In the water hole attack process,the hacker(attacker) collects the information of victims at first. Well, the hackers collects or gathers information of victim's about every activities like which sites they mostly visit,what operations they perform in particular website then the hacker infects that particular website and collects the information of  site that victims frequently visits and this process is known as water hole attack.The main goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.

Lets see the given below diagram to understand the process.



From above diagram we can clearly observe that how hacker or attacker looks or target the victims in systematic way which is Water-hole attack process.

NOTE: Be sure that,while surfing about someone identity and attacking , don't reveal your  identity ,be ANONYMOUS ..For more systematic attacking,you might use Kali Linux or Ubuntu



The name watering hole attack is inspired by predators in the natural world who lurk near watering holes, looking for opportunities to attack desired prey. In a watering hole attack, the predator lurks near popular website that the victims often visit , looking for opportunities to infect the websites with malware or malvertisements that will make the target vulnerable.

How do attacker collects info and attacks the the victims?

In water hole attack,the hacker or attacker target the victim's profile who are mainly government employees,rich man or an enemy to know which site they continuously or frequently visits.Then after knowing which sites the victims frequently visits,the attacker checks the vulnerability of website might be through Metasploit process and the attacker injects the malicious javascript or html code that redirects the target to a separate site where the malware is hosted

Short description about Metasploit..

Its a powerful tool used for Penetration Testing. Learning to work with metasploit needs a lot of efforts and time. Ofcourse to can learn metasploit overnight, it needs lots of practice and patience

For downloading the metasploit .Click here
 
Just give a look at following basic steps for beginners to break into a system using metasploit after gathering some information about the target system.

1. Select a right exploit and then set the target.
2.Verify the exploit options to determine whether the target system is vulnerable to the exploit.
3.Select a payload
4.Execute the exploit.

Eventually, use this attack for educational purpose only. If any misleads happens,then you might suffer and you will be responsible for that