Required Features
Step 0: Make sure your hosts file is normal!
In Lab 4, we had you adding some lines to your hosts file to mess with Google. This lab needs Google to work, so if you didn't already, make sure you've un-done the changes from Lab 4 to your hosts file.

Step 1: Running setoolkit and Setting Up the Credential Harvester
It's been preinstalled on your Azure Labs machine, so lets try using setoolkit:

Run the setoolkit command using sudo:

sudo setoolkit
📝 Note: setoolkit needs to be run as the root user, otherwise, you will see the following message:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

A menu will pop up that looks like this (the image at the top often changes, so yours might be a little different):

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

There will be a list of commands to choose from in the start menu.

Type 1 to begin the Social-Engineering Attacks.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

The next menu shown will ask what type of attacks you'd like to run.

Select 2 for Website Attack Vectors.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Next, it will transfer to another menu which will give a selection of seven (7) different types of attacks.

Read each of the descriptions for the types of attacks. Since we want to create a clone of a website that will collect information, we will select the third (3rd) option, the Harvester Attack method.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Next, we will choose how the web application is set up. SET allows you to choose from a template, create your own, or custom import a website.

Select the first (1st) option, the Web Template.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

It will then give you a new prompt for a POST back address:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

The credential harvester will allow you to collect all of the data from each of the forms. An HTML form for a website will send this information to the website's server once its done (in the form of a POST). In order to set up the fake website to be able to do this successfully, we need to give it a POST back IP address. Let's find what the local IP address is for our Kali Linux machine on the network and use it as the POST back.

In a new terminal window, type the following:

hostname -I
You will see something like this print out in the terminal:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Adding the -I option to the command will list all the IP addresses for the host (Kali machine). We'll be using the second IP address shown.

Copy the second (2nd) IP address in the list.

Paste the IP address in the other (first) terminal prompt.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Now we can select a website template. Choose option two (2) for Google from the list.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

It will then begin the process of cloning the website. If you see the message below, it means that you've set up the credential harvester:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

⚠️ You'll want to keep this terminal window open because it will be collecting our harvested data.
🎯 Checkpoint 1: You have been able to set up the credential harvester (fake) website. Now you are ready to test it!
Step 2: Testing the Credential Harvester
In the Kali RDP Connection, open the Falkon browser (by navigating to Applications -> Internet -> Falkon) and open a new browser window.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Copy the same IP address that you used for the harvester into the web browser (this will go to that address on the local network):

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Press return to navigate to the IP address. You should now see the Google form show up on the page:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Enter some information for the email and password form fields:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

After you are done filling out the form, press the Sign In button. You will be redirected to the Google Search Engine page, as shown below:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Feel free to click on Not Now when it asks you if you want Falkon to remember the password. You can also click the "No thanks" when Google asks you to Sign in.

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Going back to the console where the credential harvester was running, check to see the new output:

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

🎯 Checkpoint 2: Nice work! You have been able to collect information from the form fields and have it show in the console!

🎉 Congratulations 🎉
You've been able to learn how a social-engineering web attack happens and how one can be tempted into entering information into the wrong place. This can help you become aware of how someone's information can be vulnerable, and help to protect people against these kinds of attacks. 🔵