What Is Social Engineering Toolkit
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. SET is a must have tool kit for every penetration tester.
In this tutorial we will see the step by step procedure of how we can attack our
victim using Credential Harvester Attack method. Social-Engineering toolkit is already available on backtrack5. So we will use that tool kit in our attack.
Procedure to Attack A Victim With SET
Once you have got the backtrack loaded, open up your console and type the following command
Once you are in the SET directory type ./set to launch the social engineering toolkit.
Once SET has been loaded, You should see many options, Since we are working with credential harvester attack method, we will select the second option which is website attack vectors.
Next you would see many options under website attack vectors, we will select the 3rd option.
Now, SET will ask us about the type of attack vector we would like to use, If you have your own webtemplate, you can go for the third option.In this article, i am going with the first option which gives me some predefined webtemplates.
Now it asks us to select the web template. In my case it is GMAIL, which is second option. After selecting the 2nd option and pressing enter just continue by pressing enter key again. Now SET will start cloning my local IP address of the backtrack box.
Now open a new terminal and type ifconfig to get the IP address of your backtrack box.
When the victim visits this ip address, he will get my cloned gmail website and he will enter his login credentials.
The entered credentials can be found at our SET terminal as shown in the following figure.