Detecting Browser Plugins

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to detect all of the plugins available within the browser. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


Disabling Safebrowsing

August 6, 2009

These are the steps used to disable SafeBrowsing within the Firefox Browser. This can also be done using Edit->Preferences and selecting security, then unchecking “Block reported attack sites” and “Block reported web forgeries”. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


Virtualization Detection

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to detect the virtualization technology being used on by the client. This technique uses the MAC address with a regular expression to identify if the client is running on VMware, QEMU, VirtualBox or Amazon EC2. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


SMBenum (Software Detection)

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to detect software on the clients machine. This technique uses local rendering of GIF images with SMB within the browser. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


Visited URLs (Alexa Top 500)

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to identity all of the URL that the client has visited. This technique uses the CSS history to identify valid results. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


Malicious Metasploit Applet (via BeEF)

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to load a malicious Java Applet on the client. If the client runs the applet a connection from the client’s system to the attacker’s system is made using the Metasploit Exploitation Framework. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


Metasploit Autopwn (via BeEF)

August 6, 2009

This is a module from the Browser Exploitation Framework (BeEF) to perform an iframe redirection to Metasploit Browser Autopwn or a Browser Exploit. However, in this video, we used netcat (nc) instead of Metasploit. We configured netcat to listen and verify that the request was made to netcat. In exploitation, Metasploit would launch the exploit(s) against the client once the first request is made. This was demonstrated during “Unmasking You!” at BlackHat 09 and DEFCON 17 by Joshua “Jabra” Abraham and Robert “RSnake” Hansen.


Follow

Get every new post delivered to your Inbox.