Things you need:
- Social Engineering Tool Kit [SET] (Available by default in backtrack/Kali Linux)
- A working internet connection (To fake the website)
First of all, open a new terminal in backtrack and type "ifconfig". Note the IP address of your machine.
In the next step, open SET and select option 1.(Social-Engineering Attacks)
Then select option 2 (Website attack vectors)
Then select option 3 (Credential Harvester Attack Method)
Then select option 2 (site cloner). If everything goes right, you will see something like this.
Then enter the IP address of you machine i.e. the one which you saw in ifconfig command. In my case, it is 192.168.83.130. (While entering don't worry about those letters left after your cursor. Just enter the IP and hit enter).
In the next step, it will ask for the website to clone. I used "www.gmail.com". Enter the website name and hit enter. Then you will see something like this:
Now, you have to make the victim open your fake website. The IP of the website is the one you found in ifconfig/the one you gave in the IP address the previous step. (In my case, its 192.168.83.130)
Also make sure no other service is running is port 80 on your PC. To make the victim click the link, go to this website to make your IP look like a website. https://bitly.com/.
The shortened URL of 192.168.83.130 is http://bit.ly/17YvU25. Now, this link is more convincing to the victim than giving him directly the IP address. If the victim opens the link, he will see the exact page like gmail.
If the victim enters his login details, in your backtrack machine, you can see the login credentials.
So now you have the login credentials and hence hacked your victim.
Though you might say that nobody will open the link and login, in your LAN environment, SET can be combined with DNS spoofing to make it work effectively.
Happy Hacking :p
0 comments:
Post a Comment
If you have any queries, I will be glad to help :) So comment here.