Onnowpurbo: Created page with "Here is an explanation and example of a '''Phishing Attack''' simulation using '''Kali Linux 2024.3''' in the context of an ethical hacking course. ==Phishing Attack Overview..."

2024-10-28T23:51:47Z

Created page with "Here is an explanation and example of a '''Phishing Attack''' simulation using '''Kali Linux 2024.3''' in the context of an ethical hacking course. ==Phishing Attack Overview..."

New page

Here is an explanation and example of a '''Phishing Attack''' simulation using '''Kali Linux 2024.3''' in the context of an ethical hacking course.

==Phishing Attack Overview==
Phishing is a social engineering attack technique in which an attacker tricks a victim into providing sensitive information such as usernames, passwords, or credit card details through a fake website that appears legitimate. This simulation uses the '''Social Engineering Toolkit (SET)''' which is already installed on Kali Linux.

==Hands-on Steps: Phishing Attack Simulation on Kali Linux 2024.3==

===1. Open '''Kali Linux''' and Run Social Engineering Toolkit (SET)===
SET is a powerful tool for simulating social engineering-based attacks such as phishing. Run the following command to get started:

sudo setoolkit

The SET interface will appear with several options. Select the first option for social engineering attacks.

===2. Select '''Website Attack Vectors'''===
In the SET main menu, select option '''2''' for *Website Attack Vectors*:

2) Website Attack Vectors

===3. Select '''Credential Harvester Attack Method'''===
Next, select the '''Credential Harvester''' method:

3) Credential Harvester Attack Method

This method will capture the credentials (username and password) entered by the victim on the phishing site.

===4. Select '''Site Cloner'''===
To create a fake site that looks like the original site, select the '''Site Cloner''' option:

2) Site Cloner

===5. Enter Target URL===
After selecting '''Site Cloner''', you are asked to enter the URL of the site you want to clone (e.g., Facebook login page, Gmail, etc.). For example, to fake the Gmail login page, type:

https://accounts.google.com

===6. IP Address Configuration===
SET will ask for the IP address of your phishing server (the computer that SET will run on). To get the IP address, run the command:

ifconfig

Then enter the IP address into SET when prompted.

===7. Start Phishing Server===
Once all the configurations are complete, SET will start a local phishing server that can be accessed by the target. Every time the victim visits the phishing URL and enters their credentials, SET will capture the information.

===8. Simulate Attack===
* Send the generated URL to the target via email, message, or other method. Make sure you have the target's permission, as this is part of ethical hacking.
* When the victim visits the fake site and enters their credentials, this information will be captured by SET and displayed in your Kali Linux terminal.

===9. Capture and Display Credentials===
On the SET screen, you will see the results of successfully captured credentials:

[*] WE GOT A HIT!
POST Data: user=exampleuser&pass=examplepassword

Here, the victim's username and password have been successfully obtained from the fake login page.

==Ethical Practices==
Phishing is a dangerous attack method if misused. In the context of ethical hacking, this simulation should be done with legitimate permission and only for educational or security testing purposes.

==Conclusion==
The phishing attack simulation using '''Kali Linux 2024.3''' and '''Social Engineering Toolkit (SET)''' provides a real-world view of how this attack is carried out. It is a great way to learn the important aspects of social engineering and helps raise awareness about cybersecurity among internet users.

==Interesting Links==

* [[Ethical Hacking]]

Hands-on: Simulasi Phishing Attack (en) - Revision history

Onnowpurbo: Created page with "Here is an explanation and example of a '''Phishing Attack''' simulation using '''Kali Linux 2024.3''' in the context of an ethical hacking course. ==Phishing Attack Overview..."