Selasa, 20 Mei 2014

Phishing Attack Using SETOOLKIT

     Phishing an attack that intended to acquire private information such as user name, password, credit card detail, etc. The most common way of phishing attack is make a "fake" site that require you to login to those "fake" site. After you login, your input such as user name and password will be recorded or key logged by the hacker.

     This time I will explain how to make "fake" website using setoolkit. In Kali Linux, setoolkit is already installed so to run it just open the terminal and type setoolkit. In case you can't run it, use 
su - root first to attain root privilege. 

     This is the main menu of :

Input 1 and hit enter to select Social-Engineering Attack :


Input 2 and hit enter to select Website Attack Vector, after that input 2 and hit enter again to select the harvester attack. After that you will be prompted to enter the host IP address for the "fake" website. In this image below, I inputed my Kali Linux IP 192.168.5.131. Hit enter again and you will be prompted to input the URL of the "real" link to be cloned by setoolkit and the view will be like below image. YOU HAVE TO KEEP THIS TERMINAL RUNNING AND DON'T STOP THE SETOOLKIT  :

Now open the "fake" page in other VM (I used my XP) and it will just like real Facebook login page:

Note the IP is my Kali Linux IP and not the real URL Facebook.com. Next i tried to input random user name and password. I used test@test.com for username and testiest for password :

And when I submitted the user name and password this is what will happen in setoolkit terminal :


Every input is recorded by the terminal. The user name and password is perfectly key logged.

So with this in mind I will advice you to be careful when you get an e-mail that redirect you to such website and prompt you to log in. Please check the URL of the website first and DO NOT OPEN LINK PROVIDED BY UNKNOWN SENDER !

Tidak ada komentar:

Posting Komentar