Phishing Attack – Step by step Demo using Kali Linux Free Tool!

Phishing is a form of cyber attack which typically relies on email or other electronic communication methods such as text messages and phone calls.
Phishing attack demo using Kali Linux

Phishing attack using kali Linux is a form of a cyber attack that typically relies on email or other electronic communication methods such as text messages and phone calls. It is one of the most popular techniques of social engineering. Where hackers pose as a trustworthy organization or entity and trick users into revealing sensitive and confidential information.

We will create a Facebook phishing page using Social Engineering Toolkit which is a preinstalled functionality in Kali Linux OS. The phishing link can be sent to any user on the same Local Area Network as you and the data that they enter on the fraudulent page will be stored in a file on the attacker’s machine.

Social Engineering Toolkit or SET for short is the standard for social engineering testing among security professionals and even beginners must have a basic idea about using the tool. Basically, it implements a computer-based social engineering attack.

Steps of Phishing Attack:

  • Open the terminal window in Kali and make sure you have root access as ‘setoolkit’ needs you to have root access
  • Type ‘setoolkit’ in the command line

Phishing attack demo using Kali Linux

You will be warned that this tool is to be used only with company authorization or for educational purposes only and that the terms of service will be violated if you use it for malicious purposes.

  • Type y to agree to the conditions and use the tool

Phishing attack demo using Kali Linux

  • A menu shows up next. Enter 1 as the choice as in this demo we attempt to demonstrate a social engineering attack.

Phishing attack demo using Kali Linux

Under Social Engineering, there are various computer-based attacks and SET explains each in one line before asking for a choice.

  • Enter 3 which will select the ‘Credential Harvester Attack Method’ as the aim is to obtain user credentials by creating a bogus page that will have certain form fields.

Phishing attack demo using Kali Linux

Now, the attacker has a choice to either craft a malicious web page on their own or to just clone an existing trustworthy site.

  • Enter 2 in order to select ‘Site Cloner’

This might take a moment as SET creates the cloned page.

Phishing attack demo using Kali Linux

  • Now you need to see the IP address of the attacker machine. Open a new terminal window and write ifconfig
  • Copy the IP address stated in ‘inet’ field

Phishing attack demo using Kali Linux

  • SET will ask you to provide an IP where the credentials captured will be stored. Paste the address that you copied in the earlier step.
  • Since we chose to clone a website instead of a personalized one, the URL to be cloned is to be provided. In this example, it is www.facebook.com
  • Social Engineering Toolkit needs Apache Server running as captured data is written to the root directory of Apache. Enter y when prompted about starting the Apache process.

Phishing attack demo using Kali Linux

The setup for a phishing attack is complete, you have cloned Facebook and hosted it on the server.

SET informs us of the directory at which the captured data will be stored.

Phishing attack demo using Kali Linux

The IP address is usually hidden carefully by using URL shortener services to change the URL so that it is better hidden and then sent in urgent-sounding emails or text messages.

  • Go to browser and type http://yourIP (eg: http://192.168.0.108) Note: I am writing this article from Maharashtra, India hence Facebook is in the native language Marathi.

Phishing attack demo using Kali Linux

If an unsuspecting user fills in their details and clicks on ‘Log In’, the fake page takes them to the actual Facebook login page. Usually, people tend to pass it off as a glitch in FB or an error in their typing.

Phishing attack demo using Kali Linux

  • Finally, reap the benefits. Go to /var/www/html and you can see the harvester file created there.

Phishing attack demo using Kali Linux
Phishing attack demo using Kali Linux

Hope this guide gave you a basic idea of how phishing attacks work.

Phishing is constantly evolving to entrap innocent computer users. Recommended safety tips will be to always check the URL of a website in the browser and use two-factor authentication as it provides an extra security layer to your account.

https://www.youtube.com/watch?v=3pzPakMWoBY
See the video tutorial here
Share the Post...
WhatsApp

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence

 

This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here
Open chat
1
Hello 👋
How can we help you?