Gophish zvinyorwa
Navigation
Maitiro ekuseta inoshanda SMTP Email Server yePhish Testing muna 2022
Uri kufunga kumisikidza yako yako phish yekuyedza mushandirapamwe gore rino?
Social Engineering yakura kuita njodzi huru muna 2022 uye uri kufunga nzira dzekuzvigadzirisa.
Zvakadaro kudzikisira kwakaiswa neindasitiri kwaita kuti izvi zviome kupfuura nakare kose.
Kuti utange iwe uchada zvinhu zvishoma.
Unoda SMTP email server inoshanda.
Izvi zvinogona kunetsa sezvo vazhinji vanopa makore vanovhara SMTP traffic.
Iwe zvakare unoda dashboard yekutevera, uye ongorora zvaunowana zveinjiniya yemagariro.
Izvi zvinokutendera kuti utarise kufambira mberi uye udzoke kuboka revakuru.
Kumisa izvi kunogona kutora mavhiki ebasa pamwe nekuyedzwa, kuwedzera kusvika kuzviuru zvemadhora mukushanda.
Ndosaka takagadzira gwara iri kuti tikuratidze kuti unogona kuseta sei SMTP server pane vanopa vanopa vasingavharidzi SMTP.
Pakupera kwegwaro rino iwe unozoziva kugadzirisa uye kuchengetedza iyo server kuti ikwanise kutumira mameseji.
Uyezve iwe unozoziva kudziya iyo IP kero iyo server iri kushandisa kuti mameseji auye.
Tichange tichishandisa chishandiso chinodaidzwa kuti Poste.io kubatsira mukumisikidzwa kweseva yetsamba.
Isu tinokuratidzawo maitiro ekuseta phishing dashboard yaunogona kushandisa kuronda nekuongorora zvaunowana.
Isu tine dashboard leveraging GoPhish paAmazon Web Services yakagadzirira kuvhurwa.
Unogona kubatidza nekudzima dashboard iyi sezvaunoda kubata nekuongorora mishandirapamwe yako yekuyedza phish.
Maitiro ekuseta yako SMTP Server
Kutanga kubva iwe uchafanirwa kuwana VPS kubva kune mupi anobvumira SMTP traffic.
Izvi zvinoreva Contabo, Hetzner, LunaNode, BuyVM, kana Scaleway.
Tichave tichishandisa Contabo mumuenzaniso uyu.
- Gadzira account paContabo ine ingangoita 4GB ye RAM uye 80 GB yenzvimbo yekuchengetedza.
Click pano kuvhura Contabo VM ine zvigadziriso zvakafanosarudzwa.
- Iwe unogona kusarudza izwi rinoenderana nenyaya yako yekushandisa.
Chikwata chedu chinoshandisa mazwi epamwedzi kunze kwekunge isu tine chibvumirano chakareba chekushandisa-kesi yekuongorora phish.
- Tevere iwe unenge uchida kusarudza dunhu riri padyo nesangano rauchange uchiyedza.
Mune ino kesi, ini ndichave ndichishandisa US East muContabo.
- Iyo VPS yaunoshandisa kubata yako SMTP server inofanirwa kunge iine 4 GB ye RAM uye inokwana 80GB yekuchengetedza nzvimbo.
- Ipapo iwe uchazoda kusarudza iyo Operating System, sarudza Ubuntu 20.04 kuti uone kuenderana.
6. Sarudza password yauchazoshandisa kuwana server yako kuburikidza neSSH. Unogona kugadzira password yakasimba pano: https://passwordsgenerator.net/
Ita shuwa yekuchengeta izvi mune password maneja seLastPass kuti utarise ramangwana.
- Ita shuwa kuti wakapihwa kanenge imwe yeruzhinji IP kero!
8. Unogona kusiya zvisizvo zveAddons uye Server Quantity muContabo.
- Mushure meizvozvo, iwe unofanirwa kupinda kana kugadzira account.
- Kana wangopinda, bhadhara mari yemwedzi yebasa racho.
- Mushure mekubhadhara, iwe unogashira email yekusimbisa kana server yako yamiswa.
- Tevere tichapinda musevha totanga kuseta yako SMTP server uchishandisa Poste.io.
Iwe unozofanirwa kushandisa zita rekushandisa (mudzi) uye password yawakagadzira kare kuti upinde kune server kuburikidza neSSH.
