Credential Harvester Attack
Social Engineering Toolkit
Social engineering toolkit has played and is playing an important role in the field of information security and ethical hacking, social engineering means to take advantages of human weakness to hack a computer system or a server.
The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain usernames and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.
In this post, we will see how we can use the Credential Harvester Attack Vector of Social Engineering Toolkit in order to obtain valid passwords.
How it’s done
we can type the following command in a terminal to open the social engineering toolkit
setoolkit
We can see the Social-Engineering Attacks in the top of the menu
We want to select Social Engineering Attacks, so choose number 1.
And then you will be displayed the next options and choose number 2. Website Attack Vectors.
Next, we choose number 3. Credential Harvester Attack Method
Then we choose number 2. Site Cloner.
Because, my Kali Linux PC and test PC were in the same Wi-Fi network, so just input the attacker (my PC) local IP address. if you are executing the attack on WAN then you must provide your external IP address
PS: To check your device IP address, type: ifconfig
Now Enter URL of site which you want to clone we are cloning https://www.facebook.com/ this will take a little bit time……
So, we opened in our Windows 10 machine chrome browser and type our VM IP address. (Because the attacker host page from attacker’s PC)
Our clone site load like this
So, we put details in here
Now I will go back to Kali Linux and check if we have successfully harvested the login details.
We have successfully stolen the Facebook credentials from the target machine.
