Today, we will be phishing Bob Vance from Vance Refrigeration. (1:50- 3:36) So what happens as a result? I will go into my Gmail account and send the phishing email. Now we’re going to feed this to a victim as if they got a new Twitter message or something like that to get them to click on the link. What just happened is that the tool went out to the real Twitter and copied down the Twitter homepage. Then it asks me what I want to clone and I will input Twitter’s URL. So I will go ahead and use “Site Cloner.”Īnd the IP address that I want my connection to come back to - that’s going to be this machine’s IP, which is 192.168.248.251. Next, we will use Twitter as an example of what we will try to clone. So I’m going to select item one here, which is “Social-Engineering Attacks.” Then on this next menu, I’m going to select item two, “Website Attack Vectors.” Then, on this next menu, I’m going to go with item three, “Credential Harvester Attack Method. This automates creating a phishing attack and makes it very easy.
(0:42-1:49) What I’m doing here is simply setting up the Social-Engineer Toolkit. Social-Engineer Toolkit: Fake Twitter login page
