CONFIGURATION
these are the three most important gophish sections that must be configured prior to operation
USERS & GROUPS (TARGETS/RECIPIENTS)
root@oco:~$ BROWSER > https://{gophishAdminPortal:3333}
username: {arbitraryValue}
password: {arbitraryValue}
GoPhish > Users & Groups > New Group
Name: {arbitraryValue}
First Name: {arbitraryValue}
Last Name: {arbitraryValue}
Email: {arbitraryValue}
Position: {arbitraryValue}
* bulk users can be imported in this section
* gophish can be set up to send mass email to addresses that are found during OSINTEMAIL TEMPLATES
#create a sample account from a legitimate site and use its "activation instructions"
root@oco:~$ BROWSER > https://www.onelogin.com/
* register for an account
root@oco:~$ BROWSER > mail.google.com > OneLogin - [Instructions] Activate Your 30 Day OneLogin Trial > Show Original > Copy to Clipboard
* retrieve the activation email by selecting the three dots ... choosing "show original" and copying the contents to clipboard
#obtain the evilginx phishlet links
root@oco:~$ sudo ./evilginx2 -p /home/azureuser/go/src/github.com/kgretzky/evilginx2/phishlets/
evilginx: lures get-url 0
https://{subdomain}.{domain}/hmHyBQkP
- use this evilginx phishlet URL as the links in GoPhish email
root@oco:~$ BROWSER > https://{gophishAdminPortal:3333}
username: {arbitraryValue}
password: {arbitraryValue}
GoPhish > Email Templates > New Template
Name: {arbitraryValue}
Import Email: {paste the copied legitimate activation email}
- Change Links to Point to Landing Page: enabled
Subject: {auto-populated based on the pasted contents}
- modify the links within the email by passing the evilginx phishlet links
- delete the original links and add the evilginx phishlet links
- do not forget to hide the extraneous path
OneLogin Portal URL - https://{evilginx phishlet url}
- hyperlink: https://{evilginx phishlet url}/hmHyBQkP
- the "hmHyBQkp" parameter must be hidden IOT reduce the visibility of a fake site
Save TemplateSENDING PROFILES
this section defines the sender's profile and can be seen by the targets
#obtain the gmail api password
root@oco:~$ BROWSER > https://myaccount.google.com/apppasswords
2-Step Verification: Enabled
- 2FA must be enabled on the account IOT to use this feature
App Name: gophishSendEmail
{... arbitraryValue}
- enter your typical gmail password for verification IOT receive the app password
- App passwords help you sign into your Google Account on older apps and services that don’t support modern security standards.
- this method is less secure than using up-to-date apps and services that use modern security standards
root@oco:~$ BROWSER > https://{gophishAdminPortal:3333}
username: {arbitraryValue}
password: {arbitraryValue}
GoPhish > Sending Profiles > New Profile
Name: {arbitraryValue}
Interface Type: SMTP
SMTP From: {legitimate email address}
- IOF targets to open the email and not suspect malicious activity, the email address need to look like its coming from a legitimate sender
- e.g., it@companyName.com
- ALT: {Full Name} <email@email.com>
- target will see full name and email address
Host: smtp.gmail.com:587
- this is gmails smtp server
Username: {real gmail username MUST be used here}
Password: {enter your gmail app password}
- this is the APP gmail password and NOT the typical gmail account password
- do not use your typical gmail account password here as it won't let you connect connect to smtp.gmail.com:587
Save Profile Last updated