Follow this project for FREE with Linode —- Sign up for Linode here: https://ntck.co/linode and you get a $100 Credit good for 60 days as a new user!
You can hack ANYONE (Ethically of course) using BeEF! It’s super simple and there are so many different ways to use BeEF to hack! With BeEF you can educate your family and friends that their web browsers and mobile devices are never safe while having a little bit of fun with it and learning something new!! BeEF is the browser exploitation framework and can be used with other popular hacking tools like Metasploit.
How to install BeEF on Ubuntu and port forward: https://ntck.co/34DOea6
🔥🔥Join the NetworkChuck membership: https://ntck.co/Premium
**Sponsored by Linode
0:00 ⏩ Intro
2:43 ⏩ STEP ONE: set up your Linux server
2:58 ⏩ Installing BeEF
5:55 ⏩ STEP TWO: Hack someone (ethically of course)
6:58 ⏩ What can you do with it?
7:44 ⏩ Social engineering
9:05 ⏩ Hacking their LastPass!
9:55 ⏩ Identify LAN Subnets, see HTP servers, and fingerprint the local network
11:13 ⏩ Redirect their Browser to Rickroll
12:10 ⏩ you can even use BeEF to hack a Phone!
13:00 ⏩ Outro
Hooks me buckle. We wear the
Hooks, giving us control to do all kinds of crazy things. They
Tangled down and draw your clothes. They grab you by
The bridges and this video. I have two, two goals first. Yeah, I’m gonna show you how to do this and it doesn’t take much. You’ll have it up and running in 10 minutes. And second, I wanna show you how dangerous it is to open up any link that you don’t recognize. And they may even look legit. They may have an SL certificate doesn’t matter. They can still be bad. So please take this as a lesson for yourself and then tell everyone, you know, now, disclaimer, do not do this to anyone for any reason, without explicit permission, this is illegal. Sure. Trick your mom, your dad, your sister, your friend, your brother, whoever have fun with it. But that’s the educational purposes. Only for fun. If you try this with ill intent, you’ll get caught and you’ll probably go to jail because this is a real tool that real ethical hackers will use to test the security of companies that have hired them.
So if that’s not, you don’t do it. Okay. K first, what do you need to make this happen? Pretty much all you need is a Linux server and preferably one in the cloud. And thanks to our sponsor Len node. This is wicked easy to do and pretty dang cheap. And if you use my link below to set up a new account, you get a hundred dollars free credit for the first 60 days, which it means you can basically do this for free. And don’t worry. This sounds like really intimidating. Like I have no idea how to set up Linux server. I’m on to walk you through every single day. Now, of course, if you have something like Cali, Lennox or Ubuntu in your house, on your computer, whatever that will work beef even comes pre-installed on most Cali Lennox instances. That was hard to say, Cali, Lennox, instances, Cali, Lennox in, I can’t do it, but you will have to do some port forwarding to make it work.
If you don’t know what that is. And it’s kind of confusing. I do have some videos up here somewhere, but if you do it in the cloud with Le node, it’ll work like that. The second thing you need is a victim, which is kinda the fun part. Again, friends, family, or can just be your browser on your computer or another computer, or even dude, you can do it on a phone, a phone’s browser, which is scary. And then finally like all things in it and hacking a good delicious cup of coffee. Mm Eric Chuck coffee. Okay. Up one. Let’s get our Linux server set up. So if you haven’t already head out to Len node.com for slash network Chuck, and either set up a new account or get signed in. And once you’re there, let’s click on create at the top left and click on Len node, cuz we’re creating Len node.
Now from here, things kind of get stupid easy. We’re gonna go to the marketplace tab right here. It’s gonna do all the work for us. Check it out. And we’re going to search for beef and it’s right here using the marketplace. Beef will just come pre-installed on a server that we launch. We don’t have to worry about it. So select that. And then we’ll scroll down just a bit to add some settings for some config here, we’ll have our beef options. And the first thing we’ll do is set up our beef account user password. I don’t know why I said it like that. So put it in something for yourself. And then just below that, put in an email address. This can be any email address and really, I’m not sure it’s used for this installation. It’s just required. So you have to put something in there anyways.
