Phishing Attack: Steal Confidential Information


Phishing is an attack using which a hacker tries to steal your confidential information by pretending to be some trusted person, company, or organization.


For example, you may receive an email that has been sent by your school company, or bank asking for your account details but in reality, it would be sent by a hacker.



Take another example to imagine you may receive an email sent by Gmail or Facebook that says that they are doing some account maintenance or upgrading the system and require you to click on a link to log in in order for you to continue using your Gmail or Facebook account.



The email looks very real but in reality, it is actually sent by a hacker and is an attempt to steal your confidential details.


Create a Fake Login Page to Hack Facebook Accounts

1. Go to the Website of which you want to make the clone a page like Facebook or Gmail etc., in this case, I am taking Facebook www.facebook.com [make sure you are logged out] and right-click anywhere on the page and select View Page Source.


2. Select all the source code displayed on the page by pressing CTRL + A, and paste it into a text editor software like Notepad.




3. Now search for the keyword “action= ”.

4. In the source code change this to “hackme.php”.

5. Change the method from POST to GET.

6. Click on File, à save, and then save the text file as index.php. And make sure you select all file options in the save as type field.

7. Write the below .php code in a blank text file. And click on the file, save it, and then type the name “hackme.php”. [save file name by which we change in index.php file action= “Given Name.php”]. Make sure you have selected all file options in the save-as-type feature.

8. Upload both index.php and hackme.php to a paid or free web hosting like 2freehosting.com or 000webhost.com.

9. After upload send a phishing URL link to the victim [may be your friend or anyone]. When the victim opens the webpage it will look like the real Facebook login screen but actually, it is a fake login screen attack/phishing attack that will steal his password.

10. When the user clicks on the login button he will be automatically redirected to the Facebook website and he will think that some communication error may have occurred or whatever [LoL].

11. Now check your Webhosting File manager there will be a new file called password.txt that would have been created inside when the victim clicks on login which is the username and password that have been saved in it. Finally, we get the victim's Username and Password.


Phishing Automatic Attack by Kali Linux

Social Engineering Toolkit

1. Open Kali Linux Go to Menu à Exploitation Tools à Social Engineering Toolkit àSet.


                          .  ..
                       MMMMMNMNMMMM=
                   .DMM.           .MM$
                 .MM.                 MM,.
                 MN.                    MM.
               .M.                       MM
              .M   .....................  NM
              MM   .8888888888888888888.   M7
             .M    88888888888888888888.   ,M
             MM       ..888.MMMMM    .     .M.
             MM         888.MMMMMMMMMMM     M
             MM         888.MMMMMMMMMMM.    M
             MM         888.      NMMMM.   .M
              M.        888.MMMMMMMMMMM.   ZM
              NM.       888.MMMMMMMMMMM    M:
              .M+      .....              MM.
               .MM.                     .MD
                 MM .                  .MM
                  $MM                .MM.
                    ,MM?          .MMM
                       ,MMMMMMMMMMM
                https://www.trustedsec.com

[---]        The Social-Engineer Toolkit (SET)         [---]
[---]        Created by: David Kennedy (ReL1K)         [---]
                      Version: 8.0.3
                    Codename: 'Maverick'
[---]        Follow us on Twitter: @TrustedSec         [---]
[---]        Follow me on Twitter: @HackingDave        [---]
[---]       Homepage: https://www.trustedsec.com       [---]                                                                                
        Welcome to the Social-Engineer Toolkit (SET).                                                                                       
         The one stop shop for all of your SE needs.                                                                                        
                                                                                                                                            
   The Social-Engineer Toolkit is a product of TrustedSec.                                                                                  
                                                                                                                                            
           Visit: https://www.trustedsec.com                                                                                                
                                                                                                                                            
   It's easy to update using the PenTesters Framework! (PTF)
Visit https://github.com/trustedsec/ptf to update all your tools!                                                                           
                                                                                                                                            
                                                                                                                                           
 Select from the menu:

   1) Social-Engineering Attacks
   2) Penetration Testing (Fast-Track)
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit

set> 

2. This is what the social engineering toolkit looks like it gives you various options it says select Menu. So here we have to press 1 for social engineering testing.

set> 1

3. Next it gives me again various types of attacks that can I Execute. So I want to execute website attack vectors by selecting Option 2.

set> 2

4. Now I want to execute a credential harvester attack method so I Select 3.

set:webattack> 3

5. Now it shows three attacks we want to execute site cloner an attack so we Select 2.

set:webattack> 2

6. Now it is asking me to enter the IP address of my own computer where the Username and Password will be sent. Open a new terminal window in Kali Linux and type the command “ifconfig” then press Enter. Now see my IP Address has been displayed so now copy it.

7. Now Paste your IP Address and press enter.

8. Now it asks me to enter the URL of the website which I want to clone. I want to clone http://www.facebook.com and press Enter.

9. Now the Facebook website is cloned press the enter key to continue.

10. So now I want my friend's or anyone else Username and Password. I need to fool my friend or anyone else to log in on my own Facebook-cloned site.

11. For that send this IP Address to your friend or Anyone whose account you want to hack. When they log in to your clone website.

Then after clicking on the login button on the terminal, it shows the Username and Password of my friend or anyone else.

Now successfully I get the Username and Password of my friend.


ShellPhish

Usage:

git clone https://github.com/thelinuxchoice/shellphish
cd shellphish
bash shellphish.sh


How do you prevent Phishing Attacks?

To identify a phishing attack first you follow these steps:
  • Spelling mistakes and poor grammar.
  • The mismatched domain name and email address.
  • Suspicious attachment.
  • Request for personal information.
  • Offers that look too good to be true.
  • To prevent phishing attacks always use two-factor authentication.

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.

#buttons=(Ok, Go it!) #days=(20)

Our website uses cookies to enhance your experience. Learn More
Ok, Go it!