Настаиваем KingPhishin - Распространение (машина для зомбирования устройуств) Часть - 2

[HHIDE_DUMP]

Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!

It’s been quite some time since I wrote a guide for something, and I DID say I’d follow up my original

Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!

post with steps to get SSL/TLS working as well as walking through the campaign creation process…so here we go.

What you’ll need to replicate this tutorial:

• A system capable of running
  Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!
  server (I’m using a
  Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!
  Ubuntu VPS) and client (I’m using
  Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!
  )
• An externally accessible domain name and the ability to add a DNS record for your king-phisher server

I’ll be expecting you to do some things yourself, like register your domain and create DNS records, etc, but will go through all the king-phisher setup tasks in detail.

Configuring the king-phisher server
A few things have changed with the release of king-phisher v1.1.0, so we’ll take it from the top. The assumption is you have a server with a registered domain and DNS entry ready to go. I’ll be using the following:

Server: Digital Ocean Ubuntu VPS
Domain: mydomen.net

    root@leg1t:~$ cd /opt && sudo git clone https://github.com/securestate/king-phisher.git
    Cloning into ‘king-phisher’…
    remote: Counting objects: 8870, done.
    remote: Compressing objects: 100% (6/6), done.
    remote: Total 8870 (delta 0), reused 0 (delta 0), pack-reused 8864
    Receiving objects: 100% (8870/8870), 2.88 MiB | 720.00 KiB/s, done.
    Resolving deltas: 100% (6488/6488), done.
    Checking connectivity… done.
    root@leg1t:/opt$ sudo king-phisher/tools/install.sh
    Linux version detected as Ubuntu
    Install and use PostgreSQL? (Highly recommended and required for upgrading) [Y/n] Y
    Will install and configure PostgreSQL for the server
    Project directory found at /opt/king-phisher
    Installing Ubuntu dependencies
    Reading package lists… Done
    Building dependency tree       
    Reading state information… Done
    The following extra packages will be installed:
      binutils build-essential dpkg-dev fakeroot g++ g++-4.8 gcc gcc-4.8
    …
    …
    …
    Creating King Phisher admin group: ‘kpadmins’
    Configuring the PostgreSQL server
    PostgreSQL configuration file found at /etc/postgresql/9.3/main/pg_hba.conf
    Installing the King Phisher upstart service file in /etc/init/
    Starting the King Phisher service
    king-phisher start/running, process 26601
    root@leg1t:/opt$ sudo kill 26601
    root@leg1t:/opt$

This may take some time…there’s a lot of packages to pull and there are typically a few large pauses during the build phase. Ignore any non-fatal errors. If you get issues with the pip install process for matplotlib, you can just apt-get install python-matplotlib yourself and then re-run the installer. As you can see, the installer sorted out our database configuration as well. If it starts, you’ll need to kill any freshly running king-phisher process, because we’ll need access to TCP port 80 to generate our TLS certificate a little later.

Clone the latest king-phisher-templates repo from github on the client

The template files are stored in a separate repository, so go and grab them:

    root@leg1t:/opt$ cd /opt/king-phisher/ && sudo git clone https://github.com/securestate/king-phisher-templates.git
    Cloning into ‘king-phisher-templates’…
    remote: Counting objects: 317, done.
    remote: Total 317 (delta 0), reused 0 (delta 0), pack-reused 317
    Receiving objects: 100% (317/317), 2.60 MiB | 56.00 MiB/s, done.
    Resolving deltas: 100% (88/88), done.
    Checking connectivity… done.
    root@leg1t:/opt/king-phisher$

Generate your web certificates using letsencrypt

root@leg1t:/opt/king-phisher$ cd /opt/ && sudo git clone https://github.com/letsencrypt/letsencrypt
Cloning into ‘letsencrypt’…
remote: Counting objects: 28692, done.
remote: Compressing objects: 100% (80/80), done.
remote: Total 28692 (delta 48), reused 1 (delta 1), pack-reused 28611
Receiving objects: 100% (28692/28692), 7.54 MiB | 2.79 MiB/s, done.
Resolving deltas: 100% (20195/20195), done.
Checking connectivity… done.
root@leg1t:/opt$ cd letsencrypt
root@leg1t:/opt/letsencrypt$ sudo ./letsencrypt-auto –agree-dev-preview –server https://acme-v01.api.letsencrypt.org/directory certonly
Bootstrapping dependencies for Debian-based OSes…
Get:1 http://security.ubuntu.com trusty-security InRelease [64.4 kB] Get:2 http://mirrors.digitalocean.com trusty-updates InRelease [64.4 kB] …
…

