Sunny Jovita – 2301939046
Week 8
Disclaimer: This blog is for educational purposes only.
Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.
In this post, I am going to show you on how to implement social engineering attack in daily life, using the Social Engineering Toolkit which is called setoolkit.
The Social–Engineer Toolkit (SET) is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of time. These kind of tools use human behaviors to trick them to the attack vectors.
1. First, we can open up our Linux root terminal, and type this command:
setoolkit
You will see the welcome page like the picture above, and the options for the attack at the bottom.
2. At the bottom of the welcome page, we can see something like this. Since we are going to implement Social Engineering Attacks, choose number 1.
3. Third, the next options will be displayed, choose and hit enter to number 2, Website Attack Vectors.
4. For the next options, choose number 3, Credential Harvester Attack Method.
5. Choose number 1, Web Templates
6. As shown in the picture, it shows the IP address of the attacker, or our IP address. Since my device IP address is correct, so just hit enter.
note: to check IP address, type 'ipconfig' on terminal command prompt. note: to check IP address, type 'ifconfig' on terminal kali linux.
7. Since we already set our IP address. In this options, there are listed web phising templates such as Java Required, Google, Twitter. (another web templates can be found by using Site Cloner). Because in here we aimed Google Account, we choose number 2, Google.
After pressing the enter, the Social Engineering toolkit (SET) starts my Kali Linux Webserver on port 80, with the fake Google account login page.
Finally our setup is done, and now we are ready to share our IP address, which we have found in step number 6, (10.0.2.15).
By sending the IP address to the target, we can gain their information such as their google account (username and password). It looks so real, there are no security issues displayed on it. The URL bar showing the IP address instead the URL itself. However, we can modify the URL actually by generating hosting. We know that not all people will recognize this as the original Google page.
