Home > BeEF Project, Client Side Attacks > Hacking Beyond The Browser with BeEF (Robbing Your Wireless Keys)

Hacking Beyond The Browser with BeEF (Robbing Your Wireless Keys)

Pauldotcom has a very interesting post on “Retrieving Clear Text Wireless Keys” from Compromised Systems” at http://pauldotcom.com/2012/03/retrieving-wireless-keys-from.html

As mentioned in the post, this works on Windows Vista and 7.

I have written a BeEF module called “Get Wireless Keys” which automates the process of robbing the victim of the wireless keys using a signed Java applet.

Follow the steps listed on https://github.com/beefproject/beef/wiki/BeEF-and-Backtrack-5  in order to download BeEF.  My module is now available in the repo.

If you are new to BeEF, you can find some video tutorials here. https://github.com/beefproject/beef/wiki

This will act as a bridge to allow hacking beyond the browser as you will easily be able to compromise other systems in the network once you  connect to the victim’s wireless networks using the stolen wireless keys on your computer.

Upon launching the module against the victim, the victim will get a popup on his browser.  The victim would need to click “Run” in order for this to work.

You will see the below output in the console of BeEF. This means that the victim’s has executed the java applet and the applet has returned some results.

In the below screen shot, it shows that the wireless profiles on the victim’s computer has been saved to /pentest/web/beef/exported_wlan_profiles.xml

The next thing that we need to do is to import the wireless into your Windows Vista/7 computer.

You should be able to connect to the wireless networks that have been saved on the victim’s computer without any password prompts.

You might want to use this module together with “get physical location” module that I have written to identify the actual location of the wireless access point that the victim use in his home or office.

Thats if you are within close proximity to the victim. If not, this module is useless to you.

Alternatively, you could mass mail to all emails address that you can find that belong to a domain with the link to beef.

If you are using Preshared Keys instead WPA/WPA2 enterprise in your organisation, then all you need is one person in the organization to click Run to the Java Applet alert popup to get pwned.

Please feel free to leave me your comments or follow me on twitter at @keith55.

  1. March 11, 2012 at 10:45 am

    Amazing Post Bro… I Always Love To Read Your Posts… Keep It Up Bro.

    • March 11, 2012 at 10:47 am

      Thank you. It means a lot to me (:

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: