Tuesday, May 27, 2014

Credential Harvestor : Port Forwarding : Phishing Facebook

In the previous tutorial, we created a fake login page for facebook using Credential harevester. This however, would work only over Local Area network. Today we will enable port forwarding on our router and use our external IP address to create a phishing page that will work over the internet. The picture gives a good idea what port forwarding does. In the previous case, out page was only visible to computers on the right side of the firewall, i.e. those within the local network. The firewall handles traffic which comes through public address and decides whether to forward it to the internal network or block it. The port forwarding feature of the router tells it to allow traffic through a certain port.

Pre-requisites

  1. Must know how to use SET and Credential Harvester over local area network. If not read the tutorial on Credential Harvester (same as the link above).
  2. Kali Linux or backtrack 5 (other Linux distributions will work if you can install SET and all the dependencies)
  3. Patience - Finding your router password might be hard sometimes.
  4. Some basic knowledge (read a few old posts on this blog which I had written assuming that newbies were the ones reading. By now, after following dozens of my post, the readership has grown smart and doesn't need to be spoon fed.

Find you public IP

Go to google and search what is my IP. Under normal circumstances you wouldn't even have to click on any of the results, as google will find your IP for you. If not, then one of the top results sure will.
I removed the address. But it will show up in your case.


Finding your router IP and logging in

Most of the times the IP is 192.168.1.1 or a slight variation, but do an ifconfig to find out. Now enter the IP on your browser, and you'll see a login prompt. Here is something that usually works-
  • Username : admin
  • Password : password, admin or in some cases, leave the password field blank
If none of the above combos work, try this http://www.routerpasswords.com/ or http://lmgtfy.com/?q=default+router+password

This is the step where I can't help much. You need to see what your router is and then find out the login details. Most of the times it is left to default. You can also do a wordlist attack with common router login credentials (help yourself, I am not going to write a thesis on this, because many people have already done that, and you need to learn some google-fu). Now after getting access to your router, come back to Se-toolkit

Social Engineering Toolkit : Credential harvestor

Here is the set of commands that you will need. If you need the details check the previous post.
se-toolkit
1 (enter)
2 (enter)
3 (enter)
2 (enter)
Enter your public IP (first step remember)
Enter the site you want to clone (The method works equally well with Facebook, Gmail, Twitter or whatever. None of the steps will be different at all for any website).
Now just let the terminal be and come back to your router.

The routers are all different : Port Forwarding


Now here is another tough part of this tutorial. While the thing that needs to be done is same for all routers, the procedure is not. You see, the user-router interaction interface is different for all routers. The thing you have to know is-
This is what my router looks like
  • Terms to look for - NAT, port forwarding, virtual servers (the router can refer to port forwarding by using any of these terms). If you find something like this, click on it. Also, many a times the routers interface is quite complicated and advanced, with seperate fields for WAN, LAN, access control, etc. You'll have to take a look around and see where you can find anything related to port forwarding. When you do, you can move to the step below.
  • Stuff to enter-
  1. Application name - Most routers ask you to give a name to the port forwarding setup. Many also have a drop down menu containing most common reasons why people perform port forwarding (the drop down menu mostly has multiplayer games and stuff, don't expect SET there). This field is insignificant, enter whatever you want to. Maybe SET.
  2. Port / First Port / Last Port - Some routers just ask you which port to forward, some ask you to enter a range. Nevertheless, you will enter either 80 as the only port, or 80 to 80 as the range. Any field which asks for anything related to port, and 80 is what you'll enter.
  3. Protocol (or some other name) - It will have options TCP, UDP, both (both may be replaced by all or TCP and UDP or something). Choose both or whatever corresponds to both in your router.
  4. IP address (sometimes not) - Here you enter your local IP. 192.168.1.xxx or something. Not your public IP.
Save and you are good to go. If you have any field that you're not sure about, mention it in the comments. It will help you as well as other users who have the same difficulty. And here's how I set it up, look at the screenshot and look for relevant fields in your router.


Go ahead

Now open any browser and enter you IP. You will see your fake Facebook login page there. Also, try and enter something in the fields. It will show up on the Se-toolkit terminal. The screenshot on the right shows what it looks like on my browser (Somehow se-toolkit decided to clone the Hindi version of the website. I don't have any memory of ever using Facebook in Hindi though).
After I entered data in the fields and pressing the login button, the following showed up on my se-toolkit window.

