How To Use Set Kali Linux

( Social Engineering Toolkit (SET): Lesson 1)

{ Clone website to gain victim's passwords }

---

Section 0. Groundwork Data

1. What is the Social-Engineering Toolkit (Prepare)
   • The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the homo element of penetration testing.
   • Information technology'due south main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively exam how a targeted attack may succeed.
   • Social-Engineering toolkit available on backtrack like on backtrack five, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.
   
   
2. Legal Disclaimer
   • As a condition of your utilise of this Web site, you warrant to computersecuritystudent.com that you will not employ this Spider web site for whatever purpose that is unlawful or that is prohibited past these terms, conditions, and notices.
   • In accord with UCC § 2-316, this product is provided with "no warranties, either limited or implied." The information independent is provided "equally-is", with "no guarantee of merchantability."
   • In improver, this is a teaching website that does not condone malicious behavior of whatever kind.
   • Your are on find, that standing and/or using this lab outside your "own" test environment is considered malicious and is against the police.
   • © 2012 No content replication of whatsoever kind is allowed without express written permission.

Section 1. Configure BackTrack Virtual Machine Settings

1. Open up Your VMware Player
   • Instructions:
     1. On Your Host Computer, Become To
     2. Outset --> All Program --> VMWare --> VMWare Player
2. Edit BackTrack Virtual Auto Settings
   • Instructions:
     1. Highlight BackTrack5R1
     2. Click Edit virtual machine settings
   • 
3. Edit Network Adapter
• Instructions:
  1. Highlight Network Adapter
  2. Select Bridged
  3. Do not Click on the OK Button.
• 

Section ii. Login to BackTrack

1. Get-go BackTrack VM Instance
   • Instructions:
     1. Get-go Upwardly VMWare Thespian
     2. Select BackTrack5R1
     3. Play virtual car
   • 
2. Login to BackTrack
   • Instructions:
     1. Login: root
     2. Password: toor or <whatever you changed information technology to>.
   • 
3. Bring upward the GNOME
   • Instructions:
     1. Type startx
   • 

Department iii. Open Console Final and Recall IP Address

1. Open a panel terminal
   • Instructions:
     1. Click on the console terminal
   • 
2. Go IP Address
   • Instructions:
     1. ifconfig -a
   • Notes(FYI):
     1. As indicated below, my IP address is 192.168.ane.108.
     2. Please record your IP address.
     3. If you don't obtain an IP Address, type "dhclient".
   • 

Department 4. Offset the Social Engineering ToolKit

1. Start Social Technology ToolKit
   • Instructions:
     1. cd /pentest/exploits/prepare
     2. ./set
   • 
2. Website Attack Vector
   • Instructions:
     1. Select 2
   • 
3. Select Credential Harvester Method
   • Instructions:
     1. Select 3
   • 
4. Select Site Cloner
   • Instructions:
     1. Select 2
   • 
5. Enter URL to Clone
   • Instructions:
     1. https://world wide web.facebook.com/login.php
     2. Press <Enter>
   • 
6. Website Cloning
   • Instructions:
     1. It might take a few minutes to clone the site.
     2. Just Press <Enter>
     3. Then Proceed to the Next Section to text this exploit.
   • Note(FYI):
     1. Now you have created a cloned facebook login webpage that is listening on port lxxx.
   • 

Section 5. Start Up Windows Machine

• Social Engineering Note
  • The Victim does non take to utilize the below VMware Instance.
  • It can be any type of web browser (i.east., Internet Explorer, Firefox, Chrome, etc) for any type of Operating Organization (Windows, Linux, MacOS, etc).
  • Image an aggressor sending an email to the victim that reads, "Hey Cheque out the new beta version of facebook", or whatever website that was cloned.

