Social Engineering Toolkit has many features to harvest user information.
This tutorial shows one feature - harvest user data.
Step 1: Start ~setoolkit , Choose SE attacks
Step 2: Choose website attack vectors
Step 3: Credential Harvester Attack Method
Step 4: Web templates
Step 5: Confirm IP address for the post back in Harvester [default your ip address]
Step 6: For phising templates, choose Google/Twitter
Step 7: Harvester is running on port 80 (by default) ...
----------------------------
Hunting Victims
Open a browser and put in the harvester IP address (same as above)
key in email/username and password, and then click sign in
-------------------------
On the Harvester terminal, it displays the login process and the username and password.
#
Note:
Suggest to put the SET terminal and Browser side-by-side
No comments:
Post a Comment