What Is Social Engineering Toolkit
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. SET is a must have tool kit for every penetration tester.
In this tutorial we will see the step by step procedure of how we can attack our
victim using Credential Harvester Attack method. Social-Engineering toolkit is already available on backtrack5. So we will use that tool kit in our attack.
Procedure to Attack A Victim With SET
Step 1:
Once you have got the backtrack loaded, open up your console and type the following command
cd /pentest/exploits/set
Once you are in the SET directory type ./set to launch the social engineering toolkit.
Step 2:
Once SET has been loaded, You should see many options, Since we are working with credential harvester attack method, we will select the second option which is website attack vectors.
Step 3
Next you would see many options under website attack vectors, we will select the 3rd option.
Now, SET will ask us about the type of attack vector we would like to use, If you have your own webtemplate, you can go for the third option.In this article, i am going with the first option which gives me some predefined webtemplates.
Step 5
Now it asks us to select the web template. In my case it is GMAIL, which is second option. After selecting the 2nd option and pressing enter just continue by pressing enter key again. Now SET will start cloning my local IP address of the backtrack box.
Step 6
Now open a new terminal and type ifconfig to get the IP address of your backtrack box.
When the victim visits this ip address, he will get my cloned gmail website and he will enter his login credentials.
Step 7
The entered credentials can be found at our SET terminal as shown in the following figure.
Hope you liked this article. Feel free to leave your comments for further doubts and clarifications.
When i tried to do so, i was able to get username & password if i enter from my pc but when i gave that link (IP) to my friends than it showed Server Taking To Long To Respond.
REPLYMaybe it's because of my local Ip getting cloned. Can u tell me how should i clone to my Global Ip..??
@Sanket Shah
This method is applicable for attacking computers inside your LAN, However if you want to attack outside the network, You would need to obtain a public IP address and would need to do port forwarding on your router.
how to make it root@root??
REPLYwhere should I download it?
REPLYHi, I follow your tutorial, but my website seems to be real "gmail" website, that's, my SET terminal only display a GET request coming in, but no matter how hard i try, it just never print out the credentials I type in.. anyone has the same problem? thanks in advance.
REPLY@ Srinivas
REPLYHii... I am Minesh. I am little bit hacker. I want to know how to make phishing page of facebook & get the password ? Can u tell me how to do it ?
Awesome tut. you got there. I've successfully phished acounts on my lan. So to got outside lan (on wan) I have to send my victim my external IP 20.xx.xxx.xx and open a port. Can you tell me which port is it because I already have port 80, 443, 4444 open. Thanks in advance.
REPLY@bot_stop
REPLYPort 80(Web server) should be Open
How to hack Wifi Password throught..
REPLYI Want Full Tutorial of BackTrack Wifi hacking easily please give me if you have..
REPLY@KHADEER PASHA
REPLYPlease check these tutorials
http://hackhaholic.blogspot.com/2011/07/cracking-wep-using-backtrack-wifi.html
Use the form below to comment. No spam please!!!