BeEF XSS Framework is awesome. However, I wasn't getting good results on port 3000. I have the feeling the firewall on or between the target host was blocking this port. To test this, I wanted to start Beef on port 80 and launch the attack.
However, beef-xss runs as a user by that name in Kali, and standard users cannot use privileged ports (below 1024). There's several methods of fixing this, including a redirect with iptables. However, the best method seems to be using authbind.
Here's a good tutorial and the Debian admin page for authbind if you don't already know what it is. The best TLDR I can come up with is this. Authbind creates a set of folders. If you place a file named 80 in the folder 'byport', set ownership of that file to the unprivileged user and then launch a program prefixed by authbind, it will allow that user to run any program on port 80. So it's very straightforward to setup.
- Create file
- Set ownership/permissions
- Prepend command with authbind.
Anyway, that's now what you're here for. How do we do this with beef? The problem is beef, launching as a service, doesn't properly inherit the authbind prepend if launched from the command line. Here it is from the top.
# apt-get install authbind
# cd /etc/authbind/byport
# touch 80
# chown beef-xss 80
# chmod 500 80
This is the the difficult part I mentioned. From here if we simply do
# authbind beef-xss the beef-xss script will launch the service and not inherit the authbind. If we add it within the script, the service will launch without authbind prepended, so we have to drill down into the service.
# vim /etc/init.d/beef-xss
You should see the following on line 39-41
start-stop-daemon --start \
--user beef-xss \
Add authbind --deep to line 40, just before "start-stop-daemon". The --deep command allows it to spawn sub instances, if necessary, on port 80. Otherwise these instances will die due to the usual lack of permissions.
authbind --deep start-stop-daemon --start \
--user beef-xss \
now you should be able to run beef-xss on port 80. Edit /etc/beef-xss/config.yaml and edit the port number on about line 29 to make this persistant, or run
/usr/share/beef-xss/beef -p 80