In our Previous article, we have learnt what is Social Engineering?? As we all know, Social Engineering is the art of manipulating people, or a group of people into providing information or a service otherwise would never be given.
Every major study on technical vulnerabilities and hacking will say the same two things.First,the users are the weakest security link whether on purpose or by mistake.
Second, an inside attacker poses the most serious threat to overall security.
Social Engineering is a non-technical method of attacking systems.
Note: This is for Educational Purposes Only. Most Organizations use this procedure to test their user’s security awareness knowledge internally.
Now let us learn about how an attacker sets up his Social engineering to hack into any account of some mail or social networking website..
- Kali Linux
- Social Engineering ToolKit[SET]
- Apache server which is already setup in Kali Linux
- And some social engineering skills to manipulate your victim.. ;)
So, Lets get started..
Start the apache server by navigating to:: Applictions>>Kali Linux>>System Services>>HTTP>>apache2 restart
To open SET navigate to::Applictions>>Kali Linux>>Exploitation Tools>>Social Engineering Toolkit>>setoolkit
as shown below:
Here we will perform Credential harvesting attacks on victim by setting up a fake web page..
On your SET terminal do the following:
Press 1>hit enter
It will display all the social engineering attacks on the terminal..
Press 2 >Hit enter, Which performs the following website attack Vectors..
Now press 3 to perform Credential Harvester Attack Method.
And Then Press 2 for site cloner an press enter..
Now open another terminal and type ifconfig and enter your local-ip address as shown in the screen shot above and press enter.
Note: If you want to set up a harvester outside your lan then enter the public-ip in place of your local-ip and also forward your port 80.
Next,type the url you want to clone and hit enter as shown in the screen shot….
Now the website will be cloned and u can send the link to harvest the required information of the victim..
The link here specifies::http://<your local ip>:80
Remember you need to use url shortner to send it to the victim!!
As I have cloned the facebook login page when my victim enters his credentials it will be stored inside the text file located at /var/www/harvester.txt
Using Apache server you can also redirect ur victim to another website by editing the post.phpfile using leafpad
Here is the screen shot where you can put ur redirection url on the highlighted field:
So now when the victim enters his credentials and press login,the credentials entered are stored in .txt file and he will be redirected to the page that displays the above .jpg file..
So now u have compromised victims username and password by Social Engineering making him to click your fake link..
This tutorial is made just for educational purpose..
Thank you.. ;) [J-BOY] :D
Article by: Kartik Durg[J-BOY]