- How to Perform Social Engineering using Apache in Kali Linux
- Requirements:
- Создание фишингового сайта на Kali Linux с помощью SET
- Создание фишингового сайта на Kali Linux
- V O I D
- Comments
- Post a Comment
- Popular posts from this blog
- What is Log4j Vulnerability ?
- How To Stop Becoming a Bait (A Cyber Security Methodology)
- HTTrack — Make any Website Offline
- HTTrack
- WebHTTrack
How to Perform Social Engineering using Apache in Kali Linux
In our Previous article, we have learnt what is Social Engineering?? As we all know, Social Engineering is the art of manipulating people, or a group of people into providing information or a service otherwise would never be given.
Every major study on technical vulnerabilities and hacking will say the same two things.First,the users are the weakest security link whether on purpose or by mistake.
Second, an inside attacker poses the most serious threat to overall security.
Social Engineering is a non-technical method of attacking systems.
Note: This is for Educational Purposes Only. Most Organizations use this procedure to test their user’s security awareness knowledge internally.
Now let us learn about how an attacker sets up his Social engineering to hack into any account of some mail or social networking website..
Requirements:
- Kali Linux
- Social Engineering ToolKit[SET]
- Apache server which is already setup in Kali Linux
- And some social engineering skills to manipulate your victim.. 😉
Start the apache server by navigating to:: Applictions>>Kali Linux>>System Services>>HTTP>>apache2 restart
To open SET navigate to::Applictions>>Kali Linux>>Exploitation Tools>>Social Engineering Toolkit>>setoolkit
Here we will perform Credential harvesting attacks on victim by setting up a fake web page..
On your SET terminal do the following:
It will display all the social engineering attacks on the terminal..
Press 2 >Hit enter, Which performs the following website attack Vectors..
Now press 3 to perform Credential Harvester Attack Method.
And Then Press 2 for site cloner an press enter..
Now open another terminal and type ifconfig and enter your local-ip address as shown in the screen shot above and press enter.
Note: If you want to set up a harvester outside your lan then enter the public-ip in place of your local-ip and also forward your port 80.
Next,type the url you want to clone and hit enter as shown in the screen shot….
Now the website will be cloned and u can send the link to harvest the required information of the victim..
The link here specifies::http://:80
Remember you need to use url shortner to send it to the victim!!
As I have cloned the facebook login page when my victim enters his credentials it will be stored inside the text file located at /var/www/harvester.txt
Using Apache server you can also redirect ur victim to another website by editing the post.phpfile using leafpad
Here is the screen shot where you can put ur redirection url on the highlighted field:
So now when the victim enters his credentials and press login,the credentials entered are stored in .txt file and he will be redirected to the page that displays the above .jpg file..
So now u have compromised victims username and password by Social Engineering making him to click your fake link..
This tutorial is made just for educational purpose..
Article by: Kartik Durg[J-BOY]
Создание фишингового сайта на Kali Linux с помощью SET
Мы уже рассказывали, про сокрытие троянов с помощью Social Engineering Toolkit. Сегодня продолжим изучать Social Engineering Toolkit (SET) и рассмотрим процесс создания фишингового сайта на Kali Linux, который будет имитировать интерфейс настоящего сайта, для получения учетных данных целевого пользователя.
Создание фишингового сайта на Kali Linux
Запустите Kali Linux и убедитесь, что система подключена к Интернету.
Откройте терминал Kali и запустите SET:
При первом запуске SET, нужно будет принять условия использования.
В главном меню выберите вариант Social-Engineering Attacks.
Выберите Website Attacks Vectors.
Выберите Harvester Attack Method.
Чтобы создать клон сайта, выберите Site Cloner.
В интерактивном меню Site Cloner установите IP-адрес вашей системы Kali Linux. Если система Kali Linux размещена в облаке, это будет общедоступный IP-адрес.
Введите URL-адрес для клонирования. Для примера я буду использовать страницу авторизации Facebook
Когда жертва попадет на фишинговый сайт появится страница авторизации Facebook.
При вводе пользователем логина и пароля, данные отобразятся в окне терминала.
После чего целевой пользователь будет автоматически перенаправлен на настоящий сайт.
Как видите, создать фишинговый сайт довольно просто. Хитрость заключается в изучении жертвы, настройке таргетинга, определения часто посещаемых сайтов и размещении фейковой страницы сайта в Интернете. Для лучшего результата, рекомендую использовать социальную инженерию.
Для маскировки IP-адреса или домена фишингового сайта, используйте обфускацию. Можно также использовать SET для создания фишингового электронного письма с ссылкой на фишинговый сайт.
На этом все. Теперь вы знаете, как создать фишинговую страницу с помощью SET на Kali Linux. В следующей статье я покажу, как создать полезную нагрузку для тихого выполнения с USB-устройств.
РЕКОМЕНДУЕМ:
V O I D
After this it will ask you to enter the URL of the website you want to clone.
- In this let’s clone the Facebook website
- Paste the URL in the SET tool kit terminal and it will start cloning it
>> Once the victim will click on click on the link victim will be redirected to the login page.
For Example
Here I am typing the details :
User name: xxxxxxxxxx@gmail.com
Password:123456
Now go to you Kali Linux and go to the location :
root/.set//reports/2018–12–27 08:03:52.640607.html
Here in this file, you will get all the credentials in clear text.
