GOPHISH

LogoGitHub - gophish/gophish: Open-Source Phishing ToolkitGitHub

this is an open source phishing toolkit. it enables red teamers to quickly and easily setup and execute phishing engagements. it can track the number of phishing emails were delivered to targets and the number of users that opened the malicious emails. one of its unique feature is the embedding of phishing links directly in the phishing templates.

DATA FLOW

  1. Email is sent to the SMTP Server

  2. SMTP Server delivers email to the target

  3. Target interacts with the Hyperlinks/URL which then creates a session directly to the EvilGinx External IP

    1. Target credentials are harvested via EvilGinx spoofed legitimate page

    2. Target get sent to the payload server

VPS INSTANCE INSTALLATION

#create the ec2/azure instance
root@oco:~$ BROWSER > https://portal.azure.com > Virtual Machines
 Project Details
  Subscription: {subscription}
   Resource Group: {resourceGroup}
 Instance Details
  Virtual Machine Name: {gophish}
  Region: US
  Availability Options: No Infrastructure Redundancy Required
  Security Type: Standard
  Image: Ubuntu Server 20.04 LTS - x64 Gen2
  VM Architecture: x64
  Run w/ Azure Spot Discount: Disabled
  Size: Standard D2as_v4 - 2 vcpus 8GiB memory ($$$)
 Administrator Account
  Authentication Type: SSH public Key
  Username: {gophishUser}
  SSH Public Key Source: Generate new key pair
  Key pair name: {arbitraryValue}
 Inbound Port Rules
  Public Inbound ports: None          //this disabled public access to instance
  Select Inbound Ports: N/A
  
 Disks
  Encryption at host: Disabled
  OS Disk
   OS Disk Type: Premium SSD (locally-redundant storage - LRS)
   Delete w/ VM: Enabled
   Key Management: Platform-managed key
   Enable Ultra Fisk Compatibility: Disabled
  Data Disks for {evilginx}: Create and attach a new disk
   Name: {evilginx}_DataDisk_0
   Source Type: None (Empty Disk)
   Size: 16 GiB
   Key management: Platform-managed key
   Enable shared disk: No
   Delete disk w/ VM: Enabled
   
 Management
  Network Interface
   Virtual Network: {...LabVNet} 
   Subnet: default (.../24)
   Public IP: {...}
   NIC Network Security Group: Basic
   Public Inbound Ports: None
   Select Inbound Ports: N/A
   Delete NIC when VM is deleted: Disabled
   Enable Accelerated Networking: Enabled
  Load Balancing
   Place VM Behind Existing LB Solution: Disabled
  
  * Create the VM after review

GOPHISH INSTALLATION

#https://github.com/gophish/gophish

root@oco:~$ curl -O https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zip
root@oco:~$ unzip gophish-v0.12.1-linux-64bit.zip
root@oco:~$ ls
 phish
root@oco:~$ cd phish
root@oco:~$ ls
 ...gophish templates
root@oco:~$ chmod 700 gophish
root@oco:~$ sudo ./gophish
 ...msg="starting admin server at https://0.0.0.0:3333"
 ...msg="starting phishing server at http://0.0.0.0:80"
 
 * change the default settings such as ports, ip address, etc if required by modifying parameters at /phish/config.json 
 * the random username/password are displayed when gophish is run for the first time
PreviousMFA BYPASSNextFW RULES

Last updated