Gophish on Digital Ocean with Blacklist Range
Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations.
This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish.
the usage of gophish and very neat installation procedures inspired by note post on ired.team blog . so i will get brief installation of gophish with postfix server first then . bypass Digital ocean public IP address blacklisted .
​
apt-get install postfix
nano /etc/postfix/main.cf
then you have to modify the following value as your own digital ocean droplet
myhostname = {SMTP SERVER }alias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliasesmydestination = $myhostname, ubt, ubuntu-s-1vcpu-1gb-fra1-01, localhost.localdomain, localhostrelayhost =mynetworks={PUBLIC_IP_ADDRESS}​
after saving these information , you have to reload postfix configuration
service postfix reload
since i am using digital ocean , i only add digital ocean name servers values into my domain , so i can on this way control the dns through digital ocean networking section easily , so adding these values into your domain will solve this issue
ns1.digitalocean.comns2.digitalocean.comns3.digitalocean.com
and then through networking section , should be like this
from your terminal , execute the following commands
wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zipapt install unzipunzip gophish-v0.7.1-linux-64bit.zipchmod +x gophish
after installation is finished , run it
./gophish
gophish in default is running on local interface with port 3333 , so we have to start ssh tunneling to access it
ssh root@ipofdroplet -L3333:localhost:3333 -N -f
access it https:\\localhost:3333
apt install certbot
then generate free ssl certification
certbot certonly --standalone -d mail.phish.com
the paths of certifications comes as following examples
/etc/letsencrypt/live/mail.phish.com/
to activate ssl on postfix you have to edit main.cf as :
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.phish.com/fullchain.pemsmtpd_tls_key_file=/etc/letsencrypt/live/mail.phish.com/privkey.pem
in case want to activate ssl certification on Gophish , edit config.json and replace it with correct path
"admin_server": {"listen_url": "127.0.0.1:3333","use_tls": true,"cert_path": "gophish_admin.crt","key_path": "gophish_admin.key"},"phish_server": {"listen_url": "0.0.0.0:80","use_tls": false,"cert_path": "example.crt","key_path": "example.key"
Bypass Public IP black list on Digital Ocean
about 60 % of ip address comes from Digital ocean considered as spam or black listed , so servers like Gmail or outlook will refuse to accept your phishing email completely , so what we are going to do as trick with 5 $ box is by using floating ip out bound routing
Bypass Blocked Public IP While sending through SMTP
access your droplet via ssh then execute the following command first
curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gateway
then copy the ip address from output and execute the following
route add default gw {IP}
then
route del default gw <INSTANCE IP GATEWAY>
to validate your work
curl icanhazip.com
in case SSH terminated , make sure to connect again into floating IP instead of Public IP
make sure to allow port 25 outbound from ufw firewall
​
​