Difference between revisions of "Social Engineering Toolkit"
| Line 72: | Line 72: | ||
=== 5th Enter the IP address for the POST back in Harvester/Tabnabbing and select finally Twitter === | === 5th Enter the IP address for the POST back in Harvester/Tabnabbing and select finally Twitter === | ||
For practicing purposes I used the localhost, of course in a real attack you would use a corresponding ip address. | For practicing purposes I used the localhost (127.0.0.1), of course in a real attack you would use a corresponding ip address. And then you've to select the Twitter Template (option 3). | ||
After the Template is selected, the choosen website is being cloned. With the next action a website will appear which is similar to the Twitter Sign in website, the victim is prompt to Sign in. | |||
Revision as of 00:44, 11 July 2021
Summary
Social Engineering Toolkit (SET) is a menu driven system that allows you to control your attacks tailored to the desired target.
Requirements
As part of this guide, I used Kali (Kali GNU/Linux Rolling 5.10.0-kali3-amd64) as the OS, so it was already preinstalled. I installed Kali on a Virtual machine (VMware® Workstation 15 Pro 15.5.5 build-16285975).
Example
Let's see an example of how to execute a "Twitter Sign in Phishing Web-Attack" using the Social Engineering Toolkit. For this Phishing Attack we need to go through following submenus as shown below.
1st select "Social-Engineering Attacks"
After launching the Social Engineering Toolkit we see the above mentioned menu. Here we can choose between submenus to specify our attack. In our case for "Twitter Sign in Phishing Web-Attack" we have to select "Social-Engineering Attacks".
2nd select "Website Attack Vectors"
For "Twitter Sign in Phishing Web-Attack" we've to choose option 2
3rd select "Credential Harvester Attack Method"
To specify our Attack as a 'Credential Harvester Attack' we've to choose the option 3.
4th select "Web Templates"
To allow Social Engineering Toolkit to import a list of pre-defined web applications that it can utilize within the attack we've to select option 1
5th Enter the IP address for the POST back in Harvester/Tabnabbing and select finally Twitter
For practicing purposes I used the localhost (127.0.0.1), of course in a real attack you would use a corresponding ip address. And then you've to select the Twitter Template (option 3). After the Template is selected, the choosen website is being cloned. With the next action a website will appear which is similar to the Twitter Sign in website, the victim is prompt to Sign in.
Result: From victim entered credentials are visible for Attacker
After executing the "Google Phishing" module, the victim is asked to "Sign in". Victims entered credentials are visible under "Logs".
Courses
- WFP-1