HACK FACEBOOK ACCOUNT
■ Clone a website
■ Obtain user names and passwords using the Credential Harvester method
■ Generate reports for conducted penetration tests
Tools Needed
■ Run this tool in BackTrack Virtual Machine
■ Web browser with Internet access
■ Administrative privileges to run tools
Steps :-
1. Log in to your BackTrack virtual machine.
2. Select Applications -> BackTrack -> Exploitation Tools -> Social
Engineering Tools -> Social Engineering Toolkit and click Set.
4. You will be presented will a list o f menus to select the task. Type 1 and
press Enter to select the Social-Engineering Attacks option.
5. A list o f menus in Social-Engineering Attacks will appear; type 2 and
press Enter to select Website Attack Vectors.
6. In the next set o f menus that appears, type 3 and press Enter to select
the Credential Harvester Attack Method.
In this example, the IP is 10.0.0.15.
9.
Now , you will be prompted for a URL to be cloned, type the desired
URL for Enter the url to clone and press Enter. In this example, we
have used www.facebook.com. This will initiate the cloning of the
specified website.
10. After cloning is completed, the highlighted message, as shown in the
following screenshot, will appear on the Terminal screen of SET. Press
Enter to continue.
11. It will start Credential Harvester.
12. Leave the Credential Harvester Attack to fetch in formation from the
victim’s machine.
13. Now , you have to send the IP address of your BackTrack machine to a
victim and trick him or her to click to browse the IP address.
14. For this demo, launch your web browser in the BackTrack machine;
launch your favorite email service. In this example we have used
www.gmail.com. Login to your gmail account and compose an email.
15. Place the cursor in the body of the email where you wish to place the lake URL.
Then , click the Link
16. In the Edit Link window, first type the actual address in the Web
address field under the Link to option and then type the fake URL in
the Text to display held. In this example, the web address we have
used is http://10.0.0.15 and text to display is
www.facebook.com/Rini_TGIF. Click OK
17. The fake URL should appear in the email body, as shown in the