1. Commencement Up Damn Vulnerable WXP-SP2.
   • Instructions:
     1. Click on Damn Vulnerable WXP-SP2
     2. Click on Edit virtual automobile Settings
   • Note(FYI) :
     • For those of you not function of my grade, this is a Windows XP machine running SP2.
   • 
2. Edit Virtual Machine Settings
   • Instructions:
     1. Click on Network Adapter
     2. Click on the Bridged Radio push button
     3. Click on the OK Push
   • 
3. Play Virtual Machine
   • Instructions:
     1. Click on Damn Vulnerable WXP-SP2
     2. Click on Play virtual auto
   • 
4. Logging into Damn Vulnerable WXP-SP2.
   • Instructions:
     1. Username: administrator
     2. Countersign: Use the Form Password or whatever you set information technology.
   • 
5. Open a Command Prompt
   • Instructions:
     1. Get-go --> All Programs --> Accessories --> Control Prompt
   • 
6. Obtain Damn Vulnerable WXP-SP2's IP Address
   • Instructions:
     1. ipconfig
   • Note(FYI) :
     1. In my case, Damn Vulnerable WXP-SP2'southward IP Accost 192.168.1.109.
     2. This is the IP Address of the Victim Automobile that will be attacked by Metasploit.
     3. Record your Damn Vulnerable WXP-SP2's IP Address.
   • 

Section six. First Up a Web Browser

1. Start Upwardly Internet Explorer
   • Instructions:
     1. Kickoff --> All Programs --> Internet Explorer
   • 
2. Victim Clicks on Link
   • Notation(FYI) :
     • Replace 192.168.1.108 with BackTrack's IP Address obtain from  (Department 3, Step 2).
   • Instructions:
     1. Place the BackTrack IP in the Address Bar.
        • In my example, http://192.168.1.108
     2. Provide a test UserID.
     3. Provide a test Password.
     4. Click Login.
   • 
3. Analyzing Results Later Login
   • Instructions:
     1. Observe that the Address URL changed to Facebook.
        • This is to give the victim a sense of perhaps a failed login try instead of invoking suspicion and alarm.
     2. Discover the Electronic mail textbox is populated with the Login you previous supplied to Cloned Webpage.
     3. Proceed to the next department to see the victim's username and password.
   • 

Department seven. View Victim's Username and Countersign

1. Viewing Victim'due south Username and Password
   • Instructions: (On BackTrack)
     1. Notice that now you have information showing the victim's username and password.
        • Let's say y'all sent this cloned link to many victim's and left Set run for a while, you volition run into a lot of username and password combinations.
     2. To Exit, press the <Ctrl> and "c" key at the same time.
   • 
2. Copy Study Link
   • Instructions:
     1. Highlight the XML link and Right Click
     2. Click on Copy
     3. Press <Enter>
   • 
3. Exit Web Attack Menu
   • Instructions:
     1. Type 99
     2. Press <Enter>
   • 
4. Go out Web Assault Menu
   • Instructions:
     1. Type 99
     2. Press <Enter>
   • 
5. Go out Spider web Attack Menu
   • Instructions:
     1. cat "reports/2014-02-08 05:10:21.784846.xml "
        • Note : In your case, this is the written report created in Footstep ii or this Section.
     2. Notice the Victim'due south Login Credentials
   • Notes(FYI):
     1. Make sure y'all put quotes(") around your file name.
   • 

1. Proof of Lab
   • Instructions:
     1. Clone http://www.linkedin.com
        • (See Section 5)
        • For the Victim Login utilise the following address
          • offset.concluding@victim.com
          • Eastward.g., john.grey@victim.com
     2. true cat the log you created for the cloned linkedin website.
        • (See Section 6, Stride five)
     3. date
     4. echo "Your Name"
        • due east.thousand., echo "John Gray"
   • Proof of Lab Instructions :
     1. Do a Print Screen using the <PrtScn> button.
     2. Paste into a discussion document.
     3. Upload to Moodle.
   • 

How To Use Set Kali Linux,

Source: https://www.computersecuritystudent.com/UNIX/BACKTRACK/BACKTRACK5R1/lesson3/index.html

Posted by: torresthislumakin.blogspot.com

Share this post