Make it look real-

Now there are very few who will enter their login details to a website whose name is not even a name, but a set of numbers seperated by dots. You can use bit.ly or goo.gl to for that. However, they don't mask the url, and as soon as the user reaches the destination, he will see the original URL. I would have recommended dot tk, but they don't support IP addresses. In this case, you can use no-ip, which will solve a lot of problems-
  1. You'll get a static IP
  2. You'll get a comparitively less suspicious domain name
  3. You will be safer. This is because sharing your public IP address on the internet isn't a good idea. And with a port open, people (by people I mean professional hacker who know what they are doing) might break into your system. (If you noticed I never mentioned my public IP anywhere in the post, nor posted any screenshot with it. All the visitors to my site are hackers, and some are better than me, so I'm not inviting trouble here).
Alternatively, you can take a look here at http://www.pc-help.org/obscure.htm. This page deals with the art of modifying your URL to fool others. In our case, we will use it to make our IP address look like a  legitimate  website. The only problem is some of the stuff is not browser independent and would work only on a few browsers (each browser deals with a URL differently).

88 comments:

  1. How can I configure a Dlink DIR-600?? I've tried everything but I must be doing something wrong...

    ReplyDelete
    Replies
    1. type in your default gateway..maybe that might help

      Delete
    2. D-LINK600M default login ID- admin and password field should be kept blank.n hit login..then port forwarding option is present by the name of"Virtual server",in advance internet settings menu

      Delete
  2. When i put my public ip on the browser, it directs me to my router page... :c

    ReplyDelete
    Replies
    1. Yeah my public IP starts with 17x.yadda yadda.yadda (found it on google) and the setoolkit is running onthe port 80...

      Maybe the error is when i did the port fowarding... it ask for an IP... but when i put my public IP it gives me an error window sayng that it is an invalid IP address... so i put my local IP (the one who starts with 192.198.x.xxx)...

      I already did this phishing on my WLan, and i had success...

      Delete
    2. I tryed to do it, to put the ":80" on the browser and SET both... but again it directs me to my router page...
      I have an native Kali Linux, so firewall isn't my problem...

      Also, i have VIRTUAL SERVER and PORT FORWARDING on my router, whitch one i should use? Both? And Also, they two have a place to put a Public Port and Private Port, I putted 80 on each one (and respective "ranges")

      This is how the port fowarding menu looks: http://imgur.com/EF3dRHM

      This is how the virtual server menu looks : http://imgur.com/EEuLA2k

      Delete
  3. how to get english version facebook website?

    ReplyDelete
    Replies
    1. I think the website will be in English only in most cases. The Hindi version was an accidental error, and this was the first and last time I saw it. In general it creates the English version website only.

      Delete
  4. Hey, nice tutorial. One thing didn't work for me though. I got this working for my computers ip so I can do this on my LAN, but when i tried to do this with my public ip it didn't work. I set up port forwording. I have a D-Link system.

    ReplyDelete
  5. Sometimes in a gateway based setup, the gateway and it's router both take up IPs in different subnets. For example, 192.168.0.1 for gateway and 192.168.1.1 for router. This can cause troubles. Unfortunately, I haven't ever used a gateway per se, and all my knowledge in this reference is theoretical. Basically, try toggling the x (192.168.x.yyy) between 1 and 0 in your port forwarding configuration as well as the IP you enter in address bar.

    ReplyDelete
  6. I love your tutorials, thank you so much <3

    But there is a problem, the "@" thing doesn't work anymore, when you try to enter somewhere using it (ex: pastebin.com@www.google.com ) your browser alerts "this may be a attempt to trick you."



    Ps: Excuse me for my terrible English. :(

    ReplyDelete
    Replies
    1. English is not a problem. And yeah, this trick is quite outdated.

      Delete
  7. In SET use your private IP and tell the results.

    ReplyDelete
  8. It wont work for smartphones and tablets.. it works only for computers.. why?!!

    ReplyDelete
    Replies
    1. What does not work for smartphones and tablets? SET? Kali? This attack?

      Delete
  9. i still get redirected to my router login page :'( HELP!!!

    ReplyDelete
    Replies
    1. At what point do you get redirected. Please elaborate.

      Delete
  10. plz help when i type my external ip it shows my router page instead of facebook i already port fowarded my port 80 is opeen why??? also it says this in set ubuntu apache could not reliably determine the server name using 127.0.0.1

    ReplyDelete
  11. I can't figure out my problem. I am using Live kali 64arm from usb. I am searching and trying everything to get rid of this but every time i put my external IP in URL bar, it redirects me to router homepage page. I set port forwarding correctly and disabled remote access too, I don't know what i am doing wrong. But when I type my local IP in URL bar, the cloned facebook login page opens up.

