BACKTRACK : The credential harvester attack

Hey guys .. how u been ? so enjoying . huh ?? well m back with another Backtrack post . Its called credential harvester attack . By this u can get id and passwords of any user in urlan u want.

follow these steps:

starting SET

Well in Backtrack there is an awesome tool called SET (Social Engineering Toolkit).

• To start this toolkit login as root by issuing command sudo su .

• Then issue following command:
  cd /pentest/exploits/set .
• Now u are in SET directory , again following command and hit enter: ./set.

Now you are in that tool kit.

Using SET

In SET you can navigate through your number pad . To navigate press corresponding keys. OK now about The credential harvester attack .... follow these steps and u can refer to pics also.

• Select option no. 1 which says Social Engg toolkit .. if your SET is updated or select credential harvester method directly
• now select option no. 2 again which says Website Attack Vectors (for updated SET).
• Select option 3 which says Credential Harvester Attack Method.
• Now select any of options .. for now select option 1 which says Web Templates.
• Now select any of the templates , i used gmail .

Now it may ask for your interface address , put your lan ip there ... in my case it was 192.168.1.1

Final step

Now give your ip to anyone in your LAN and somehow make them open it .. (that depends on you..lot of ways are there).

now you will get every entry that person does in that attack.

Feel free to ask doubts.

Guys plz comment and share and like .... thanks
Stay Tuned !!!!