Uncategorized

King-phisher 1.5.1 with SSH keys + TLS

9226661_orig
With version 1.5.1, we’ve seen a few slight changes to the setup process. Unlike previous tutorials, I’m not going to yabber on as we walk through the setup. If you want background details, reasoning behind choices made or any verbose info on any part of this setup, check out the earlier tutorial or hit me up on Twitter. This setup (similar to previous ones) will comprise of the king-phisher server sitting on a Digital Ocean Ubuntu 16.04.1 x64 box and a king-phisher client on a Kali 2016.2 rolling x64 box.

I’m personally using SSH keys (no password auth on the king-phisher server) on a non-standard port and it works seamlessly with king-phisher. Obviously you don’t have to, but just know that you can.

We will be using the Phishing_Awareness_v2 training package provided by SecureState for the web and email templates. Installation is now super smooth, with no dependency issues like matplotlib on the client that we’ve sometimes seen in previous versions. From start to finish, it should take less than 10 minutes.

Prerequisites

– A domain must be registered and an A record set for the server IP address in order to successfully generate a SSL certificate
– The following ports must not be blocked by firewalls or in use by other processes on the king-phisher server:

  • TCP 22 (or whatever port your SSH server is listening on)
  • TCP 80
  • TCP 443

Note that when you generate your letsencrypt certificate, an apache2 process is started and hogs port 80 from that point forward until killed (which is why we manually smack it after our cert is generated). Default error verbosity is pretty good, and usually points clearly to the issue being experienced. 99% of the time it will be a process that’s already using a port required or a bad username/password.

King-phisher server setup


sysadmin@st0rm:~$ cd /opt && sudo git clone https://github.com/securestate/king-phisher.git
Cloning into 'king-phisher'...
remote: Counting objects: 12117, done.
...
...
Checking connectivity... done.
sysadmin@st0rm:/opt$ sudo king-phisher/tools/install.sh
Linux version detected as Ubuntu
Install and use PostgreSQL? (Highly recommended and required for upgrading) [Y/n] y
Will install and configure PostgreSQL for the server
...
...
You can start the King Phisher client with the following command:
python3 /opt/king-phisher/KingPhisher
sysadmin@st0rm:/opt$ sudo service king-phisher stop
sysadmin@st0rm:/opt$ sudo git clone https://github.com/securestate/king-phisher-templates.git
Cloning into 'king-phisher-templates'...
...
...
Checking connectivity... done.
sysadmin@st0rm:/opt$ sudo apt-get -y install python-letsencrypt-apache
Reading package lists... Done
...
...
Processing triggers for ufw (0.35-0ubuntu2) ...
sysadmin@st0rm:/opt$ sudo letsencrypt --apache certonly
...
...
(Enter recovery email address of your choice)
(Enter your domain name either with or without host depending on your setup)
...
...
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/<domain>/fullchain.pem. Your cert
will expire on 2017-02-22. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
sysadmin@st0rm:/opt$ sudo vi /opt/king-phisher/server_config.yml

(Modify the relevant values to match the below:)

server:
# Bind address information, multiple ports can be addresses:
- host: 0.0.0.0
port: 443
ssl: true
ssl_cert: /etc/letsencrypt/live/<domain>/fullchain.pem
ssl_key: /etc/letsencrypt/live/<domain>/privkey.pem

sysadmin@st0rm:/opt$ sudo service apache2 stop
sysadmin@st0rm:/opt$ sudo apt-get install mailutils postfix
Reading package lists... Done
...
...
(Choose Internet Site and enter domain name)
...
...
Processing triggers for ufw (0.35-0ubuntu2) ...
sysadmin@st0rm:/opt$ sudo bash
root@st0rm:/opt# echo “root <username>@<domain>” > /etc/postfix/generic
root@st0rm:/opt# postmap /etc/postfix/generic
root@st0rm:/opt# exit
sysadmin@st0rm:/opt$ sudo vi /etc/postfix/main.cf

(Modify the relevant values to match the below:)

inet_interfaces = 127.0.0.1
smtp_generic_maps = hash:/etc/postfix/generic

sysadmin@st0rm:/opt$ sudo service postfix restart
sysadmin@st0rm:/opt$ sudo service king-phisher start
sysadmin@st0rm:/opt$ sudo ln -s /opt/king-phisher-templates/Website_Templates/Training/Phishing_Awareness_v2/www/* /var/www/

King-phisher client setup


sw1tch@shad0w:~$ cd /opt && sudo git clone https://github.com/securestate/king-phisher.git
Cloning into 'king-phisher'...
...
...
Resolving deltas: 100% (8825/8825), done.
sysadmin@st0rm:/opt$ sudo git clone https://github.com/securestate/king-phisher-templates.git
Cloning into 'king-phisher-templates'...
...
...
Checking connectivity... done.
sw1tch@shad0w:/opt$ sudo king-phisher/tools/install.sh −−skipserver
Linux version detected as Kali
Skipping installing King Phisher Server components
...
...
You can start the King Phisher client with the following command:
python3 /opt/king-phisher/KingPhisher
sw1tch@shad0w:/opt$ python3 /opt/king-phisher/KingPhisher

Set up a default campaign, then click Edit>Preferences. Under the SMTP tab, configure using the below as an example:

screenshot-from-2016-11-25-11-46-57

You should now have a functional king-phisher setup, ready for campaign configuration. For more detailed instructions on setting up campaigns and tweaking settings, check out the previous tutorial.

