Social Engineering relies heavily on human interaction and deception, trickery you get the picture it is a specialist way of extracting data from somebody or a third party.
Today i will show you how to harvest credentials in other words obtaining usernames and passwords or other data credentials that are entered. Almost every vulnerability is exploited because of the human operating that system common faults are open ports, bad router encryption, installing bad software (backdoor.exe) or even installing outdated services due to forgetting to update their system services and software.
I will be using a software called Social Engineering Toolkit that comes pre-packed in Kali Linux also known as SET.
The way it works is pretty simple it will clone the web coding of almost any login page or webpage it will then host that website’s code through the network. First of all in a real world sanario the hacker would open port 80 in his networks port settings this is to allow the outside world to access the fake webpage this is just an example i don’t suggest doing this so instead of doing it over a public ip address we will do it over a local network connection using a local ip address.
To start we will open setoolkit by typing setoolkit in a command terminal. For example: setoolkit Now your will see a display in the terminal containing ASCII Art and below a new command terminal beginning with set>.
From these options choose option (1)
From these options choose option (2).
Now SEToolKit will ask what website you would like to clone eg. http://www.mywebsite.com
Now keep an eye on the SEToolKit Terminal on another device load up your Local IP in any browser of your choice eg http://192.168.1.4/ You should now be able to your fake webpage that we asked SET to clone earlier will appear. Now try to login using a random username and password SEToolKit will record every keystroke in such manner as a keylogger does once you have entered your credentials. It will show in SEToolKit terminal that there is a possible username and password been found the passwords will be displayed in plain text what
This application is very powerful please don’t abuse it. I will not be held responsible for what the reader may do with this information.