and trustworthy. you can contact him if you need help. He will surely help you. I am grateful I met him
ReplyDeleteMy husband and i got Married last 3 year and we have been living happily for a while. We used to be free with everything and never kept any secret from each other until recently everything changed when he got a new Job in NewYork 2 months ago.He has been avoiding my calls and told me he is working,i got suspicious when i saw a comment of a woman on his Facebook Picture and the way he replied her. I asked my husband about it and he told me that she is co-worker in his organization,We had a big argument and he has not been picking my calls,this went on for long until one day i decided to notify my friend about this and that was how she introduced me to Mr James a Private Investigator who helped her when she was having issues with her Husband. I never believed he could do it but until i gave him my husbands Mobile phone number. He proved to me by hacking into my husbands phone. where i found so many evidence and proof in his Text messages, Emails and pictures that my husband has an affairs with another woman.i have sent all the evidence to our lawyer.I just want to thank Mr James for helping me because i have all the evidence and proof to my lawyer,I Feel so sad about infidelity. i contacted him on gmail (worldcyberhackers) or text/whatsapp : +12678773020
ReplyDeleteRecovery Abet Is An Experienced Private Hacking & Recovery Organization with it’s uniquity in handling tasks on a top notch level. We help you recover your lost Bitcoin (BTC), ETH and TBC. Service takes within 48 hours. Contact email address - ALEXGHACKLORD@GAMiL .com. Hacking Services that you will find here at: ALEXGHACKLORD@GMAIL .com are custom to fit your requirements. A professional and experienced hacking team providing hacking services for a variety of client’s needs. Specialize in different hacking services some of which are ;
ReplyDelete* Stolen funds recovery from any Binary platform which takes just within 24 hours.
* Change School Grade
* I render LOANS of any amount only with capable customers
* Bank jobs
* Stolen or Lost BTC, TBC and ETH recovery
* Database hack
* Remove Criminal Records
* Facebook hack
* Gmail hack
* Whatsapp hack
* Website hack
* Tracking calls
* Phone clone
* Online records changes
* Retrieval of hacked social media accounts
* University grades
* Android and iphone hack
* Twitter hack
* Any website hack
If you are looking for a team of professional hackers that specializes in genuine hacking services.
Contact email - ALEXGHACKLORD@GMAIL. COM
WE CAN HELP YOU TRACE THE ACTUAL LOCATION OF THE PERSON AND DO WHATEVER YOU REQUEST TO THE PERSON’S COMPUTER.
IS ANYONE BLACKMAILING YOU ONLINE? AND YOU WANT ME TO GET INTO THEIR COMPUTER AND DESTROY DATA AND EVIDENCES AGAINST YOU?
A service you wish was listed but isn’t? contact us:::::::ALEXGHACKLORD@GMAIL. COM
A highly recommended private investigator/computer expert on here ,you must have heard or seen a user on here recommend him before. He's got great hacking skills... you should hit him up me for all Infidelities issues,insecurity and spying related....he is spynetprofessionalhackers He has a lot to offer on his database easily reach him on SPYNETPROFESSIONALHACKERS@GMAIL.COM and know where you stand in your relationship I can always vouch for him.
ReplyDeleteGet in touch with jeajamhacker@gmail.com if you have problems with your spouse cheating on you cause this is the only solution you need in getting a lot of proof from your spouse phone, jeajamhacker is reliable and affordable he has been the one working for me before i got married. With this hacker i was able to detect the good and bad from my past relationship cause i was always catching my ex girl friends red handed. This hacker is powerful and i trust him with my life that he will help you Thanks.
ReplyDeleteI love my family yes but my wife has betrayed the love and trust i had for her ever since i caught her cheating on me with my best friend. Thank you Spyexpert0@gmail.com for the help in helping me catch my partner without any notice am really grateful.
ReplyDelete
ReplyDeleteThere is an Intelligent and Professionally Skilled Genius hacker that is trusted 100% and very effective that I got help from recently via the contact;Alexghacklord@gmail!com I've gotten help from their team to hack and clone my spouse cell phone without having access to the phone. It's so amazing that they can successfully hack into any-device within a couple hours. The most interesting part is that within few hours, he'll get you the hacked information at a very affordable prize in just few hours. I was so happy to come in contact with the right team for the very first time since I've been searching for a Honest and reliable hacker with professional hack services. Some of the services I got from this hacker include: Hacking Texts, call directory, deleted texts, Facebook, Whatsapp, Snapchat, Instagram and other social media accounts. Monitoring and tracking cell phones and other mobile devices is absolutely nothing to worry about anymore.
Get hidden information's about your spouse secretly without any trace with the help of verifiedprohackers@gmail.com
ReplyDelete
ReplyDeleteAre you interested in the service of a hacker to get into a phone, facebook account, snapchat, Instagram, yahoo, Whatsapp, get verified on any social network account, increase your followers by any amount, bank wire and bank transfer. Contact him on hackintechnology@gmail.com +12132951376(WHATSAPP)
I was so anxiuos to know what my husband was always doing late outside the house so i started contacting hackers and was scamed severly until i almost gave up then i contacted this one hacker and he delivered a good job showing evidences i needed from the apps on his phone like whatsapp,facebook,instagram and others and i went ahead to file my divorce papers with the evidences i got,He also went ahead to get me back some of my lost money i sent to those other fake hackers,every dollar i spent on these jobs was worth it.Contact him so he also help you.
