phishing-attacklogo-5826f3beffdceebad0708f007c82eaf4

 

 

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

 

Phishing engagements they can uncover how susceptible are the employees of a company in this type of attack. The fact that almost anybody can implement very fast a phishing scam in order to obtain valid credentials and other sensitive information makes it important for companies to test the security awareness of their users and to include phishing exercises into their security testing program. Most of the times this type of attack is successful because it is exploiting the user trust in conjunction awith the lack of security awareness of the user.

 

However even though as a community through the years we have built frameworks and tools for almost every type of assessment we never had a tool which it will implement and manage a phishing engagement very fast, simple and with the stats that we need for our clients. Phishing Frenzy is here to close this gap and to assist the penetration testers that conduct phishing engagements.

 

Phishing Frenzy is a tool which created by @zeknox , a security consultant and researcher from Accuvant Labs. One of the main advantages compared to other similar tools is that you can manage your phishing tests more efficiently as you can include the scope of your engagement as well when you create a new phishing campaign.

 

 

Installation of Phishing Frenzy

Clone the Phishing Frenzy repository to your system

#git clone https://github.com/pentestgeek/phishing-frenzy.git /var/www/phishing-frenzy

 

Screenshot from 2014-06-27 04:39:45

 

 

We are going to use RVM to install ruby and ruby on rails. For additional details on how to install RVM please see: https://rvm.io/rvm/install

 

Install RVM and Ruby

#curl -L https://get.rvm.io | bash -s stable –ruby

 

Screenshot from 2014-06-27 04:52:12

Screenshot from 2014-06-27 06:24:50

 

 

Pay attention to the install notes here, you may be required to run a command similar to the following in order to get rvm working properly. You may also be asked to logout / login or open a new shell before rvm is functioning properly.

#vi ~/.bashrc

source /usr/local/rvm/scripts/rvm

 

Load .bashrc to make rvm useable

#source ~/.bashrc

 

Screenshot from 2014-06-28 05:02:30

 

 

Install Ruby on Rails. We can use rvm to get the job done.

#rvm all do gem  –no-rdoc –no-ri install rails

 

Screenshot from 2014-06-28 10:16:28

 

 

Install mod_passenger for Apache

#rvm all do gem –no-rdoc –no-ri  install passenger

 

Screenshot from 2014-06-28 10:17:22
Invoke passenger install script

If you do not have the required software to install passenger, the script will let you know which additional software needs to be install.

#apt-get install libcurl4-openssl-dev apache2-threaded-dev libapr1-dev libaprutil1-dev

 

Screenshot from 2014-06-28 10:30:28

 

You will need to invoke the passenger-install-apache2-module  to continue

#passenger-install-apache2-module

 

Screenshot from 2014-06-28 10:26:08

Screenshot from 2014-06-28 10:31:05

 

 

Include pf.conf
Also you will need to add the following line which is used to manage the virtual hosts.

This addition to inclue pf.conf tells Apache to look at this file within the Apache directory (/etc/apache2/pf.conf) and serve up whatever website is configured.

Now that Apache is configured to process the pf.conf configuration file everytime Apache reloads or restarts we need to create the file and add the following content to pf.conf. ‘ServerName’ should be changed to whichever domain name that Phishing Frenzy is running under. This tells Apache which website to serve up when a request for phishingfrenzy.com is made.

 

#vi /etc/apache2/pf.conf

<IfModule mod_passenger.c>
PassengerRoot %ROOT
PassengerRuby %RUBY
</IfModule>

<VirtualHost *:80>
ServerName http://www.arthar.com
# !!! Be sure to point DocumentRoot to ‘public’!
DocumentRoot /var/www/phishing-frenzy/public
RailsEnv development
<Directory /var/www/phishing-frenzy/public>
# This relaxes Apache security settings.
AllowOverride all
# MultiViews must be turned off.
Options -MultiViews
</Directory>
</VirtualHost>

 

Screenshot from 2014-06-27 04:43:55
Pay attention to the end of the script because it will ask you to copy a few lines into your Apache configuration file, these are what the lines looked like in my case

 

#vi /etc/apache2/apache2.conf

Include pf.conf

Include httpd.conf

LoadModule passenger_module /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so
PassengerRoot /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20
PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-2.0.0-p247/ruby

 

Screenshot from 2014-06-28 11:24:50

 

 

Ensure PF can write to the httpd.conf file

#touch /etc/apache2/httpd.conf

Change ownership of apache config to allow Phishing Fenzy manage virtual hosts. If you currently have entries within the httpd.conf file, backup the file now because Phishing Frenzy will delete all entries in this file when managing virtual hosts for phishing campaigns.

