Social Engineering Practical
Using Social Engineering Toolkit (SET) to Sniff Website Credentials
In this practical, let’s see how to clone a website and find credentials using the Credential Harvester method.
-
For opening the Social Engineering Toolkit, go to Applications > Exploitation Tools > Social Engineering Toolkit.
-
It will show a menu with a list of attacks. Type 1 and press Enter. It will choose the Social Engineering Attacks option.
-
When the list of Social Engineering Attacks come, type 2 and press Enter. It will choose Website Attack Vectors.
-
Type 3 in the list of website attack vectors and press Enter. It will choose the Credential Harvester Attack Method.
-
Type 2 and press Enter. It will choose the Site Cloner.
-
Write the IP address of Kali Linux in the command prompt for the POST Back in Harvester/Tabnabbing. Press Enter. Here, we are using 10.10.10.11 IP address.
-
Here, it will ask for a URL that you want to clone. Here, we are cloning moviescope.com. Press Enter after entering the URL and it will start the cloning process.
-
Let the SET run and open Windows Server 2016.
-
Open Chrome and write http://10.10.10.11 in the URL bar. Press Enter. When the target user browses the cloned URL, they will see a replica of the moviescope.com website. They will be asked to enter their credentials into the form fields. Since it will look like the original website, they will enter the credentials and click on Login. However, they will not be logged in, but will be redirected to the original moviescope.com site.
-
Kali Linux will record the entered credentials which hackers can use to find unauthorized access to the target account.
-
Return to Kali Linux and check the SET terminal window. It will show you the recorded username and password.
It’s Quiz Time!
