CONFIGURATION

these are the three most important gophish sections that must be configured prior to operation

USERS & GROUPS (TARGETS/RECIPIENTS)

root@oco:~$ BROWSER > https://{gophishAdminPortal:3333}
 username: {arbitraryValue}
 password: {arbitraryValue}
 
GoPhish > Users & Groups > New Group
 Name: {arbitraryValue}
 First Name: {arbitraryValue}
 Last Name: {arbitraryValue}
 Email: {arbitraryValue}
 Position: {arbitraryValue}
 
 * bulk users can be imported in this section
 * gophish can be set up to send mass email to addresses that are found during OSINT

EMAIL TEMPLATES

#create a sample account from a legitimate site and use its "activation instructions"
root@oco:~$ BROWSER > https://www.onelogin.com/
 * register for an account
root@oco:~$ BROWSER > mail.google.com > OneLogin - [Instructions] Activate Your 30 Day OneLogin Trial > Show Original > Copy to Clipboard
 * retrieve the activation email by selecting the three dots ... choosing "show original" and copying the contents to clipboard

#obtain the evilginx phishlet links
root@oco:~$ sudo ./evilginx2 -p /home/azureuser/go/src/github.com/kgretzky/evilginx2/phishlets/
evilginx: lures get-url 0
 https://{subdomain}.{domain}/hmHyBQkP
  - use this evilginx phishlet URL as the links in GoPhish email

root@oco:~$ BROWSER > https://{gophishAdminPortal:3333}
 username: {arbitraryValue}
 password: {arbitraryValue}
 
GoPhish > Email Templates > New Template
 Name: {arbitraryValue}
 Import Email: {paste the copied legitimate activation email}
  - Change Links to Point to Landing Page: enabled
 Subject: {auto-populated based on the pasted contents}
  - modify the links within the email by passing the evilginx phishlet links
     - delete the original links and add the evilginx phishlet links
        - do not forget to hide the extraneous path
        
    OneLogin Portal URL - https://{evilginx phishlet url}
     - hyperlink: https://{evilginx phishlet url}/hmHyBQkP
        - the "hmHyBQkp" parameter must be hidden IOT reduce the visibility of a fake site
 
 Save Template

SENDING PROFILES

this section defines the sender's profile and can be seen by the targets

#obtain the gmail api password
root@oco:~$ BROWSER > https://myaccount.google.com/apppasswords
  2-Step Verification: Enabled
   - 2FA must be enabled on the account IOT to use this feature
  App Name: gophishSendEmail
   {... arbitraryValue}
   - enter your typical gmail password for verification IOT receive the app password
      - App passwords help you sign into your Google Account on older apps and services that don’t support modern security standards.
      - this method is less secure than using up-to-date apps and services that use modern security standards
      
root@oco:~$ BROWSER > https://{gophishAdminPortal:3333}
 username: {arbitraryValue}
 password: {arbitraryValue}
 
GoPhish > Sending Profiles > New Profile
 Name: {arbitraryValue}
 Interface Type: SMTP
 SMTP From: {legitimate email address}
  - IOF targets to open the email and not suspect malicious activity, the email address need to look like its coming from a legitimate sender
     - e.g., [email protected]
     - ALT: {Full Name} <[email protected]>
        - target will see full name and email address
 Host: smtp.gmail.com:587
  - this is gmails smtp server
 Username: {real gmail username MUST be used here}
 Password: {enter your gmail app password}
  - this is the APP gmail password and NOT the typical gmail account password
  - do not use your typical gmail account password here as it won't let you connect connect to smtp.gmail.com:587
  
 Save Profile

PreviousFW RULES NextCAMPAIGNS

Last updated 11 months ago