How to install BeEF on Linux Mint or Ubuntu. ERROR: invalid username or password (SOLVED)

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

There are official guides How to install BeEF:

  • https://github.com/beefproject/beef/blob/master/INSTALL.txt
  • https://github.com/beefproject/beef/wiki/Installation

And BeEF installation script:

  • https://raw.githubusercontent.com/beefproject/beef/a6a7536e/install-beef

In this guide, I will show my way how to install BeEF on Linux Mint or Ubuntu.

To complete the installation execute the following commands:

sudo apt install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion ruby git nodejs ruby-dev
sudo gem update --system
sudo gem install bundler rake rubocop
git clone git://github.com/beefproject/beef.git
cd beef
sudo bundle install
# up
cd ..
sudo mv beef/ /opt/
echo -e '#!/bin/bash\ncd /opt/beef/\n/opt/beef/beef "$@"' > ./beef && sudo mv ./beef /bin/beef && sudo chmod +x /bin/beef

Launch BeEF:

sudo beef

Open in web browser address http://localhost:3000/ui/panel, you'll see the BeEF login page :

By default, login and passwords are beef/beef.

So first, you will see that there is few actions possible as you do not have any browser hooked. So you need to hook a browser, for example by using one of the demo page ( url should be http://localhost:3000/demos/basic.html and http://localhost:3000/demos/butcher/index.html )

BeEF Usage:

beef [options]
BeEF Options:
    -x, --reset                      Reset the database
    -v, --verbose                    Display debug information
    -a, --ascii_art                  Prints BeEF ascii art
    -c, --config FILE                Load a different configuration file: if it's called custom-config.yaml, git automatically ignores it.
    -p, --port PORT                  Change the default BeEF listening port
    -w, --wsport WS_PORT             Change the default BeEF WebSocket listening port

For more detailed information about BeEF usage and BeEF guides see https://github.com/beefproject/beef/wiki

ERROR: invalid username or password (SOLVED)

As said above, by default, login and passwords are beef/beef.

However, these credentials may not work and you will occur the message:

ERROR: invalid username or password

While launching BeEF, pay attention to warnings:

[17:57:36][!] Warning: Default username and weak password in use!
[17:57:36]    |_  New password for this instance: 21d2415d22a883368f7f6a116bd9f9f4

So without our intention the password was change. The login is still beef, the new password is 21d2415d22a883368f7f6a116bd9f9f4.

You can edit the /opt/beef/config.yaml configuration file to change the password:

Recommended for you:

Leave a Reply

Your email address will not be published.

Please consider supporting this blog

Love the stuff I create? Please consider donating to help things rolling faster! miloserdov.org/?p=1460