image

Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish.

the usage of gophish and very neat installation procedures inspired by note post on ired.team blog . so i will get brief installation of gophish with postfix server first then . bypass Digital ocean public IP address blacklisted .

installation of postfix server

apt-get install postfix

configuration of postfix

then you have to modify the following value as your own digital ocean droplet

 nano /etc/postfix/main.cf
myhostname = {SMTP SERVER }
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, ubt, ubuntu-s-1vcpu-1gb-fra1-01, localhost.localdomain, localhost
relayhost =
mynetworks={PUBLIC_IP_ADDRESS}

after saving these information , you have to reload postfix configuration

service postfix reload

from your terminal , execute the following commands

wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip apt install unzip
unzip gophish-v0.7.1-linux-64bit.zip
chmod +x gophish
after installation is finished , run it ./gophish
## Access GoPhish by SSH tunneling

gophish in default is running on local interface with port 3333 , so we have to start ssh tunneling to access it
ssh root@ipofdroplet -L3333:localhost:3333 -N -f
access it `https:\\localhost:3333`

installation of Free SSL Certification for Postfix or Gophish

apt install certbot

generate ssl certification

certbot certonly --standalone -d mail.phish.com

the paths of certifications comes as following examples
/etc/letsencrypt/live/mail.phish.com/

to activate ssl on **postfix** you have to edit `main.cf` as 

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.phish.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.phish.com/privkey.pem

in case want to activate ssl certification on Gophish , edit config.json and replace it with correct path

"admin_server": {
"listen_url": "127.0.0.1:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
"phish_server": {
"listen_url": "0.0.0.0:80",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"

Bypass Blocked Public IP While sending through SMTP

access your droplet via ssh then execute the following command first

 curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gateway

then copy the ip address from output and execute the following

route add default gw {IP}
route del default gw

to validate execute the following from box cli

curl icanhazip.com

Lawrence Amer
offensive security expert and founder of 0xsp security research and development (SRD), passionate about hacking and breaking stuff, coder and maintainer of 0xsp-mongoose RED, and many other open-source projects
CONTACT ME