This is the first of a series of posts describing how to perform the various types of attacks that are available to try in the Hacking Village at the ND Cyber Security Conference. These will serve as instructions during the conference, and as a resource after the conference.
First up is the Social Engineering Toolkit from Dave Kennedy of TrustedSec. This toolkit demonstrates how to perform a variety of social engineering attacks.
From the Toolkit:
DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.
The attack method to be tested is cloning a website to harvest credentials.
- Open a console on Kali Linux
- setoolkit and then enter to launch
- 1 for Social-Engineering Attacks.
- 2 for Website Attack Vectors
- 3 for Credential Harvester Attack Method
- 2 to clone a site
- Enter to accept the default IP
- https://apps.ndsu.edu/cas/login or a login form your control to clone
- Enter to understand what they are saying
- Launch Firefox
- Go to http://localhost to load the page
- Any credentials that you enter in will be posted back to SET in plain text. DO NOT USE REAL CREDENTIALS.
- Go back to SET console and see provided credentials
More instructions and operations can be found on the SET website at https://github.com/trustedsec/social-engineer-toolkit/
This was originally posted at the NDSU Tech Blog.