Skip to main content

Social Engineering Penetration Testing

                                    HACK FACEBOOK ACCOUNT 


■ Clone a website
■ Obtain user names and passwords using the Credential Harvester method
■ Generate reports for conducted penetration tests

Tools Needed

■ Run this tool in BackTrack Virtual Machine
■ Web browser with Internet access
■ Administrative privileges to run tools


Steps :-

1. Log in to your BackTrack virtual machine.

2. Select Applications -> BackTrack -> Exploitation Tools -> Social 
Engineering Tools       -> Social Engineering Toolkit and click Set.


3. A Terminal window for SET will appear. Type y and press Enter to 
agree to the terms     of service.



4. You will be presented will a list o f menus to select the task. Type 1 and 
press Enter        to select  the Social-Engineering Attacks option.



5. A list o f menus in Social-Engineering Attacks will appear; type 2 and 
press Enter to     select Website Attack Vectors.



6. In the next set o f menus that appears, type 3 and press Enter to select 
the                       Credential Harvester Attack Method.



7. Now, type 2 and press Enter to select the Site Cloner option from the 
menu.



8. 
Type the IP address o f your BackTrack viruial PC in the prompt for IP 
address for          the POST back in Harvester/Tabnabbing and press Enter.
     In this example, the IP is 10.0.0.15.



9. 
Now , you will be prompted for a URL to be cloned, type the desired 
URL for Enter          the url to clone and press Enter. In this example, we 
have used www.facebook.com.     This will initiate the cloning of the 
specified website.



10. After cloning is completed, the highlighted message, as shown in the 
following               screenshot, will appear on the Terminal screen of SET. Press 
Enter to continue.

11. It will start Credential Harvester.



12. Leave the Credential Harvester Attack to fetch in formation from the 
victim’s machine.



13. Now , you have to send the IP address of your BackTrack machine to a 
victim and          trick him or her to click to browse the IP address.

14. For this demo, launch your web browser in the BackTrack machine;
      launch your favorite email service. In this example we have used
      www.gmail.com. Login to your gmail account and compose an email.



15. Place the cursor in the body of the email where you wish to place the lake URL. 
     Then , click the Link



16. In the Edit Link window, first type the actual address in the Web 
address field under the Link         to option and then type the fake URL in 
the Text to display held. In this example, the web               address we have 
used is http://10.0.0.15 and text to display is 
www.facebook.com/Rini_TGIF.          Click OK



17. The fake URL should appear in the email body, as shown in the 
following screenshot.




18. To verify that the fake URL is linked to the actual URL, click the fake 
URL and it will display       the actual URL as Go to link: with the actual 
URL. Send the email to the intended user.



19. When the victim clicks the URL, he or she will be presented with a 
replica of Facebook.com


20. The victim w ill be enticed to enter his or her username and password 
into the form fields as it         appears to be a genuine website. When the 
victim enters the Username and Password and               clicks Log In, it does 
not allow logging in; instead, it redirects to the legitimate Facebook
      login page. Observe the URL in the browser.





21. As soon the victim types in the email address and password, the SET 
Terminal in BackTrack         fetches the typed username and password, 
which can be used by an attacker to gain                        unauthorized access to the 
victim ’s account



.
22. Press CTRL+C to generate a report tor this attack performed




Comments

Popular posts from this blog

Here Are 7 Brilliant Cheat Sheets For Linux/Unix

There's nothing better than a cheatsheet when you are stuck and need a reference. So here bringing to you 7 brilliant free cheat sheets. 




1. Unix Tool Box: An incredibly exhaustive reference for all things Linux. This document is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.

2. One page Linux Manual: Great one page reference to the most popular Linux commands, it is a summary of useful Linux commands.

3. Linux Reference Card: One great reference published by FOSSwire.

4. Linux Command Line Cheat Sheet: This is an interestingly sorted and helpful cheat sheet by cheatography.

5. Linux Command Line Tips: This is a linux command line reference for common operations. Cleanly sorted and well described.

6. Treebeard’s Unix Cheat Sheet: A great reference that shows command comparisons with that of DOS. So if you are someone who was a DOS user and has switched to Linux, this is the best one too have!

7. Linux Shortcuts and Commands:…

WhatsApp is illegal, will soon banned in India : Government

WhatsApp could have accidentally entered into troubled waters here in India by enabling its end-to-end encryption for all. The new security feature by WhatsApp is not what is required by the Indian telecom rules and WhatsApp could face a ban, if the rules are not adhered to. But not yet.
In India, companies need to follow the country’s rules and adhere to specific types of encryption, which WhatsApp does not currently use. WhatsApp’s end-to-end encryption on its chat service means that WhatsApp or anyone else won’t be able to crack open its contents.  Only the sender and the recipient are able to read the encrypted data. WhatsApp uses a 256-bit key for encryption of all chat messages, which is only known to the sender and the recipient.
Why is it not possible for WhatsApp to help decrypt users’ messages? "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us," WhatsApp founders Jan Koum and Brian Acton wrote on their blog. How…

3 Mega Acquisitions in last week affects the Internet Space of India

Qihoo 360 buys Opera in $1.2 Billion Opera Software intends to accept a $1.2 billion acquisition offer from a group of Chinese companies. The Chinese consortium includes Internet security company Qihoo 360, Internet firm Beijing Kunlun (which invested roughly$93 millioninto Grindr earlier in the year) and investment group Golden Brick and Yonglian. According to Opera, the $1.2 billion is a 56 percent premium over Opera's share price during the last 30 trading days. Despiteclaiming350 million users, the company's browser has struggled in the oversaturated Western market. China could be a profitable arena for Opera, in part because Google's Chrome browserdoes not come preinstalled on Android phones in China like it does elsewhere. In addition, doing business in China without local partners is nigh impossible, but Opera could leverage the networks of Kunlun and Qihoo 360 if the deal goes through.


Snapdeal Buys Freecharge in $400Million e-commerce marketplace Snapdeal has acquired …