Basic Credential Harvesting

Create a new landing page.

• open https://someplace.okta.com/
• open dev console (f12)
• in console run:

let s = document.getElementsByTagName('script'); while (s[0]) { s[0].parentNode.removeChild(s[0])}

• right click web page > inspect element.
• find top HTML tag.
• right click > copy > outer HTML.

• paste HTML in landing page.
• check capture data.
• check capture password.
• set redirect to https://www.okta.com/404.html

Create a new email template

Be sure to include {{.URL}} ref

• Name: Basic credential Harvesting
• Envelope Sender: guy@target.docker
• Subject: Account Security Feature Upgrade

Text:

All,

We are upgrading the security around our authentication services. Please login ({{.URL}}) to enable these new features.

Thanks
-
Guy Withaface
IT

HTML:

<html>
<head>
	<title></title>
</head>
<body>
<p>All,</p>

<p>We are upgrading the security around our authentication services. Please <a href="{{.URL}}">login to enable these new features</a>.</p>

<p>Thanks</p>
</body>
</html>

Create a new group to be our target

We can download the CSV template and populate it with our users we found earlier. Then import the CSV template.

• Create new Campaign that uses the above.
  • Use http://gophish.docker/this/path/doesnt/matter for the URL.

Test email in MailHog

• Open MailHog

• click link.

• attempt to log in with fake credentials.

• ←Previous
• Next→