Steps for setting up your system.
- Download Kali Linux from here.
- Extract the contents of Kali Linux iso file which you downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it.
- After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd.
- After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement.
- NOTE:During installation,in mount point of selected installation drive,set mount point to "/".
- Remember the username and password while installation as this will be necessity for this hacking method.
- Once,installation is completed,system will reboot,login your account.
- Your system is ready for use.
Now lets set it up.
- Open terminal using ctrl+alt+t or click on the small black window image on the top left of your screen.
- Once terminal is open,type the code carefully.
sudo rootThen enter your root username and password.Don't close the terminal.
- Next step is to open social engineering toolkit.For this type the below command in terminal.
You will see something in terminal of your system as shown below in the image.
- As shown above in image,you too will see the menu in your terminal.Press "1" and hit enter as we are going to do Social-Engineering Attacks.You will see something in terminal as shown below in the image.
- Once again,you will get a menu as shown above in the image.We are going to select Website Attack Vectors,so press "2" and hit enter.You will see something as shown in the image below.
- In this method,we are going to get the credential of the victim,so press "3" and hit enter as it will select credential harvester attack method.This will open new menu as shown below in the image.
- Since,we want the username and password which is credential of victim,so we need to trap the victim in a look a like page to original website page(like phishing page) and for that we need to clone a website.To do this,press "2" and hit enter which will open something like shown below.
In above image,you might have noticed a red colour rectangle box made by me,in that box,you will find "tabnabbing:XXX.XX.XXX.X" where this "XXX.XX.XXX.X" is you computer IP address.To find IP address of your computer,open a new terminal and type the command given below.
su rootIn above command,we first gain the root access,and then afterwards type "ifconfig" and hit enter to get the IP address.
Copy paste this IP address at the end of "Tabnabbing:".I have used my IP address but for security reasons i can't reveal it,so i have posted here "XXX.XX.XXX.X".Please note that,if you don't put your computer IP address,they this method won't.After entering your IP address,hit enter.It will ask your to enter the url of website you want to clone as shown below.Here,i had entered "www.ymail.com" as i want to hack someone ymail account.The below image represents all the steps.
- The next step is the most important step,till now we have make your IP address go online and anyone who visit your IP address will see the page which will look like the website of whose url you entered to clone.In this step,you need to shortened your IP address by using services like ADF.LY, Binbox, Goo.gl,etc.Once you enter your ip address on these sites to shorten,they will provide you a link,all you need to do is just send this shortened link to your victim.
- When the victim visit the url which you have sent them,the will see a same page of which url you had entered to clone the website.The victim will think that it is a original page and when the victim enters any of their information,you will see that information in the terminal.
- In this example,i have used ymail.com.Therefore,the victim will see homepage of yahoo mail.This is only the login form,i have entered the login username as:"Kali used to hack email-id and password" and password as: "Hacking successfull".
NOTE:Victim can identify that the page is a trap as the address bar of browser will be having your IP address.For best results,send the shortened url to victim mobile and ask them to visit urgently,or you can say visit this link and login to get latest updates of their favourite contents,etc.
The username and password will be shown in terminal window and will be similar to the image shown below.
If you get stuck anywhere,feel free to contact us and get solution for your problem related to this information.I will suggest you to use virtual box for using Kali Linux within your default operating system.Video tutorial will be given on demand.So if you need video tutorial related to this,just contact us from contact form below at right corner of this page.
Join Our Facebook Group for Latest Updates
PLEASE DON'T FORGET TO SHARE THIS INFORMATION WITH YOUR FRIENDS.