How to Make a Free Phishing Server with AWS

No comments

By following this guide, I will show you the basics of making an Amazon Web Services (AWS) account, setting up your first EC2 instance, and configuring as well as logging into it via SSH. Then. you will install the GoPhish software and load it to start your first steps towards a successful phishing campaign!

Let’s get started.

First, you will want to go to https://aws.amazon.com and create an account. They will ask for a credit/debit card in the event you were to go over your EC2 instance usage. (However, with just one EC2 instance you will not have this problem.)

Once that step is done, you will be presented with a screen similar to the screenshot below:

aws dashboard step 1

From here you will choose “EC2” under the Compute section on the dashboard as highlighted below.

AWS EC2 highlight step 2

Once you have clicked on “EC2” under the compute section, you will be presented with a screen as seen below. Once you see this screen, click on the “Create Instance” button to start setting up your new EC2 Instance.

Create an EC2 instance screen step 3

Once you are presented with the screen below, be sure to check the “Free Tier Only” checkbox.  We are going to use Ubuntu server 18.04 LTS (HVM), SSD Volume Type. So go ahead and click ‘Select’ next to that choice.

EC2 instance selection step 4

Then select the choice highlighted below:

Choose instance type step 5

Skip past the “configure instance details” screen as well as the “add storage” and “add tags” screens. We will not be covering those in this blog post.

Once you have arrived to “Configure Security Group”, you will want to stop and actually configure this portion depending on your individual needs.

Below is an example of how you would want to set up the security group. Keep in mind where you see the ‘Source’ column. Under the Custom rules, you will want to make sure that is *YOUR* public IP. By adding the /32 you are specifying *ONLY* your public IP can access those interfaces.

Security Group Configuration step 6

Once you have finished this and clicked next, you will have a review final details page. Click “Launch”. Be sure to choose to create a new key pair. Depending on your Operating System, AWS provides instructions on how to set up your SSH client to access your new AWS EC2 Instance. I will link the instructions here for Windows users: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

Once the new EC2 instance has launched, you will see a screen similar to this below:

New EC2 dashboard shows instance step 8

Congratulations! You have now set up a new EC2 instance. Follow the Instructions on how to set up your operating system to access this new machine before moving on to the next section. (Link for all operating system instructions: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstances.html)

Logging into the new EC2 instance.

On your first login, it will ask if you accept this hosts key. Choose ‘Yes’ and you will receive a login prompt “Login as:” type ubuntu and hit enter.

You are now presented with a standard Linux terminal for your new EC2 Ubuntu instance.

(Do not forget at parts here using ‘sudo’ will be key.)

Let’s start by going over the phishing software we will be using. In this blog, I am using GoPhish. It’s a great platform and very friendly to use and setup.

(GoPhish URL: https://getgophish.com/)

However there are more options to phishing programs, feel free to explore and try out different ones.

The first thing you will want to do is type in “sudo su” and hit enter.

You should now have root@123.123.123.123 or similar on your command line (see screenshot below).

Sudo su step 10

Next step is to wget the latest GoPhish version, you do this by typing this into your SSH session:

wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip

and hit enter:

wget gophish screenshot step 11

The next step is to install unzip so we can expand our newly downloaded gophish.zip file.

Next type in: apt install unzip

Hit enter

apt install unzip step 12

Then type: unzip gophish-v0.7.1-linux-64bit.zip

Hit enter

Once that is done inflating you will be back at your terminal as it awaits your next command.

To keep things simple, we will leave GoPhish where it is.  Now to get to the admin interface, we will need to make some changes to the config.json file.  Start by typing:

nano config.json

You should then see a screen like below:

config json before edit on admin IP step 13

Where you see the “listen_url” under the admin_server area needs to be changed to 0.0.0.0:3333

Once done hit CTRL+O select “Y” for yes.

Then CTRL+X to exit

It should look the same as the screenshot below:

config json after edit step 14

Once this is done let’s go ahead and make sure we can load up GoPhish.  Type in:

./gophish

You should see something similar in the screenshot below:

Running go phish step 15

Now that GoPhish is running, open a browser and go the IP address of your EC2 instance by typing https://<IP address here>:3333  (You can get this from the EC2 dashboard) and you should have a login page such as shown below:

gophish login page

Default credentials to login are:

Username: admin

Password: gophish

(I suggest you change these immediately.)

Now that you have this portion setup and logged in, you can begin by setting up your own mail server as well on your GoPhish instance. You can also use a Gmail account to send from.

In my next blog, I will cover more of the steps to set up your own mail server using postfix, as well as crafting unique phishing emails and setting up great looking web pages for your victims to visit!

 

Wanna chat? Add me on Twitter or LinkedIn!
Veteran? Join our Slack!

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s