This is the same article published on kalilinuxtutorial.net by Shashwat Chaudhary on 27th may 2014 but i am posting it in my tutorials section of my site because this really tend to work when you try to hack facebook.
i believe to become a hacker you must have a hackers mindset which consist of concentrating, creating , experimenting and perceiving the network and its functionality. Every single step push you to achieve your goal so this article might help you push you little more further if u have some knowledge of computer, computer networks, operating systems.
This article is based on kali linux a linux distro most used by pentesters and hackers as well.I request to you all this tutorial is not for the people who are new to the world of pentesting and hacking so would kindly request you all to go through resources available in internet where to start and how to become a pentester or hacker until you find yourself comfortable using kali linux. so here we go…
Credential Harvestor : Port Forwarding : Phishing Facebook
so, here are the pre-requisites:
- Must know how to use SET and Credential Harvester over local area network. If not read the tutorial on Credential Harvester (same as the link above).
- Kali Linux or backtrack 5 (other Linux distributions will work if you can install SET and all the dependencies)
- Patience – Finding your router password might be hard sometimes.
- Some basic knowledge (read a few old posts on this blog which I had written assuming that newbies were the ones reading. By now, after following dozens of my post, the readership has grown smart and doesn’t need to be spoon fed.
Find you public IP
Go to google and search what is my IP. Under normal circumstances you wouldn’t even have to click on any of the results, as google will find your IP for you. If not, then one of the top results sure will.
|I removed the address. But it will show up in your case.|
Finding your router IP and logging in
- Username : admin
- Password : password, admin or in some cases, leave the password field blank
Social Engineering Toolkit : Credential harvestor
The routers are all different : Port Forwarding
|This is what my router looks like|
- Terms to look for – NAT, port forwarding, virtual servers (the router can refer to port forwarding by using any of these terms). If you find something like this, click on it. Also, many a times the routers interface is quite complicated and advanced, with seperate fields for WAN, LAN, access control, etc. You’ll have to take a look around and see where you can find anything related to port forwarding. When you do, you can move to the step below.
- Stuff to enter-
- Application name – Most routers ask you to give a name to the port forwarding setup. Many also have a drop down menu containing most common reasons why people perform port forwarding (the drop down menu mostly has multiplayer games and stuff, don’t expect SET there). This field is insignificant, enter whatever you want to. Maybe SET.
- Port / First Port / Last Port – Some routers just ask you which port to forward, some ask you to enter a range. Nevertheless, you will enter either 80 as the only port, or 80 to 80 as the range. Any field which asks for anything related to port, and 80 is what you’ll enter.
- Protocol (or some other name) – It will have options TCP, UDP, both (both may be replaced by all or TCP and UDP or something). Choose both or whatever corresponds to both in your router.
- IP address (sometimes not) – Here you enter your local IP. 192.168.1.xxx or something. Not your public IP.
Now open any browser and enter you IP. You will see your fake Facebook login page there. Also, try and enter something in the fields. It will show up on the Se-toolkit terminal. The screenshot on the right shows what it looks like on my browser (Somehow se-toolkit decided to clone the Hindi version of the website. I don’t have any memory of ever using Facebook in Hindi though).
Make it look real-
- You’ll get a static IP
- You’ll get a comparatively less suspicious domain name
- You will be safer. This is because sharing your public IP address on the internet isn’t a good idea. And with a port open, people (by people I mean professional hacker who know what they are doing) might break into your system. (If you noticed I never mentioned my public IP anywhere in the post, nor posted any screenshot with it. All the visitors to my site are hackers, and some are better than me, so I’m not inviting trouble here).