Skip to content

ykankaya/beef-drive

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

arerules

arerules

 
 

core

core

 
 

docs

docs

 
 

extensions

extensions

 
 

liveCD

liveCD

 
 

modules

modules

 
 

test

test

 
 

tools

tools

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

INSTALL.txt

INSTALL.txt

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

VERSION

VERSION

 
 

beef

beef

 
 

beef.db

beef.db

 
 

beef_cert.pem

beef_cert.pem

 
 

beef_key.pem

beef_key.pem

 
 

config.yaml

config.yaml

 
 

install

install

 
 

install-beef

install-beef

 
 

update-beef

update-beef

 
 

Repository files navigation

beef-drive

Description

This is a special version of the BeEF implementing all communications with its hooked browsers (zombies) via Google Drive service.

At the present time Browser Exploitation Framework (BeEF) implements communications with hooked browsers using standard mechanisms (e.g., XMLHttpRequest, WebSockets). It also supports experimental WebRTC-based mechanism for creation a hooked browser meshed-network. The main purpose of the last mechanism is avoiding tracking of post-exploitation communication with BeEF command and control server.

We propose to use an alternate approach against tracking of BeEF servers and its post-exploatation communications with zombies. The main idea is to use storage covert channel communications over known and popular cloud web services, for example Google Drive, by using it as shared resources between BeEF server and hooked browsers. In this case there is no direct communication between BeEF server and zombies: All of them communicate only with Google API servers. The implementation is based on Google Drive file system primitives and its API.

Installation

  1. Create an API key and OAuth 2.0 client ID using Google Developers Console.

  2. In your Drive create a folder with name answers to store answers from zombies, a folder with name init to store initial information from zombies, and a file with name keychain.txt to store your API key. Save IDs of these folders and file. You can use any names for folders and file. The above names are used as an example only.

  3. Clone the beef-drive. Install all dependencies that are required for BeEF.

  4. Add the IDs from step 2 to the following files:

    • core/main/client/gdrive.js:

      • api_key - Google OAuth2.0 API key
      • answers_folder_id - ID of the answers folder
      • init_folder_id - ID of the init folder
      • keychain_file_id - ID of the keychain.txt file

    • extensions/gdrive/gdrive.rb

      • client_id - Google OAuth 2.0 client ID
      • refresh_token - Google OAuth 2.0 refresh token
      • client_secret - Google OAuth 2.0 client's secret
      • @@answer_folder_id - ID of the answers folder
      • @@init_folder_id - ID of the init folder
      • @@key_file_id - ID of the keychain.txt file

  5. Run the beef:

    ruby beef

Slides

The slides from our talk at Zero Nights 2015 are available here.

Video

The demonstration is available here.

Team

  • Denis Kolegov
  • Oleg Broslavsky
  • Nikita Oleksov

Links

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 58.2%
  • Ruby 33.6%
  • CSS 3.8%
  • HTML 1.3%
  • Assembly 1.0%
  • ActionScript 0.8%
  • Other 1.3%