00:00:06
good evening welcome to CyberTech Arena, today
I'll be teaching you how to install and use
00:00:15
the Gophish framework as we all know gophish
is an open source framework for fishing okay
00:00:23
so organization use the gophish framework to
test their organization exposure to fishing
00:00:30
attack so uh this video is for educational
purpose I will not be held liable for any
00:00:37
misuse of this information in whatever way
hacking is illegal if you must hack do it
00:00:43
with approval and do it ethically so without
further Ado you go to getgophish.com this is
00:00:52
the website when you're on the website you click
on download uh when it's open you scroll down to
00:01:03
releases you scroll down to releases here so
I'll be making this installation on a Windows
00:01:23
computer though you stay tuned for the next
video after this I will also be showing you
00:01:29
how to to install it on a Linux VPS server so
this one I'll be installing it on my Windows
00:01:36
computer locally so I'm on a 64bit operating
system so you click download so I've already
00:01:45
downloaded this file because of time so I will
stop the download okay uh so when the download
00:01:51
is complete you will have a file like this so the
next thing you have to do is you click on extract
00:02:00
you click on extract file okay or extract
00:02:05
anyone so you have a file like this inside
it you have these files okay so the next
00:02:17
thing you have to do at this point is double
click this execute table this gophish okay
00:02:31
so when it's done loading uh you get a
website a link like this where you can
00:02:38
log to your uh Go Fish frame uh work okay
so just go here I put the link um let's go
00:02:50
back to the execute table here we have the
password just copy the password copy the
00:03:00
password what's the username the username is admin
here's the username here so I'll just copy the
00:03:06
password and back here I'll load the page when you
get this error just proceed okay okay so admin is
00:03:20
the username and I'll paste my password I will
sign in I'll be asked to reset the password so
00:03:31
I just use a password use a strong password
I'm just using a simple password for this
00:03:37
video okay now we're in so this is the interface
so we'll be starting from let's say you want to
00:03:53
send uh um compos of fishing uh you want to
use goish framework uh for fishing uh for uh
00:04:02
ethically so you start from the sending profile
okay uh so we click on new profile what's the
00:04:09
name of the profile so I'll just say Facebook
no I'll just say um Gmail test that's the name
00:04:19
I want to give it okay so uh this SMTP from
it's the email of the person you want it to
00:04:28
look like it's it's coming from so I created a
Gmail account for this so I'll just copy it but
00:04:35
in the reward settings uh you don't um they
don't choose Gmail they are going to create
00:04:43
uh uh a VPS server and they are going to use
um SMTP service I'll be making that video in
00:04:51
our next video just stay tuned so uh this is the
email wait uh this is the email address I created
00:05:01
for this so because I'll be using the goish
I'll be using the Gmail um SMTP service so at
00:05:12
gmail.com so the host SMTP uh so we're going to
use Gmail SMTP smtp.gmail.com so okay uh okay
00:05:29
in the port put do what's the port 587
587 okay 587 so your username is this
00:05:43
that's the username of your Gmail
account which is your email okay
00:05:48
then the password you cannot use your
regular Gmail password so this is how
00:05:53
you get a password for this so you go
to your account you go to manage your
00:06:00
account okay then just type um
app password app passwords okay
00:06:11
you click that it's going to ask you to
sign in again so it confirms you're the
00:06:20
owner of the account okay you put
your normal password you signing
00:06:30
now it's going to ask you what's the name of the
app okay I'll just say go phish so I'll click on
00:06:39
create now this is the password you're going to
use it gives me the password so I just copy it I'm
00:06:46
done from here so I'll go back to my uh this thing
then I'll paste the password here then to be sure
00:06:55
everything is working fine I'll go to send test
email okay cyber Tech uh last name Arena so I just
00:07:07
uh pasting the email I want to test it to okay
so here then we send the test email and see if
00:07:18
it works okay email sent successfully so meaning
it's working all right so let me check the email
00:07:26
and see as you can can see it's working this is
the email they sent so we go back here and we save
00:07:36
the profile we're done with the sending profile
then the landing page it's the page where you're
00:07:43
the you're going to use to harvest the credential
let's say you're making a red team uh engagement
00:07:50
and you're trying out to see if the employees are
really susceptible to fishing attack Okay so you
00:07:59
go to new page um if you have the HTML of the page
you can just paste it here and save so let's say
00:08:07
something like um Google um let's say for example
google.com what's the okay let's say this is
00:08:19
Google this is their page okay I'll just put the
name name um Google okay then I'll create I click
