Overview
Syllabus
Intro
Attack vector
Why would you use HTML5?
What is BeEF? • Ber: Browser Exploitation Framework
HTML5 + BeEF
Using a technique known as footprinting
Toolkit: Modules in BeEF
Toolkit: Add your own module
Discover Internal Network
Ping sweep
Intranet footprinting Discover web servers in porte 80 and 8080 Scans for Apache, IIS. and known
DNS enumeration
Port Scanning: Beating protections Blocking example for known ports: (Firefox, WebSockets and CORS)
Port Scanning module Scan can be performed using ranges, lists or single ports Uses a med method to workaround security measures ports blocked can be stil scanned!
Network Topology
Inter-protocol: IRC
Inter-protocol: exploitation Exploit vulnerabilities within the internal network to gain control
Conclusions
References and Links
Taught by
LASCON