While working on a VM for a class, I had the opportunity to install BeEF for the students. This was the first VM I have built using Ubuntu 18.04, so I expected there to be a few hiccups along the way. The good news is that the process was pretty straight forward and simple. Here are the steps to getting this up and running on Ubuntu 18.04.
I started off by creating a new virtual machine using Ubuntu 18.04. I won’t go through the steps of creating a new virtual machine image, but the takeaway here is that I am starting with a fresh Ubuntu system.
The BeEF team has put together some simple instructions for installing the application (https://github.com/beefproject/beef/wiki/Installation). This walk through follows these instructions pretty close, with one exception to clear up an error we will see along the way (or at least an error I saw).
The first thing I am going to do is install Ruby on my Ubuntu 18.04 image. To do this we want to run the following command:
sudo apt install ruby ruby-dev
The next step is to get the BeEF source files. We will get these from git. If you haven’t installed git, make sure to run the following command first:
sudo apt install git
Once git is available, we can clone the git project with the following command:
git clone https://github.com/beefproject/beef
This will download the source files for BeEF. Next, move into the beef directory:
This is where the I started to run into an issue. The original beef instructions say to just run:
However, when I did this, I received a permission error. To resolve that I ran:
There is probably a way to fix this permission error without running as sudo.. but I didn’t investigate that further.
Once the installation was successfully completed, I ran:
I was quickly greeted with the following error:
Traceback (most recent call last):
4: from ./beef:44:in `<main>’
3: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require’
2: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require’
1: from /home/demo/beef/core/loader.rb:17:in `
/home/demo/beef/core/loader.rb:17:in `require’: cannot load such file — xmlrpc/client (LoadError)
After digging around, I found that ubuntu 18.04 by default installs Ruby 2.5, which apparently doesn’t have the xmlrpc/client embedded. To fix this, we just need to tell BeEF that it needs this gem. To fix this, I modified the Gemfile file following these steps:
rm Gemfile.lock – Do this first to remove the lock file. Click Y to remove it.
sudo nano Gemfile
In the file, add the following line:
Save the file and re-run the installation:
At this point, the installation should be successful. Try running the following command:
You should see something like the following:
demo@ubuntu:~/beef$ ./beef [ 6:41:32][*] Browser Exploitation Framework (BeEF) 0.4.7.0-alpha [ 6:41:32] | Twit: @beefproject [ 6:41:32] | Site: https://beefproject.com [ 6:41:32] | Blog: http://blog.beefproject.com [ 6:41:32] |_ Wiki: https://github.com/beefproject/beef/wiki [ 6:41:32][*] Project Creator: Wade Alcorn (@WadeAlcorn) [ 6:41:33][*] BeEF is loading. Wait a few seconds... [ 6:41:38][*] 8 extensions enabled. [ 6:41:38][*] 301 modules enabled. [ 6:41:38][*] 2 network interfaces were detected. [ 6:41:38][*] running on network interface: 127.0.0.1 [ 6:41:38] | Hook URL: http://127.0.0.1:3000/hook.js [ 6:41:38] |_ UI URL: http://127.0.0.1:3000/ui/panel [ 6:41:38][*] running on network interface: 192.168.116.139 [ 6:41:38] | Hook URL: http://192.168.116.139:3000/hook.js [ 6:41:38] |_ UI URL: http://192.168.116.139:3000/ui/panel [ 6:41:38][!] Warning: Default username and weak password in use! [ 6:41:38] |_ New password for this instance: ec04906c30d928fb857 [ 6:41:38][*] RESTful API key: 6bd0b11e772df40 [ 6:41:38][*] HTTP Proxy: http://127.0.0.1:6789 [ 6:41:38][*] BeEF server started (press control+c to stop)
Notice that there is a “New password” configured here. This is because by default beef sets the username/password to beef/beef. As this is a default, hard-coded password, it is insecure. To fix this, beef detects the default and creates a new temp password to protect the instance. It is recommended to update the username and password to your instance.
Updating the Password
To change the password stop beef by typing ctrl+c. Now, we will edit the config.yaml file:
sudo nano config.yaml
You should see something like this:
beef: version: '0.4.7.0-alpha' # More verbose messages (server-side) debug: false # More verbose messages (client-side) client_debug: false # Used for generating secure tokens crypto_default_value_length: 80 # Credentials to authenticate in BeEF. # Used by both the RESTful API and the Admin interface credentials: user: "beef" passwd: "beef" # Interface / IP restrictions
Modify the user and passwd fields to your own values and then save the file using ctrl+x.
When you restart BeEF and go to the ui panel you should now be able to login with your new credentials.
There should be a way to install the application without using sudo ./install. This should be checked so you don’t install using root permissions. This is a non-production image for me to use for student training.
Make sure you change the default username and password to help lock down your instance.
This tutorial is for educational purposes only. Hacking without permission is illegal and should not be done.