Gophish on Digital Ocean with Blacklist Range

Intro

Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish.

the usage of gophish and very neat installation procedures inspired by note post on ired.team blog . so i will get brief installation of gophish with postfix server first then a show a tiny trick to bypass Digital Ocean public Blockced or blacklisted IP address for sending emails.

as attacker you can benifit from this trick to use alternative IP address from the private subnet to deliver and send your malicious phishing emails.

installation of postfix server

apt-get install postfix

configuration of postfix

then you have to modify the following value as your own digital ocean droplet

nano /etc/postfix/main.cf
myhostname = {SMTP SERVER }
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, ubt, ubuntu-s-1vcpu-1gb-fra1-01, localhost.localdomain, localhost
relayhost =
mynetworks={PUBLIC_IP_ADDRESS}
Code language: JavaScript (javascript)

after saving this information, you have to reload the postfix configuration

service postfix reload

from your terminal, execute the following commands

wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip 
apt install unzip
unzip gophish-v0.7.1-linux-64bit.zip
chmod +x gophish
after installation is finished , run it 

./gophish


## Access GoPhish by SSH tunneling


gophish in default is running on local interface with port 3333 , so we have to start ssh tunneling to access it

ssh root@ipofdroplet -L3333:localhost:3333 -N -f
access it https:\\localhost:3333

installation of Free SSL Certification for Postfix or Gophish

apt install certbot

generate SSL certification

certbot certonly --standalone -d mail.phish.com


the paths of certifications comes as following examples
/etc/letsencrypt/live/mail.phish.com/


to activate ssl on **postfix** you have to edit `main.cf` as 


smtpd_tls_cert_file=/etc/letsencrypt/live/mail.phish.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.phish.com/privkey.p

in case want to activate SSL certification on Gophish, edit config.json and replace it with the correct path

"admin_server": {
"listen_url": "127.0.0.1:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
"phish_server": {
"listen_url": "0.0.0.0:80",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"Code language: JavaScript (javascript)

Bypass Blocked Public IP While sending through SMTP

access your droplet via ssh then execute the following command first

 curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gatewayCode language: PHP (php)

then copy the IP address from the output and execute the following

route add default gw {IP}
route del default gwCode language: JavaScript (javascript)

to validate execute the following from box cli

curl icanhazip.comCode language: CSS (css)
Please follow and like us:

Leave a Comment