Credential Harvester Tutorial
What is the social engineer toolkit?
The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.
The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 9 months since its release,“Metasploit: The Penetrations Testers Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.
SET is included in the latest version of the most popular Linux distribution focused on security, Back|Track. It can also be downloaded through github using the following command:
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/https://www.trustedsec.com/downloads/social-engineer-toolkit/
Alright so getting started! first navigate to S.E.T. : Applications>Kali Linux>Exploitation tools>Social Engineer Toolkit
Now we should be at the main S.E.T screen as shown
Image has been scaled down 16% (870x490). Click this bar to view original image (1024x576). Click image to open in new window.
![[Image: Screenshotfrom2014-03-10161025_zpsadeef65c.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u-zdgAAEYiRQKYwnj_p0umsfLkxg7bPTkPiDu1B3HxGd-hikvQ5JduPKc1tZy-o6t5NFPo8MgTfGbo8Kvqqls3YHWE5LcsPMPuAyIKOq63ulKiQ140tdanrCry9hsSj4vqYt_yRtkpNYKixJqaBumwghxPrzctcI0dJAX9IGS66X7rjZ79=s0-d)
Now if you noticed there all numbered so i am just going to direct you which numbers to choose from here on out as to avoid tons of pics!
First choose 1: Social Engineering attacks
Second choose 2: Website attack vectors
Third choose 3: (Ironically
lol) Credential Harvester Attack MethodFourth choose 2: Site cloner
Now if your on linux (which you should be
) lol Do a "ifconfig" really quick in terminal and get your IPIf your on windows CMD "ipconfig"
Now type in your IP where it asks for it!
Then it will prompt you for a Website to clone really quick for example i used gmail! http://www.gmail.com
Now you should have a Blue text saying Credential Harvester with the port number as shown below
Image has been scaled down 16% (870x490). Click this bar to view original image (1024x576). Click image to open in new window.
![[Image: Screenshotfrom2014-03-10161229_zpsea1e1d68.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tePkfZ5_VFsAc9h7q1YxXMZJI-X8dJ9BT4RTWpYFgfFyVrjWhhBasQe2E6JUW4PUadDF7A1MOwY0p4k3julnLpucUur00qWzMgJ0JdWlSJUfG_kDGZX1ll-GYnfi5_HjeLnA6nW-GqOKyZ-Ho2SS0svFKWFFXh75AN4LRuGlOBiqDF7J3U=s0-d)
If your shit looks like the pic above your good to go
hahaNow everything is quite simple ( as if it wasnt already
) all we are going to do is send our IP to our victim! i suggest shortening the link so he dosnt see a random sketch IP 
As soon as our victim clicks the link he will be directed to a IDENTICAL gmail login page and hopefully dumb enough to log in
Image has been scaled down 16% (870x490). Click this bar to view original image (1024x576). Click image to open in new window.
![[Image: Screenshotfrom2014-03-10161457_zpsdef1ffd4.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tH9lezz6PVv3fvGJ-HA7HvQgDPsryXHP5iEtASnj-88pBqybQQDlu3O1_ci0LoVUSe7Dq9O2vVDtXYLOxWXvfH67Dkhr981hy7pI8wJ0mb6iw705p2lbaLeroR9ZQvIpOCnxL1JdHlqPhBXo4rO9cmwMSAXqRhmohAJzaDgdPAvnwFOXLX=s0-d)
As soon as he fills this out and clicks login The username and password will be captured and sent to your S.E.T session as shown below
Image has been scaled down 16% (870x490). Click this bar to view original image (1024x576). Click image to open in new window.
![[Image: Screenshotfrom2014-03-10161603_zps8db9a190.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uFQGTzyZywDHrjf819dfEDRroZIZVXgQ3oSMS-R7XphxMK_4ToOYDE2-7Vf3wfTxEfGmQZ0dhAY1_3l4oIw8lOIBn4iFQ8tQcZ3QYeRoGVvrYKV27iuCvTDfR1jxNVUYrgc74BZ5S9JRGfHWZcOCI_GtT9P80zbUBBTMPZMR_gtDughlM=s0-d)
Well thats it for today folks hope youve enjoyed the Tut and find it useful
lol
0 Comments:
Post a Comment