Summary

The web content provides a detailed guide on setting up a phishing attack using Kali Linux, the Social Engineering Toolkit (SET), and Ngrok to create a fake website for stealing user credentials.

Abstract

The article outlines a method for executing a phishing attack that involves tricking users into providing sensitive information by visiting a fraudulent website. It emphasizes the use of Kali Linux, a popular penetration testing distribution, and the Social Engineering Toolkit (SET) to automate the creation of a malicious web page. The guide also explains the role of Ngrok, a tool that allows a local web server to be accessible over the internet, which is crucial for conducting the attack outside the local network. The process includes cloning a legitimate website to deceive victims, capturing credentials via a credential harvester, and the importance of masking the suspicious ngrok link to increase the chances of a successful attack. The article concludes by noting the illegal nature of such activities without consent and highlights the potential for Ngrok to be misused by attackers.

Opinions

The author acknowledges the unethical and illegal nature of phishing without consent.
Ngrok is presented as a powerful tool that can be abused by hackers for malicious purposes.
The tutorial is designed for educational purposes, with a clear warning about the legal implications of carrying out such attacks.
The use of SET and Ngrok together is shown as an effective method for conducting phishing attacks on a wider scale, beyond the local network.
The article suggests that social engineering skills are critical in making the phishing attack convincing to potential victims.

How to Set up a Phishing Attack Outside The Local Network

Phishing is a type of social engineering attack often used to steal user data (login information and credit card numbers). It occurs when an attacker tricks a victim into opening an email or fake website.

This website is fraudulent, designed to look legitimate, but exists solely to collect login information from victims.

For this tutorial, you will need Kali Linux Distribution, the Social Engineering Toolkit (SET), and Ngrok.

What is Ngrok?

Ngrok is a cross-platform application that allows developers to expose their local web servers to the internet. It hosts a local web server on its own sub-domain and makes your local web server available on the internet.

Your localhost web server is mapped to a ngrok.io sub-domain, which a remote user can then access. There’s no need to expose ports, set up forwarding, or make other network changes.

Install Ngrok

Open ngrok.com in your browser and click Download for Linux, then extract the zip file using the following command:

unzip ngrok-stable-linux-386.zip

Start Ngrok

To start the tunnel on port 80 for localhost, go to the location where you have extracted ngrok file and execute the below command.

./ngrok http 80

This will create an access port for anyone from outside the network to your local host web server.

Start the Social Engineering Toolkit

The Social-Engineer Toolkit (SET) is an open-source penetration testing framework designed to automate social engineering attacks. SET comprises tools for gathering credentials such as usernames and passwords from targets.

To start SET, open the terminal window in Kali and type ‘setoolkit’ in the command line.

I will select option 1 for social engineering attacks.

Select the Type of Attack

In this step, I will select option 2 which stands for ‘Website Attack Vectors’.

Here, I will choose the option for ‘Credential Harvester Attack Method’ which is option 3.

Clone the Target Website

Then the website selection menu will appear where you have a choice to either craft a malicious web page on your own or just clone an existing website. I will type 2 for Site Cloner.

The next step is the important one because here you have to give the IP address for the POST back in Harvester/Tabnabbing. If you give the default IP address, the attack will be limited to the local network.

So, to make your attack accessible anywhere on the internet, go to ngrok and copy the forwarding link.

And paste the link on the IP address for the POST back in setoolkit.

In the next step, It will ask you for the site which you want to clone. I am cloning ’ https://www.hackthissite.org’

The setup for a phishing attack is complete, I have cloned ‘hackthissite’ web page, which now looks exactly like the original one.

At this point, you need to use your social engineering skills and trick the victim to access the ngrok link. In my case is ‘https://b2360e16.ngrok.io’.

The address is suspicious for the victim, so you can mask the address using a link shortener or embed the link into a login button.

If the target user fills in their details and clicks on ‘Log In’, then the login information will be captured on the Credential Harvester.

As you can see, I have successfully captured the login information from the target.

Conclusion

Ngrok is regularly abused by hackers for cyber attacks. They will see this as a way to complete a phishing attack, as they are able to create fake login pages or deliver malicious URLs.

Note: Using social engineering toolkit against a victim without his/her consent is illegal.

Thank you for reading!