Let’s continue. Okay next. And this is just good practice. Best practice. We’ll create a limited pseudo user to be creative for the ode. So just create whatever user account and then create a password for that user. Everything else is optional, but just pointing out here real quick, let node will help you set up a domain for this. So you can go a little bit crazy, but anyways, it’ll do some cool stuff by default. So don’t worry about that. So let’s go down and do a few more things. First our region, where are we gonna put this thing? Put it somewhere close to you. I’m in Dallas next we’ll select Arlen node plan. I like my shared CPU cuz they’re cheaper and I’ll choose the cheapest option N node one gigabyte five bucks a month. So even if you’re not getting this for free, that’s as much as you’re gonna be charged for this month.
And then we’re almost done. We have to label our box real quick on the mine, attack beef and then a password from our root user. And that is pretty much it we’ll go and click on create ode and that’s like, there’s gonna bake and we’re gonna take a quick coffee break. Now, one quick thing. You’ll see at the top left, your Le node is baking. It’s gonna be provisioning and then it will finally get to running, but it’s not done yet. We’ll give it about five more minutes to finish installing beef. So I’ll take one more little coffee break, no harm in that. And I’ll see you back here in a bit. Okay. I think he’s baked long enough. Smells done. So let’s go ahead and grab this SSH root command right here. Let’s click on that little copy clipboard on the side and then launch command prompt.
If you’re in windows CMD, or if you’re on Mac or Linux, it’ll be your terminal. I’ll pay that here. Hit enter, accept all thing prints. Yes. And then put in my root password. The one we set when we set up our Le node and we’re in now past this point, it’s remarkably easy to do this. It’s honestly kind of scary, but let’s let’s keep moving first. We gotta find out some information about our beef server. So let’s go ahead and do cats type in cats and we’re gonna cat the file slash roots slash beef.info and hit enter. Perfect. If you see this, you know, your beef installation was successful. If it wasn’t give us some more time, it’s gotta bake some more, but right here, and this is what’s cool about using ode. We have a legit website URL SSL, which is kinda crazy. So anyways, I’m gonna grab mine real quick.
It’s gonna copy that sucker, put it into a notepad for safety keeping. And also at this point we can just go out to our web browser paste in that URL hit enter and we’re there. We have our beef server running Le node made that super easy. I know now if you’re not using Lin, maybe using Ubuntu or Kelly Linux, I’ll have some more videos and the link below to help you get started with that and some documentation on walkthrough. So yeah. Check that out anyways. We’re here. Let’s get logged in. The username will be beef, no big surprise there. And then the password you used when you set up Le node and this is for your beef user, one of the first ones we did. So I’ll enter mine and Woohoo. We’re in. Okay, here we are. We have beef running, but now what? Well let’s hack some one right now.
It’s already set up. Check this out here in beef. We have our getting started section and you’ll notice that we have two links right here, a basic demo page and an advanced page. We’ll go ahead and use the advanced link. And this right here is a pre-built fake website that has malicious code. That’s what’s cool about beef is we don’t have to do much. It’s already set up, so let’s try it out. What do you say? We hack ourselves real quick. So what I’m gonna do go over here and copy this link, right? Click copy link address. And actually before we do that, notice over here on the left, we have online browsers and offline browsers. These are browsers that we have hooks into. We cut off some fishes. I, I don’t know if that’s a thing anyways. So now with my link copied, I’m gonna open up a dummy computer, a dummy browser, open up Chrome.
