It’s been quite some time since I wrote a guide for something, and I DID say I’d follow up my original post with steps to get SSL/TLS working as well as walking through the campaign creation process…so here we go.
What you’ll need to replicate this tutorial:
- A system capable of running server (I’m using a Ubuntu VPS) and client (I’m using )
- An externally accessible domain name and the ability to add a DNS record for your king-phisher server
Configuring the king-phisher server
A few things have changed with the release of king-phisher v1.1.0, so we’ll take it from the top. The assumption is you have a server with a registered domain and DNS entry ready to go. I’ll be using the following:
Server: Digital Ocean Ubuntu VPS
Domain: mydomen.net
Код:
root@leg1t:~$ cd /opt && sudo git clone https://github.com/securestate/king-phisher.git
Cloning into ‘king-phisher’…
remote: Counting objects: 8870, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 8870 (delta 0), reused 0 (delta 0), pack-reused 8864
Receiving objects: 100% (8870/8870), 2.88 MiB | 720.00 KiB/s, done.
Resolving deltas: 100% (6488/6488), done.
Checking connectivity… done.
root@leg1t:/opt$ sudo king-phisher/tools/install.sh
Linux version detected as Ubuntu
Install and use PostgreSQL? (Highly recommended and required for upgrading) [Y/n] Y
Will install and configure PostgreSQL for the server
Project directory found at /opt/king-phisher
Installing Ubuntu dependencies
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
binutils build-essential dpkg-dev fakeroot g++ g++-4.8 gcc gcc-4.8
…
…
…
Creating King Phisher admin group: ‘kpadmins’
Configuring the PostgreSQL server
PostgreSQL configuration file found at /etc/postgresql/9.3/main/pg_hba.conf
Installing the King Phisher upstart service file in /etc/init/
Starting the King Phisher service
king-phisher start/running, process 26601
root@leg1t:/opt$ sudo kill 26601
root@leg1t:/opt$This may take some time…there’s a lot of packages to pull and there are typically a few large pauses during the build phase. Ignore any non-fatal errors. If you get issues with the pip install process for matplotlib, you can just apt-get install python-matplotlib yourself and then re-run the installer. As you can see, the installer sorted out our database configuration as well. If it starts, you’ll need to kill any freshly running king-phisher process, because we’ll need access to TCP port 80 to generate our TLS certificate a little later.
Clone the latest king-phisher-templates repo from github on the client
The template files are stored in a separate repository, so go and grab them:
Код:
root@leg1t:/opt$ cd /opt/king-phisher/ && sudo git clone https://github.com/securestate/king-phisher-templates.git
Cloning into ‘king-phisher-templates’…
remote: Counting objects: 317, done.
remote: Total 317 (delta 0), reused 0 (delta 0), pack-reused 317
Receiving objects: 100% (317/317), 2.60 MiB | 56.00 MiB/s, done.
Resolving deltas: 100% (88/88), done.
Checking connectivity… done.
root@leg1t:/opt/king-phisher$
Код:
root@leg1t:/opt/king-phisher$ cd /opt/ && sudo git clone https://github.com/letsencrypt/letsencrypt
Cloning into ‘letsencrypt’…
remote: Counting objects: 28692, done.
remote: Compressing objects: 100% (80/80), done.
remote: Total 28692 (delta 48), reused 1 (delta 1), pack-reused 28611
Receiving objects: 100% (28692/28692), 7.54 MiB | 2.79 MiB/s, done.
Resolving deltas: 100% (20195/20195), done.
Checking connectivity… done.
root@leg1t:/opt$ cd letsencrypt
root@leg1t:/opt/letsencrypt$ sudo ./letsencrypt-auto –agree-dev-preview –server https://acme-v01.api.letsencrypt.org/directory certonly
Bootstrapping dependencies for Debian-based OSes…
Get:1 http://security.ubuntu.com trusty-security InRelease [64.4 kB] Get:2 http://mirrors.digitalocean.com trusty-updates InRelease [64.4 kB] …
…
Once verification is complete, you should see some similiar to this:
Код:
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.sw1tch.net/fullchain.pem. Your cert
will expire on 2016-04-13. To obtain a new version of the
certificate in the future, simply run Let’s Encrypt again.
