SET is great when you have a short space of time at hand, however sometimes you want to know whats actually going on under the hood or have found a site you can’t clone with SET.
Step 1: Select Your Target!
Input Elements (Like the login.live.com Page). But Most Major Sites Use the Traditional
Input Element Method.
###Step 2: Use Wget to Download the Login Page
Now You Have Your Site in Mind, You Will Need to Download the Login Page. This Can Be Done with Wget.
wget -U “Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0” https://www.facebook.com/ -O facebook.html
Wget is the command used to download files.
-U means custom useragent, if we leave this out many sites will redirect us to other custom sites as Wget isn’t a browser!
-O means we save the file with a custom name.
Step 3: Modify the Exisiting Page Source.
This is where you will get your hands dirty, can be a little confusing at times, however is probably one of the most important steps. You will need to locate the form located on the page. My main editor is vim/atom, but I will be using atom for this tutorial. Open the facebook.html or file you downloaded with your editor and locate the form tag with a search.
With a simple search I was able to locate the form, you will need to modify this to post to a custom PHP script. Our PHP script is called post.php, and is located in the same directory as our login html. So change the tag to say. and delete the rest of the items in the between the first and second square angled brackets <>.
###Step 4: Write/Download a Credential Harvester.
So now, when you go to the page, click login, it will attempt to post the details entered to your post.php script… Which doesn’t exist yet. You need to either write one or download one. I stole the one from SET and it works great. I have modifed it a little too. You can get this script from this fancy looking link or steal it from SET somewhere.
Step 5: Do Some Server Magic!
Hopefully, you have a server with PHP and the like installed. Kali itself comes with Apache pre-installed and the directory is at /var/www/.
If you’re like me, you use a hosted VPS. If you want one, you can upload a Kali ISO to it to make social engineering engagements more convincing and easier. I personally use a VPS hosting provider called Vultr, and you can get $5 free credit if you use this link, which is easily enough for a quick engagement. You can also register a free-domain at freenom.com. This is great if you don’t exactly want to spend a lot of money but just want to try it all out.
Anyway… Once you’ve uploaded the files to a server, you may find you can enter your details to the page, and be re-directed, but no harvest files are created. To fix this, use chown to change the permissions of the folder.
chown -R www-data:www-data /var/www
This fixes most problems for me!
Step 6: Social Engineer!
Now you will need to “get creative!”. Send the target an email or a message with something compelling on the other side that requires them to login. My common pretext is telling somebody about an extremely funny video that is 18+ rated, and they will need to re-login in order to watch it, I then edited the post.php to redirect to a funny video. By the time they’ve finished laughing, you are already in their account.
Hopefully this is of help to you people! I learnt how do this by playing with it, and looking at what SET did, and it helped me to understand it all better