Summary:
- Using the Social Engineering Toolkit (SET)
- Modifying the SET Parameters
- Test the SET Attack
I began this exercise by logging into the root account of a Kali Linux virtual machine and opening a terminal window.
To begin, I opened the Social Engineering Toolkit (SET) by using the command:
and accepting the terms of service. On the SET main page, I was presented with a menu of choices and selected:
- Social Engineering Attacks –> Website Attack Vectors –> Credential Harvester Attack Method –> Web Templates
and then entered the IP address of the Kali VM, and selected the Google template.
Next, I began modifying the SET Parameters. Starting with the redirect settings and URL, I entered the following command:
- nano /etc/setoolkit/set.config
and edited the HARVESTER_REDIRECT and the HARVESTER_URL:
Finally, I started to test the SET Attack by launching a OpenSUSE virtual machine and logging in. From this point I opened a Mozilla Firefox window and entered the VM IP address into the address field.
After a moment, a Google sign-in page appeared and in the Email field I entered: John Smith, and in the password field I entered: Letmein.
After this, I navigated back to the Kali VM and noticed in the terminal I had captured the Email and Password.
I then ended and generated a report, and navigated to the /root/.set/reports directory and opened the report to view the contents of the file.
