Phishing

Kali Linux & ngrok

• Kali Linux is a specific operating systems that associated with
a specific task – security toolbox
• Kali Linux includes more than 600 types of security analytics and
penetration testing tools.
• ngrok is a cross-platform application that enables developers to
expose a local development server to the Internet with minimal
effort.
• The software makes your locally-hosted web server appear to be
hosted on a subdomain of ngrok.com, meaning that no public IP or
domain name on the local machine is needed.
• Phishing attack using kali Linux is a form of a cyberattack that typically
relies on email or other electronic communication methods such as
text messages and phone calls.
• It is one of the most popular techniques of social engineering. Here
hackers pose as a trustworthy organization or entity and trick users
into revealing sensitive and confidential information.
• Create a Facebook phishing page using Social Engineering Toolkit
which is a preinstalled functionality in Kali Linux OS.
• The phishing link can be sent to any user on any network and the
data that they enter on the fraudulent page will be stored in a file on
the attacker’s machine.
Steps for Phishing Attack:
• extract (extract here) the ngrok downloaded file.
• Get back to your browser on the ngrok page from where you downloaded the zip file. You will see a
command under the connect your account select and copy that command.
• Open up your terminal and get to the folder where you extracted the zip file ( cd Downloads/) and the
type ls and enter to see the file. Paste the command you copied from the browser then press enter.
• Open your terminal again and paste the copied command to start the server on
your machine. You will get the link that would help you in gathering credentials
form any network.
• open a new terminal and type the command setoolkit to start your Social
Engineering Toolkit. it might ask you for the y or n and will tell you it’s for
education purpose only press y and remember it is just for education purpose.
• You will get a message select from the menu and the easiest procedure is just to see
the menu press 1, enter, then the next menu will appear press 2 enter and the next
menu appears, press 3 enter. Now comes the main menu after this step as shown
here. In this menu you can see you have 3 options to select from web templates – are
the websites that are already cloned, site cloner – it lets you clone any website,
custom import – it lets you import an already cloned website or a page. We will
choose 2nd option site cloner , type 2.
• To start a webattack, it will ask you for a post back address where it will send
credentials after harvesting. Go back to the terminal where you started the ngrok
server and copy any of the forwarding addresses.
• Now it will ask you for the site URL which you want to clone and use for
phishing. We are going to copy the FB login page URL from the browser. Paste it
and press enter and SEToolkit do its work.
• Now copy the ngrok address that we used as post back address and share that
to your victim. Paste this address on your google browser/ chrome to show how
process goes on when you share this address to someone.
• kali recognize that someone just connected to the address. Now I’ll put some random
credentials and check it. Put a test mail_id and password and press login
• As soon as you or the victim press login his or her credentials will be sent our server and
the victim will be redirected to error or real fb login page.
• Now go back to your kali machine and open the SEtoolkit terminal. Scroll up
and you will see that it actually have the credentials that a victim entered.