00:08:32
on import site so I just put the website I want
to clone the landing page so I'll just click on
00:08:39
import sorry my system is logging okay I already
00:08:49
cloned the site okay so if you're
okay with everything you click on
00:08:54
save so when you are done with the landing page
uh the next thing is the email templates email
00:09:04
template is the email where I already have one
here but we create another one together uh so
00:09:12
email template is the email the person is going to
see when you send it so let's just go to my email
00:09:20
I have emails from Google so I'll just okay this
one you just open your email so you go to here
00:09:33
you go to show original then you just copy your
template okay so you go to the your dashboard uh
00:09:44
you click on new template you name the template
temp let's say three so the HTML you can just
00:09:59
paste it here uh okay you just paste it there
so when you put the sender the sender email
00:10:10
will be um the sender the email of the person
you wanted to assume it's coming from uh so
00:10:18
Gmail cannot allow spoofing but on my next uh
video on my part two of goish I will teach you
00:10:26
how to install it in a VPS server where you can
even use any email of your choice to send it to
00:10:33
anybody so you can put the subject when you put
the subject uh then you click on save so I already
00:10:41
have a template here so I will use my template
so the next thing is the user and group so you
00:10:48
go to new user and group you name it um anything
let's see Google um then uh if you have a lot of
00:10:59
contact you want to send it to you can
use this um but for me for the sake of
00:11:05
this video I just have my email address
I'll be using my email address so I'll use
00:11:11
John do then the email I just put this
at gmail.com so you can leave the I the
00:11:26
position like that I just put it so I'll add
it here so it's already here in my contact
00:11:34
so I'll save uh then the campaign It's the final
stage you go to new campaign what's the campaign
00:11:43
name uh let's see Google Google campaign I
just put Google Camp so the email template
00:11:52
here you choose the template you created be any
template you created you choose here the landing
00:11:59
page selected uh so the URL is the URL to uh like
without the this thing so for example my URL will
00:12:10
be this um it's going to be this cuz I'm doing
this on my local network so you remove the H
00:12:21
the S so we have something like this what else
so the profile test Gmail okay the group I can
00:12:33
use Google as the group so when everything is okay
you just uh click launch launch okay so we go to
00:12:44
the dashboard and let's see okay as you can see
it says email sent let's go to the email we put
00:12:53
uh just wait okay we already received the email
here so you can see it's from the same email you
00:13:02
understand so when you being people are trying to
fish you or to um make you believe they are going
00:13:11
to use they're going to buy a domain they're
going to host it on a VPS server so they can
00:13:16
spoof the email so for this is for educational
purpose so I'm using my Gmail account and I use
00:13:22
the Gmail SMTP so since we are here let's say I'm
the victim now so I'm just going to click uh like
00:13:31
any this thing there now so you see it directed
me to the Gmail login page which is our template
00:13:40
so now I just put in um let's see anything John
let's say John do at Hotmail at Hotmail no J do@
00:14:00
hotmail.com then we click on next then on the
password I'll just put a s d f g h j k l okay
00:14:13
that's not any password and that's not an email
so I'll click on next so now um I forgot to set
00:14:21
something let's say when you said that in the
settings there's a place where you can direct
00:14:25
the person to any website you want to now but
let's go to the dashboard wa Let me refresh so
00:14:33
you can see email sent email open it's tracking
on it link clicked okay data submitted you see
00:14:41
so let's go to the email okay let's uh view
the results so now when you go to the email
00:14:50
this is it you click on this uh here then you
scroll down as you can see uh replay then view
00:15:00
details uh let's go here with the few details
uh the this thing the the this thing um the
00:15:17
the credentials that was submitted will be here
okay everything will be here so that is it for
00:15:25
this video but on the next video I'll be showing
you how to to do this on a VPS proess server okay
00:15:33
that where you can put it on a VPS server you
can buy a domain you can make it it's going to
00:15:40
look real but we might not do it on uh YouTube
cuz YouTube might not be happy with that video
00:15:46
so I'll drop my patreon link I'm going to make
the video available free so if you want to watch
00:15:52
that video you can watch it fre of my patreon or
maybe I'll just um put the video on how to make
00:15:59
the whole installation then every other thing
from this video contines so I'll be ending this
00:16:04
video here because of time I really thank you if
you have not subscribed you subscribe to cyber
00:16:10
Tech kinaa we also have a Facebook page you can
follow us on Facebook all right okay thank you