13. Unogona kubatana nemutengi wako weSSH waunoda, akadai MobaXTerm kana kuti PuTTY.
Paunenge uchinge wapinda musevha, iwe unenge uchida kuenda kuPoste.io uye womhanya anotevera matanho:
- Isa Docker Injini pane yako Ubuntu server uchishandisa iyo mirairo ine kukurumidza script script pano:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
- Iwe unogona zvakare kuisa Docker Injini uchishandisa inotevera mirairo kana iyo yekukurumidza script isingashande pakugovera kwako Ubuntu:
sudo apt-get update
sudo apt-tora kuisa \
zvitupa \
kupeta \
gnupg
lsb-kusunungurwa
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg -dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
maungira \
"deb [arch=$(dpkg -print-architecture) sign-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) yakagadzikana” | sudo tee /etc/apt/source.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-tora kuisa docker-ce docker-ce-cli containerd.io docker-compose-plugin
- Verify Docker Injini iri kushanda nemurairo unotevera unofanirwa kuburitsa Hello World uye wobva wavhara mudziyo weDocker:
sudo docker mhanya mhoro-nyika
17. Dhawunirodha uye mhanyisa iyo Dockerfile kubva kuPoste.io kubva https://poste.io/doc/getting-started uchishandisa murairo uri pasi apa.
$ docker run \
-net=muenzi \
-e TZ=America/New_York \
-v /yako-data-dir/data:/data \
-zita "mailserver" \
-h "mail.yourphishdomain.com" \
-t analogic/poste.io
Pane zvishoma zvigadziriso zvauchazoda kuita kune uyu murairo:
- -e TZ=America/New_York Seta timezone yemazuva chaiwo
- -v /your-data-dir/data:/data Inokwirisa data dhairekitori kubva kune host system. Dhatabhesi remushandisi, maemail, matanda, zvese zvinopera mune iri dhairekitori kuitira nyore kuchengetedza.
- -zita"mailserver" Mhanya poste.io semudziyo une zita rakatsanangurwa
- -h "mail.yourphishdomain.com" Zita renzvimbo yekuyedza phish mail server yako
Poste.io ichabata kumisikidza azvino ekuchengetedza matanho, TLS, SPF, DKIM, uye DMARC panzvimbo yako.
- Shandisa IP Warming turusi kweanosvika maawa makumi manomwe nemaviri isati yasvika phish yekuyedza mishandirapamwe.
Lemlist i $29/mo, uye WarmupInbox iri $9/mo, tarisa IP Warming SOP kuti uwane ruzivo.
Ndokumbira utarise kune yedu "Maitiro eKudziya IP" gwara rekufunga nezvekudziya kweIP.
SOP: Maitiro ekudziya IP kune itsva email server
- Tevera IP mukurumbira uchishandisa poste.io/dnsbl, mxtoolbox.com/blacklists.aspx kana dnsbl.info.
20. Edza mail server uye email templates uchishandisa mail-tester.com kuti uvandudze kuendesa.
Maitiro ekuseta Yako Phish Yekuyedza Dashboard
21. Gadzira kana pinda muAWS Account yako
22. Shanyira nzvimbo yemusika yeGoPhish
23. Tanga muyedzo wemahara nerondedzero yemusika
24. Gamuchira mazwi uye upe sevha yeGoPhish mukati meAWS account yako. Kana iwe uri kugadzira account nyowani, Amazon inosimbisa account yako uye nekukutumira iyo yekuongorora neemail.
25. Pinda muGoPhish dashboard yako uchishandisa zita rako rekushandisa uye muenzaniso ID.
26. Gadzira Profile yako Yekutumira kuti ushandise yako itsva Poste.io SMTP server paContabo.
SMTP Connection Details
- host: mail.yourphishdomain.com
- chikepe: 465 (TLS inodiwa), 587 neimwe nzira (STARTTLS inodiwa)
- chokwadi chinodiwa
- username izere email kero username@example.com
- 27. Misa Mushandirapamwe wako wekutanga.
- 28. Tumira Mushandirapamwe wako wekutanga
Une mibvunzo? Unogona kuona zvinyorwa zvedu zveGoPhish pano, kana kuti svika kwatiri kuti ubatsirwe pa support@hailbytes.com
MIBVUNZO INONYANYA KUBVUNZWA
- host: mail.yourphishdomain.com
- chikepe: 465 (TLS inodiwa), 587 neimwe nzira (STARTTLS inodiwa)
- chokwadi chinodiwa
- username izere email kero username@example.com
- 27. Misa Mushandirapamwe wako wekutanga.
- 28. Tumira Mushandirapamwe wako wekutanga
Une mibvunzo? Unogona kuona zvinyorwa zvedu zveGoPhish pano, kana kuti svika kwatiri kuti ubatsirwe pa support@hailbytes.com