Using SET toolkit
In this post we will talk about the lab that required us to create a fake website and when the victim goes to that said website they will be redirected to the website that I made in order to grab their username and password for their facebook account.
- First we check the IP address of the attacker and then proceed by launching Setoolkit and creating our fake website.
2. Choose 1 because we are performing a Social-Engineering attack.
3. Next we choose the option number 2 for Website Attack Vectors.
4. Next we are using the option 3 (Credential Harvester Attack Method).
5. Then we choose the Site Cloner option which is number 2.
6. Then enter the IP address of the attacker and the website that you are trying to clone.
7. Next we start to configure that comes with Kali Linux called Ettercap.
8. Change the Web site that you are using as well with the IP that you are using as you can see in the picture.
9. Next we launch Ettercap.
10. Then we process to Scan for the hosts in Ettercap. Target 1 will be the victim. And Target 2 for getaway.
11. Then we open up the Plugins and Activate DNS Spoof.
12. After doing so we Open up the MITM and activate ARP Poisoning and sniff remote connections.
13. Then we ping facebook.com from the Victim’s machine and as you can see the IP is now directed back to the attackers IP address.
14. Then lastly we go to facebook.com on the victims machine and it will redirect to the cloned site and when entering a username and password. That information will be delivered to the attackers machine to be seen.
Recent Comments