Social engineering attacks are one of the top techniques used against networks today. Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems.
This is most commonly used in phishing attacks today -craft an e-mail, or create a fake website that tricks users into running a malicious file that creates a backdoor into their system. But as a security expert, how could you test this against your network? Would such an attack work, and how could you defend against it.
The Backtrack Linux penetration testing platform includes one of the most popular social engineering attack Tool-kits available.Backtrack 5′s SET includes a whole slew of new features. We will use SET to create a fake website that offers a backdoor program to any system that connects. So here goes…
How to Hack Email using Web Jacking Method
The web jacking attack method will create a website clone and present the victim with a link stating that the website has moved. This is a new feature to version 0.7. When you hover over the link, the URL will be presented with the real URL, not the attacker’s machine. So for example if you’re cloning Gmail.com, the URL when hovered over it would be Gmail.com. When the user clicks the moved link, Gmail opens and then is quickly replaced with your malicious webserver .
Recommended OS
Step 1 :-
First open your Backtrack terminal and type ifconfig to check your IP.
(Click on Image for Larger Preview)
Step 2 :-
Now Open Social Engineering Toolkit (SET) . then click to Set
(Click on Image for Larger Preview)
Step 3 :-
Now choose option 1, “Social – Engineering Attacks”
Step 4 :-
Now choose option 2, “Website Attack Vectors”
Step 5 :-
In this option we will select option 6 “Web Jacking Attack Method”
(Click on Image for Larger Preview)
Step 6 :-
In this option we will choose option 2 “Site Cloner”
(Click on Image for Larger Preview)
Step 7 :-
Now give the Attacker IP
(Click on Image for Larger Preview)
Step 8 :-
Enter the URL of the site you want to clone. In this case http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue.
(Click on Image for Larger Preview)
Step 9 :-
Now convert your URL into Google URL using goo.gl and send this link address to your victim via Email or Chat .
(Click on Image for Larger Preview)
Step 10 :-
When the victim goes to the site he/she will notice the link below, notice the bottom left URL, its gmail.com.
(Click on Image for Larger Preview)
Step 11 :-
When the user clicks the moved link, Gmail opens. then When put the user name or password it direct comes to Attacker machine.
(Click on Image for Larger Preview)
This Post is Submitted by Rahul Singh ( www.rmar.in ) | Join him on Facebook