Project 159 - Gone Phishing w/ Gophish скачать в хорошем качестве

Project 159 - Gone Phishing w/ Gophish

Steps Taken (in the order that they appear in the video): Creating a Test Email To Test Configurations 1. Clicked Sending Profiles (to create a profile to send emails) 2. Clicked “+New Profile” 3. Details: Name – Red Team From – info support@demo.ine.local Host – localhost:25 Username – red@demo.ine.local (this would be my actual email address in real life) Password – penetrationtesting (this would be my actual password in real life) *Left “Ignore Certificate Errors” checked off 4. Opened up Powershell and netstat -ano (to verify that port 25 for SMTP is in listening mode) 5. Clicked “Send Test Email” 6. Double clicked on targets.csv file on the Desktop (to choose target from the list users I enumerated) 7. Details (to send to dummy Intern account): 8. First Name: Vic, Last Name: Tim, Email: victim@demo.ine.local, Position Intern 9. Clicked “Send” button 10. Clicked on Thunderbird mail client (to view email client and verified that I received the test email) Creating A Landing Page 11. Back in Gophish dashboard, clicked on “Landing Pages” 12. Name: INE Password Reset and Clicked “Import Site” button 13. URL: http://localhost:8080 (to import the contents hosted at this address) 14. Checked off “Capture Submitted Data” 15. Redirect to: http://localhost:8080 and Clicked “Save Page” Creating Email Template 16. Went to Desktop, clicked on “Password Reset Email.txt”, and copied contents 17. Back in Gophish dashboard, clicked “+New Template” button 18. Name: INE Password Reset and clicked “Import Email” 19. Pasted contents of “Password Rest Email.txt” into space and clicked Import 20. Clicked the “HTML” tab to show what the actual visual display of the email will look like to the victims 21. Mentioned that we could add a malicious document by clicking on “+Add Files” 22. Clicked the “Save Template” button Specifying Targets 23. Clicked “+New Group” (to create a group for the entire target organization) 24. Name: INE Employees and clicked “+Bulk Import Users” 25. Went to Desktop, clicked on target.csv file (to upload target list) 26. Clicked the “Save Changes” button Executing Phishing Campaign 27. Clicked on “Campaigns” and “+New Campaign” button 28. Name, Email Template, Landing Page: INE Password Test 29. URL: http://localhost 30. Launch Date: set the day and time for 31. Sending Profile: Read Team 32. Groups: INE Employees and Clicked the “Launch Campaign” button 33. Mention the formats that the results can be exported to and the button that we can use to complete the campaign 34. Went back to Thunderbird and waited for scheduled phishing email to arrive in Vic Tim mailbox 35. Clicked the “Reset Password" button in the email (the link may or may not load) 36. Went back to Gophish dashboard to see that one email was opened and one was clicked