– If you like Let’s Encrypt, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@leg1t:/opt/letsencrypt$
Код:
server:
# Bind address information
address:
host: 0.0.0.0
port: 443
…
…
# Require an ID associated with a campaign to load pages
require_id: false
…
…
# SSL settings
ssl_cert: /etc/letsencrypt/live/mydomen.net/fullchain.pem
ssl_key: /etc/letsencrypt/live/mydomen.net/privkey.pemNotice we also set the require_id setting to false – this will allow us to test our configuration just before we launch the campaign. Before you launch (and assume you want to take advantage of the setting so you don’t screw up your one shot!) you should revert this value back to true. Similar to my , I’ll be using postfix instead of the standalone server shipped with king-phisher:
Код:
root@leg1t:/opt/letsencrypt$ sudo apt-get install mailutils postfix
Reading package lists… Done
Building dependency tree
Reading state information… Done
…
Код:
…
Processing triggers for libc-bin (2.19-0ubuntu6.6) …
sw1tch@leg1t:/opt/letsencrypt$ cd
sw1tch@leg1t:~$ sudo -i
root@leg1t:~$ echo “root [email protected]” > /etc/postfix/generic
root@leg1t:~$ postmap /etc/postfix/generic
root@leg1t:~$ exit
root@leg1t:~$Add an entry to smtp_generic_maps (or create one if required) and change the inet_interfaces value to 127.0.0.1 in /etc/postfix/main.cf so we don’t advertise our MTA to the world:
Код:
inet_interfaces = 127.0.0.1
smtp_generic_maps = hash:/etc/postfix/generic
Код:
sw1tch@leg1t:~$ sudo /opt/king-phisher/KingPhisherServer -L INFO -f /opt/king-phisher/server_config.yml
INFO listening on 0.0.0.0:443
INFO 0.0.0.0:443 – ssl has been enabled
INFO 0.0.0.0:443 – serving files has been enabled
INFO initializing database connection with driver postgresql
INFO restored 0 valid sessions and skipped 0 expired sessions from the database
INFO the job manager has been started
INFO server running in process: 31123 main tid: 0x7f23168af740
INFO dropped privileges to the nobody accountConfiguring the king-phisher client
Time to install the client on our Kali 2.0 box. Some of the package versions may have changed slightly (for example, libgeos-dev is now at version 3.5), so modify them as you need to:
Код:
root@kali:~# apt-get install libgeos++-dev libgeos-3.4.2 libgeos-dev python-mpltoolkits.basemap python-mpltoolkits.basemap-data
Reading package lists… Done
Building dependency tree
Reading state information… Done
…
…
root@kali:~#
Код:
root@kali:~# cd /tmp && wget https://downloads.sourceforge.net/project/matplotlib/matplotlib-toolkits/basemap-1.0.7/basemap-1.0.7.tar.gz
…
…
basemap-1.0.7.tar.gz 100%[========================================================>] 123.69M 1.42MB/s in 79s
2016-01-14 20:05:20 (1.56 MB/s) – ‘basemap-1.0.7.tar.gz’ saved [129694711/129694711]
root@kali:~# easy_install basemap-1.0.7.tar.gz
…
…
Installed /usr/local/lib/python2.7/dist-packages/basemap-1.0.7-py2.7-linux-x86_64.egg
Processing dependencies for basemap==1.0.7
Finished processing dependencies for basemap==1.0.7
root@kali:~#
Код:
root@kali:/opt/king-phisher$ ./KingPhisher
…
If the king-phisher server isn’t running, you’ll get an authentication error, so make sure the server is alive!
NOTE: Connection errors that make references to SSL or CERTIFICATE are usually because the SSL/TLS libraries on your server are out of date or no longer supported. If you want a good example of this, try following this tutorial with a Ubuntu 14.04 LTS server – it won’t work. You can try to fix this by installing updated libraries, but you should probably just upgrade your distro to something a tad more modern…
Once logged in, you’ll need to create a new campaign. The wizard will present you with a number of options to choose from so you can customise the kind of campaign you want to run. When you are done, select your freshly created campaign – we’ll need to configure some final settings.
Under Edit>Preferences, you’ll need to set your SMTP settings. Enable the Tunnel Over SSH option and enter the king-phisher server name and your local username for the SSH service on that box. Don’t forget to specify the port:
Just a few more pieces to sort and we’re all set.
Configuring your phishing campaign
So now it’s time to configure your campaign. We’re going to use one of the pre-written templates we downloaded earlier and modify it slightly for our own evil intent. Our templates are located on our client machine under /opt/king-phisher/king-phisher-templates. Use the following as a guide for what you should include:
You can customise the message contents by editing the raw HTML via the Edit tab. In this case, I’m going to target a single victim, but you can specify a CSV file under the Target Information section if you have multiple targets. The format for the CSV file is:
firstname,lastname,email_address
You can check to see what your email will look like under the Preview tab. Now we need to enable the content for our fake site, which needs to be configured on the king-phisher server. SSH back into your server and soft link the web template you want to use to /var/www:
Код:
root@leg1t:~$ cd /var/www
root@leg1t:/var/www$ sudo ln -s /opt/king-phisher/king-phisher-templates/Website_Templates/Credentials/Generic_Portal/www/* .
root@leg1t:/var/www$ ls
error images include login
root@leg1t:/var/www$
To make your phish more legit, use custom images appropriate to your target (details available in the README.md files located under each template directory).
Now that we know all is well, we can reset the require_id setting in /opt/king-phisher/server_config.yaml back to false.This will hide the content from anyone who doesn’t arrive at the login page via a valid king_phisher parameterised link.
Restart the king_phisher server. You are ready to rock.
Firing off your campaign
Back in the king-phisher client, click the Send tab and hit Start. You’ll get a warning about a potentially invalid URL, but we checked before so we know it’s all good…carry on by clicking Yes.
Enter the SSH password for your king_phisher server and hit Connect. Your evil email has been sent and you can now play the waiting game…
Track your campaign progress from the View Campaign tab – options for the dashboard display can be found under Edit>Preferences. The credentials captured are available under the Credentials tab:
This should be more than enough to get you moving with king-phisher. Huge thanks again to and the team for giving us king-phisher – it’s one of the best phishing frameworks around (in my humble
opinion)