And here we go, sucker. Here we go. Gonna paste that in the address bar and hit enter. Now at first glance, this seems harmless enough, right? It’s just a standard website where you might wanna buy some beef. But if we go back to our beef console to the top, would you look at that right here? We have a hooked browser and it was as simple as that just using that demo website, having them load that up. Bam, we have ’em so now what can we do with it? Let’s have fun. Come on, take this up. First thing we’ll do is we’ll just click this browser here, our online browser click and here under details. Whoa, look at everything you know about this summer. I mean we know everything about it. Screen size OS version. So that’s powerful, but now let’s click on commands. Let’s actually do something and it’s it’s so easy.
It’s it is scary. Watch, watch, click on commands. Let’s try something simple. I’m gonna click on the browser folder right here. Let’s do a simple alert dialogue. I’ll just type in, Hey, you just got hacked. Now, here we go. I’m gonna click on execute and watch what happens. Ah, look at that. A scary message. Hey, you just got hacked. Now you may wanna let them knowing they just got hacked cuz you’re trying to trick them. Right? Let’s try some more things. So I’ll just go. Oh, okay. I’m scared. What do you say? We try some social engineering. So let’s uh, minimize our browser over here. Our browser folder click on social engineering and this is kind of crazy. Check this out. I’ll do my favorite one. The Google fishing page. I’ll click on execute the bottom. Right? And watch what happens. Whoa. Suddenly no more beef.
I’m on a different page. Looks like I need to log into Google. Let’s go ahead and do that. Bernard dot hack. Well gmail.com and my password and click on signin. This is weird. I don’t know what this is. Let’s close that, but I’ll go back to the other page. It just took me to the Google sign-in and this is actually the legit Google sign-in. But, but if I go back to beef, if I click on the history of the, that command, look at that, I have the username and password that my target entered. That’s pretty crazy. Like be honest. Would you fall for that? Maybe not. Would your mom fall for that? Your grandma. Your sister? Probably. Yeah. So please use this as chance to educate them after you mess with them, show them how easy it is anyways. Let’s continue. Now the scariest thing about this, right?
Notice go offline because it’s no longer on that domain. So it’s now an offline connection. Let me get them back online. I’ll go back to getting started. Copy that link once more and get them back home, back to beef. There we go. Now they should be hooked again. Now, if you did this through a ode, what’s even more dangerous, is it has an SL cert already. Now. Sure. This looks a bit weird because uh, it’s on a typical website. Probably not the website you’re going or you meant to go to let’s try one more social engineering attack. This one’s pretty cool. A fake last pass, which could be very, very dangerous access to pretty much all their passwords. I click on execute on that and I go back to my, oh, there it is. Look, it looks like last pass. Right? Get logged in, go.
And like, it seems like you did something right? And you don’t seem like you got hacked, but man, on the back end, we got you. If I click on that command to see what happened, what’s even great. Let’s check this out. It records each keystroke until we get to the end where we have the full information. So even if like they partially put it in, we got it all right here at the end. And what I meant is say, if they partially put it in, we will still get something it’s not awesome, man. Then I wanna show you one more thing before you start playing with this and going crazy. Check this out. Let’s go over here to the network section right here. I’ll expand that folder. And here we can do some pretty crazy things. Like I don’t know, scanning their home network, finding out their IP addresses and what’s going on inside.
Let’s try it out. So let’s see, I’ve got some identify land subnets. Sure. Why not? Let’s let’s run that execute. Now, looking back at my hooked browser, I’m not gonna see anything going on. And in fact, beef will tell you if one of the attacks here is going to be noticed. If I go back to the getting started page here, it has levels of noticeability for your attacks. So for is that I’m I’m colorblind. So forgive me. If I say the colors incorrectly, yellow will not be this visible. So it’s invisible and, and green will actually, it, it may be visible. Might not. So you got levels anyways. Let’s check on our attack here. I’ll go back to my current browser tab, click on the details of that command. See what’s happening, scan complete, and I didn’t find anything. And I know why this particular host I’m connected to does not have a normal private IP address network.
