Today I am going to illustrate how to get facebook password using Kali Linux.First of all I want you to know what is Kali Linux.Otherwise you may be messed up with these substances .
Kali Linux is Linux distribution focused to use penetration testing and security auditing.Kali contains many number of tools which are mainly focusing in information security tasks,Penetration testing,Security Research,Computer forensics and reverse engineering.
Kali Linux includes these tools as information gathering.
- Nmap
- Aircrack-ng
- Kismet
- Wireshark
- Metasploit Framework
- Burp suite
- Jorhn the Ripper
- Social Engenering Toolkit
- Maltego
- Ettercrap
- OWASP ZAP
Here onwards I am going to discuss Social Engineering Toolkit to access facebook password .First of all you have to download VM ware and install Kali Linux according to your machine performance.
Then run your VMware and open Kali Linux .Click ->Applications->Social Engineering Tools->Social Engineering.
Now your terminal shows some option and hit 1.(Social Engineering Attacks)
Then hit option 2(website Attack Vectors)
Then again hit 3(Credential Harvester Attack Method)
Then again hit 2(Site Cloner)
Now there you have to add IP address of VM.Open new terminal and type ifconfig to get IP address.copy that IP and paste it.
In here type any website link which you want to clone ;as an example www.gmail.com or www.facebook.com
Now open your web browser and type that copied ip address in url.
Type your email address and password ,then it redirects to the original web site.
After inserting your email and password it goes to var/www/html folder to see that stolen pw.
Open harvester_.....txt file to see your credentials.
Whoa!!! you got the credentials :)
Finally you reached your goal by hacking credentials.But the critical cause is not this,but preventing such kind of attacks.An attacker can create these kind of login form as legitimate web form and book mark this page on his browser.Suddenly he asked us to login that web page by using his browser. In that cause we do carefully check that url whether it comes from bogus site or not.
If any doubt you are feel free to comment here.
Thanku,
B/R
Pamoda P. Perera
