LAUNCHING YOUR CAMPAIGN

TESTING YOUR INFRASTRUCTURE

# Run the gophish on your linux server , to launch the gophish admin panel. Launch it with ” https://<yourserverpublicIP>:<portnumber> “

# open the gophish admin panel , click sending profiles option -> new sending profile -> Provide the mail which you are spoofing under ” From ” option -> under the username ” provide the downloaded SMTP username from amazon SES ” -> under the password ” provide the downloaded SMTP username from amazon SES ” -> under the host ” provide your SMTP server name which you can get from amazon SES ” and also mention the port number next to the server address separated by colon. Now you can test this by clicking ” send test email “ option , enter the information’s asked and click send.

Untitled

CREATING GOPHISH CAMPAIGN

# open the gophish admin panel, click users & Groups -> click new group -> click download CSV template and prepare a victim list based on that template -> Click bulk import users -> enter name of the group -> click save changes.

Untitled

# Now click on Email template option -> click new template -> Provide a template name , enter your subject and description of the template which is an important part in phishing , make sure the template should sound legitimate to the victim -> Click save template.

NOTE : Here the phishing link which we have created using evilginx has to be provided in the mail description ,only then if the victim clicks on that link we can capture all the information’s in evilginx session.

Untitled

# Then click on landing pages option -> click new page -> give any name to the landing page -> click save page. This landing page won’t be visible to the victim , so no need of much information to provide here.

Untitled

# Finally , click sending profiles option -> new sending profile -> Provide the mail which you are spoofing under ” From ” option -> under the username ” provide the downloaded SMTP username from amazon SES ” -> under the password ” provide the downloaded SMTP username from amazon SES ” -> under the host ” provide your SMTP server name which you can get from amazon SES ” and also mention the port number next to the server address separated by colon -> click on save profile.

SENDING YOUR PHISHING ENGAGEMENT

# Now login into to your GoPhish admin panel, click on campaigns option -> click on new campaign -> Parallelly run evilginx as well -> provide all the information’s similar to the below shown screenshot appropriate to your need ” make sure the URL is your server IP address and mention it without port number ” -> select the appropriate group which you have created previously under group option -> click launch campaign.

Untitled

# Once you click the launch campaign option , it will take you to the dashboard as shown below.

Untitled

# So once the victim receives the mail and opens the link , the evilginx will start a session to capture all the victim’s login information’s , session cookies which we can use in future to bypass the victims login , 2FA and acquire their information’s.