Social Engineering Credential Harvester Method Phishing in SET
Social Engineering Credential Harvester Method Phishing in SET, Harvest credentials using SEToolkit SET Kali Linux tutorial, Credential Harvester Kali Linux.
Social Engineering relies heavily on human interaction and deception, trickery you get the picture it is a specialist way of extracting data from somebody or a third party.
Welcome to HackingVision today I will show you how to harvest credentials, in other words, obtain usernames and passwords or other data credentials that are entered into a fake webpage known as a phishing page. Almost every vulnerability is exploited because of human error. Common faults are open ports, bad router encryption, installing bad software (backdoor.exe) or even installing outdated services due to forgetting to update their system services and software.
I will be using a software called Social Engineering Toolkit that comes pre-packed in Kali Linux also known as SET.
The way it works is pretty simple it will clone the web coding of almost any login page or webpage it will then host that website’s code through the network. First of all, in a real-world scenario the hacker would open port 80 in his networks port settings this is to allow the outside world to access the fake webpage this is just an example I don’t suggest doing this so instead of doing it over a public IP address we will do it over a local network connection using a local IP address.
To start we will open SEToolkit by typing setoolkit in a command terminal. For example setoolkit
Now you will see a display in the terminal containing ASCII Art and below a new command terminal beginning with set>.
From the first options choose option (1)
From the second options choose option (2).
Now SEToolKit will ask what website you would like to clone eg. http://www.mywebsite.com
Now keep an eye on the SEToolKit Terminal on another device load up your Local IP in any browser of your choice eg http://192.168.1.4/ You should now be able to your fake webpage that we asked SET to clone earlier will appear. Now try to login using a random username and password SEToolKit will record every keystroke in such manner as a keylogger does once you have entered your credentials. Credentials entered by the target will be output to SET terminal in plaint text.
This application is very powerful please don’t abuse it. I will not be held responsible for what the reader may do with this information.
- Top 10 Phishing Tools - 10th April 2020
- Distributed Hash Cracking Hashcat Hashtopolis Tutorial - 30th March 2020
- Cracking Password Hashes with Hashcat Rule-based attack - 27th March 2020