Ethical Hacking Tutorial

Social Engineering Practical

Using Social Engineering Toolkit (SET) to Sniff Website Credentials

In this practical, let’s see how to clone a website and find credentials using the Credential Harvester method.

  1. For opening the Social Engineering Toolkit, go to Applications > Exploitation Tools > Social Engineering Toolkit.

  2. It will show a menu with a list of attacks. Type 1 and press Enter. It will choose the Social Engineering Attacks option.

  3. When the list of Social Engineering Attacks come, type 2 and press Enter. It will choose Website Attack Vectors.

  4. Type 3 in the list of website attack vectors and press Enter. It will choose the Credential Harvester Attack Method.

  5. Type 2 and press Enter. It will choose the Site Cloner.

  6. Write the IP address of Kali Linux in the command prompt for the POST Back in Harvester/Tabnabbing. Press Enter. Here, we are using IP address.

  7. Here, it will ask for a URL that you want to clone. Here, we are cloning Press Enter after entering the URL and it will start the cloning process.

  8. Let the SET run and open Windows Server 2016.

  9. Open Chrome and write in the URL bar. Press Enter. When the target user browses the cloned URL, they will see a replica of the website. They will be asked to enter their credentials into the form fields. Since it will look like the original website, they will enter the credentials and click on Login. However, they will not be logged in, but will be redirected to the original site.

  10. Kali Linux will record the entered credentials which hackers can use to find unauthorized access to the target account.

  11. Return to Kali Linux and check the SET terminal window. It will show you the recorded username and password.

It’s Quiz Time!

Did you find this article helpful?