We will use the Credential Harvester Attack Method because we want to obtain the credentials of the users.Īs we can see in the next image SET is giving us 3 options ( Web Templates, Site Cloner and Custom Import).įor this example we will go with “ Web Templates” option because it has some ready-made Web Templates which we can easily used.
Our choice we will be the Website Attack Vectors because as the scenario indicates we need to test how vulnerable are the employees of our client against phishing attacks. To start the SEToolkit, just type “ setoolkit” in your terminal window. The first thing that we need to do is to attach our laptop into the network of the company that we need to do the Social Engineering Attack.When our system obtains a valid IP address from their DHCP Server we are ready to launch the attack.
In this article we will see how we can use the Credential Harvester Attack Vector of Social Engineering Toolkit in order to obtain valid passwords. After all if an attacker fails to gain access to a system then it might try alternative ways like social engineering attacks. As a penetration tester there will be times that the client requirements will be to perform social engineering attacks against their own employees in order to test if they follow the policies and the security controls of the company.
0 kommentar(er)