Although I did find these hosts, I don’t know what that is. Let’s do try a ping sweep using Java and I’ll scan the subnet. I know that’s there and let’s start and we’ll monitor that from here. See what happens and give it a second here. And it looks like it’s having some issues. No worries. Let’s try something else. Let’s see all the HTP servers on a certain subnet. I’ll change that from common to a list. Shoot. Let’s also try to fingerprint the local network with this command. Let’s do it all. Now I can get a live view of what’s happening. If I look at my logs up here, I’ll click on that. I can see. Yeah, it’s checking a ton of stuff on each one of the IP addresses I put in that range. And finally, one last thing. We’re gonna leave them a going away present. So let’s go up to our browser once more or our browser folder and we’ll click the, um, redirect browser, Rick roll. Let’s try it out. Execute. Let’s go see what happens.
I love it. Every time it happens and notice with this one, the, uh, URL did not change. So what happens is they set up an eye frame on the page and nested this video or this website inside. And that’s one way you can keep control of things while redirecting their browser. And there’s a, a bunch of ways to do that. Like right here, redirect browser using an eye frame so I can direct them to network.com execute, gonna make sure it went there. Bam, look at that and I still have control. I look really worried right there. What’s wrong with me now. It’s time for you to have some fun and try this yourself. I cannot go over everything. That’s in this, uh, module tree here, all the tools that are available, it would just take too long. But I wanted to showcase some of the fun ones and to kind of like get you to think about what’s possible.
Like there are ways to add persistence to where when they do navigate away from that tab or close it or whatever, it’ll still work. You can also integrate beef with Malo and do even crazier things. But that’s a video for another time. And by the way, did I mention that this works for a mobile browsers to who? Let me show you, let me send this link to myself and actually what I’ll do to make you even more sneaky is just shorten the URL. So I’ll do, I’ll just search a shorten short URL. Those are free. One out there somewhere. Yeah. This one right here. I’ll past that address here. Shorten it. So it doesn’t look too crazy. Not too fishy soon. That’s in myself, pace it in my browser and let’s get going. So yeah, that same beef website. But if we look back at our beef control panel here, we have a new device, an apple device, an iPhone.
Let’s try one of our commands. Let’s try a social engineer myself. Let’s do a Google Phish attack execute just like that. Mobile browser totally works. Enter in some data, blah, blah, blah, blah. Doesn’t have to be accurate. Click sign in, watch this crazy ever redirects back to my Google account. I think I’m fine. But I actually just got my information stolen by my attacker. That’s so crazy. Anyways. That’s about it. Let me know what you think of beef, the browser exploitation framework. I think it’s a very valuable tool that you can learn to use. If you are on the path of becoming a hacker, an ethical hacker, the only type of one you can actually be. It’s also a extremely helpful to demonstrate to your family that, and also friends that they aren’t necessarily safe online. In fact, they’re not safe at all. So if you see a link, dude, don’t open it.
If you don’t know what it is, if it’s not a URL that you recognize, don’t go there. Because even if you don’t think something’s happening, you don’t think you got a virus behind the scenes. They could have hooked your browser. You could have your family’s browser and they’re doing something behind, underneath your browser, to your computer that you don’t even realize. So anyways, that’s all I have today. Thanks again to our sponsor Le node for making this video possible. And if you wanna see more videos like this, where I’m demonstrating these random hacking tools, I think are extremely interesting. Uh, let me know below comment. And by the way, speaking of hacking, have you hacked the YouTube algorithm? How you not make sure you do hit that like button subscribe, notification, bell equipment. You have to hack YouTube today. Ethically of course ever real. That’s all I have.
I’ll catch you guys next time. Oh, almost forgot. One thing. If you did not want to use Le node for beef, I’ll have some content down below to help you walk through installing that on a local machine and your network and even doing some port forwarding to make it work. But again, the easiest way to do it, just to get it up and running is to use Le node. It won’t cost you very much. If not anything, cuz it’s gonna be free. If you are a new account and you have that code, you’ll get a hundred dollars off for the first 60 days. Did I say it all right? I think I did anyways. Like for real, I’ll catch you guys next time.