AJ-Labz
  • whoami
  • The Lab
    • Building the Lab
      • Physical Hardware
      • ESXi
        • Install ESXi without a keyboard
      • vCenter Server Installation
      • Configure vCenter Datacenter
      • Virtual Networking
      • Install Virtual Machine
      • Install Virtual Firewall
      • Increasing VM Harddrive size
    • Building the Windows Domain
    • Building a Local DNS Server
    • Installing Apache Guacamole
    • Installing WireGuard VPN
    • Industrial Control Systems (ICS)
  • Defensive Cyberz
  • Analytic Repo
    • Beacon Detection
  • Creating an SIEM
    • Installing Security Onion (SO)
    • Splunk
    • Getting the Windows Data You Need
  • Zeek || Bro
    • Bro/Zeek Script
    • Installing Protocol Analyzers
  • Offensive Cyberz
    • Cobalt Strike Red Team Cheat Sheet
    • Defense Evasion
      • Evading Defender with CobaltStrike
      • Disable AV
      • AMSI Bypass
      • Evade Heuristic Behaviors
        • Process Injection
        • Process Hollowing
        • Reflection
        • AppLocker Bypass
        • Powershell CLM Bypass
      • Linux Shellcode Encoders
    • AD Enumeration
      • AD Tools
      • PowerView
      • BloodHound
      • DAFT Commands
      • Enumeration Commands
    • AD Attack
      • Prompt for Credentials
      • LAPS Reader
      • Abusing ACLs
    • Command and Control
      • Covenant Framework
      • Simple HTTPS Server
    • Linux
      • Shells
      • Impacket
      • SSH
      • Kerberos Cache File
      • Ansible
      • Privilege Escalation
    • Phishing
      • LNK Script
    • Wireless Attacks
    • Create a Trojan
  • Cyber Readingz
    • Recommended Readings
Powered by GitBook
On this page
  • GoPhish
  • Step 1: Download GoPhish
  • Step 2: install go phish
  • Step 3: Purchase Domain
  • Step 4: Generate TLS Certificate for the site
  • Step 5: Configure phishing attack.
  • Step 6: Create Campaign

Was this helpful?

  1. Offensive Cyberz

Phishing

Credential Gathering - Phishing with Go Phish

PreviousPrivilege EscalationNextLNK Script

Last updated 4 years ago

Was this helpful?

GoPhish

Phishing Server Setup Guide: For our phishing email we will be using Go Phish to create the phishing email with a link to our malicious domain. The method show was to gain sensitive information. This same method can be used to gain credentials to other accounts, but in an attempt to avoid violating the policy agreements with a company like amazon or google, we are using a local restaurant to spoof our website.

Step 1: Download GoPhish

https://github.com/gophish/gophish/releases The prereq to this is you have the ability to port forward traffic to your own Linux VM at home or are using a VM on a VPS provider.

Step 2: install go phish

Unzip the file and modify the file gophish to be an executable mkdir /opt/gophish unzip gophish.zip -d /opt/gophish chmod +x gophish ./gophish

Step 3: Purchase Domain

Add an A record to your public IP

Step 4: Generate TLS Certificate for the site

Install certbot and generate cert

apt-get install certbot certbot certonly -d <domain> --manual --preferred-challenges dns

Add TXT record with challenge information to your domain. Verify that the TXT record was updated and then press enter.

Replace the default certificates with the newly generated ones First, move the new certificates to the gophish directory (optional)

Second update the config.json with the new certificate names and the IP of the VM.

Stop ./gophish and start it back up to enable the new certificates This will make the website look a little bit more legit.

Step 5: Configure phishing attack.

Add the targeted users: Go to Users & Groups; add the targeted user and email address.

Create Email Template: Go to Email Templates. It’s important to add the embedded URL into your email to make it look slightly more legit. Add photos and signatures as needed to make the phishing email more believable!

Import the site and then add your form to capture their input

Add email that the phishing emails will send from:

Enabling Gmail Account for SMTP Relay: Go to myaccount.google.com and select the Security tab. From there allow less secure application access

Test email credentials by using the Test Email button at the bottom:

Check your email for the test email from the phishing account. Once that is verified you’re redy for the final step

Step 6: Create Campaign

Head on over to the Campaign tab and fill out the campaign information.

Key thing is to add the URL of the domain you’re trying to impersonate. aka the domain you purchased

Certbot cert
verify the TXT record
config.json