Thanks again @SecureState and especially @zeroSteiner for his awesome support.

sw1tch

19 Comments

    1. If you set it up the way I outlined in the tutorial, there are no SMTP creds for the postfix server you’ve set up on the same box as the KingPhisher server. You’ll need to make sure you’ve set ‘Tunnel over SSH’ in the SMTP Server tab to ‘ON’ – then when you start your email campaign, you’ll be prompted for you SSH creds to establish the tunnel and have access to send via your postfix SMTP server (which is running on localhost on your KingPhisher server box). Make sense?

  1. On the step “A domain must be registered and an A record set for the server IP address in order to successfully generate a SSL certificate” how do we set those up? I have yet to do this on a linux box before, and my research is coming up with a wide range of answers.

    1. This step doesn’t occur on your linux box – the registration of a domain and setting up of an A record typically happens on the provider’s website. You’ll need to register an account at somewhere like GoDaddy, etc, to purchase and configure a domain. I believe there are some free domain services available, but if you go hunting Google for a Godaddy coupon, you’ll likely only be up for a couple of bucks for a reasonably-named domain.

      1. I have the domain name although it is not associated with any website yet. So i just have to update the DNS Settings with GoDaddy to point to my server and that’s it? The step Enter your domain name either with or without host depending on your setup has nothing to do with my server just points to the registered domain? I am sorry, but all my server experience is with inward facing systems I have never set up one open to the internet.

        1. In a nutshell, yes. Setting up a domain and configuring an A record isn’t really in the scope of this tutorial, and the process can differ based on what domain management service you are using. Best bet is to pop onto the tech support chat with GoDaddy and they will talk you through creating an A record and having it point to your server’s IP address. Hope that helps!

  2. I reinstalled everything from scratch and I keep getting the same error when trying to start the king phisher service.
    an error occurred while parsing the server configuration file while parsing a block mapping
    in “/opt/king-phisher/server_config.yml”, line 26, column 3
    did not find expected key in “/opt/king-phisher/server_config.yml”, line 109, column 7
    king-phisher.service: Control process exited, code=exited status=78
    Failed to start King Phisher Server.

    I looked at the server_config.yml and the only things that were entered were the port and ssl settings. I located the fullchain.pem and privkey.pem files to make sure the paths were correct and they do not match the format given in the instructions. the paths make me wonder if the keys were generated properly. I copied and pasted all commands from walkthrough to ensure accuracy. paths to ssl keys below
    /usr/lib/python2.7/dist-packages/letsencrypt/tests/testdata/live/sample-renewal/fullchain.pem
    /usr/lib/python2.7/dist-packages/letsencrypt/tests/testdata/live/sample-renewal/privkey.pem
    /usr/share/doc/libssl-doc/demos/privkey.pem

    1. UPDATE: I discovered that the reason that I couldn’t locate the fullchain.pem and privkey.pem files was because I was not working as root and did not have access to the full letsencrypt directory. I used chmod to grant my user access and I could then see the files. The files were in place and contained key data so I attempted to start the service again and got the same error. I logged over to root to attempt from there and received the same error. Still trying to figure this out but it has something to do with the letsencrypt keys. I even created another server and installed everything again to rule out some obscure typo I may have made but I get the exact same error again.
      Any thoughts?

      1. UPDATE: I skipped the letsencrypt portion of the installation and everything worked fine. I am must be setting this portion of the server up incorrectly. I am going to continue to troubleshoot on a different image but at least I have isolated exactly what the problem is. Other than the letsencrypt portion this walkthrough has worked perfectly for me.

          1. For anyone that may be running into the ‘did not find expected key’ issue, be sure you’re modifying the ssl_cert and ssl_key values under the ‘Default SSL certificate settings’ setting and not the ‘Hostname specific SSL certificates’ setting.

  3. I have really struggled to get out of the SPAM folder with my KP emails with no luck.

    Modified spf and mx records with no success.

    I even attempted to use an outside SMTP server. Any ideas on this?

    1. Hi otto,

      This is probably the toughest part. The usual rules apply, such as:

      – ensuring the mail content doesn’t contain generic, spammy-looking phrases
      – sending some legitimate emails (where possible) from your SMTP server to create a brief history of valid mail traffic to the destination host
      – ensuring you have A records/reverse DNS entries for your SMTP server

      Sometimes it’s better to slingshot your mails through another major provider to avoid them getting dropped, but often it’s a case of having a few burner domains and IPs handy to test, adapt and refine before firing off your live phish.

Leave a Reply

Your email address will not be published. Required fields are marked *