Лабораторная работа №1. Phishing

# Лабораторная работа №1. Phishing ###### tags: `Методы и средства защиты информации` --- > [Подготовка VM](https://hackmd.io/@a13ksajko/SZI_0) --- ### 1. Клонируем репозиторий с заданиями ``` git clone https://github.com/Ivanhahanov/InformationSecurityMethodsAndTools.git ``` ``` cd InformationSecurityMethodsAndTools/Phishing ``` ### 2. Развертываем контейнер для проверки ``` docker compose up -d docker compose logs -f docker compsoe down ``` ### 3. Создание сертификатов ``` docker run -ti --rm -v "$(pwd)"/config/ssl:/tmp/docker-mailserver/ssl -h mail.domain.com -t tvial/docker-mailserver generate-ssl-certificate ``` ``` CA certificate filename (or enter to create) Making CA certificate ... ==== openssl req -new -keyout ./demoCA/private/cakey.pem -out ./demoCA/careq.pem Generating a RSA private key ...........................+++++ .................................................................................................................................+++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:RU State or Province Name (full name) [Some-State]:Moscow Locality Name (eg, city) []:Moscow Organization Name (eg, company) [Internet Widgits Pty Ltd]:mirea Organizational Unit Name (eg, section) []:Red Team Common Name (e.g. server FQDN or YOUR name) []:domain.com Email Address []:admin@domain.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: ==> 0 ==== ==== openssl ca -create_serial -out ./demoCA/cacert.pem -days 1095 -batch -keyfile ./demoCA/private/cakey.pem -selfsign -extensions v3_ca -infiles ./demoCA/careq.pem Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 5d:ac:b5:3f:cc:b6:26:bf:6a:20:dd:c1:ff:08:a0:be:14:1b:e4:3c Validity Not Before: Feb 8 13:40:27 2021 GMT Not After : Feb 8 13:40:27 2024 GMT Subject: countryName = RU stateOrProvinceName = Moscow organizationName = My-company organizationalUnitName = Red Team commonName = domain.com emailAddress = admin@domain.com X509v3 extensions: X509v3 Subject Key Identifier: E9:4F:D1:CC:9D:09:14:A3:9C:23:68:8E:0E:76:9E:35:AE:22:56:61 X509v3 Authority Key Identifier: keyid:E9:4F:D1:CC:9D:09:14:A3:9C:23:68:8E:0E:76:9E:35:AE:22:56:61 X509v3 Basic Constraints: critical CA:TRUE Certificate is to be certified until Feb 8 13:40:27 2024 GMT (1095 days) Write out database with 1 new entries Data Base Updated ==> 0 ==== CA certificate is in ./demoCA/cacert.pem Ignoring -days; not generating a certificate Generating a RSA private key ..................................................+++++ ..............................................................+++++ writing new private key to '/tmp/docker-mailserver/ssl/mail.domain.com-key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:RU State or Province Name (full name) [Some-State]:Moscow Locality Name (eg, city) []:Moscow Organization Name (eg, company) [Internet Widgits Pty Ltd]:mirea Organizational Unit Name (eg, section) []:Red Team Common Name (e.g. server FQDN or YOUR name) []:mail.domain.com Email Address []:admin@domain.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 5d:ac:b5:3f:cc:b6:26:bf:6a:20:dd:c1:ff:08:a0:be:14:1b:e4:3d Validity Not Before: Feb 8 13:41:55 2021 GMT Not After : Feb 8 13:41:55 2022 GMT Subject: countryName = RU stateOrProvinceName = Moscow organizationName = My-company organizationalUnitName = Red Team commonName = mail.domain.com emailAddress = admin@domain.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 2F:6B:63:BE:40:11:03:4E:EC:E7:27:9E:E7:F8:3B:A8:82:9C:84:D9 X509v3 Authority Key Identifier: keyid:E9:4F:D1:CC:9D:09:14:A3:9C:23:68:8E:0E:76:9E:35:AE:22:56:61 Certificate is to be certified until Feb 8 13:41:55 2022 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries ``` ### 4. Создание пользователей #### 4.1 Пересборка mailserver ``` docker compose up --build ``` #### 4.2 Добавление исполняемости скрипту ``` sudo chmod +x MailServer/setup.sh ``` #### 4.3 Создание email-аккаунтов ``` MailServer/setup.sh -i tvial/docker-mailserver:latest email add admin@domain.com admin123 MailServer/setup.sh -i tvial/docker-mailserver:latest email add user1@domain.com user123 MailServer/setup.sh -i tvial/docker-mailserver:latest email add user2@domain.com user456 MailServer/setup.sh -i tvial/docker-mailserver:latest email add user3@domain.com user789 ``` ``` MailServer/setup.sh -i tvial/docker-mailserver:latest email list ``` #### 4.4 Проверка отправки сообщений ``` sudo apt install swaks swaks --from admin@domain.com --to user1@domain.com --server 127.0.0.1:587 -tlso -au admin@domain.com -ap admin123 --header "Subject: test from admin" --body "pintesta" ``` #### 4.5 Получение письма ``` sudo apt install thunderbird -y thunderbird ``` ``` incoming: user1@domain.com IMAP 127.0.0.1 143 STARTTLS Normal password incoming: user1@domain.com 127.0.0.1 587 STARTTLS Normal password ``` ### 5. Gophish #### 5.1 Авторизация на сайте https://192.168.80.128:3333 ``` login: admin password: в логах mail-сервера ``` #### 5.2 Создание Sending Profile ![](https://i.imgur.com/7vCVamz.png) #### 5.3 Создание Landing Page ![](https://i.imgur.com/5yEMFRL.png) #### 5.4 Создание Email Template ![](https://i.imgur.com/6Dn9mS7.png) #### 5.5 Создание User & Groups ![](https://i.imgur.com/6U7NLBL.png) #### 5.6 Создание Campaign ![](https://i.imgur.com/8Wt1tCH.png) #### 5.7 Результат ![](https://i.imgur.com/CljSkQn.png) ![](https://i.imgur.com/5zHCri9.png) ![](https://i.imgur.com/DS62Vs8.png)