• Join CraxPro and earn real money through our Credit Rewards System. Participate and redeem credits for Bitcoin/USDT. Start earning today!
    Read the detailed thread here

Phishing website (easier way)

Currently reading:
 Phishing website (easier way)

davinciscode29

Member
LV
0
Joined
Jun 25, 2024
Threads
8
Likes
2
Credits
261©
Cash
0$
Hello all,

I read this thread yesterday: http://hackflag.org/t/phishing-site/4421
And thought this was a bit too much work for a phishing page. Hence here is a method that is a bit simpler (provided you have a Linux distro).

For this tutorial you will need a Linux Distro with the Social Engineering Toolkit installed (Kali Linux has this installed by default, which is what I am using in this tutorial).
This method will work for any website, but for it to work the website will need a login page (otherwise it won't be of much use).

Step 1. Open Social Engineering Toolkit

Open your Terminal by clicking the Terminal icon (if you have not customized it) at the top left of your desktop. This one looks something like this:
sHa6m2P.png


Now type setoolkit or se-toolkit (depending on your Distro version) for the latest version of Kali Linux type setoolkit. This screen should appear (may vary):
MbaQTyy


Step 2. Making choices

As you just saw in the screenshot, you can now choose from a number of choices. What we need for this tutorial is number 1, the Social-Engeneering Attacks. So type “1” and press Enter. Now a list of options from which you can choose should appear again. We need the 2nd of these and that is the “Website Attack Vectors” option, so type “2” and press Enter. Now another list of options will appear and we need the 3rd one, which is the “Credential Harvester Attack Method” with which we demonstrate that we want to obtain login information. So type “3” and press the Enter key again. Now the last screen appears and we need number 2, the “Site Cloner”. This allows us to clone/duplicate websites.

Please note: More options may have been added by the time you read this, so the numbers may change. So pay close attention to which options you should use.

In short: 1, 2, 3, 2

Step 3. Configure the phishing page

Now we are going to configure all the settings. First you will be asked to enter your IP address.

SWfeyD3


In Kali Linux you can get that by opening a new tab or a new Terminal and typing “ifconfig” and then grabbing your “inet address”. (Go down if you want it to work on a WAN).

29gOLOc


Now enter your IP and press Enter.

You should now be asked to enter a URL. Here you enter the website you want to clone, I will use Facebook for this tutorial. But this works with all websites. So I enter Facebook.com .

KpTADXq


If all goes well, after you press Enter, you will see cloning “ website.com/login.php 1” or something similar and then you will be asked if you want to continue because “Apache” may not be enabled, then type “y” and press Enter.

And if everything went well, you will now see something like this:

BB74j0R


Step 4. Testing

If all goes well, you still have your IP under your CTRL+C, if not, just do that and paste it into your browser and go there. Now you will see that you are on the page you cloned. Just enter a username and password here to test it and press login.

5PZy6IT


Now go to the location where the created files were created. By default this is Computer>filesystem>var>www here you will see a harvester file, a post.php and an index.html.

FC64Q5x


The harvester file contains all logs, so open it and you should see something like this:

3ZAMzqS


And as you can see, the username and password I entered on the page with all kinds of information.

The post.php file ensures that the information is placed in the harvester file and the index.html is the page that you have cloned.

How do I do this on a WAN?

This is basically the same on a WAN. However, you do have to port forward and use your WAN IP (external IP address), which you can find on watismijnip.nl. Furthermore, the steps are fairly self-explanatory.

Quick version

Open Terminal
Start settoolkit
Options: 1, 2, 3, 2
IPv4 or WAN IP
URL you want to clone
type “y” and press Enter
Browse to the IP address you entered
The logs are in Computer>filesystem>var>www >harvesterblablabla.txt

I hope you learned something from this. I don't want to help you learn illegal things but now you know a bit about how the setoolkit works. I would say, get some other options, there are enough!

19887 phishing mail 3 1
 
  • Like
Reactions: fognayerku

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Tips

Similar threads

Top Bottom