Setting up a phishing campaign with Gophish- Walkthrough

Hi everyone, welcome back to our blog, today we will be talking about Gophish as a tool for performing phishing campaigns. Before we begin be sure to check out our other blogs on our website :https://yelbridges.co.ke/category/tech-business/

. . .

Introduction to Phishing

It is often said that when it comes to security the weakest link is often the human factor. No matter how sophisticated and secure the systems we run are. It only takes a single click to rein havoc to our systems. That is why we have to constantly test not only our systems but our employee’s awareness in matters security.

But before carrying out the awareness training, we have to gauge our employees understanding in matters “suspicious emails” otherwise known as phishing. This is where gophish comes in.

Gophish is a framework that is used to set up phishing campaigns, landing pages, email templates among others to run phishing simulations. It can be used on Linux, windows and Mac platforms, in this article we’ll be running it on our Linux platform.

. . .

The setup…

To run gophish, we need to: Download the zip file, unzip it locally, edit to the json.config file and finally start the server

Without further ado, let’s get to the juicy part and set up gophish.

# 1. Downloading the gophish zip archive this can be done on the terminal by running this simple command:

wget https://github.com/gophish/gophish/releases/download/v0.11.0/<gophish*>.zip

you can get the download file here.

# 2. Unzip the archive file; we’ll use unzip command for this

unzip gophish*.zip

# 3. We’ll use our fave editor to make changes to the json.config file, we will use nano but you can use vim or gedit if you prefer.

sudo nano json.config

We want to have the server accessible from anywhere not just on our local installation instance. Therefore, we’ll change the “listen_url” from “127.0.0.1” to “0.0.0.0” or the server’s IP address.

# 4. We need to make the gophish binary file executable by using the chmod command

 chmod +x gophish

# 5. Now all we need to do is start the server, we’ll do that by running the following command

sudo ./gophish

. . .

Accessing the admin interface…

# 6.  Access the interface: To access the admin interface we’ll go to the server’s ip address and the specific port by default the port is 3333 but you can specify the port you put in the json.config file http:SERVER_IP:PORT NUMBER

The default credentials usually are admin for the username and gophish for the password

however, for newer versions of gophish the password is autogenerated at first startup of the

server. You are then required to change the password after login.

On to the fun part…

# 7. We now need to set up the phishing campaign that will ideally contain the following

• Sending Profile – this is where we will set up our smtp server, depending on the smtp server you’ll use the settings could be different but for us we’ll use gmail with the following settings. Think of this as the authentication required for sending the emails

• Email Template – This is what the target will see once they get the email delivered

We will be using variables so that we don’t have to enter the same during launch of the campaign and when sending out the emails. However, you can choose a different template by copying from a legitimate email from our inbox.

• Landing page – This is the spoofing page that we will use to simulate an authentic login page, we’ll need to use an actual page for this. Ideally the page should match the email template ie   mimick an authentic page that enables a user to change their username and password.

• Groups – this is the list containing the users we want to send the phishing emails to, we can add a single email address or a list containing all the users we would be sending the phishing campaign to.

After setting all the above we need to now start a new campaign and fill out all the required fields that we now have. We should give the campaign a new name and the subsequent fields select them from the drop downs. For the url field we need to set up the IP address or the domain name of the gophish server. Every other field should be pretty straight forward.

# 8. Once everything is filled out correctly, we can click the launch campaign which will send out the phishing emails. If the recipient opens the email, clicks on any of the links we will be notified through

the user dashboard that contains when the email was sent, which users opened the emails and which users clicked the links.

. . .

Closing thoughts…

The parts that might trip you up is the email template, we want to make sure it looks as real as possible and to do that we want to open an email from our inbox say paypal, or linkedin. On the far top right we want to select the 3 dots and click on ‘show original’. This is the content we want to import to email template.

The url in the campaign template should point to the url or the Ip address of the gophish server.

Alright folks hope this article has been informative, we hope to see you again soon.