Credential Harvester Attack Method- SET Backtrack 5

Social engineering toolkit has played and is playing an important role in the field of information security and ethical hacking, social engineering means to take advantages of human weakness to hack a computer system or a server. Social engineering toolkit is a computer based software that are also available on backtrack 5.

Backtrack is not only a single Linux distribution that contain SET, other distributions like Gnacktrack, backbox also have SET. On social engineering toolkit tutorial we have learnt how to get meterpreter and shell access on a computer, in this tutorial I will explain you some harvester attack method.


What is Credential Harvester Attack Method 

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.

So for this tutorial I will integrate Mass Mailer Attack with credential harvester attack.


  • Operating system
  • Social Engineering Toolkit
  • A brain

Any operating system is applicable for this type of attack but I am using backtrack 5 for this attack, it is a good practice to make a video tutorial instead of images and text so here is the video tutorial of social engineering toolkit mass mailer attack with harvester attack method.

SET Video Tutorial

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Credential Harvester Attack Method- SET Backtrack 5 Reviewed by Ethical Hacking on 9:27 AM Rating: 5


  1. i know how this hack works its similar to phishing but can u clear my doubts

    can we make a PHP script that logs the user into Facebook so he will not get suspicious

    if yes can u explain please

  2. First of all your question is not enough clear for me but i think you want to make a PHP script to hide IP address if yes than why not use a free service no need to PHP script.

  3. @Ethical Hacking

    No no i am not asking about that what i am telling is when the victim visits our fake webpage and enters his credentials and clicks login , he will be redirected to and he will not be logged in which might cause suspicion , What i am asking is there any way that we can make him login like writing a php script to copy all the credentials we have captured like making a login script or something similar to it ?????????


Feel free to ask questions, we love to respond.

All Rights Reserved by The World of IT & Cyber Security: © 2014 - 2015
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.