cybervillains.com.
2. The attacker browses to the /beef directory where the BeEF proxy was unzipped
on the web server??”for example, http://www.cybervillains.com/beef/.
3. The attacker is presented with an installation screen, where she needs to set
the URL to which BeEF victims will connect. Typically, the attacker sets this
to the default value of the site /beef. In this case, that would be http://www
.cybervillains.com/beef/.
4. The attacker clicks the Apply Con?¬? guration button and then the Finished
button. BeEF is now fully set up and ready to control victims. Figure 4-3 shows
an example of the post-installation administrative screen.
Figure 4-3 The BeEF proxy administrative interface
94 Hacking Exposed Web 2.0
5. The attacker can now perform a XSS attack against the victim and inject the
code , where http://www.cybervillians.com is the
attackers domain.
6. The victim??™s IP address should now show up automatically in the Zombie
Selection table on the left side of the administrative page. From this point, the
attacker can use any of the attacks in the Standard Modules menu section.
Pages:
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195