GoPhish Setup - HackMD

# GoPhish Setup ###### tags: `phishing` ## GoPhish ### Installation of GoPhish ```bash= cd /root mkdir gophish cd gophish # Download "gophish-vX.X-linux-64bit.zip" (change the version accordingly) wget https://github.com/gophish/gophish/releases/download/v0.11.0/gophish-v0.11.0-linux-64bit.zip # Change the version number accordingly to the latest version unzip gophish-v0.11.0-linux-64bit.zip rm gophish-v0.11.0-linux-64bit.zip rm config.json nano config.json ``` Place the following content in the configuration file of Gophish: ```json { "admin_server" : { "listen_url" : "0.0.0.0:3333", "use_tls" : true, "cert_path" : "/etc/letsencrypt/live/phising.be/fullchain.pem", "key_path": "/etc/letsencrypt/live/phising.be/privkey.pem" }, "phish_server" : { "listen_url" : "127.0.0.1:8080", "use_tls" : true, "cert_path" : "/etc/letsencrypt/live/phising.be/fullchain.pem", "key_path": "/etc/letsencrypt/live/phising.be/privkey.pem" }, "db_name" : "sqlite3", "db_path" : "gophish.db", "migrations_prefix" : "db/db_" } ``` As you can see, the listen_url for the phish server is localhost. NGINX will be catching the outside traffic. Use TMUX to let gophish run while you can disconnect the SSH session: https://hackmd.io/Zb7KFP34ShyUNB74yZo4_A ```bash= # install tmux sudo apt -y install tmux wget -O ~/.tmux.conf https://raw.githubusercontent.com/gpakosz/.tmux/master/.tmux.conf mkdir ~/.tmux/ tee -a ~/.tmux.conf.local << END # Remap TMUX to Screen shortcuts. Activation key will be CTRL+A set -g prefix C-a bind C-a send-prefix unbind C-b # Quality of Life stuf set -g history-limit 10000 set -g allow-rename off # Join panes bind-key j command-prompt -p "join pane from:" "join-pane -s'%%'" bind-key s command-prompt -p "send pane to:" "join-pane -t '%%'" # Search mode "vi", default one is emac set-window-option -g mode-keys vi END ``` Launch Gophish: ```bash= chmod +x gophish tmux new -s phishing ./gophish ``` Press <kbd>CTRL</kbd>+<kbd>A</kbd>+<kbd>D</kbd> to detach the screen. Now you can visit your Gophish admin panel on: [http://Your-ip:3333](http://your-ip:3333/) **Make sure to change the admin password. If you don’t you will expose client data!** ### Adding the mail template ![Mail Template](https://i.imgur.com/2BXgJ4r.png) Use one of the email templates in the folder `templates` of the workshop files. In GoPhish go to the mail Templates: ![GoPhish Mail template dashboard](https://i.imgur.com/HoThnhJ.png) Then paste the HTML code: ![Mail HTML code](https://i.imgur.com/cmpCxXW.png) Then add the files. Disable Tracking Image because it's signature (file-structure) is flagging every spamfilter. Also, most clients block external images by default, especially tracking images. Therefore the statistics obtained by this feature are false, so it's not worth it when we consider the damage it does. Make sure to change the links to: https://<yoursite.com>/login/{{.RId}} (change your domain!). ---- <details> <summary>Custom made template (click to expand!)</summary> Use the following services: https://mosaico.io/ or just google `online open source mail editor`. `Open source` is mandatory, or it will cost you time (or money) with creating a mail template and when you save it you realise you have to pay…. Make a quick draft. Images don’t matter and are fine-tuned after downloading the mail template. **Advantage of this template creator: minimal effort, maximal result (responsive design,…)** Export it and download your template after you created it. Now open the html file and search for outside loaded sources (for example images, icons, javascript, css). Rewrite the url of these locations (for example “https://random-site/images/fb.png”) to “cid:fb.png”. Now add the HTML page inside Gophish: ![](https://i.imgur.com/BKHIfaC.png) Paste the content of the HTML file into the HTML field. Now add the images which you downloaded: ![](https://i.imgur.com/RflkxmU.png) In the end you have something like this: Note that the banner.jpg file will be placed into the mail by Gophish during a campaign where the “cid:banner.jpg” is. Also check the box for the tracking image. </details> ---- ### Create landing-page (actual phishing page) Create a new landingspage in Gophish. Use the HTML in `assets/templates/office365_landingspage/`. Copy the contents of the `assets/templates/office365_landingspage/static` folder to the following gophish directory: `/root/gophish/static/endpoint/` Put as redirect URL: https://yourdomain.com/static/expired.html ![](https://i.imgur.com/jEmaYhW.png) ### Create receiver groups ![](https://i.imgur.com/xj1ryW5.png) Best is to use a CSV file (make one), with the following headers: | Email | First Name | Last Name | Position | | ----- | ---------- | --------- | -------- | | ... | ... | ... | ... | If you use Microsoft Excel to export an CSV, it might be possible that if you export to CSV, the delimiter's are `;`. You can replace this by opening your excel sheet in atom and use the replace function: ![](https://i.imgur.com/4cauOJH.png) ### Add mail accounts to Gophish You can add the mail accounts to GoPhish: ![](https://i.imgur.com/UaOlv0R.png) In the `from` field you can use something like: Name of your emailaccount <test@yourdomain.com> If you host your own docker mailserver (on the same server), use this as the smtp setting: localhost:587 ### Launch campaign ![](https://i.imgur.com/UsvUUMI.png) Use the created templates, sending profiles and landing page. For the URL you should use the domain that will be used for the phishing (https://yourdomain.com). ### Export results Results of campaigns can be exported to CSV files: ![](https://i.imgur.com/A4G8CqK.png)