Video - Using the Social Engineering Toolkit (SET)

6 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€92.16
List Price:  €129.04
You save:  €36.87
£78.95
List Price:  £110.53
You save:  £31.58
CA$136.82
List Price:  CA$191.55
You save:  CA$54.73
A$150.88
List Price:  A$211.24
You save:  A$60.35
S$134.99
List Price:  S$189
You save:  S$54
HK$780.84
List Price:  HK$1,093.20
You save:  HK$312.36
CHF 92.16
List Price:  CHF 129.04
You save:  CHF 36.87
NOK kr1,065.65
List Price:  NOK kr1,491.95
You save:  NOK kr426.30
DKK kr688.26
List Price:  DKK kr963.60
You save:  DKK kr275.33
NZ$163.32
List Price:  NZ$228.66
You save:  NZ$65.33
د.إ367.26
List Price:  د.إ514.18
You save:  د.إ146.92
৳11,714.86
List Price:  ৳16,401.27
You save:  ৳4,686.41
₹8,305.04
List Price:  ₹11,627.39
You save:  ₹3,322.35
RM470.40
List Price:  RM658.58
You save:  RM188.18
₦146,115.27
List Price:  ₦204,567.22
You save:  ₦58,451.95
₨27,783.57
List Price:  ₨38,898.11
You save:  ₨11,114.54
฿3,658.80
List Price:  ฿5,122.47
You save:  ฿1,463.66
₺3,219.48
List Price:  ₺4,507.41
You save:  ₺1,287.92
B$516.66
List Price:  B$723.35
You save:  B$206.68
R1,841.76
List Price:  R2,578.54
You save:  R736.77
Лв180.52
List Price:  Лв252.74
You save:  Лв72.21
₩136,656.33
List Price:  ₩191,324.33
You save:  ₩54,668
₪366.73
List Price:  ₪513.44
You save:  ₪146.71
₱5,819.86
List Price:  ₱8,148.04
You save:  ₱2,328.18
¥15,692.92
List Price:  ¥21,970.72
You save:  ¥6,277.79
MX$1,669.81
List Price:  MX$2,337.80
You save:  MX$667.99
QR364.18
List Price:  QR509.87
You save:  QR145.68
P1,356.93
List Price:  P1,899.76
You save:  P542.82
KSh13,033.20
List Price:  KSh18,247
You save:  KSh5,213.80
E£4,712.01
List Price:  E£6,597.01
You save:  E£1,884.99
ብር5,738.47
List Price:  ብር8,034.09
You save:  ብር2,295.62
Kz84,827.41
List Price:  Kz118,761.77
You save:  Kz33,934.36
CLP$90,869.43
List Price:  CLP$127,220.83
You save:  CLP$36,351.40
CN¥710.97
List Price:  CN¥995.39
You save:  CN¥284.42
RD$5,881.38
List Price:  RD$8,234.17
You save:  RD$2,352.78
DA13,438.44
List Price:  DA18,814.36
You save:  DA5,375.91
FJ$226.74
List Price:  FJ$317.44
You save:  FJ$90.70
Q775.80
List Price:  Q1,086.15
You save:  Q310.35
GY$20,895.31
List Price:  GY$29,254.27
You save:  GY$8,358.96
ISK kr13,791.40
List Price:  ISK kr19,308.52
You save:  ISK kr5,517.11
DH996.21
List Price:  DH1,394.74
You save:  DH398.52
L1,771.78
List Price:  L2,480.57
You save:  L708.78
ден5,676.40
List Price:  ден7,947.19
You save:  ден2,270.78
MOP$803.71
List Price:  MOP$1,125.23
You save:  MOP$321.51
N$1,835.52
List Price:  N$2,569.81
You save:  N$734.28
C$3,675.86
List Price:  C$5,146.35
You save:  C$1,470.49
रु13,281.76
List Price:  रु18,594.99
You save:  रु5,313.23
S/373.37
List Price:  S/522.73
You save:  S/149.36
K388.13
List Price:  K543.39
You save:  K155.26
SAR375.02
List Price:  SAR525.04
You save:  SAR150.02
ZK2,665.60
List Price:  ZK3,731.94
You save:  ZK1,066.34
L458.57
List Price:  L642.02
You save:  L183.44
Kč2,271.01
List Price:  Kč3,179.50
You save:  Kč908.49
Ft35,372.15
List Price:  Ft49,522.43
You save:  Ft14,150.27
SEK kr1,086.34
List Price:  SEK kr1,520.92
You save:  SEK kr434.58
ARS$88,911.95
List Price:  ARS$124,480.29
You save:  ARS$35,568.34
Bs690.12
List Price:  Bs966.19
You save:  Bs276.07
COP$386,435.76
List Price:  COP$541,025.52
You save:  COP$154,589.76
₡51,204.17
List Price:  ₡71,687.89
You save:  ₡20,483.71
L2,468.08
List Price:  L3,455.41
You save:  L987.33
₲751,203.84
List Price:  ₲1,051,715.43
You save:  ₲300,511.59
$U3,849.38
List Price:  $U5,389.29
You save:  $U1,539.90
zł392.63
List Price:  zł549.70
You save:  zł157.07
Already have an account? Log In

