Look Mum! I Phish'd Myself!!

Hey. Hope you all are healthy. In my previous blog, I demonstrated how we can spin up our EC2 instance and install gophish on it. In this one, we will go through multiple important steps before sending the phishing mail to Hellfire user (Phishing Myself :D) from purchasing the free domain name, to configuring the Amazon's SES and Route53 service, to setting up SSL for our domain, and then sending test mail to actually phishing to Hellfire0x01 user.

NOTE : One essential point to highlight regarding the Amazon Route 53 service is that it won't charge/bill you if the hosted zone is deleted within 12 hours of creation. After that, you will be charged/billed with $0.50 per month/hosted zone.

In this blog, I have tried my best to utilize all the free resources. For eg, you don't need to pay for domain name, SSL certificate, DNS or SMTP service (although remember the Note regarding Route 53).

Special thanks to my dear friend 0xAsif, without his help, support, and encouragement, it wouldn't have been possible to complete this little project! Now, let's dive in!!

Purchasing the Free domain name

First things first, we need a domain name in order to be able to send the phishing mail. I tried to search many times on Google regarding free domain names, but got zero results. Then I found this gem, Freenom. A website which provides free domain names, as well as DNS resolvers,

To purchase the domain name, we will search for our domain name, phishmepleaseeehellfire, and we can see that there are many domains like .tk, .ml, .ga, .cf, .gq that are free to purchase,

I am currently interested in .cf domain. For some reason, when clicking on Get it now, it was showing domain not available. So I went forward with searching the domain in the search bar and selected it,

After clicking on Checkout button, we can click on drop down menu to select how for how many months we need to purchase this domain. I select for 1 month,

After clicking on continue, we will see this review page. We can submit the temporary mail from temp-mail and clicking on Verifying My Email Address,

It will send the verification mail on our submitted mail account. We just need to click on the link to verify ourselves,

After that, we will receive the message that our order has been confirmed,

Note: If, in case, you got this error, Some of your domains could not be registered because of a technical error. These domains have been cancelled: - phishmepleaseeehellfire.cf, please try again with your mobile hotspot. I think the website is not allowing the request from a router thinking it is a bot, maybe.

Then I logged into the website. In the Services drop-down, there is a My Domains tab,

Clicking on it will take me to a page where I can see my purchased domains,

Wuahahahahhah! We are done with purchasing the domain name. Now, let's get moving to another thing, which is domain registration.

Configuring Route 53

It took me a long time to search for the service on which I can register a domain for free, and Amazon doesn't cease to amaze me. Let's see how we can Register a new domain. AWS says,

You can use Amazon Route 53 with domains you register with Route 53, and with domains you have registered with other DNS providers.

In the search bar, we need to search for Route 53, which is listed on the top. Let's select it,

On the Route 53 Dashboard, there is a DNS management. And this is exactly we need to configure the DNS,

Let's create a hosted zone by providing the domain name we purchase earlier, i.e., phishmepleaseeehellfire.cf and selecting the option Public Hosted Zone (selection of this option is a must!),

Clicking on Create hosted zone will create a zone for us with the NS and SOA records! Remember the Note at the start – Hosted zone are free for first 12 hours, and after that, you will be charged $0.50 per month.

Then we just need to go into Manage Domain,

And click on the Management Tools drop-down menu. Click on Nameservers,

Here, we need to add here those four NS records that were generated on Route 53,

After making changes, it will save them successfully!!

Now, moving to the MAIL service with Amazon SES.

Setting up SMTP server with Amazon SES

With the Amazon SES (Simple Mail Service), we can send the emails using SMTP (Simple Mail Transfer Protocol) interface. AWS says,

To send production email through Amazon SES, you can use the Simple Mail Transfer Protocol (SMTP) interface or the Amazon SES API. Amazon SES sends email using SMTP, which is the most common email protocol on the internet. You can send email through Amazon SES by using a variety of SMTP-enabled programming languages and software to connect to the Amazon SES SMTP interface.

Now let us quickly search for SES in the search bar. On the top of the list is the Amazon Simple Email Service,

The dashboard is pretty simple, yet so fascinating. Isn't it?

We will quickly create an identity by clicking on Create identity button. Select the type of Domain; enter the name of the domain we bought; check the Use a custom MAIL FROM domain followed by entering the name of the subdomain,

Then select the Easy DKIM so that we can modify our DNS settings, and DKIM key length of RSA_2048_BIT. Finally, click on Create identity,

We see that our CNAME, MX, and TXT records has been created,

Now, we will add all these records in Route 53 along with A records. So, going back to hosted zone's phishmepleaseeehellfire.cf in Route 53, click on Create record,

Then, we need to enter the record name and its corresponding value.

After adding all the records along with record A (notice I added the A record twice, first and last record, one being phishmepleaseeehellfire.cf and the other being www.phishmepleaseeehellfire.cf, both pointing to the running EC2 instance on which Gophish is installed),

At this point, we will navigate to the SES page and click on SMTP settings, and we should receive a page like this. Here, we need to click on Create SMTP credentials,

Here will see a page like this by default. You can go on and change the name of IAM User if you want, like I did, and then click on Create button to generate the credentials. Save those credentials somewhere safe. We are going to need them later,

With this, we are done configuring the DNS and SMTP settings. Let's get the SSL certificate for our domain.

SSL for our domain (:

The main aim to set up the SSL certificate for our domain is to make our domain looks legit so that our emails won't land in the user's junk. You can refer this article to generate a SSL certificate or directly follow with me through the steps below,

1. First, let's install the Let's Encrypt package and checking the status if the certbot is running with systemctl command,

sudo apt install letsencrypt
systemctl status certbot.timer

2. Then generate SSL certificate without registering email,

sudo certbot certonly --standalone --agree-tos --preferred-challenges http -d phishmepleaseeehellfire.cf --register-unsafely-without-email

3. Finally, install auto setup of certificate with certbot,

sudo certbot -d phishmepleaseeehellfire.cf --manual --preferred-challenges dns certonly

From here on, switch to root user using sudo su, and we need to copy the generated certificate and the key to the directory where gophish is installed,

cp /etc/letsencrypt/live/phishmepleaseeehellfire.cf/fullchain.pem gophish-v0.12.0-linux-64bit/public.crt
cp /etc/letsencrypt/live/phishmepleaseeehellfire.cf/privkey.pem gophish-v0.12.0-linux-64bit/private.key