Hey,Today we are going to make an social harvesting attack,which will steal all the usernames and passwords of Victims Facebook,Gmail,Twitter,etc.We will use SET today.The Social Engineering Toolkit (SET) included with Backtrack 5 is a great way for corporate security experts or penetration testers/hackers to test to see how well their network would stand up to Social Engineering attacks.
But Before I begin,I am receiving many mails saying "You are doing wrong
or It is Illegal to put this on website",Well This is for security testing
purposes/Education Purposes only, never attempt to use any security
checks or tools on a network that you do not have the authorization to
do.If you do,I'm not liable for anything.
So Lets Begin,
What Do We Need ?
#Backtrack 5
#Access To Victim PC
#Brain That works.
Step 1 :
Go To -> Social Engineering Attacks -> Website Attack Vendors -> Credential Harvester Attack Method.
Step 2 :
We now have the option to use a web template that will create a generic
website for you, we can import any webpage to use, or you can clone any
existing website and use that. Mine attack is targeted to gather the
credits of Google Mail,so i'll Select number 1, “Web Templates”
Step 3 :
As you can see in the picture above, SET comes with templates for
several popular programs. Once you select one of the templates, I'll
chose number 2 – “Gmail”, you will be given a short message about
username and password form fields, just hit “return”. SET has now
created a fake website using the template that you chose, and prepare to
harvest any credentials that are entered on the fake website.Now That
Is Some Ninja Stuff :D .
Step 4 :
Now you need to make the victim click on this Page and make him enter
his details.You need Creativity for this, You can embed this on your
website or spoof the victim to the fake page,Use your imagination.
NEW : How To Protect Against This Attack :
Due to the complaints that say "you are evil or bad", now i'll tell you how to protect against the attack listed above,See i'm not that evil :).
Now What the victim is seeing is an Gmail login screen,Bu if you just look up in the address bar,you will see the IP address ,NOT the www.gmail.com
address,Also if you use internet explorer or some modern browser,It'll
show an Certificate warning,.Also you can use that IP displayed on the
fake page to hack the hacker,Choice is your.
^^^ What the Victim See's after the attack is commenced.
So i'll love to see your feedback's/suggestions in the comment section below,So don't hesitate to leave it,See you tomorrow.
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com