Difference between revisions of "Social Engineering Toolkit"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 71: Line 71:
[[File:signin2.jpg|150px|thumb|Example|left|Twitter Phishing]]
[[File:signin2.jpg|150px|thumb|Example|left|Twitter Phishing]]


=== Command execution in the Browser ===
=== 5th Enter the IP address for the POST back in Harvester/Tabnabbing and select finally Twitter ===


There are hundreds of modules under "'''Commands'''", which include from social engineering to browser hacks.
There are hundreds of modules under "'''Commands'''", which include from social engineering to browser hacks.

Revision as of 23:51, 10 July 2021

Summary

Social Engineering Toolkit (SET) is a menu driven system that allows you to control your attacks tailored to the desired target.

Requirements

As part of this guide, I used Kali (Kali GNU/Linux Rolling 5.10.0-kali3-amd64) as the OS, so it was already preinstalled. I installed Kali on a Virtual machine (VMware® Workstation 15 Pro 15.5.5 build-16285975).

Example

Let's see an example of how to execute a "Twitter Sign in Phishing Web-Attack" using the Social Engineering Toolkit. For this Phishing Attack we need to go through following submenus as shown below.


topmenu

1st select "Social-Engineering Attacks"

After launching the Social Engineering Toolkit we see the above mentioned menu. Here we can choose between submenus to specify our attack. In our case we have to select "Social-Engineering Attacks".





submenu 2


2nd select "Website Attack Vectors"

For Twitter Sign in Phishing Web-Attack we've to choose option 2






submenu 3

3rd select "Credential Harvester Attack Method"

At 3rd submenu we've to choose the option 3.





submenu 4

4th select "Web Templates"

There are hundreds of modules under "Commands", which include from social engineering to browser hacks. The desired module can be selected by clicking and executed with the "Execute" button at the bottom right. I choosed the "Google Phishing" module under the "Social Engineering" Folder and clicked to "Execute".


Twitter Phishing

5th Enter the IP address for the POST back in Harvester/Tabnabbing and select finally Twitter

There are hundreds of modules under "Commands", which include from social engineering to browser hacks. The desired module can be selected by clicking and executed with the "Execute" button at the bottom right. I choosed the "Google Phishing" module under the "Social Engineering" Folder and clicked to "Execute".



result

Result

After executing the "Google Phishing" module, the victim is asked to "Sign in". Victims entered credentials are visible under "Logs".




Courses

  • WFP-1

References