Welcome Again to my Blog.Today, In this post I am going to show you how you can get Email-Id, Username, Password or any other type of secret details using simple social engineering toolkit available in kali linux. (Pre-Installed In kali linux).
Basically, In Social Engineering Attacker use his/her social engineering skill and tools to create a fake Copy of any Web Application Or Environment. So, that Our Victim will never hasitage to reveal its secrets in our fake Environment.
For Example: If we want to find Facebook User name and Password of our victim. we have to clone Original Facebook Login Homepage Then We have to host that fake Page Over Internet. After This Step, We Need To Invite Our Victim To use its Real Credential in Our Fake Environment.
Looks Cool! Yes Let's Try it
Requirements For This Purpose :
1. Kali Linux
2. Internet Connection
3. Target Website Url
So First We need to Start Social Engineering Toolkit Interface In kali linux Terminal.
Open Your Terminal Using Ctrl+Alt+T or Click on the small black window image on the top left of your screen. Simple!
Once terminal is open, Type Below Provide code carefully.
And Note Down Your IP Address. Why? Because Its Your Machine IP Address because for this trial here we are going to create a fake situation where our system is going to play role of both, Attacker And Its Server Also. So, We need our IP address To Invite Victim User.
Now, Next Step is to Open Social Engineering toolkit.
Type In terminal.
You will see something in terminal of your system as shown below in the Image
Now, As shown in the image below type 'y' if you also facing below message in your terminal
Now, You will see main menu of Social Engineering Toolkit like below
As shown above in images,you too will see main menu in your terminal. so, don't be panic about look. now, Press "1" and hit enter as we are going to do Social-Engineering Attacks. Once again,you will get a menu like as shown above in the image. here, We are going to select Website Attack Vectors, so press "2" and hit enter. In this method,we are going to get the credential of the victim,
so press " 3" and hit enter as it will select credential harvester attack method.
This will open new menu as shown below in the image.
Since,we want the username and password which is credential of victim, so as we already know we need to trap the victim in our fake page that will try to mimic original website page (like phishing page) and for that we need to clone a website. Hence, we need to provide target website URL.
To do this, press "2" and hit enter which will open something like shown below.
In above image, you might have noticed a green color rectangle box made by me,in that box,you will find "tabnabbing: Your IP Address
" where this is you computer IP address.
Please note that, if you don't put your computer IP address, this method won't going to work.
After entering your IP address, hit enter. Then It will ask your to enter the Url of website you want to clone as shown below.
Here, i had entered "http://www.facebook.com
" as i want to hack someone Facebook account. It will give a message that its working on cloning the site and will take a little bit time. After the process is completed. The next step is the most important step, till now we will assume that we already make our IP address online and anyone who visit your IP address will see the page which will look like the website of Target Website Url Page you entered to clone. Now, In this step, you need to shortened your IP address by using services like ADF.LY, Binbox, Goo.gl,etc because we don't want to directly present our IP Address Based url to our victim. Once you enter your ip address on these sites to
shorten, they will provide you a link, all you need to do is just send this shortened link to your
When the victim visit the Url which you have sent them, they will see same page of which
url you had entered to clone the website.
Then Victim will think that it is a original page and when the victim will enter any of their information, you will see that information in the /var/www/harvester as screensht given below.
After Opening This Txt File you Will See Username and Password in format as given below
In this example,i have used facebook.com.Therefore,the victim will see homepage of facebook.Hacking Done!
Please NOTE :- Victim can identify that the page is a trap as the address bar of browserwill be having your IP address.For best results,send the shortened url to victimmobile and ask them to visit urgently,or you can say visit this link and login to getlatest updates of their favourite contents,etc.NOTE:ABOVE INFORMATION IS FOR EDUCATION AND
SECURITY PURPOSE ONLY.IF YOU MISUSE OR MISTREAT
THE ABOVE INFORMATION,THEN IT CAN BRING
UNLAWFUL CHARGES BY THE PERSON ON WHOM YOU
SET THIS TRAP.THE AUTHOR WILL NOT BE RESPONSIBLE
IN THE EVENT ANY UNLAWFUL CHARGES ARE BROUGHT
TO YOU BY ANY INDIVIDUALS BY MISUSING THE ABOVE
INFORMATION.WE WON'T TAKE RESPONSIBILITY FOR
ANY OF YOUR ACTION RELATED TO ABOVE