#chown www-data:www-data /etc/apache2/httpd.conf

 

 

MySQL Configuration

#service mysql start

 

 

Create Rails Database for Phishing Frenzy:

#mysql -u root -p

#mysql> create database pf_dev;

#mysql> grant all privileges on pf_dev.* to ‘pf_dev’@’localhost’ identified by ‘bhuvi’;

 

Screenshot from 2014-06-28 10:42:59

 

#cd /var/www/phishing-frenzy/

#bundle install

 

Screenshot from 2014-06-28 10:53:42

Screenshot from 2014-06-28 10:57:13

 

 

Ruby on Rails Configuration

Make sure app/config/database.yml file is properly configured or the rake tasks will fail. The database.yml file will tell your rails application how to properly authenticate to database server and access the database. If either of the rake tasks fail, it will render Phishing Frenzy worthless, so ensure the rake tasks are completed successfully before continuing on.

 

Screenshot from 2014-06-28 10:47:58

 

Ensure that you are in the root of the rails application before running any rake commands. rake commands will most certainly fail to run because of the required approot/Rakefile required.

Before you chmod these files, you may be required to create the log directory or even the development.log file if the rails application has never been started.

#chmod 0666 /var/www/phishing-frenzy/log/development.log
#chmod 0666 /var/www/phishing-frenzy/db/schema.rb

 

 

Create Database schema using Rails Migrations:

#rake db:migrate

 

Screenshot from 2014-06-28 11:33:17

 

Populate database with content using Rails Seeds helper:

#rake db:seed

 

Screenshot from 2014-06-28 11:36:22

 

If you would like to install the 2 default templates (efax and intel password checker) you can do so by simply running the following rake task.

#rake templates:load

 
Background Jobs

Phishing Frenzy uses Sidekiq to send emails in the background. Sidekiq depends on Redis to manage the job queue. At this time, Phishing Frenzy does not use asynchronous processing by default so you do not need to install Redis and Sidekiq. The feature can be enabled from the Global Settings view in the Admin section.
Install Redis

In order to allow for Sidekiq process monitoring, you must start Sidekiq with a configuration that places the Sidekiq pid in /tmp/pids/sidekiq.pid

 

#wget http://download.redis.io/releases/redis-stable.tar.gz

#tar xzf redis-stable.tar.gz

#cd redis-x.x.x/

#make

#make install

#cd utils/

#./install_server.sh

 

Screenshot from 2014-06-28 11:37:51

 

If you would like to bind redis to the loopback interface checkout redis documentation for more details.

Start the sidekiq server to interact with redis

 

#mkdir  /var/www/phishing-frenzy/tmp/pids

#chown www-data:www-data  -R  /var/wwwphishing-frenzy

#bundle exec  sidekiq  -C config/sidekiq.yml

 

Screenshot from 2014-06-28 11:42:47
 

 
Linux Configuration

Change ownership and permissions of the web application to the same account Apache is running as. In most cases this will be the ‘www-data’ account.

 

#chown -R www-data:www-data phishing-frenzy/
#chmod a+rw /var/www/phishing-frenzy/public/templates/
#chmod o+rw phishing-frenzy/public/uploads/

 

Edit /etc/sudoers to allow Phishing Frenzy to restart apache and manage the virtual hosts. This way Phishing Frenzy can run multiple phishing websites on one webserver.

#vi /etc/sudoers

www-data ALL=(ALL) NOPASSWD: /etc/init.d/apache2 reload

 

configure the SITE_URL within config/application.rb to the appropriate FQDN of the PF interface. This is most likely the same FQDN defined in pf.conf:

SITE_URL = “http://www.arthar.com&#8221;

 

Start Apache web server

# apachectl start

 

Enjoy Phishing Frenzy!!!!!

 

Default Login

Phishing Frenzy is configured with a default login of:

username: admin
password: Funt1me!

 

Screenshot from 2014-06-28 14:33:24

Screenshot from 2014-06-29 06:06:05

Advertisements