Thanks to letsencrypt.org, it’s super easy to get a valid TLS cert for your king-phisher server – as you can see. You’ll be asked enter a recovery email address, agree to the terms and conditions, then enter the name of the domain that you control including the host. For me, that’s mydomen.net:

Once verification is complete, you should see some similiar to this:

    IMPORTANT NOTES:
    – Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/www.sw1tch.net/fullchain.pem. Your cert
    will expire on 2016-04-13. To obtain a new version of the
    certificate in the future, simply run Let’s Encrypt again.
    – If you like Let’s Encrypt, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt:   https://letsencrypt.org/donate
    Donating to EFF:                    https://eff.org/donate-le

    root@leg1t:/opt/letsencrypt$

Alrighty, we’ve got our certificates, so let’s now configure king-phisher to use them. Open the configuration file /opt/king-phisher/server_config.yml and make the following changes, using your letsencrypt path:

    server:
      # Bind address information
      address:
        host: 0.0.0.0
        port: 443
    …
    …
      # Require an ID associated with a campaign to load pages
    require_id: false
    …
    …
      # SSL settings
      ssl_cert:  /etc/letsencrypt/live/mydomen.net/fullchain.pem
    ssl_key:  /etc/letsencrypt/live/mydomen.net/privkey.pem

UPDATE 2016-05-03: Changed the above to use fullchain.pem instead of cert.pem – this will ensure the trust chain is valid by including cert.pem and chain.pem into a single file.

Notice we also set the require_id setting to false – this will allow us to test our configuration just before we launch the campaign. Before you launch (and assume you want to take advantage of the setting so you don’t screw up your one shot!) you should revert this value back to true. Similar to my

Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!

, I’ll be using postfix instead of the standalone server shipped with king-phisher:

    root@leg1t:/opt/letsencrypt$ sudo apt-get install mailutils postfix
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    …

Select Internet Site and pick an appropriate FQDN value. Then sort out the rest of the config:

    …
    Processing triggers for libc-bin (2.19-0ubuntu6.6) …
    sw1tch@leg1t:/opt/letsencrypt$ cd
    sw1tch@leg1t:~$  sudo -i
    root@leg1t:~$  echo “root [email protected]” > /etc/postfix/generic
    root@leg1t:~$  postmap /etc/postfix/generic
    root@leg1t:~$  exit
    root@leg1t:~$

Add an entry to smtp_generic_maps (or create one if required) and change the inet_interfaces value to 127.0.0.1 in /etc/postfix/main.cf so we don’t advertise our MTA to the world:

    inet_interfaces = 127.0.0.1
    smtp_generic_maps = hash:/etc/postfix/generic

Restart postfix. Ok, now we can start the king-phisher server:

    sw1tch@leg1t:~$ sudo /opt/king-phisher/KingPhisherServer -L INFO -f /opt/king-phisher/server_config.yml
    INFO     listening on 0.0.0.0:443
    INFO     0.0.0.0:443 – ssl has been enabled
    INFO     0.0.0.0:443 – serving files has been enabled
    INFO     initializing database connection with driver postgresql
    INFO     restored 0 valid sessions and skipped 0 expired sessions from the database
    INFO     the job manager has been started
    INFO     server running in process: 31123 main tid: 0x7f23168af740
    INFO     dropped privileges to the nobody account

Now we’re ready to start on the client.
Configuring the king-phisher client
Time to install the client on our Kali 2.0 box. Some of the package versions may have changed slightly (for example, libgeos-dev is now at version 3.5), so modify them as you need to:

    root@kali:~# apt-get install libgeos++-dev libgeos-3.4.2 libgeos-dev python-mpltoolkits.basemap python-mpltoolkits.basemap-data
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    …
    …
    root@kali:~#

Time to clone the latest king-phisher and king-phisher-templates repos from github on the client. Do what you did during the first and second step when you installed the king_phisher server. If you just want to install the client components, you can use the –skip-server switch – this will jump over the postgresql database setup and all the other components used for the king-phisher server.Basemap is needed for the cool map plotting features in the king-phisher client but sometimes it doesn’t install correctly when setting up king-phisher. If you need to, sort it manually:

    root@kali:~# cd /tmp && wget https://downloads.sourceforge.net/project/matplotlib/matplotlib-toolkits/basemap-1.0.7/basemap-1.0.7.tar.gz
    …
    …
    basemap-1.0.7.tar.gz            100%[========================================================>] 123.69M  1.42MB/s   in 79s

