SET password harvesting
We examined the basics of the Social Engineering Toolkit (SET) in Chapter 4. We are going to revisit SET and look at some advanced concepts of password harvesting and capturing privileged information.
As a refresher, we will launch SET by going to Exploitation Tools | Social Engineering Tools | se-toolkit.
Make sure SET is updated if this if the first time using it. Steps for updating SET and verifying whether GIT is installed can be found in Chapter 4.
Tip
When SET clones a website, it will run a web server. It is important that whoever is being targeted is able to connect to your web server. This means any Internet-based attack will need to leverage a public IP address (either through NAT or directly on Kali Linux), as well as opening firewall rules to permit access to Kali from a remote location.
Once you have taken care of any IP configurations, it is time to launch SET:
We will now use SET to harvest passwords. SET has the ability to clone any website you want. We...
