Social Engineer Toolkit (SET)-Credential Harvester Attack(hack gmail,facebook,twitter account)

SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. Let’s dive into the menu and do a brief walkthrough of each attack vector.

Requirements

1. Bactrack 5

Social Engineer Toolkit (SET)-Credential Harvester Attack 

step 1 : 1st open terminal and go to this following path


cd  /pentext/exploit/set

and than enter

and type ./set for open  Social Engineer Toolkit

IT's look like

step 2 : Select option 1 : Social-Engineering Attacks from the set toolkit menu

now in set toolkit the new menu is open

step 3 : Select option 2 : Website Attack Vectors

The web attack vector is used by performing phishing attacks against the victim in hopes they click the link. There is a wide-variety of attacks that can occur once they click. We will dive into each one of the attacks later on.

now in set toolkit the new menu is open

step 4 : Select option 3 : Credential Harvester Attack Method

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.

now in set toolkit the new menu is open

step 5 : Select option 2 : Site cloner

now in set toolkit the new menu is open

step 6 : Now u enter  ur target URL which u want clone ex. https://gmail.com

than enter.


Now
Credential Harvester is runing on port 80
A attacker PC is ready for attack .

now an URL you should give to your victim http://<u r ip address>/

in my case

  
http://192.168.1.103/


IN VICTIM PC

When u r victim enter this url http://192.168.1.103/ . web browser open gmail website but this is fake site made by SET toolkit..

When  ur victim enter his/her gmail Credential in this fake website , than fake website send Credential to attacker PC..

You got ur victim gmail Credential..:D

                                                      - - - - - VIDEO TUTORIAL - - - - -

If u want to learn How to use Credential Harvester Attack over the internet than click here(Youtube Video with HD print)

If you have any questions, Feel free to ask.
:D 


Related post : 

• Hack windows 7 pc using metasploit

• Bypass internet security using metasploit (Video demonstration include)

• Man in the middle attack using ssl strip
  

• how to crack WPA key. with VIDEO DEMONSTRATION