Author Topic: [Tutorial] Credential Harvester in Kali Linux (for beginners)  (Read 1024 times)

0 Members and 1 Guest are viewing this topic.

Offline Silver_Solstice

  • NULL
  • Posts: 4
  • Cookies: -6
    • View Profile
Overview

Kali linux's SE Credential Harvesting attack method is designed to clone a url that you send to the victim in order to obtain any information that
is imputed in the targeted site. Any sign of foul play is unnoticeable, as the page will redirect you to the actual login page of the targeted site.

Requirements

Must have prior knowledge for port forwarding. here's a link that helped me out with that: http://portforward.com/

Kali Linux as well as SE tools (should have it by default)

How to

So as you can see above, there arn't a whole lot of requirements for this attack method, it's very basic. There is still however room for error so pay close attention.

1. Open up your terminal and type "setoolkit", if this is your first time opening, you will be prompted with a user agreement, simply type "y" to accept.

2. Now you you must navigate your way to the correct tool (Credential Harvester). Simple choose option 1 then 2 then 3. By this time you should be prompted to choose either: 1.Web templates 2.Site Cloner 3.Custom Import. For this purpose we will choose option 2 for site cloning.

3. Okay, this is the part where most people mess up and fish around youtube for the solution, you will be asked for your IP address. The purpose of entering this is so the user is redirected to the website (that we'll enter later) that is being cloned by YOUR IP address. Here you have two options. You can either choose your local IP (usually starts with 192.168.x.x), doing this will allow you to send the link ONLY WITHIN YOUR OWN WIFI RANGE. Find it by opening a separate terminal and enter "ifconfig". If you wish to send the dubbed url to a victim OUTSIDE the wifi range simply find your public IP address. This you can do by simply looking up "what's my ip".



4. After entering your ip address, you will be asked for the url (website) you want to clone, this variable is up to you. Keep in mind it must be the login page of the website you are trying to obtain the victim's credentials from. In this case let's go with Facebook. The Url for this will be http://facebook.com. after entering this information you will be asked to enable apache, simply accept.


5. Now all we need to do is place the files we just created into the HTML folder. You can find these files in /var/www/ put them into -> /var/www/html.


6. Not quite done yet, if you imputed your public IP you will need to port forward port 80 (refer up to requirements for more info) After you have done this, entering your public IP in your browser should redirect you to the facebook login. Enter some jibberish info for the email/password, now go to those files you just put into your html folder. If you open your file titled Haverseter_date_time (refer to image above) you will see the information you just put.

7. (optional) Ok, you made this dubbed link, but what smart person wouldn't suspect foul play entering in an ip address into their browser? So, what you can do is go to http://tinyurl.com/ and create a link that will lace it to your ip address you entered making it a little less credential-harvesty-hacky-lookin... You're all done!!! Hope this helped you in you're hacking voyage!
                                                                                                                                                       Respectfully -Silver_Solstice
« Last Edit: January 20, 2016, 08:38:51 pm by Silver_Solstice »