Scribd
Upload
15 views12 pages

233633-CTI Lab6

The document outlines a lab exercise on phishing for employee credentials using the Social Engineering Toolkit (SET) and SPF on Kali Linux. It details the steps to clone a website and create a phishing email to capture login credentials. Additionally, it provides instructions for using SPF to test configurations for phishing purposes.

Uploaded by

233633
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
15 views12 pages

233633-CTI Lab6

The document outlines a lab exercise on phishing for employee credentials using the Social Engineering Toolkit (SET) and SPF on Kali Linux. It details the steps to clone a website and create a phishing email to capture login credentials. Additionally, it provides instructions for using SPF to test configurations for phishing purposes.

Uploaded by

233633
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

LAB 6

233633
Muhammad Arhum Luqman
Cyber Threat Intelligence
Naveed Naeem Abbas
Air University
Task: Phishing for employee credentials using the set toolkit
 Open the set tool kit in the kali linux

 Now choose the social engineering attacks


 Now select the website attack vectors

 Now select credentials harvest method


 Now select the site cloner

 Now enter the IP address of ( in my case I’m using the ip of my virtual machine)

 Now enter the URL you want to clone ( I’ll clone http://certifiedhacker.com/Online
%20Booking/index.htm site)

 It will take some time to clone the site


 Now check the site is cloned or not open the IP address that you give previously in the tool in
your web browser

 Now to trick someone make a scenario by making fake male and send to someone for this open
the Gmail and compose an email
 In the body of the E-mail place the cursor where you want to paste the fake URL
 Now click on the link icon and paste the fake URL with the representing website
 Now send this mail to the person you want to manipulate when he/she open the link and enters
mail and password it will show in the terminal of the tool

Task2: Phishing employee credentials using SPF


 Clone the tool on the kali linux from git hub by using the given commands
 Type cd SPF and press enter

 Again type cd spf and hit enter

 Now to launch SPF, type ./spf.py -h and hit Enter


 To check the configuration of SPF, type cat default.cfg and hit Enter.
 In the terminal window, type ./spf.py -d example.com --test and hit Enter

You might also like