Sunday, August 26, 2012

Hack facebook, gmail, yahoo account by phishing

Note : Educational purpose only. Author will not be responsible for any harm.


        Phishing is attempt to aquire usernames, passwords, credit card information from the victim by misleading him/her to a cloned web-page of the original one, which would be hosted on localhost, or on the computer, to which attacker has access to. Once the victim enters account details, it would be sent back to localhost, and the victim would be redirected to the original web page. Which gives attacker, the original account details.

Tools used to perform this attack:

    1. Social-Engineer Toolkit (SET) (Used through Back-Track Linux, which comes preinstalled) If you don't have back-track linux (get from ), to install it on your Linux box, scroll down at the bottom of page, for the guide.

    2. Fake mailer ( )
    3. URL shortner ( )

Steps followed:

First, we need to mirror the login page of the web-page (for example facebook, gmail, or yahoo), of which we want details of the user.

Using Back-Track Linux (or any other GNU/Linux distro of your choise), we fire SET tool
It is present in /pentest/exploits/set directory in Back-Track 5. It may reside somewhere else if you are using other Linux distribution. Switch to that directory. In back-track, enter :

# cd /pentest/exploits/set

To run it, we enter # ./set in a Terminal window, with root's priviliges.
Once we run it, SET tool shows a welcome message, with the menu to select from, which attack we want to proceed.To make a mirror of a webpage, and to host it on the localhost, we select
Website Attack Vectors

That will show sub-menus, one of them is Credential Harvester Attack Method, to do our operation.

Again, we need to clone the site, so we go for Site Cloner and it asks for the URL to clone.

Here, in this example, we enter to mirror its login page.

Once we are done with this, the tool will host that mirrored page for us. Now, what we need is to get the IP address of the local machine and send it to one of our victims.

To get the public IP address of the machine, you can enter $curl command in another terminal window, on GNU/Linux.

Once we get the IP address, we need to spoof it, by using URL shortnining tool to make it look less suspecting. Here, you can use to do your task.

Once we get the “shortned” IP address, what we need is to send it to the victim. If we use one of victim's close person's E-mail address, it will be more “trustable”. So, to do it, we can use fake mailer tool ( ). Here, we can enter the sender's (that is victim's friend/family membet/ close person) and receiver's email addresses, and the link to fake, mirrored site, which is hosted on the localhost saying something like -- check new facebook (or gmail, or yahoo).

Once our victim opens the mail, visits the link given in it, and enters account details, it'd be sent back to out localhost. This is how we can grab account details of our victim.

How to avoid to be a victim to this attack:

1. If you get any of emails, claiming to be directing to original website, check the URL. If it's the exact as the original one, there is no harm. Avoid third party services to use the original one.

2. Once you goto the login page, see the source of the page and check form “action” if it's directing to the original domain. If not, beware! it's “phishing”.

Installing SET on Ubuntu or Fedora:

To fetch the latest code of SET, you nees subversion installed.
To install it on Ubuntu >
$ sudo apt-get install subversion
To install it on Fedora >
$ sudo yum install subversion

Now, you need to fetch to SET code by using svn >
$ svn co set/
In this case, you will need to switch to ~/set directory instead of /pentest/exploits/set

So, instead of cd /pentest/exploits/set, enter cd ~/set

Get access to local Windows machine

Note : Educational purpose only. Author will not be responsible for any harm.

This attack covers a technique to gain Administrator (or any of user's) access to the Windows machine. This needs to have physical access to the machine. Drawback of this attack is that, the original Admin/user will eventually know that, his account was cracked. One needs physical access to the machine. And Administrator of the machine needs to be logged in, to perform following steps.

Tools required: none

Steps followed to perform this attack:
  1. Open C:\Windows\System32 directory. Find the sethc file and change the permissions of the sethc file. It can be done, going by properties > Security > Advanced > Owner > Edit way. Now cut sethc file and paste it to Desktop.
  2. Now, copy the cmd (which is the binary file for the command prompt) file to Desktop. Rename it to sethc. Copy it back to System32 directory.
  3. Now, you are almost done. Whenever you need access to the machine, you have to hit shift key five times, at the login screen. This will invoke cmd instead of StickyKey feature of the Windows operating system. And eventually, you will get access to the command prompt of the machine.
  4. To get the full functionalities, you needs to get access to one of user accounts on the machine.
  5. To do so, in the command prompt, enter : net user <user name> <new password> and by using this new password for the account, you can log in.
Steps to avoid this attack:
  1. On windows machine, the account information is stored in a file called, SAM (Security Accounts Manager). However, the passwords are not in plaintext. They are stored in a hashed format.
  2. On every login, system checks the entered password on this SAM file. If the entered password for account X is same as the password stored on SAM for accound X, system gives access to the user.
  3. By using given technique, the SAM file would be partially enctrypted, so that the password hash values for all local accounts stored in the SAM are encrypted with a key making it hard to intruders to get access.
  4. What we are going to do, is to use this in-built Windows' feature to avoid these kind of attacks.
  5. Steps : Start > Run > SYSKEY > Update > Password Startup then enter password, hit OK, and you are done. This will give protection to the SAM file, and prevent all accounts to be cracked.