In this tutorial we are working on a phishing method called Credential Harvester Attack, using the Social Engineering Toolkit in the Kali Linux distribution. A little theory for start and the video for dessert…;)
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofingor instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Credential Harvester Attack Method
Normally if a system is exploited remotely, a hacker wants to get a shell of remote system, but some times he does not need any shell, instead perform phishing attacks in order to obtain credentials like username and passwords from the system. This can be done by credential harvester attack method.
In this type of attack, a website is cloned first, and when the victim enters in the user credentials, the usernames and passwords are captured by attacker and then the victim is redirected back to the legitimate site.
The Social-Engineer Toolkit (SET) is an open-source Python-driven tool aimed at penetration testing around Social-Engineering.
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.
The term “Social engineering” as an act of psychological manipulation is also associated with the social sciences, but its usage has caught on among computer and information security professionals.
Everything you are going to see is for educational purposes only, so operate carefully and in your own property. I bring no responsibility in what happens to you if you act irresponsibly.
Thank You For Watching.:)