First open your kali Linux application tab in Exploitation Tools and then chose SET Toolkit
Now choose option 1, “Social – Engineering Attacks”
and Enter
Then choose option 2, “Website Attack Vectors” and
Enter
After
that choose option 3, “Credential Harvester Attack Method”
and Enter
Now choose option 2 Site
Cloner and press Enter
For
Post back type your IP address and
press Enter, After that type the website
name you want to be Clone (in my case I am using gmail )
Cloned web page will be saving in /var/www Folder. As shown below.
Now move cloned files of fake page (e.g. Harvester, post & index.html) in /var/www/html folder.
Now right click on harvester
.txt file and give read and write
permission.
Now open etter.dns
file which is in /etc/ettercap folder.
Modify the contents of the etter.dns and add your own pc IP address as A record.
Now Open Ettercap
and go to Sniff and choose Unified sniffing.
Select you network
interface (in my case interface is eth0)
Now go to hosts
and select Scan for hosts. It will
show you the connected PC in your network.
Select
host list and select your Target after that click on Add to Target 1 (if you want to select more than 1 target then select the target again
and click on Add to Target again )
Open Mitm option
and select ARP poisoning...
It will give you a Pop
up in which select the Sniff remote
connection box and hit OK.
Select Plugins
and choose Manage the plugins.
IN Plugins option
double click on dns_spoof. (It will start DNS spoofing)
Click on start
and select Start sniffing
Now,
when the victim will open any web page, the page will redirect it to the Fake
page you created.
When
victim will put there Id & Password, will get all the details.
The Hacked ID &
Password of Victim will get saved in
/var/www/html/harvester.txt. As shown below.
0 comments:
Post a Comment