    Please can someone figure out why this is working reversely? What my problem is?

    ReplyDelete
  12. it shows me a blank page i did every thing right

    ReplyDelete
  13. it wants three adress
    source ip adress
    source ip mask
    destination ip adress ???
    when i enter 192.168.1.xx for ips and my mask 25x.xx.xx.0 it redirects to 192.168.1.1

    ReplyDelete
  14. okay, how can I setup an external ip if i'm using a VPN service and using Kali Linux in a VMware.
    Host OS is Windows 8.

    ReplyDelete
  15. I am really enjoying learning all of this. Lifting the veil so to speak. You are a great teacher. Problem is you are teaching people like me! I'm having the same problem as most people that have left a comment here. when i enter my public ip i end up at my router login page. I would greatly appreciate any advice you can give. Below are the tabs available under my routers NAT settings.

    Virtual Servers
    Port Triggering
    DMZ Host

    I found that Virtual Servers seems to match your tutorial perfectly and i entered everything as you said. 80 for all ports, both for the protocol, and my local ip. Any advice on what i may have done wrong?

    ReplyDelete
  16. dude! plz make a video and inform me i read ur article! but a little bit afraid to try it! and plz help us by making a video! inform me@ souravahmedsubho@gmail.com

    ReplyDelete
  17. WTF, stop try "hacking" if you have no idea what port forwarding is! If you're not able to configure your router or even remember the password of it, just leave your fingers of it. Try instead to understand and secure your own LAN to keep away the real hackers...

    ReplyDelete
    Replies
    1. Obviously they know what it is and have followed the tutorial but it's not working for some reason. Understand that not everyone is at an advanced level and many are beginners, they have to start somewhere.

      Delete
  18. public ip redirect me to my default router page :( :(

    ReplyDelete
  19. Hi, i've a HG531 V1 Alb telecom router, i'm trying to make the port forwarding but in the router settings, on internet, there aren't advanced settings where i can do it.Why i can't find the advanced setting but i only have the basic one ?
    Sorry for my english, thanks.

    ReplyDelete
  20. I have Broadcom Prima Modem.. How to configure that

    ReplyDelete
  21. Hey, my router is Mblaze Ultra wifi, Port forwarding Option is present there, but it consists of 'config name', 'local port', 'wan port' and 'MAC'.... what to enter??

    ReplyDelete
  22. Hi there !
    i can send send the cloned website but once authenticated it doesnt redirect to the original site and it shows a white page.

    what am i doing wrong?
    please answer port foreward is enabled

    ReplyDelete
  23. Very slightly different issue here, running on Kali 2 bleeding edge persistent liveboot. I have the port forwarding set and firewall options on my router are disabled, and I can get everything working fine using my local IP on my LAN (cloned FB appears, albeit in Japanese, and I can find what I entered later in /var/www) but when I repeat the process with my public IP, everything seems to go fine until I try putting the IP into my browser--I instantly get a "connection reset" page every time. I can bring up the cloned page by opening file:///var/www/html/index.html (I know it's the cloned one since it's in Japanese), but if I attempt to login with anything then I once again get the instant connection reset page and nothing is recorded to the harvester text file. Any ideas?

    ReplyDelete
  24. when i send the link to the victim .on the browser, it shows my ip address .how can i hide it .

    please tell me

    ReplyDelete
  25. when i send the link to the victim .on the browser, it shows my ip address .how can i hide it .

    please tell me

    ReplyDelete
  26. when i send the link to the victim .on the browser, it shows my ip address .how can i hide it .

    please tell me

    ReplyDelete
  27. my apache is set to on so my setoolit method is not working

    ReplyDelete
  28. when i send the link to the victim .on the browser, it shows my ip address .how can i hide it .

    please tell me

    ReplyDelete
  29. can you tell me how to forward port on mobile network as i am using mobile network as hotspot no lan connection

    ReplyDelete
  30. Can we remove the ip address attached to the cloned site....

    ReplyDelete
  31. m not finding any options like LAN WAN or access control or port forwaeding on my router....whyyy???

    ReplyDelete
  32. Hello, it's hard for me to do this since my router is from Xfinity. Do you have any tutorial on how to do this? Thank you!

