Links: Social Engineering Toolkit

The Social-Engineering Toolkit is an open-source testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make believable attacks quickly. SET is a product of Trusted-Sec. This tool is great for Phishing will automate a lot of the process and will provide us a link to send to the user

There are some good frameworks but we will use a well-known one, which hasn't been updated in quite some time but still demonstrates the capabilities of Capturing User Credentials.

Setoolkit

We will follow the instructions to start a Social Engineering Attack, we continue by selecting the Credential Harvester Attack we type our IP address to where the user has to connect back to, and of course that holds our Login Poral and we can simple send the link to the User.

The body of the email I am using for this technique.

Once the user clicks on the Link they will get sent to a login portal familiar to Google.

And once they enter their credentials our machine will capture them for us.

Attacker Machine

We see our Captured Credentials in Red with a possible Username and Password Field found.

With this technique we can grab some valid accounts and try to use it with other methods for Initial Access.