By following this guide, I will show you the basics of making an Amazon Web Services (AWS) account, setting up your first EC2 instance, and configuring as well as logging into it via SSH. Then. you will install the GoPhish software and load it to start your first steps towards a successful phishing campaign!
Let’s get started.
First, you will want to go to https://aws.amazon.com and create an account. They will ask for a credit/debit card in the event you were to go over your EC2 instance usage. (However, with just one EC2 instance you will not have this problem.)
Once that step is done, you will be presented with a screen similar to the screenshot below:
From here you will choose “EC2” under the Compute section on the dashboard as highlighted below.
Once you have clicked on “EC2” under the compute section, you will be presented with a screen as seen below. Once you see this screen, click on the “Create Instance” button to start setting up your new EC2 Instance.
Once you are presented with the screen below, be sure to check the “Free Tier Only” checkbox. We are going to use Ubuntu server 18.04 LTS (HVM), SSD Volume Type. So go ahead and click ‘Select’ next to that choice.
Then select the choice highlighted below:
Skip past the “configure instance details” screen as well as the “add storage” and “add tags” screens. We will not be covering those in this blog post.
Once you have arrived to “Configure Security Group”, you will want to stop and actually configure this portion depending on your individual needs.
Below is an example of how you would want to set up the security group. Keep in mind where you see the ‘Source’ column. Under the Custom rules, you will want to make sure that is *YOUR* public IP. By adding the /32 you are specifying *ONLY* your public IP can access those interfaces.
Once you have finished this and clicked next, you will have a review final details page. Click “Launch”. Be sure to choose to create a new key pair. Depending on your Operating System, AWS provides instructions on how to set up your SSH client to access your new AWS EC2 Instance. I will link the instructions here for Windows users: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html
Once the new EC2 instance has launched, you will see a screen similar to this below:
Congratulations! You have now set up a new EC2 instance. Follow the Instructions on how to set up your operating system to access this new machine before moving on to the next section. (Link for all operating system instructions: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstances.html)
Logging into the new EC2 instance.
On your first login, it will ask if you accept this hosts key. Choose ‘Yes’ and you will receive a login prompt “Login as:” type ubuntu and hit enter.
You are now presented with a standard Linux terminal for your new EC2 Ubuntu instance.
(Do not forget at parts here using ‘sudo’ will be key.)
Let’s start by going over the phishing software we will be using. In this blog, I am using GoPhish. It’s a great platform and very friendly to use and setup.
(GoPhish URL: https://getgophish.com/)
However there are more options to phishing programs, feel free to explore and try out different ones.
The first thing you will want to do is type in “sudo su” and hit enter.
You should now have email@example.com or similar on your command line (see screenshot below).
Next step is to wget the latest GoPhish version, you do this by typing this into your SSH session:
and hit enter:
The next step is to install unzip so we can expand our newly downloaded gophish.zip file.
Next type in: apt install unzip
Then type: unzip gophish-v0.7.1-linux-64bit.zip
Once that is done inflating you will be back at your terminal as it awaits your next command.
To keep things simple, we will leave GoPhish where it is. Now to get to the admin interface, we will need to make some changes to the config.json file. Start by typing:
You should then see a screen like below:
Where you see the “listen_url” under the admin_server area needs to be changed to 0.0.0.0:3333
Once done hit CTRL+O select “Y” for yes.
Then CTRL+X to exit
It should look the same as the screenshot below:
Once this is done let’s go ahead and make sure we can load up GoPhish. Type in:
You should see something similar in the screenshot below:
Now that GoPhish is running, open a browser and go the IP address of your EC2 instance by typing https://<IP address here>:3333 (You can get this from the EC2 dashboard) and you should have a login page such as shown below:
Default credentials to login are:
(I suggest you change these immediately.)
Now that you have this portion setup and logged in, you can begin by setting up your own mail server as well on your GoPhish instance. You can also use a Gmail account to send from.
In my next blog, I will cover more of the steps to set up your own mail server using postfix, as well as crafting unique phishing emails and setting up great looking web pages for your victims to visit!