Not So Basic Credential Harvesting

Now we can go back to Gophish, clone our first credential harvesting campaign, modify the URL to point to Modlishka (http://modlishka.docker).

Gophish Campaign with MFA Gophish Campaign with MFA

This will break Gophish’s Opened, Clicked, and Data Captured analytics. We can fix those later, but for now we’ll just keep moving forward.

Mailhog MFA Campaign Mailhog MFA Campaign

If we click on it we can see in our Modlishka livewell page, we can see our target’s RID.

Modlishka Livewell Gophish RID Modlishka Livewell Gophish RID

Feel free to go through the whole flow. It shouldn’t be any different from the previous step besides the fact we are opening the link from an email instead of directly browsing to it.