This is how you can get the credentials of the victim.
Thank you! Hope you Succeed!
Warning: For Educational Purpose only
- Get link
- Other Apps
Comments
Post a Comment
Popular posts from this blog
What is Log4j Vulnerability ?
Log4j also know as Log4Shell is one of the recent type of hac*ing methology which is initiated by Apache. What is Log4J attack? This is an open-source logging library, which is used by almost all major Java-based enterprise apps and servers across the industry. A logging library is used to keep track of all the activity inside an application. The flaw allows any hacker or cyber-criminal to control and execute ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library. This attack exploits the Log4j vulnerability to download a Trojan malware, which triggers a download of an .exe file, which in turn installs a crypto-miner. Once the crypto-miner is installed, it starts using the victim’s resources in order to mine for cryptocurrency for the attackers’ profit, all without the victim knowing they have been compromised The vulnerability is also dubbed as Log4Shell and was first highlighted by researchers at LunaSec. The issue was discovered in Micro
How To Stop Becoming a Bait (A Cyber Security Methodology)
INTRODUCTION The expanding Cyber dangers suggest that people, little businesses, huge organizations, and government organizations are progressively concentrating on securing their frameworks against all shapes of cyber dangers. In layman terms, Cybersecurity is the act of securing standalone computers an arrangement of interconnected computers, person, organizational, and profoundly touchy government and national security information from harming Cyber assaults. This handle includes receiving an assortment of Cybersecurity concepts to suit wants of the clients. For a fledgling, the Cyber Security nuts and bolts and ideas incorporate knowing around keeping secure from mail tricks, malware, infection, wi-fi security, budgetary tricks, phishing tricks, secure utilize of web devices like social media, and more. Indeed smartphones are progressively getting to be an indispensably portion of our day by day lives and require some basic security. Apprentices need to get it a few essential co
HTTrack — Make any Website Offline
HTTrack is a free tool that can clone an entire website. HTTrack allows to download any website in local folder. It comes pre-installed in Kali Linux.
HTTrack copies all the website including HTML pages, images, directories, links, structures from the server to our system’s drive. It make a page by page copy of an website. That we can visit the website offline. This helps penetration testers a lot. When we don’t have to study a a website’s content in short time then we can save it on our local drive for reading in future.
HTTrack has two versions one is command line (CLI) another is graphical based (GUI). In our this detailed post we will talk about these both.
HTTrack
HTTrack comes with Kali Linux full version or we can install it on Kali or other Debian based distro by using following command:
sudo apt-get install httrack -y
After the installation process done we can copy an website to copy a website we use following command:
httrack https://site_ur -O /home/user/directory
The above command will clone the example website on our required directory. Then we can browse it’s index page from our local disk.
Otherwise we can just use httrack command to run it on interactive mode:
Then it will as us the project name as we can see in the following screenshot:
Here we can enter our project name as we wish. Then we press return or enter key and it will ask for path to save the cloned offline website. We can choose any path on our system or simply press Enter key to use default path i.e /home/kali/websites
Here we need to put the URL of websites. We can clone multiple websites by entering their URL’s separated by comma or blank space. For an example we are going to clone the blog of re4son and we put the URL as we can see in the following screenshot:
We press return and we get some other options.
- Mirror Web Site(s)
- Mirror Web Site(s) with Wizard
- Just Get Files Indicated
- Mirror ALL links in URLs (Multiple Mirror)
- Test Links In URLs (Bookmark Test)
We can choose any number as per our requirements here for an example we just mirror a website so we choose 1 and press Enter .
Then we need to set a proxy we don’t using any proxy here so we simply hit Enter.
Now it will ask for define wildcards we also don’t need any special wildcards so we press Enter again for none.
Then we can choose manual options here we can type help for options but we hit Enter again to skip it.
Now we are ready to mirror or clone the website. HTTrack asks that we are ready or not to lunch the mirror process here we press y for yes and hit Enter.
Then our cloning process will started as we can in the following screenshot:
After completing the process we can see offline copy of our website in our local directory /home/kali/websites
Then inside of our project directory (Example was our project name) we got the website’s offline copy.
We can open the index.html file on any browser to access the offline website.
In the following screenshot we can see the offline website is opened in chromium web browser and check the URL section to be sure that it is offline.
Now this is not end. HTTrack have a GUI version let’s talk about it.
WebHTTrack
WebHTTrack is a web-based Graphical User Interface version of HTTrack. We can install it by using following command:
sudo apt-get install webhttrack -y
Now we can launch it by simply using webhttrack command on our terminal. Also we can start it from application menu.
After launching it we can see that it opens in our browser. As we told it is a web based tool. We can see it is opened in our browser in the following screenshot:
Here default language is English or we can change the language. We are alright with English so we click on «Next» Then we got something like following screenshot:
Here we can fill the projects name, paths etc and click on next.
Here we can fill the inputs like URLs for cloning and other parameters then we click on «Next».
Then we will be on the Start Page. Here we got the «Start» button and we press it.
Then it will start downloading the website on our defined storage location.
From here we can see the mirrored website. This GUI based tool is very easy to use.
Now the point has came where we are going to request you to follow our social media. Like our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group . We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section . As we know our comment section is always open to everyone. We read each and every comment and we always reply .