    2016-01-14 20:05:20 (1.56 MB/s) – ‘basemap-1.0.7.tar.gz’ saved [129694711/129694711]

    root@kali:~# easy_install basemap-1.0.7.tar.gz
    …
    …
    Installed /usr/local/lib/python2.7/dist-packages/basemap-1.0.7-py2.7-linux-x86_64.egg
    Processing dependencies for basemap==1.0.7
    Finished processing dependencies for basemap==1.0.7
    root@kali:~#

Done. Ok, now all that’s left is to fire up the client and connect to your waiting king-phisher server:

    root@kali:/opt/king-phisher$ ./KingPhisher
    …

Enter all the details appropriate to your setup (use the below pic for reference). If you have SSH keys set up, you’ll still need to put the password in

If the king-phisher server isn’t running, you’ll get an authentication error, so make sure the server is alive!

NOTE: Connection errors that make references to SSL or CERTIFICATE are usually because the SSL/TLS libraries on your server are out of date or no longer supported. If you want a good example of this, try following this tutorial with a Ubuntu 14.04 LTS server – it won’t work. You can try to fix this by installing updated libraries, but you should probably just upgrade your distro to something a tad more modern…

Once logged in, you’ll need to create a new campaign. The wizard will present you with a number of options to choose from so you can customise the kind of campaign you want to run. When you are done, select your freshly created campaign – we’ll need to configure some final settings.

Under Edit>Preferences, you’ll need to set your SMTP settings. Enable the Tunnel Over SSH option and enter the king-phisher server name and your local username for the SSH service on that box. Don’t forget to specify the port:

Just a few more pieces to sort and we’re all set.
Configuring your phishing campaign
So now it’s time to configure your campaign. We’re going to use one of the pre-written templates we downloaded earlier and modify it slightly for our own evil intent. Our templates are located on our client machine under /opt/king-phisher/king-phisher-templates. Use the following as a guide for what you should include:

You can customise the message contents by editing the raw HTML via the Edit tab. In this case, I’m going to target a single victim, but you can specify a CSV file under the Target Information section if you have multiple targets. The format for the CSV file is:

firstname,lastname,email_address

You can check to see what your email will look like under the Preview tab. Now we need to enable the content for our fake site, which needs to be configured on the king-phisher server. SSH back into your server and soft link the web template you want to use to /var/www:

    root@leg1t:~$ cd /var/www
    root@leg1t:/var/www$ sudo ln -s /opt/king-phisher/king-phisher-templates/Website_Templates/Credentials/Generic_Portal/www/* .
  root@leg1t:/var/www$  ls
    error  images  include  login
    root@leg1t:/var/www$

Alrighty. Getting there now. For some reason (at least for me) the Verify URL check on the configuration tab for king-phisher doesn’t work, so we will just browse to the fake login page manually. Open a browser and visit

Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!

and you should be greeting with your fake login portal…with no certificate errors or warnings, and that lovely padlock to show us all is well…

To make your phish more legit, use custom images appropriate to your target (details available in the README.md files located under each template directory).

Now that we know all is well, we can reset the require_id setting in /opt/king-phisher/server_config.yaml back to false.This will hide the content from anyone who doesn’t arrive at the login page via a valid king_phisher parameterised link.

Restart the king_phisher server. You are ready to rock.

Firing off your campaign
Back in the king-phisher client, click the Send tab and hit Start. You’ll get a warning about a potentially invalid URL, but we checked before so we know it’s all good…carry on by clicking Yes.

Enter the SSH password for your king_phisher server and hit Connect. Your evil email has been sent and you can now play the waiting game…

Track your campaign progress from the View Campaign tab – options for the dashboard display can be found under Edit>Preferences. The credentials captured are available under the Credentials tab:

This should be more than enough to get you moving with king-phisher. Huge thanks again to

Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!

and the

Пожалуйста, Вход или Регистрация для просмотра содержимого URL-адресов!

team for giving us king-phisher – it’s one of the best phishing frameworks around (in my humble
opinion)