Step 1: Open set tool in BackTrack 5. What you need to do is the following steps:
• Click on Backtrack.
• On the options that pop-up, click on Exploitation Tools.
• After that, choose Social Engineering Tools.
• Click on set.
• Finally, click on Social Engineering Toolkit.
Step 2: This is the part where you set the Website Attack vectors. Here are the steps:
• From the Menu, enter your choice.
• Press Enter.
To let you picture it, the screen will show a menu. It should say “Select from the menu” followed by numbered options. Website Attack Vectors is option 2. Under the list, there will be a part that says “Enter your choice”. Just type in the number 2 and hit Enter.
Step 3: Select your attacking method.
• Select your option from the menu.
• Press Enter.
Again, to put things in perspective, this is how it should look. After a series of some text, there will be a list of 8 attack methods. These 8 are numbered so you can easily identify them. Choose what you want to use. For the purpose of this tutorial, we went with option 3: Credential Harvester Attack Method.
Under the list, you will find it says “Enter your choice (press enter for default)”. Type the number you chose and hit Enter.
Step 4: Select attack vectors
Go to the part that says “(!) Website Attack Vectors (!)”. This part has 4 options, again they’re all numbered. Select number 2: Site Cloner. Underneath, it will say “Enter number (1-4)”. Type in 2 and hit Enter.
Step 5: Enter the URL.
This part creates a clone of the Facebook login page. Enter https://www.facebook.com on the part that asks for it and hit enter. Once you do that, the clone page is automatically created.
Step 6: Continue the Process
This step simply lets the software continue with the cloning process. To do that, just put an asterisk sign (*) on the part that says “Press return to continue” and press enter. If you miss this part, the process will not push through.
Step 7: Continuation of the Process
To ensure that the cloning process continues, check that you see the following appearing after entering the asterisk from the previous step:
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed as it arrives below:
Step 8: Open the terminal and enter the ifconfig command.
The ifconfig command is used to check the ip address of the system. It also checks the Mac address on Linux Operating Systems. Here’s what you need to look for:
inet addr: (your ip address will show up here)
Copy the ip address.
Step 9: Open the web browser.
After opening the browser, follow these steps:
• Paste the system ip address on the address bar.
• You will be redirected to the Facebook login page.
• Test if it works by entering you’re an email and password.
• Press Enter
Step 10: Check to See if it Works
Steps 8 and 9 of this process lets you come up with the details of the username and password. So after hitting enter on step 9, your BackTrack page should show:
POSSIBLE USERNAME FIELD FOUND: (the email address you entered in Step 9)
POSSIBLE PASSWORD FIELD FOUND: (the password you entered in Step 9)
It will also let you print or save a copy of the report.
And there you have it. Hackers will constantly have the advantage in regards to hacking Facebook accounts and although Facebook is doing their very best they are really trying in vain. You have successfully used BackTrack 5 to create fake Facebook page and you were able to extract the credentials entered