    ReplyDelete
    Replies
    1. To Do what exactly . pls be more specific if u want others to help u

      Delete
  33. i can access my fake website but when i click on login it syas http://192.x.x.x is temporary down or moved what should i do

    ReplyDelete
  34. google bobc jamez and dowload my mixtapes and videos for free, to contact me s3nd me an email at 0208imlc@gmail.com i have big plans.lol. evil laugh then gigles

    ReplyDelete
  35. What is wan port and lan port .?
    what to enter in these ?

    ReplyDelete
  36. I am really enjoying learning all of this. Lifting the veil so to speak. You are a great teacher. Problem is you are teaching people like me! I'm having the same problem as most people that have left a comment here. when i enter my public ip i end up at my router login page. I would greatly appreciate any advice you can give.

    ReplyDelete
  37. After I did as you metioned above and when I enter the my public ip in the browser nothing gets loaded. I even disabled my firewalls still nothing happened.

    ReplyDelete
  38. i did all that you specified did all the port fowarding stuff.. then i shortened my public ip to url using bitly ...and when i try to paste it in url n go the error comes like.....page cant load...check your connection help

    ReplyDelete
  39. Hello Sir,
    Thanks for this tutorial.I have a question.If kali linux is in virtual box.Internet connection is made with the help of mobile using tethering.Then what is the procedure of port forwarding to use public IP.Please help me....Thanks in advance....

    ReplyDelete
    Replies
    1. Me too have the same prblm pls give the soln

      Delete
  40. Hi that was an awesome tut. i have a question my internet connection is blocking some websites it is even blocking the websites which are used to clone the website using the SETOOLKIT, could u plz help me out with this
    Thank u in advance

    ReplyDelete
  41. " All the visitors to my site are hackers, and some are better than me, so I'm not inviting trouble here "

    These Lines Are Crazy... :D :D

    Thanks For The Entire Site Man...
    I am Beginner in Penetration into Cyber Security.. ;)
    Even though My Only Successfull Attack is Router Hacking.. This Helps A Lot.. Getting Deeper,...

    ReplyDelete
  42. Mate,

    I do Want To Ask You A Question...

    I have Instaaled Kali Linux The Lastest..

    The problem is I can't Accesss every website with Kali... In Either of The Web Browsers Google Chrome And Firefox.. :(

    Sites Like Kali.org etc Are Not Opening.. It Just Loads..
    But Some Other Sites like Google.com, m.facebook.com are opening quite naturally..

    Please Give Any Suggestion to solve this.. I am Frustrated the same PC With Same Connection in Windows Opens Everything.. But Not Kali.. :(

    ReplyDelete
  43. Does this still work? and will it work against users accessing facebook from iPhones

    ReplyDelete
  44. how to port forward if i am using Internet connection through mobile tethering ?

    ReplyDelete
  45. My port is open but when I put my ip it says invalid request.

    ReplyDelete
  46. In router page, under Protocol, I just have TCP or UDP. I don't have all/both option. what should i do

    ReplyDelete
  47. You're getting a hindi version of clone webpage, is it because your IP is from india? how can we get rid of hindi version of FB clone page?

    ReplyDelete
  48. For all those who has a problem of getting their router login page, I had same problem and solution is to test the link on some other network(not own ip) and it will show fake page as you created on harvester. It is normal to show you router loginpage on your network. And regarding apache problems, just enter into root terminal /etc/setoolkit/set.conig and open a text file and scroll down and replace "APPACHE ON" to "APPACHE OFF" and click SAVE. Now you will start recieving credentials directly to harvester and be able to see them directly in terminal and not in a file.

    ReplyDelete
  49. I can get this to work on my local LAN, but when I use my phone's 3G mobile data to simulate a device that is not on the same LAN, it doesn't work. I'm using Kali Linux in VMWare, if this info is of any help.

    ReplyDelete
  50. when i open my ip after following all steps it do not open facebook rather it opens a MikroTik Router OS login page. and i cant access it.

    ReplyDelete
  51. I tried port forwarding. It seems that my ISP has blocked port 80. When I switch to 3G on my mobile and try to access the cloned site with public IP, it says destination unreachable.

    ReplyDelete
  52. Hello,my router configuration has some other options too,it has WAN Host Start IP Address and WAN Host End IP Address, WAN Start Port and Wan End Port,LAN Host IP Address and LAN Start Port and LAN End Port,what do i put in each one?my IPv4 in the sections it requires the IP Address and 80 in every section that requires a port? Thanks in advance!

    ReplyDelete
  53. so i think i did everything right but the port forwording http://imgur.com/a/WRzGr
    what do i do on the second line?????