Transcript

Greetings. In this short video presentation, we're going to take a look at how to go about using the social engineering toolkit or set. The social engineering toolkit set is specifically designed to perform advanced attacks against the human element, I have updated and upgraded my Kali installation. And I have confirmed that I have connectivity between my Kali machine and my Windows XP victim, I confirm the connectivity by doing a ping from my colleague over to my Windows XP machine. To begin this lab, we're going to open up a terminal and at the terminal prompt, we're going to type in set toolkit, and I'm going to go ahead and just hit Enter. And just a moment, it's going to start up and here is where we have to agree to the terms of service.

So I'm gonna type in ally, and that brings us up to our first menu screen. On our first menu screen, we're going to type in the number one for social engineering attacks. Type in number one, I hit Enter On the second screen, we're going to type in the number two. For web site attack vectors. We're going to hit enter. On this next screen, we're going to type in the number three.

For credential harvester attack method, we're going to hit enter. On this next screen, we're going to type in number two for site Cloner. Hit enter. Notice that it captures the IP address of your Kali because Kali is going to act as the web server and when the individual types in their credentials onto this cloned web page. That information is going to be sent back over here to Kali. To get to the next step, we have to hit hit enter.

Now at wants the URL to be clone. For this lab, we're going to create a fake web page for Facebook. We're going to clone the website. And then we need to trick the end user into visiting our cloned website and given us their login. Once I've typed in the URL, I'm going to go ahead and hit enter In just a moment, the website for Facebook will be closed. So it's important that we read everything that's on this page has given you a lot of good information and it's telling you that the information will be displayed to you as it arrives below when it arrives from the victim machine.

So as the victim types in their username and password into the fake Facebook, log on page, that information is going to be sent over to our Cali machine and harvested. So we're now ready to play the victim in this harvesting attack. So how we get the user to partake in this scam is up to us. Normally, we would build a carefully crafted email, and we would make it look as if it was a problem with their account and they need to log in. And here's the link that you can use to log into your Facebook account or your bank account. Or your LinkedIn account, whatever the account is, and when they do that they're going to get a page cannot be found.

But though, that information that they inputted into the username and password field that's being sent over to your county server is being gathered up over there. So let's just see what happens. So here's the Facebook page. So I'm just going to type in a username here, I'll just type in cyber offense. And then I'm just going to type in the word password. And then I'm just going to say login.

Now notice that it says the page cannot be displayed. But if we go back over to our Cali, we see that the username and the password were harvested over onto our Kali machine. So we know that we got this information, and here are the attempts that were made. And there's my username, and there's my password. So you can see that this is a viable attack and it is a way to gather usernames and passwords. Words.

It's just depends on how we go about doing it. But it must work because cyber criminals and criminal organizations around the world use it to gain access to people's mail and their banking accounts. So once you're ready to generate your report, take note of where the report is going to be stored. Because this is where we're going to have to go find a report. The report is saved as an HTML document, and we're going to open it up in Firefox, but I'm going to show you a different way to access it. So we're now ready to go ahead and hit Enter.

And that brings us back to the main menu. On this screen, we can just type in 99 and hit enter and we hit 99. One more time, and hit enter and we hit 99. One more time, and hit enter. We're back to the prompt. I'm going to type in clear.

It's going to give me a nice clean terminal. To demonstrate how we go about accessing our harvested report. At the prop. We're going to Type in the cd command to change directory on over to the Ford slash route forward slash dot set directory. Now once we're up inside of the dot set folder, we can go ahead and type in LS. And that's going to list all the content.

Notice that we have a nother directory called reports. So we're going to CD over to reports. Hit enter. Now I'm inside of the reports directory. I'll do another LS, and here you can see the reports themselves. So what we need to do now is open up the HTML report using Firefox.

So I'm gonna type in Firefox, I'm just going to copy and paste all of this here to include the single quotes. Give it a minute. And just a second, Firefox is going to open up and it's going to give us the end there's our report. So you can go down and through this report, you can see the information presented to you in such a way that you can use Is it as part of a Fishel report or some other use such as record keeping? That concludes your short video presentation on how we go about using the social engineering toolkit to harvest credentials. In this short video presentation, you are shown how to use the set tool to call any website in this case Facebook and to trick users into giving us their username and password and how easy it was for Cali using the set tool to harvest those same credentials.

If you have any questions or concerns about this lab, please do not hesitate to reach out and contact your instructor and I will see you in my next video.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.