[CENTER]Phishing made easy tutorial!
Tools: Backtrack 4, SET
[!]This is a NETWORKING attack NOT gloable attack if you wish to make this attack gloable then you must be creative and try to do so on your own or wait till I make a tutorial[!]
Ok so lets get started, first off boot into backtrack 4 and start a shell. In the shell you want to navigate to your SET folder, in backtrack 4 final i believe this is 'cd /pentest/exploits/SET' and if that does not work for you then navigate to your exploits dir(cd /pentest/exploits/) and type in 'svn co svn.secmaniac.com/social_engineering_toolkit set/' this will download and install SET for you. Once that is done then go ahead and browse to it(cd set). Once you have gotten this part finished you are now ready to start SET simply type in './set' and it will start up, SET will ask you to "Select from menu:" if started up correctly. If you get this then great and your ready to move on, if you do not then please read everything above this once again and see if your doing everything right. If you are still having trouble then please pm me and I will do my best to help you. Moving on now, once you have SET started up you are now ready to setup your phishing server/site this is EXTREMELY easy to do its as easy as choosing a number and pressing enter! So to get started we want to choose "Website Attack Vectors" and it will give you a list of options, Since we want to phish or harvest the slave we will choose "Credential Harvester Attack" this will give you some more options, This is totally up to you on what you want to do, you can choose pre-made templates you can make your own or simply clone a site...its 100% up to you. After you have chosen what you wish it should inform you that your server has started on your private IP. You can check your private IP by opening a shell and typing 'ifconfig'. Ok, so here comes the fun part, now you get to convince your slave to login to your phishing site, the way you do this is 100% up to you and i cant really tell you how you do so, but I CAN tell you how I would I used goo.gl to hide my private IP wile sending the email and send something like "Hey man, check out this new update for %yourphishedsite%!" and hope they click/login to it. Once your slave have logged into your phished site check the prompt that your server has started on and it will show you the possible email/user/password. Hope this helped...please give me your REAL opions for this is my first tutorial as a member, Here is also a video to help you follow along! If you need help please pm me!
MOD EDIT: Removed Youtube link OP See your PM Box for more info.
Last edited by Archangel-Amael; 01-25-2011 at 01:02 AM.