BeEF on steroids

As the kijiji slogan goes, Hatuwesclick, well, it’s for your own good. I’m doing a follow up of some old cybersec topic, where you practically only need to click on a spoofed link and stay on that portal for 15 seconds to get owned.

I’ll not get into the details, I’m not anyone’s mama to spoon-feed, all the intricate stuff is in YouTube.

Here we’ll be using some boosted BeEF-xss, not the usual one, since it’s signatures are blocked by every AV.

That said, since I know the likes of Côte d’Ivoire like big butts, then it is easy. Build a basic html site with 2 maybe 3 different frames, redirect the major frame to a porn site, so that when he opens the link, he’s kept engaged on it for a few seconds, or kama ni watu WA forex, weka Embedded YouTube video that promises 100% profit in a day, while the main frame continues to run behind the scenes. Social engineering is needed here.

I will not share my links for obvious reasons.
But you can start by getting some really cheap domain names from Name dot com.
Then

Open your Kali/Debian based Linux, install and Run BeEF, for this discussion we’ll use the default one.

beef-figure2-h_half_column_mobile

You will get scripts, use those scripts in your basic HTML site you created up there. Put them in the header section.

Then upload your html and redirect your Safaricóm dot com or “ncbā” dot com or Tuko dot com, tafta fada characters that will work to fool even the trained eye when doing domain name registration.

You can do serious spoofing using Kali Linux tools but that will just lengthen this thread.
Send your link to Nyamgotho or whatever target you got, and once they open and stick around for 15-20 seconds, it’s enough for you to do below.

Hooked Android phone

We’ll capture the below image using the target phone, while it’s still locked

Illustration

You can access all their files

Sms pia unachota

These are the samples of shortcuts created, so make it as interesting as possible when building your payload.

More can be done.

3 Likes

Damn

Shiet. Nimeelewa but i need someone to do a proper summary. Luckily i dont click links ovyo ovyo. Never!

Script kiddie here. Nice tutorial. What cheap ways of hosting would you recommend? I know I can always tunnel a locally hosted site but I’m sure there are more robust solutions.

WTF… You have my respect.

1 Like

Elder What’s the make of your phone? I like it’s user interface

The last screenshot is from a OnePlus 10 pro

The target phone from previous shots is a Pixel 6A

1 Like

@Josto_Bwaku ulisomea nini mujamaa?

Use cloud resources, Use AWS for instance to host anything and everything, OS, Websites, computing. Linode is also giving some 3-4months of free hosting worth 100$, I got 2 different instances running at the moment

Azure wanapeana $200 credits worth a year

1 Like

CS. Naona pia wewe ni gwiji WA hizi stuff.

Sure guys. But I actually meant bulletproof hosts as I wouldn’t want to associate my identity with my schemes.

ION I’m looking for a legit CC seller.

hakuna kitu nashikanisha kama muikamba mujinga illiterate @KuwaitBabe