Saturday, 29 June 2013

SET on BT5r3 - Stealing Facebook Credentials

In this tutorial, we will show you how to steal Facebook credentials using the Social Engineering Toolkit on BackTrack Linux.


Fire up the Social Engineering Toolkit from BackTrack.  Select 1 for the SET Attack.

 For this tutorial, we will use the Website Attack Vectors as our mechanism

Since we are going to steal the credential, we proceed to select 3

We will choose 2 to clone the site we are going to dupe.
Enter the IP address of where the clone site be hosted.
Enter the link of the website. In this case, we will clone the facebook login page.

 Once the site is cloned, provide the link/IP for the victim to enter. The victim will get the Facebook login page website.

And when the victim type in the username and password, the credentials will be sent to the attacker's console.


15 comments:

  1. for some reason everytime i follow the instructions to the letter my screen stays at the [*]information will be displayed to you as it arrives below.
    part for HOURS with no change. ive done this three times. all with the same results. ideas?

    ReplyDelete
  2. hi Nick, at that stage, you need to provide the link that was generated to a potential victim. Only when the victim launched the URL and enter the credentials, then from your machine, you will see his/her credentials come to you.

    ReplyDelete
  3. I understood that part just fine, the problem however is no link is generated. it just sits there for hours. the longest i let it sit was just over 3 hours...

    ReplyDelete
  4. the fourth screen down from the top is what my screen looks like. those three blue sentences for hours. i assume it doesnt take three hours to clone a site? But I'm rather new so of that im not 100%

    ReplyDelete
  5. By the way I'm quite impressed with this blog. You really know what you're doing and that's very refreshing to someone trying to learn as much as possible and practice. So thank you in advance!

    ReplyDelete
  6. Hi Nick, i think i know what's the issue here. Actually, you dont have to wait for the site to be cloned, there is no indication for you for that as the site is already created and resides in your attacking machine itself. What you need to do is once you got the 4th screen, you can just type the link on another machine in this case its: http://192.168.71.128

    The moment you enter the link on another machine within the same network, you will see the Facebook cloned site. :)

    ReplyDelete
  7. Thanks for getting back to me, unfortunately this did not work :-( very frustrating and embarrassing to be honest. I'm honestly not sure what I'm doing wrong. I tested the IP as well as the link I inputed for cloning via cell phone with no reaction on my computer. By the way the cell phone was connected to the same wireless network as my computer is. Are you able to give any additional tips/pointers?

    ReplyDelete
  8. Is it possible that I have not configured my wireless in BT5r3 properly? I'm able to surf in the OS though....I'm at a loss. By the way would it be easier to communicate via email?

    ReplyDelete
  9. Try to use two computers instead of cell phone. How did you set up your BackTrack? Via Virtual machine? Make sure your BackTrack is able to ping the 'victim' machine and vice versa. What website did you clone and did you input the IP correctly in image 4? The IP must be your BackTrack IP.

    ReplyDelete
  10. Interesting, I'm running OSX10.7, and running bt5r3 using a hack copy of parallels 7. I have a macbook pro at my disposal. I thought the IP that needed to be inputted was the host sites IP not my personal one...I just ran a test to see if I could do it so I followed your instructions to the letter using facebook.

    ReplyDelete
  11. I've figured it out! ;-0 thank you so very very much!. Hopefully I can stay in touch and learn even more. You were right and it makes sense now that I think about it. Of course I need my own IP!

    ReplyDelete
  12. now all I need to do is figure out what the report means. because mine looks NOTHING like yours. there is no username and password breakdown at all. but it DOES record a hit now and sends me the report. It's just all gibberish to me, lots of letters and numbers.

    ReplyDelete
  13. Glad that it finally worked out. :) dont bother about the report, you should concentrate on the credentials sent as highlighted in the yellow box. If u do it right, you will see the credentials sent to you.

    ReplyDelete
  14. I figured it out, however I'm curious....how am I able to get this to work on any device connected to my wifi? And is there a way to send the "link" to someone outside your WIFI network and still have it work? All attempts thus far on my part have failed. I'm currently only able to get it to work if i set the link up in OSX chrome and CMD+TAB into BT5r3 to gather results. Is this how its supposed to work? Or Is there more for me to work on?

    ReplyDelete
  15. hi Nick, yes it is possible to do that by sending the link to someone from an external network, however it is not quite straight forward. You will need to

    1) Know your external IP address
    2) Configure NAT on your Virtual machine

    Maybe one day i will write about how to do it...in the meantime, explore :)

    ReplyDelete