Phishing Attack: Steal Confidential Information

Phishing is an attack using which a hacker will try to steal your confidential information by pretending to be some trusted person, company, or organization.

For example, you may receive an email that to have been sending by your school or company, or bank asking for your account details but in the reality, it would be sent by a hacker.


Take another example to imagine you may receive an email sent by Gmail or Facebook and says that they are doing some account maintenance or upgrading system and require you to click on a link to login in order for you to continue using your Gmail or Facebook account.

The email looks very real but in reality, it is actually sent by a hacker and is an attempt to steal your confidential details.

Create a Fake Login Page to Hack Facebook Accounts

1. Go to the Website of which you want to make the clone a page like Facebook or Gmail etc., in this case, I am taking Facebook [make sure you are logged out] and right-click anywhere on the page and select View Page Source.

2. Select all the source code displayed on the page by pressing CTRL + A, and paste it into a text editor software like notepad.

3. Now search for the keyword “action= ”.

4. In the source code change this to “hackme.php”.

5. Change the method from POST to GET.

6. Click on File, à save, and then save the text file as index.php. And make sure you select all file options in the save as type field.

7. Write the below .php code in a blank text file. And click on the file, à save, and then type the name “hackme.php”. [save file name by which we change in index.php file action= “Given Name.php”]. And make sure you have selected all files options in the save as type feature.

8. Upload both index.php and hackme.php to a paid or free web hosting like or

9. After upload send a phishing URL link to the victim [may be your friend or anyone]. When the victim opens the webpage it will look like the real Facebook login screen but actually, it is a fake login screen attack/phishing attack that will steal his password.

10. When the user clicks on the login button he will be automatically redirected to the Facebook website and he will think that some error in communication may have occurred or whatever [LoL].

11. Now check your Webhosting File manager there will be a new file called password.txt that would have been created inside when the victim clicks on login which is username and password has been saved in it. Finally, we get the victim's Username and Password.

Phishing Automatic Attack by Kali Linux

Social Engineering Toolkit

1. Open Kali Linux Go to Menu à Exploitation Tools à Social Engineering Toolkit àSet.

                          .  ..
                   .DMM.           .MM$
                 .MM.                 MM,.
                 MN.                    MM.
               .M.                       MM
              .M   .....................  NM
              MM   .8888888888888888888.   M7
             .M    88888888888888888888.   ,M
             MM       ..888.MMMMM    .     .M.
             MM         888.MMMMMMMMMMM     M
             MM         888.MMMMMMMMMMM.    M
             MM         888.      NMMMM.   .M
              M.        888.MMMMMMMMMMM.   ZM
              NM.       888.MMMMMMMMMMM    M:
              .M+      .....              MM.
               .MM.                     .MD
                 MM .                  .MM
                  $MM                .MM.
                    ,MM?          .MMM

[---]        The Social-Engineer Toolkit (SET)         [---]
[---]        Created by: David Kennedy (ReL1K)         [---]
                      Version: 8.0.3
                    Codename: 'Maverick'
[---]        Follow us on Twitter: @TrustedSec         [---]
[---]        Follow me on Twitter: @HackingDave        [---]
[---]       Homepage:       [---]                                                                                
        Welcome to the Social-Engineer Toolkit (SET).                                                                                       
         The one stop shop for all of your SE needs.                                                                                        
   The Social-Engineer Toolkit is a product of TrustedSec.                                                                                  
   It's easy to update using the PenTesters Framework! (PTF)
Visit to update all your tools!                                                                           
 Select from the menu:

   1) Social-Engineering Attacks
   2) Penetration Testing (Fast-Track)
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit


2. This is what the social engineering toolkit looks like it gives you various options it says select Menu. So here we have to press 1 for social engineering testing.
set> 1

3. Next it gives me again various types of attacks that can I Execute. So I want to execute website attack vectors by selecting Option 2.
set> 2
4. Now I want to execute a credential harvester attack method so I Select 3.
set:webattack> 3
5. Now it shows three attacks we want to execute site cloner an attack so we Select 2.
set:webattack> 2
6. Now it is asking me to enter the IP address of my own computer where Username and Password will be sent. Open a new terminal window in Kali Linux and I type the command “ifconfig” then press Enter. Now see my IP Address has been displayed that so now copy it.
7. Now Paste your IP Address and press enter.

8. Now it asks me to enter the URL of the website which I want to clone. I want to clone and press Enter.

9. Now the Facebook website is cloned press the enter key to continue.

10. So now I want my friend or anymore else Username and Password. I need to fool my friend or anyone else to log in on my own Facebook-cloned site.

11. For that send this IP Address to your friend or Anyone whose account you want to hack. When they log in to your clone website.

Then after clicking on the login button on the terminal, it shows the Username and Password of my friend or anyone else.

Now successfully I get the Username and Password of my friend.



git clone
cd shellphish

How you prevent Phishing Attacks?

To identity a phishing attack first you follow these steps:
  • Spelling mistakes and poor grammar.
  • The mismatched domain name and email address.
  • Suspicious attachment.
  • Request for personal information.
  • Offers that look too good to be true.
  • To prevent phishing attacks always use two-factor authentication.

Post a Comment

If you have any doubts or any queries you can specify here.

Previous Post Next Post