    ReplyDelete
  54. While port forwarding, this dialogue pops up
    192.168.1.1 says
    The Access Control Service port 80 is in the external port range, please reset the external port range or the Access Control Service port

    My router is D-link 2730U

    ReplyDelete
  55. I am getting the website am getting the message that my public ip did not send any data. Also does the harvester file not required any more?

    ReplyDelete
    Replies
    1. All this is after enter user name and password.

      Delete
  56. While accessing to the fake fb page through my public IP I get this :
    The connection was reset

    The connection to the server was reset while the page was loading.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer's network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

    What is the problem ?

    ReplyDelete
  57. What if I am using TorGuard VPN? I have done it with my IP (not using TorGuard VPN) and it works perfectly, but when I try it with TorGuard VPN running (changes public IP) does not work. Thanks

    ReplyDelete
  58. Nice tutorial! But I've got a problem... It works on my LAN but not on the internet... I followed the instructions and tried some solutions but no one worked. When i enter my public ip while I'm connected on another wifi, i got an error and the browser can't open the page. Can a great soul give me his help? (I'm not sure for the english ^^)

    ReplyDelete
  59. When I use credential Harvester > site Cloner in my LAN environment it works fine that means, it returns 1) POSSIBLE USERNAME FIELD FOUND, 2) POSSIBLE PASSWORD FIELD FOUND, 3)Redirects to actual site. BUT when I use the same method on WAN it returns some arbitrary data and comes to the last line "WHEN YOU HAVE FINISHED......." I am using kali-rolling 2017.2, SET version 7.7.2

    I am using VPN service and enabled remote port forwarding from port 9366 to local port 80. My test victim is connecting using my external IP (the ip i get from whatismyip.com after connecting with VPN) as x13.x82.1x1.24x:9366.
    I also tried by changing the WEB_PORT=9366 in /etc/setoolkit/set.config ; but in both cases I get the facebook login page but no credentials returns. In SEToolkit it returns some arbitrary data and the last line "WHEN YOU HAVE FINISHED.......".

    If I dont use VPN (open local and external port 80 from my router) it works fine like as LAN. But I need to use VPN to test.

    ReplyDelete
  60. A personal experience: For the past year, I have been battling with my low credit score until i met this hacker guru through a friend of mine. He helped increase my credit score to 780 in record time which made me elated and full of life again. Though I doubted him at first because of my previous experiences where I was ripped off by imposers online but he eventually came through for me without charging outrageous fees. He increased my score and also fixed the negatives on my report which now got me loans and a mortgage to get a new house. He is reliable, discreet and trust worthy. Contact him via email on specialhacker4u(at)(gmmaiil(dot) com

    ReplyDelete
    Replies
    1. thank for helping me hack my facebook successfully specialhacker

      Delete
  61. Router is playing a role of forwarding data between your computer and internet here. Sometimes, a software will do the same thing too.Таможенное оформление в литве

    ReplyDelete
  62. I was able to get the clone to come up once. However, when the facebook clone page appeared, I typed in my info and it timed out. Could this be a routing issue? Whenever I go into wireshark, under the TCP tab its saying that the "transmission is suspect". Could this be my router firewall blocking ACKs?

    ReplyDelete
  63. Wow, cool post. I’d like to write like this too – taking time and real hard work to make a great article… but I put things off too much and never seem to get started. Thanks though.
    Mason Soiza

    ReplyDelete
  64. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. Amazon removals,

    ReplyDelete
  65. Very informative post! There is a lot of information here that can help any business get started with a successful social networking campaign. smm panel

    ReplyDelete
  66. is there any way to hack social media acoounts(Facebook, Twitter, Instagram etc.) by using kali linux?

    ReplyDelete
  67. I have visited your website few months ago and now reading your articles frequently
    smart watches

    ReplyDelete
  68. Contact Leonardo today for any hacking Issues.
    He helped me to get into my husband's phone remotely and he helped me to gain justice to my husband's infidelity activities. He is professional and nice hacker to work with ...Contact him on his email for hire or to know more about his services

    Leonardomitnickhacking@gmail.com

    ReplyDelete
  69. I know an organization who have private investigators for hire who can help you get into your spouse’s phones,emails remotely from your phone they can also help you with your
    * credit score
    * clearing of criminal record
    *increasing of school grades and any thing that has to do with hacking etc
    You can confirm for yourself from their email ethicalhackers009@gmail.com so you can also give your testimony
    Whatsapp No: +14106350697

    ReplyDelete
  70. An amazing blog to read interesting blog content informative content

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC