Social Engineering Attack Example Using Kali Linux
Social Engineering is the art of manipulating people, or a group of people into providing information or a service otherwise would never be given.
Every major study on technical vulnerabilities and hacking will say the same two things.First,the users are the weakest security link whether on purpose or by mistake.
Second, an inside attacker poses the most serious threat to overall security.
Social Engineering is a non-technical method of attacking systems.
Now let us learn about how an attacker sets up his Social Engineering to hack into any account of some mail or social networking website.
Every major study on technical vulnerabilities and hacking will say the same two things.First,the users are the weakest security link whether on purpose or by mistake.
Second, an inside attacker poses the most serious threat to overall security.
Social Engineering is a non-technical method of attacking systems.
Now let us learn about how an attacker sets up his Social Engineering to hack into any account of some mail or social networking website.
Requirements:
- Kali Linux
- Social Engineering ToolKit[SET]
- Apache server which is already setup in Kali Linux
- And some social engineering skills to manipulate your victim.
Step 1:
Start the apache server by navigating to:
Applictions>>Kali Linux>>System Services>>HTTP>>apache2 restart
To open SET navigate to:
To open SET navigate to:
Applictions>>Kali Linux>>Exploitation Tools>>Social Engineering Toolkit>>setoolkit
On your SET terminal do the following:
Press 1>hit enter
It will display all the social engineering attacks on the terminal.
Next,
Press 2 >Hit enter, Which performs the following website attack Vectors.
Now press 3 to perform Credential Harvester Attack Method.
And Then Press 2 for site cloner an press enter.
Now open another terminal and type ifconfig and enter your local-ip address and press enter.
Note: If you want to set up a harvester outside your lan then enter the public-ip in place of your local-ip and also forward your port 80.
Next,type the url you want to clone and hit enter.
Now the website will be cloned and u can send the link to harvest the required information of the victim.
The link here specifies: http://<your local ip>:80
Remember you need to use url shortner to send it to the victim!!
As I have cloned the facebook login page when my victim enters his credentials it will be stored inside the text file located at /var/www/harvester.txt
Using Apache server you can also redirect ur victim to another website by editing the post.php file using leafpad.
So now when the victim enters his credentials and press login, the credentials entered are stored in .txt file and he will be redirected to the page that displays the above .jpg file.
So now u have compromised victims username and password by Social Engineering making him to click your fake link.
Step 2:
Here we will perform Credential harvesting attacks on victim by setting up a fake web page.On your SET terminal do the following:
Press 1>hit enter
It will display all the social engineering attacks on the terminal.
Next,
Press 2 >Hit enter, Which performs the following website attack Vectors.
Now press 3 to perform Credential Harvester Attack Method.
And Then Press 2 for site cloner an press enter.
Now open another terminal and type ifconfig and enter your local-ip address and press enter.
Note: If you want to set up a harvester outside your lan then enter the public-ip in place of your local-ip and also forward your port 80.
Next,type the url you want to clone and hit enter.
Now the website will be cloned and u can send the link to harvest the required information of the victim.
The link here specifies: http://<your local ip>:80
Remember you need to use url shortner to send it to the victim!!
As I have cloned the facebook login page when my victim enters his credentials it will be stored inside the text file located at /var/www/harvester.txt
Using Apache server you can also redirect ur victim to another website by editing the post.php file using leafpad.
So now when the victim enters his credentials and press login, the credentials entered are stored in .txt file and he will be redirected to the page that displays the above .jpg file.
So now u have compromised victims username and password by Social Engineering making him to click your fake link.
Comments
Post a Comment