phishing

King-phisher setup

9226661_orig

Latest tested version: 1.11.0
Server platform: Scaleway VC1S VPS Debian 9.1 64-bit (£5/m)
Client platform: Official Kali Linux 2018.1 64-bit VM
Prereqs: Registration DNS control of domain of choice, non-root user with sudo access and SSH certificate authentication configured on VPS server and all packages updated.

Please ensure you have the prerequisites configured otherwise you’ll likely face issues. 

Server Install

The following details the installation and configuration of the king-phisher server. Non-fatal errors can be safely ignored.

root@phishyserver:~$ useradd -m sysadmin -G sudo -s /bin/bash
root@phishyserver:~$ passwd sysadmin
Enter new UNIX password:  ********
Retype new UNIX password:  ********
passwd: password updated successfully
root@phishyserver:~$ su sysadmin
sysadmin@phishyserver:/root$ sudo apt install git python-certbot-apache (you may need to add a new repo if python-certbot-apache isn’t available)


sysadmin@phishyserver:/root$ cd /opt/;sudo wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh
sysadmin@phishyserver:/opt$ sudo bash ./install.sh
INFO: Linux version detected as Debian
Install and use PostgreSQL? (Highly recommended and required for upgrading) [Y/n] y


INFO: You can start the King Phisher client with the following command:
/opt/king-phisher/KingPhisher
sysadmin@phishyserver:/opt$ sudo service king-phisher stop
sysadmin@phishyserver:/opt$ sudo git clone https://github.com/securestate/king-phisher-templates.git


sysadmin@phishyserver:/opt$ sudo certbot certonly authenticator ₋₋standalone ₋₋pre-hook “apachectl -k stop” ₋₋post-hook “apachectl -k start”


(Enter recovery email address of your choice)
(Agree to terms of service)
(Enter your domain name including hostname e.g. evil.blahblah.com)

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/egresshax.com/fullchain.pem. Your cert will
expire on 2018-07-13. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run “certbot
renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

sysadmin@phishyserver:/opt$ sudo vi /opt/king-phisher/server_config.yml

(Modify the relevant values to match the below, replacing <domain> with your domain details:)
server:
# Bind address information, multiple ports can be addresses:
– host: 0.0.0.0
port: 443
ssl: true
ssl_cert: /etc/letsencrypt/live/<domain>/fullchain.pem
ssl_key: /etc/letsencrypt/live/<domain>/privkey.pem

sysadmin@phishyserver:/opt$ sudo apt install mailutils postfix
Reading package lists… Done

(Choose Internet Site and enter a FQDN e.g evil.blahblah.com)

Processing triggers for ufw (0.35-0ubuntu2) …
sysadmin@phishyserver:/opt$ sudo bash
root@phishyserver:/opt$ echo “root sysadmin@evil.blahblah.com” > /etc/postfix/generic
root@phishyserver:/opt$ postmap /etc/postfix/generic
root@phishyserver:/opt$ exit
sysadmin@phishyserver:/opt$ sudo vi /etc/postfix/main.cf

(Modify the relevant values to match the below:)
inet_interfaces = 127.0.0.1
smtp_generic_maps = hash:/etc/postfix/generic

sysadmin@phishyserver:/opt$ sudo service postfix restart
sysadmin@phishyserver:/opt$ sudo ln -s /opt/king-phisher/templates/Website_Templates/Training/Phishing_Awareness_v2/www/* /var/www/ 
sysadmin@phishyserver:/opt$ sudo service king-phisher start

You will likely need to check your web server configuration to harden it (remove directory listing, etc) before you kick off your actual campaign. Check your server thoroughly from both the inside and outside for misconfigurations (like no auto-redirect from http to https, etc), info leaks (server tokens, etc) and such before the big day. Success means preparing well and checking carefully.

Client Install

The following details the installation and configuration of the king-phisher client. Non-fatal errors can be safely ignored, but please ensure you have completely updated and upgraded your Kali instance before starting. Other point to note is, if you run the installer, then try to run the same installer process again, you are likely to get fatal errors. Once is enough – if the client runs, it runs. Don’t muck about trying to re-install because pip threw a package error at you that wasn’t fatal.

root@kali:/root$ cd /opt;wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh
root@kali:/opt$ git clone https://github.com/securestate/king-phisher-templates.git
Cloning into ‘king-phisher-templates’…


root@kali:/opt$ bash ./install.sh ₋₋skip-server
INFO: Linux version detected as Kali
INFO: Skipping installing King Phisher Server components
INFO: Attempting to update apt-get cache package information


You can start the King Phisher client with the following command:
python3 /opt/king-phisher/KingPhisher
root@kali:/opt$ python3 /opt/king-phisher/KingPhisher

Client Configuration

With your SSH certificates properly configured, you’ll be able to log into the king-phisher server using your passphrase, but will still need to include the username/password of the local account on your king-phisher server:

When you click Connect you will be asked to confirm the server’s host key, and then requested to provide your SSH key passphrase – the client will then connect to the king-phisher server and present the campaigns page. Set up a new campaign using the wizard and load it up.

You’ll need to configure your SMTP settings before proceeding much further. Click Edit>Preferences and select the SMTP Server tab. All you need to do is ensure Tunnel Over SSH is ON, then fill in the same details for SSH Server and SSH Username match those that you used to log in the king-phisher server when you first started the client.

That’s it. You’re now ready to read the rest of the doco available at king-phisher.readthedocs.io and get rolling on your first campaign!

Additional Configurations

The following are additional configs that may be of interest, depending on how you plan to use king-phisher.

Basic authentication for creds capture

Using Jinja, you can create content that will prompt for a basic authentication request. Create a file on the king-phisher server /var/www/auth and populate it with the following:

{% set require_basic_auth = True %}
{% set basic_auth_realm = ‘Authentication required’ %}
<html>
<body>
Authentication required
</body>
</html>

You can now set your Web Server URL to https://your.evil.domain/auth to integrate this content into your phishing campaign and capture any credentials that are dropped by victims. Using this construct, I can see you’re already thinking of all the slick ways you can integrate target livery, website cloning and so on to seriously increase the effectiveness of this function.

Increasing mail send speed

Running king-phisher will work nicely in its default configuration for small batches of targeted phishing, but not for larger campaigns that require faster delivery. The element of speed can be cruical in a phish, because you want to get the jump on $TARGETORG before the word spreads – as many emails as possible should land simultaneously or in a short space of time to improve your chances of hooking victims before the alarm is raised.

One way to do this is to set your postfix server to accept but queue all emails. To do this, use the following command on your king-phisher server (assuming you’ve followed my setup) before sending your phish:

sudo postconf -e defer_transports=smtp;sudo postfix reload

Now, when you hit Start on your king-phisher client, your emails will slowly queue up on your server. Once all emails have been sent by the client, you are ready to fire off your campaign by unleashing all emails sitting in the deferred queue:

sudo postconf -e defer_transports=;sudo postfix reload;sudo postfix flush

Watch as thousands of messages are fired out in rapid succession. If you want to get more granular, you can set a delay value in your postfix config (/etc/postfix/main.cf) by adding the following:

smtp_destination_rate_delay = 1s

Set the rate to whatever you prefer in seconds.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.