ReplyDeletemail: premiumhackservices@gmail.com
text or call +1 4016006790
I was so anxiuos to know what my husband was always doing late outside the house so i started contacting hackers and was scamed severly until i almost gave up then i contacted this one hacker and he delivered a good job showing evidences i needed from the apps on his phone like whatsapp,facebook,instagram and others and i went ahead to file my divorce papers with the evidences i got,He also went ahead to get me back some of my lost money i sent to those other fake hackers,every dollar i spent on these jobs was worth it.Contact him so he also help you.
ReplyDeletemail: premiumhackservices@gmail.com
text or call +1 4016006790
ReplyDeleteHi. I ran over a generally excellent Programmer Goatse Security. They have assisted with a ton of issues like Telephone Hack, Record Hack, Clear Obligations, Evaluation update, criminal records help E.t.c They have spared my life. Contact: sgoatse@gmail.com
Text + 12059000668 GoodLuck
Hi.I ran over a by and large incredible Software engineer Goatse Security. They have helped with a huge load of issues like Phone Hack, Record Hack, Clear Commitments, Assessment update, criminal records help E.t.c They have saved my life, Contact: sgoatse@gmail.com
ReplyDeleteText +12059000668
GoodLuck.
HAVE YOU BEEN IN SEARCH FOR GENUINE HACKER'S ONLINE?. HAVE YOU LOST YOUR MONEY TO BINARY OPTION SCAM OR ANY ONLINE SCAM WHATSOEVER?. WELL, YOU HAVE FOUND REDEMPTION IN ASORE CORP.
ReplyDeleteasorehackcorp@gmail.com
Asore Corp is a group of multinational Hacker's, an affiliate of Evil Corp. We make sure by all means necessary that our clients get the best of services on a��PAYMENT AFTER JOB IS DONE BASIS✅. Rather than send money and trust a criminal to fulfill your deal, you can make sure the job is done before WORKMANSHIP is paid for. You'll get excellent customer service.
That's a 100% guarantee. Our Cyber security Technicians are on standby 24/7 to receive your job requests.
⚠️ BEWARE OF FRAUDSTARS looking to hoax.
if you have been a VICTIM, contact : ✉️cyberprecinct@gmail.com for directives.
Here, it's always a win for you.
��OUR SERVICES��
➡️Binary Option funds recovery
➡️Social media hack
➡️Recovery of loan scam
➡️Credit repair (Equifax,Experian,Transunion)
➡️E mail hack
➡️College score upgrade
➡️Android & iPhone Hack
➡️Website design
➡️Website hack
And lots more.
DISCLAIMER: Asore Cyber Corp accepts no responsibility for any information,previously given to anybody by clients on as regarding the job. Asore Cyber Corp will not distribute contact information collected on any hacking job other than in the Asore corps Hacker's listings themselves, and will not sell contact information to third parties.
CONTACT INFO:
�� asorehackcorp@gmail.com
cyberprecinct@gmail.com
Copyright ©️
Asore Cyber Corp 2021.
All rights reserved.
I was lucky to meet this Private investigator who helped me rebuild my marriage when i thought i have lost it all contact him now on whatsapp +1 6026094730 or email him danieldimitri1@outlook.com
ReplyDeleteBARNESHACK INTEL is a Group of Multinational Hackers. An affiliate of Evil Corp. We make sure by all means necessary that our clients get the best of services on A PAYMENT AFTER JOB IS DONE BASIS. Rather than send money and trust a criminal to fulfill your deal, you can make sure the job is done before WORKMANSHIP is paid for. You'll get excellent customer service.
ReplyDeleteThat's a 100% guarantee.
BEWARE OF FRAUDSTARS
if you have been a VICTIM,
Contact:
barneshack9@gmail.com OR kelchambers60@gmail.com for directives.
Here, it's always a win for you.
Without any Reasonable doubts, it is no news that BARNESHACK INTEL offer one of the best Hacking services world wide.
Amongst others, services we offer are listed as follows :
[ ] Binary Option funds recovery
[ ] Social media hack
[ ] Recovery of loan scam
[ ] Recovery of dating scam
[ ] E mail hack
[ ] College score upgrade
[ ] Android & iPhone Hack
[ ] Website design
[ ] Website hack
Etc.....
CONTACT:
Email-: barneshack9@gmail.com OR kelchambers60@gmail.com
Cell number-: +1 (240) 339-3355
Copyright ©
BARNESHACK Intel 2021.
All rights reserved.
Contact this guy for problems such as hacking emails, Facebook, Twitter, Instagram, note changes, deleting criminal records, credit and debit refill, reloading insurance documents, lost or lost file recovery, background check of people and organizations Monitor your spouse's activities regarding the phone and social media and contact him at albertgonzalezwizard (@) gmail com or whatsapp +31684181827 Telegramm: +31687920980 he is very trustworthy.
ReplyDeleteI would strongly love to recommend the services of the best team of dark web hackers. They are professional and very discreet in carrying out their jobs, they have the best customer service agents and satisfaction at heart. If you have any services you wish to contact them for, go on albertgonzalezwizard (@) gmail com / Whatsapp +31684181827 or Telegram: +31687920980. They help track and monitor your cheating partner's phone without his idea, clear or erase criminal records as well as repair a bad credit score, all social media hacks,funds recovery and many others.
ReplyDeleteI just have to introduce this hacker that I have been working with him on getting my credit score been boosted across the Equifax, TransUnion and Experian report. He made a lot of good changes on my credit report by erasing all the past eviction, bad collections and DUI off my credit report history and also increased my FICO score above 876 across my three credit bureaus report you can contatc him for all kind of hacks . Email him here via Email him here via hackintechnology@gmail.com or whatsapp Number: ++1 410 635 0697.
ReplyDelete