Phishing

March 15, 2024

Task 1: Brief

Task 2: Intro To Phishing Attacks

Task 3: Writing Convincing Phishing Emails

Task 4: Phishing Infrastructure

Task 5: Using GoPhish

First we are going to login as admin user in the GoPhish website

Then we are just going to put this in the input boxes

Name: Local Server

From: noreply@redteam.thm

Host: 127.0.0.1:25

After that we will go to "Landing Page" and put this html url in the html section and check "Capture Submitted Data" and "Capture Passwords"

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>ACME IT SUPPORT - Admin Panel</title>
    <style>
        body { font-family: "Ubuntu", monospace; text-align: center }
        div.login-form { margin:auto; width:300px; border:1px solid #ececec; padding:10px;text-align: left;font-size:13px;}
        div.login-form div input { margin-bottom:7px;}
        div.login-form input { width:280px;}
        div.login-form div:last-child { text-align: center; }
        div.login-form div:last-child input { width:100px;}
    </style>
</head>
<body>
    <h2>ACME IT SUPPORT</h2>
    <h3>Admin Panel</h3>
    <form method="post">
        <div class="login-form">
            <div>Username:</div>
            <div><input name="username"></div>
            <div>Password:</div>
            <div><input type="password" name="password"></div>
            <div><input type="submit" value="Login"></div>
        </div>
    </form>
</body>
</html>

Task 6: Droppers

Task 7: Choosing a Phishing Domain

Task 8: Using MS Office In Phishing

Task 9: Using Browser Exploits

Task 10: Phishing Practical