Hacking Facebook Accounts on LAN
Hello Everyone,
Today i want to share my tutorial on how to Phish usernames & passwords using Credential Harvester found in Backtrack 5/ Social Engineering Kit (SET).
This tutorial is aimed for LAN usage only, This means that this will only work on people connected to the same local area network as you. It will not work if you try it on someone outside your network.
Enjoy!
Tools Needed :
- Backtrack 5
- Social Engineering Toolkit (SET)
1) Firstly, click Applications –> Backtrack –> Exploitation Tools –> Social Engineering Toolkit –> SET.
2) The screen shown below will appear, next choose 5 to update your SET and choose “4″ to update your Metasploit Framework. Updating will take awhile depending on your connection. Maybe go have a joint and enjoy some zeppelin?
3) Welcome back Stonie, lets continue. As seen in the picture below we are back to the default screen. Here choose “1″ to choose “Social Engineering Attacks”.
4) Next choose “2″ to choose “Website Attack Vendors” as shown below.
5) Choose “3″ for “Credential Harvester Attack Method”. This is our main ingredient in this exploit.
6) For this tutorial lets choose “2″ for “Site Cloner” as shown below.
7) Here you will need to key in your internal IP address, keying your external IP address will only route it back to your internal IP address. So if you do not know where to find your IP address, open up another terminal and type in “IFCONFIG” as shown below.
8) After keying in your IP address, you will be prompted to key in the site to clone.
9) Upon keying in your site to clone, you will be shown the screen below, press the enter button.
10) Next open up your Firefox (or whatever browser you use). Type in your IP address in you browser as shown below and press enter.
11) The bait is set! If you have done everything correctly, your IP address will now show you a cloned facebook login page as shown below. This is the link we must make our VICTIMS CLICK and LOGIN so you can successfully “PHISH” their credentials.
12) Now the minute someone opens your link, your terminal will prompt you as shown below.
13) When the victim types in their username & password, it will lead them to the real Facebook page but the credentials keyed into the cloned site are sent to our terminal.
14) Voila! As you can see below, email = jameslove & pass = computers.
OBJECTIVE :
Basically we are using our internal IP address to host a cloned website. We must then proceed to find ways and methods to get our LAN victims to click and login to our cloned sites.
No comments:
Post a Comment