How To Setup A Phishing Campaign Using GoPhish - Part 4

Updated: 16 hours ago

Hey. Hope you all are doing great. In my previous blog, we analyzed malicious emails to determine how destructive in nature they are. You can read it here. This blog is going to be a bonus one as a follow-up to those three blogs. In this blog, we are going to generate an undetectable payload using a tool called MacroPack utilizing Azure VM.

Reminder: I am using Azure VM, specifically Windows 10 Pro. You can also follow up with this in your Windows VM on either VirtualBox or VMWare.

Creating Resource Group

On the Azure dashboard, we can see many services (you should always explore these portals!) that we can use. But for now, let's click on Resource Groups,

There are no resource groups except the NetworkWatcherRG, which comes by default. NetworkWatcherRG represents the backend service for Network Watcher and is fully managed by Azure. Let's start with creating a new resource group for this purpose,

Here, we need to type out the name of the resource group we want. Click on Review + create,

Reviewing the resource group,

After clicking on Create button, our resource group will be created, and we can see it in our Resource groups panel,

Spin-up Virtual Machine

Back on the dashboard, select Virtual machines,

If you are a new user on Azure, you will see this panel as empty. Or you might have some VMs existing if you are an active user. Let's click on Create, followed by clicking on Azure virtual machine,

In this window, we need to select the resource group we created before, undetectable-payload, enter the name of the virtual machine, Gen-Undetectable-Payload, select the region, (Asia Pacific) Central India (you can select your region), along with selecting the image of the virtual machine we are going to use. I will be using Windows 10 Pro, version 21H2 – Gen1,

We can click on See all images to actually navigate to the available images page and select one for us,

Next, by-default x64 architecture will be selected for this image, set the Administrator account credentials (we'll RDP using these creds), selecting the size, Standard_B2s – 2 vcpus, 4 GiB memory,

We can see all the image sizes by clicking on the See all sizes button and selecting the one which is suitable for us,

Next, this is an important step as we need to check this box for the successful creation of VM,

Then navigate to the Disks tab, and select the Standard SSD (locally-redundant storage),

Clicking on the Review + create button, and finally clicking on the Create button will create a VM. It will take a while to fully provision the instance for us,

We can click on the Go to resource button, and it will take us to the created VM page,

From here, let's go to Connect, and download the RDP file,

RDP into the VM

Execute the download RDP file. Select the Connect in this prompt,

Accept the Certificate by clicking on Yes,

Next, deselect all of these options,

After the machine gets fully booted up, we need to disable the Windows Defender along with disabling the Virus Protection. For that, let's navigate to Settings > Update & Security > Windows Security > Virus & threat protection,