Social Engineering

Social Engineering Toolkit – Credential Harvester Attack (Local Lan)

Hey everybody, Today I’ll be talking about how hackers clone websites to steal passwords.

Credential Harvester Attack Vector

First, let’s talk about the process they go through in order to steal a facebook password or any other website, Let’s actually do it in steps first, then I’ll show you a video of the attack in progress.

First things first, hackers need to choose their type of attack that they want to use this could be a credential harvester, browser autopwn, tabnabbing attack,  java applet attack, and that’s only just a thew scary attacks they can do. We are going to use the credential harvester in this demonstration.

we need to load the social engineering toolkit, so type in the terminal.

setoolkit

settoolkit.PNG

if this is your first time, you need to type to

Y

agree to the license.

Now it’s all a matter of banging through the steps.

social_engineering_attacks.PNG

for social engineering attacks.

Now select the Website Attack Vectors.

website_attack_vectors.PNG

Now select the Credential Harvester Attack Method.

third_option

Now you have to choose from 3 options, website template, site cloner or custom import, Just select site cloner you can experiment with the others yourself.

 

Now type in your local IP address just open up another terminal and type in

ifconfig

ifconfig.PNG

and you should see an address something like 192.168.1.10 but yours will be different numbers so type that in and press enter.

Now for an example type in and this it will clone a facebook.

https://www.facebook.com

website_clone

but this could be any website you would like.

server_running.PNG

It’s done, now all you need to do is get someone on your network to type in your IP address and then Facebook will appear, The idea is for a hacker to convince the person to type in their email address and password once they have done that you will then harvest those details, that’s why it’s called the credential harvester attack.

 

Here’s a demonstration of the attack.

 

Prevention

Make sure you check the URL you’re about to click on, does not contain an IP address (numbers such as 181.45.120.2) because it could potentially be a malicious server.

And Keep your software up to date and make sure you have some virus protection.

https://www.malwarebytes.com/

https://www.avast.com/en-au/index

 

Leave a Reply