Using Kali Linux: Perform Website Cloning via SET toolkit

-
First open the Terminal in Kali Linux,
Before initiating the SET, there are some other things which you need to know...those are,

Step 1: check your IP address(Kali Linux)

Step 2: check all the machines inside the network
Command: Netdiscover –r 192.168.243.0/24

 Then we got the

  1. network IP
  2. Default gateway
  3. Broadcast ip

Ping the IP (unknown )to check whether host is live or not:

Command: Ping 192.168.243.129

 Now open social engineering framework in kali Linux

Command: Setoolkit


 Click the First Option :

1- social engineering attacks
Now since we have to perform the website cloning so we have to chose the option

2- Website Attack Vectors
Then click on

5- Web Jacking Attack Method
Then on

Then choose the

2- Site Cloner

After this it will ask you for an IP address (put your kali linux machine IP address)

After this it will ask you to enter the URL of the website you want to clone.

  • In this let's clone the Facebook website
  • Paste the URL in the SET tool kit terminal and it will start cloning it
Now URL has been cloned. Then you have to send the cloned website to the victim so that he can click on the link and you will get his credentials in your Kali Linux.


>> Once the victim will click on click on the link victim will be redirected to the login page.

For Example
                                Here I am typing the details :
                                           User name: xxxxxxxxxx@gmail.com
                                           Password:123456
Now go to you Kali Linux and go to the location :
root/.set//reports/2018–12–27 08:03:52.640607.html
Here in this file, you will get all the credentials in clear text.




This is how you can get the credentials of the victim.

Thank you! Hope you Succeed!
Warning: For Educational Purpose only

courtesy: https://medium.com/

Comments

Post a Comment

Popular posts from this blog

What is Log4j Vulnerability ?

-
Image
Log4j also know as Log4Shell is one of the recent type of hac*ing methology which is initiated by Apache. What is Log4J attack? This is an open-source logging library, which is used by almost all major Java-based enterprise apps and servers across the industry. A logging library is used to keep track of all the activity inside an application. The flaw allows any hacker or cyber-criminal to control and execute ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library. This attack exploits the Log4j vulnerability to download a Trojan malware, which triggers a download of an .exe file, which in turn installs a crypto-miner. Once the crypto-miner is installed, it starts using the victim’s resources in order to mine for cryptocurrency for the attackers’ profit, all without the victim knowing they have been compromised The vulnerability is also dubbed as Log4Shell and was first highlighted by researchers at LunaSec. The issue was discovered in Micro
Read more

How To Stop Becoming a Bait (A Cyber Security Methodology)

-
Image
INTRODUCTION The expanding Cyber dangers suggest that people, little businesses, huge organizations, and government organizations are progressively concentrating on securing their frameworks against all shapes of cyber dangers. In layman terms, Cybersecurity is the act of securing standalone computers an arrangement of interconnected computers, person, organizational, and profoundly touchy government and national security information from harming Cyber assaults. This handle includes receiving an assortment of Cybersecurity concepts to suit wants of the clients. For a fledgling, the Cyber Security nuts and bolts and ideas incorporate knowing around keeping secure from mail tricks, malware, infection, wi-fi security, budgetary tricks, phishing tricks, secure utilize of web devices like social media, and more. Indeed smartphones are progressively getting to be an indispensably portion of our day by day lives and require some basic security. Apprentices need to get it a few essential co
Read more