Hack facebook credentials using BeEF


For those of you who don’t know, BeEF (the browser exploitation framework) is a tool that cleverly uses the browser’s built in functionality, javascript and other third party software against the user. What’s interesting is that it doesn’t rely on any exploit (although this is also possible) to get the job done, so even if you are fully patched, you can still be attacked using beef.
Initial compromise of the user’s browser usually relies on either XSS, luring the user to your own website containing malicious javascript or MITM injection of javascript. Once a user runs the beef hook javascript their browser silently connects back to the beef admin.

Today we going to use Pretty Theft Module in BeEF to compromise the credentials of Facebook.

The pretty theft module is a phishing module that uses floating divs to create legitimate looking fake login boxes that are displayed in the browser.

Pretty theft module  was originally created by Nickosaurus Hax and You can look at code here.

Currently its supports Safari, Firefox, Chrome, Opera (User is notified) browsers.

It’s a simple little module that will use a lightbox-style effect to darken the user’s browser and pop up a new div stating that their session has timed out – and that they need to reauthenticate. It also has the option to provide an image to put in the header of the div, so if you like, you can use the compromised site’s logo / favicon to make it feel a touch more authentic. Once the user has provided their user and password again, the page returns to its previous state, and you have their creds.

A potential extension for this module could be to use the collected creds to authenticate to a given login page in order to test the user’s credentials before returning them to the site.
This will have some other implications if the application doesn’t support multiple concurrent sessions, but would provide further authenticity to the user who couldn’t just enter in fake creds and be on their merry may.
The beef framework brilliantly demonstrates how lethal even the smallest bit of javascript can be and how important it is to use NoScript. Through modules like Pretty Theft it’s really easy to demonstrate the kinds of the attacks organisations are facing today and how to best defend against them.

If we want to try to Social Engineer them and grab their Facebook credentials we can go to the Social Engineering tab and click “Pretty Theft”. And then ‘Execute’.

Here i exploited the victims browser with XSS and executed the pretty theft command…

Screenshot from 2014-07-25 13:07:08

Screenshot from 2014-07-25 13:08:39

Screenshot from 2014-07-25 13:09:37

Screenshot from 2014-07-25 13:14:39

On the victim’s browser a pop up will appear.

Screenshot from 2014-07-25 13:17:19

Oh no! My Facebook timed out!

Screenshot from 2014-07-25 13:18:09

If the user fills in their creds and hits Log in, this appears in the BeEF control panel

Screenshot from 2014-07-25 13:27:46


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Didier Stevens

(blog \'DidierStevens)


Red Teamer and Security Addict

Digital Hacker

Digital Hacker


IT Security Research and Services


About assembler and stuff

Astr0baby's not so random thoughts _____ rand() % 100;

ψυχῆς ἰατρεῖον "Hospital of the soul"

Penetration Testing Academy

Education and Advice for Rookies

%d bloggers like this: