Social Engineering Toolkit (SETOOLKIT) Credential Harvester

August 11, 2015 | Views: 17483

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Social Engineering Toolkit (SETOOLKIT)

Credential Harvester  using Kali

 

There’s a 2 types of Social Engineering Attack a Human Based and Computer Based, this time we are going to use Computer Based Attack using very good tools in performing Social Engineering Attacks.

Requirements:

1. An Active Internet Connect.
2. Kali Linux (Download)

Overview :
The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

SET is built-in installed in Kali linux so no problem about the installation, we have 2 ways to access SET.

1. We can open using Kali menu Goto Kali Linux > Exploitation Tools >Social Engineering Toolkit> se-toolkit.

2.Open terminal and type se-toolkit or setoolkit

We can wait the terminal is loading and we see picture below

Step 1: Type 1 and Enter
1

Step 2: Type 2 the Website Attack Vectors and Enter
2

Step 3: Type 3 the Credential Harvester Attack and Enter
3

Step 4: Type 2 the Site Cloner and Enter
4

Step 5:  it will ask you ip you can type ifconfig to see your ip address.
5

Step 6: Paste you ip
6

Step 7: Enter the site you want to clone like for example: “https://www.facebook.com/”
7

Note: Don’t close the se-toolkit terminal because you can received some information from target.

Step 8: Go to browser and type http:tinyurl.com and type your ip in the box
8

Step 9: Send the link to your target
9

Gotcha

Note this is Educational Purpose Only
Regards from Philippine Security Researcher

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
13 Comments
  1. This will only work on your internal network though. Perhaps if you’re within the network of the business you wish to pentest somehow and under very specific circumstances this may work and be helpful. Yet, for any real-world use you’ll have to set up port forwarding to forward any requests from outside networks, to your computer something, I believe.

  2. how to use phishing for another network because my link working on my same network

  3. Thank You for the article . when i am creating the phishing page using setoolkit it is not cloning the original site properly , please help

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel