- Therefore, his program director forced him to take a course he did not want to do. Suppose the syllabus starts with ‘A’ and ends with ‘ED’. Okay, you think, comfort you, at least I’ll make new friends …
three months later. After spending endless hours at conferences, you realize that it has not worked as expected. You met, you got their email addresses and, sometimes, you allegedly worked together on so-called ‘teams’ … but you wouldn’t get to say that they were your friends.
So what you are doing is you have an idea… to make some fun and to encourage the final weeks of class.
You have heard about piracy, you know that everyone probably still uses Facebook and you stumble upon this guide…
So you are installing and working on your new and bright Kali 2019.4. If not, this is the first step… please continue and download it ‘legally’ from: https://www.kali.org/inownloads/
(The first appearance of Kali in Hindu mythology is like a destroyer of evil)
Plan of attack
Therefore, we want to know the usernames and passwords of all our peers in a given class. Suppose the class is very large, and having all your credentials will give you a cult status. Of course, he does not intend to do anything other than gain some fame and then asks them to use 2FA and change their passwords. So how do we do that …
Clone to facebook login website
Rotate a web server that hosts a cloned web page in your black box
Create a path for others to return to your mailbox on the Internet
Write a phishing email that attracts students with greed / fear / sympathy and clicks on a link that connects to a fake fb login
Let’s work the other way …
Step 1: Configure Ngrok
Then, Ngrok allows you with just one command, via any NAT or firewall, to provide a quick and secure URL to your localhost server. This means that when you host your rogue clone FB login page on localhost: 80 (port 80), Narok will give you a link from which you can email your victims to click and access. So go ahead and sign up on Ngrok:
Once you are logged in … go ahead and download ngrok as shown in step 1.
Then follow the configuration instructions as follows (remember to do step 3 with your own ngrok authentication token
Here I am doing it on my machine:
Continue the encroachment and notice the random URL that generates for you:
Remember: Ngrok provides a new random URL every time it stops / starts at its free level, so make sure you are using the correct URL for the following steps
Step 2: Facebook Login Cloning with Social Engineering Toolkit (SET)
So now let’s highlight the power of Kali Linux! Kali is the aggressive hacker’s dream arsenal. It has equipment ready to prank for you. First let’s start the Social Engineering Toolkit by opening a new terminal with Ctrl + Alt + T.
Then type sudo setoolkit (we want to run Social Engineering Toolkit as root user) and enter your root password.
Then type 1 to select 1) Social Engineering Attacks in the opening menu.
Then type 2 to select 2) Website Attack Vectors from the second menu.
Now select type 3) Combine the credential attack method in the third menu (credential collection is a beautiful way of saying that you want to steal your partner’s password … ‘Elizabeth, can you get your bank credentials back? Can? ‘)
Finally, type Site Selector 2 from the fourth menu to start the cloning process of the FB login page 2).
Now be sure to carefully copy the bit after http: // from your running enrock terminal, for example 29102647.ngrok.io and paste it into the social engineering toolkit in the terminal indicator, and then press Enter.
For the next SET message, copy your target Facebook login page, for example https://ar-ar.facebook.com/login/ and paste it, then press Enter.
Ignore the following message and press enter again.
Now your fake server is running in Kali, serving an FB login page and actively listening for the entered input data (username and password). Once you successfully emailed the link http://9102647.ngrok.io to your target victims / pseudo-friends and tricked them into clicking on it, they redirected to your fake FB login page Will go They will enter their username and password involuntarily