Phishing Attack | Credential Harvesting Explained | Using Kali linux and SEToolKit | Gmail Hacking

July 8, 2021

Hey folks,
Welcome back, In this video, we are going to learn how to create and execute a phising attack on a victim and harvest the credential from it and
This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this content shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. Do it as a prank you’ll have fun with this knowledge, and We will not be responsible for any illegal actions.

––––––––––––––––––––––––––––––
Links 🔗 :
More Detailed Explanation:
GitHub : https://github.com/QMRonline/Phishing-attack/blob/main/instruction

––––––––––––––––––––––––––––––
Time Stamps ⌛ :
0:34 What are you going to see?
0:49 Intro video
2:00 Creating phishing link
2:47 Sharing to victim
3:50 Credential harvested
6:37 Ending

-––––––––––––––––––––––––––––––
Simple Solving steps 📓 :
Follow these simple steps in 3 Minutes to execute a phishing attack
Step1: Create the attack
-recommended to use Kali Linux go-to application next social engineering tools next social engineering tool kit or “sudo setoolkit” to run open via terminal if not using Kali Linux
-from the menu, select the option “1” social-Engineering attacks
-Select option “2” Website attack vectors
-Select option “3” Credential Harvester Attack Method
-Select option “1” Web Templates, use can use your site or clone a site using the other two options
-choose the IP Address where the site should be hosted
-Select option “2” For Gmail website

Step2: Planning the attack
-do a small recon study on the target and share the clicking options that can be used by the target, mostly email or SMS
-in my case I am using Bitly to generate a shorten link of the IP, but you can use a custom name server and DNS too
-Sharing to shorten URL to the target
-Efficient method is to a spear-phishing attacking

Steps3: Exploit the target
-once the target opens the link, we’ll get the IP address and location of the target in terminal
-phishing attack is activated, and the credential is harvested once the target type
-the username and password is hacked now you can see that in the terminal or on the locally saved file
-Final file will be saved in most cases/root/.set/reports/filename.xml will have the report saved use “cat filename” to open the report

––––––––––––––––––––––––––––––
More useful information:
One of the methods in SET is credential harvester attack. Credential harvester method is used when you don’t want to specifically get a shell but perform phishing attacks to obtain usernames and passwords from the system.
In this attack vector, a website will be cloned, and when the victim enters the user credentials, the usernames and passwords will be posted back to your machine.
After that, the victim will be redirected back to the legitimate site.
Using this knowledge, what else I can do?
You can clone any website Instagram, Facebook, Flipkart, Amazon or any banking site and do this attack to harvest the credentials.

––––––––––––––––––––––––––––––
How to chat with me 💬 :
Discord : https://discord.gg/MtQdFygumr
Instagram : https://www.instagram.com/qmarkonline/
Website : https://qmarkonline.com //coming-soon

––––––––––––––––––––––––––––––
Future Plans ✔️ :
*Try hack me
*Hack the box
*Bug bounty training
*CTF time
*Ethical hacking
*Exploring Dark web
👉🏻looking forward for ideas, leave a comment on what else you’ll be interested on 👇🏻

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
About me 👁️‍🗨️ :
👋 Hi, I’m @QMark
👀 I’m interested in tech and exploring them.
🌱 We have a growing community of Indian hackers join us.
💞️ I’m looking to collaborate with people like me .
📫 To reach me it’s very easy give DM @qmarkonline //that’s my official insta page in which am active all day
💬 Feel free to join on TG https://t.me/qmarkonline

We teach and simulate the practical hacking scenarios, are you a beginner in hacking? Start here! Onboarding tutorial and super-easy Hacking methods with write-ups to get you up and running. Qmark consist of people, and all people are different. Different strengths, weaknesses, or even time zones, let it be testing for a web application or giving practical knowledge about fishing attacks to your employees

we got you covered !

From easy to the most difficult attacks, our virtual training hacking cover all skill levels. New content is added every week on YouTube and other social media platform, covering the latest exploits and vulnerabilities.
Hands-On Penetration Testing Instead of focusing on theoretical learning, we believe in effective, hands-on live training where you learn by doing.

––––––––––––––––––––––––––––––
Music Credits 🎵 :
Music from Free To Use Music
Track: Nothing by Damtaro

––––––––––––––––––––––––––––––
Tags #️⃣ :
#phishing #PhishingAttack #Credentialharvesting #GmailHacking #Kalilinus #EthicalHacking