Kali下beEF关联metasploit的攻击模块
首先我们需要了解下beEF和metasploit的几个目录,
beEF的目录在:/usr/share/beef-xss下,
metasploit的两个目录分别是:/opt/metasploit 与 /usr/share/metasploit-framework
一、进入
root@kali:/usr/share/beef-xss#
二、使用vim编辑器打开
root@kali:/usr/share/beef-xss# vim config.yaml
找到113行,修改false 为true,然后保存
112 metasploit:
113 enable: false 改成true
三、进入
root@kali:/usr/share/beef-xss/extensions/metasploit#
编辑 config.yaml 文件,将内容中127.0.0.1换成你的机器地址,
1 #
2 # Copyright (c) 2006-2014 Wade Alcorn – wade@bindshell.net
3 # Browser Exploitation Framework (BeEF) – http://beefproject.com
4 # See the file ‘doc/COPYING’ for copying permission
5 #
6 # Enable MSF by changing extension:metasploit:enable to true
7 # Then set msf_callback_host to be the public IP of your MSF server
8 #
9 # Ensure you load the xmlrpc interface in Metasploit
10 # msf > load msgrpc ServerHost=10.211.55.2 Pass=abc123
11 # Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
12 # Also always use the IP of your machine where MSF is listening.
13 beef:
14 extension:
15 metasploit:
16 name: ‘Metasploit’
17 enable: true
18 host: “192.168.34.220”
19 port: 55552
20 user: “msf”
21 pass: “abc123″
22 uri: ‘/api’
四、如何加载;
msf > load msgrpc ServerHost=192.168.34.220 Pass=abc123
[*] MSGRPC Service: 192.168.34.220:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: abc123
[*] Successfully loaded plugin: msgrpc
msf >
五、启动BeeF
root@kali:~# cd /usr/share/beef-xss/
root@kali:/usr/share/beef-xss# ./beef
[17:28:28][*] Bind socket [imapeudora1] listening on [0.0.0.0:2000].
[17:28:28][*] Browser Exploitation Framework (BeEF) 0.4.4.9-alpha
[17:28:28] | Twit: @beefproject
[17:28:28] | Site: http://beefproject.com
[17:28:28] | Blog: http://blog.beefproject.com
[17:28:28] |_ Wiki: https://github.com/beefproject/beef/wiki
[17:28:28][*] Project Creator: Wade Alcorn (@WadeAlcorn)
[17:28:30][*] Successful connection with Metasploit.
[17:28:42][*] Loaded 293 Metasploit exploits.
[17:28:43][*] BeEF is loading. Wait a few seconds…
