Before We Begin...
Using phishing to steal usernames and passwords is illegal and punishable. techizhub won't be responsible for misuse of this information.This tutorial is provided only for educational purposes.
Phishing is the attempt to obtain sensitive information such as
usernames, passwords, and credit card details (and, indirectly, money),
often for malicious reasons, by disguising as a trustworthy entity in an
electronic communication.The word is a neologism created as a homophone
of fishing due to the similarity of using a bait in an attempt to catch a victim.
In this tutorial we are going to learn how hackers use phishing attack to steal usernames and passwords using kali linux.We are using Social Engineering Tool kit.So let us begin..
STEP:1
Power up your kali machine and Open the terminal and enter
setoolkit
STEP:2
enter 1 to select social enginnering attack
STEP:3
enter 2 to select website attack vectors
STEP:4
enter 3 to select credential harvester attack method
STEP:5
enter 2 to select site cloner
STEP:6
enter the attackers IP address(yours).
eg:192.168.138.33
Note:You need to provide your public ip for attack over the WAN or internet.Your Router should be port forwarded for that purpose.If you want to conduct attck over LAN or same network like connected to same wifi network Local ip address only required.Please take precaution to secure your identity while using IP address.You may get tracked using your IP address.
Enter the address of website to clone:
eg:www.facebook.com
You will a confirmation that all files are stored in /var/www/
STEP:7
Now the EXPLOITATION part
Send your IP address Like this to the victim
http://192.168.198.33
Note:Don't send IP directly to victim.It helps them to track you easily.use some url convertor tools and make it looks like normal url.
Set apache server running by entering Y
STEP:8
When the user clicks on your link victim will be redirected to our cloned site and when victim enters username and password it will get stored in a text file in /var/www/ directory.Just open the text file in that directory and the see the user name and password.
Ok.You are now sucessfully hacked the usenames and passwords of the victim.But how secure yourselves from phishing attack
Protection:
1.Make sure to check the address of website before entering your passwords
You can see that the address is not http://www.facebook.com even though the site looks similar.So be safe by being wise
2.Always use Updated version of your browser.The browsers like Chrome has inbuilt features to detect Phishing sites.
3.Use a good Inernet Security application which can protect you from phishing attacks
Conclusion:
So we learned phising attack to hack username and password using social engineering toolkit of kali Linux and ways to protect from such attacks.Always remember that your small mistakes are utilized by hackers to steal your personal data.Do not enter your Login details of any website without checking the website url.
No comments:
Post a Comment