Hi TurkHackTeam members,
I'll show you how can we capture all informations which is entering to computer.
Scenario
We set all things about Setoolkit, and we tested them. It works good. But how our victim visit to that address ?
Of course with Ettercap tool! For example, if you want to hack Google account, you provide to your victim reachs to your IP address when he/she entered to Google. Your victim will see phising website which we created. By this means, we will reach her/his email and password easily.
Phising with Setoolkit in Local Network!
First, open your terminal and get Root permissions.
Command;
Now run Setoolkit tool.
Setoolkit; This tool already exists in Linux distribution like Kali Linux, Parrot etc.
If you dont have that tool;
Type setoolkit in terminal for run the tool.
Our tool worked. There are so many features. We'll make phising in local network. So, should select number 1) Social-Engineering Attacks.
Like is said, there are so many features. You can test them for learn what do they do.
Now select 2) Website Attack Vectors.
We'll see 7 different methods.
I generally select 3) Credential Harvester Attack Method. I'll select this method in this topic too.
This point is important. If you want to create page automatically, you need to select 1) Web Templates option. (There are 3 websites in that option)
I will create my own clon website. So, I'll select 2) Site Cloner option.
It is asking to us our IP address now. I will type my 192.168.1.51 IP address.
If you dont know your IP addrees;
You can type this command;
for learn your IP address.
It is asking "which website you want to clone" to us.
I want to make clone of Facebook. So, I'll type;
this.
It says "Type IP address which machine you want to attack". Leave it blank.
All things are ready. Now press Enter for start to attack.
You will see some texts in here. They are unnecessary.
Press enter.
Our attack is started.
Now direct your victim to that address and steal password.
As you can see, There is no different thing in our page from real page.
Now wait your victim's mail and password
).
Now, we got that mail and password.
I'll show you how can we capture all informations which is entering to computer.
Scenario
We set all things about Setoolkit, and we tested them. It works good. But how our victim visit to that address ?
Of course with Ettercap tool! For example, if you want to hack Google account, you provide to your victim reachs to your IP address when he/she entered to Google. Your victim will see phising website which we created. By this means, we will reach her/his email and password easily.
Phising with Setoolkit in Local Network!
First, open your terminal and get Root permissions.
Command;
Kod:
suNow run Setoolkit tool.
Setoolkit; This tool already exists in Linux distribution like Kali Linux, Parrot etc.
If you dont have that tool;
Kod:
git clone https://github.com/trustedsec/social-engineer-toolkit/
chmod +x setoolkit
./setoolkitType setoolkit in terminal for run the tool.
Our tool worked. There are so many features. We'll make phising in local network. So, should select number 1) Social-Engineering Attacks.
Like is said, there are so many features. You can test them for learn what do they do.
Now select 2) Website Attack Vectors.
We'll see 7 different methods.
I generally select 3) Credential Harvester Attack Method. I'll select this method in this topic too.
This point is important. If you want to create page automatically, you need to select 1) Web Templates option. (There are 3 websites in that option)
Kod:
1. Java Required
2. Google
3. TwitterI will create my own clon website. So, I'll select 2) Site Cloner option.
It is asking to us our IP address now. I will type my 192.168.1.51 IP address.
If you dont know your IP addrees;
You can type this command;
Kod:
ifconfigfor learn your IP address.
It is asking "which website you want to clone" to us.
I want to make clone of Facebook. So, I'll type;
Kod:
http://facebook.com/loginthis.
It says "Type IP address which machine you want to attack". Leave it blank.
All things are ready. Now press Enter for start to attack.
You will see some texts in here. They are unnecessary.
Press enter.
Our attack is started.
Now direct your victim to that address and steal password.
As you can see, There is no different thing in our page from real page.
Now wait your victim's mail and password
).
Now, we got that mail and password.
Source: https://www.turkhackteam.org/sosyal-muhendislik/1923814-local-agda-setoolkit-ile-phising.html
Translator: @M3m0ry
Moderatör tarafında düzenlendi:
