everyone just not going to waste a lot of time in theory but want to explain what you should expect from this course now basically we will be covering how do you do phishing attacks or how do you manage phishing campaigns for a corporate penetration test in real life okay and how do you do that with one of the most advanced phishing frameworks in the world which is known as Go Fish now you need to understand one thing by doovy to penetration testing assessments that contains a social engineering when you go and see one of the NIST special publications that is 800 - one one five one of my favorite publications this has been outdated a little bit but you can see it has almost 80 pages and it gives you a lot of glance on how you should perform a penetration test earlier life in addition tests so here you will see they have social engineering it should be in this 15.3 social engineering so when you go ahead and open these social engineering aspects which is right here you will understand that social engineering simply attempts to trick someone to reveal the information that's what it is okay that's what it is generally we are trying to get some of the information which comes in the act of reconnaissance phase through social engineering otherwise we are trying to gain access which comes in beginning access phase right sometimes can get extended to the maintaining access space where we are trying to expand our reach through social engineering we are already in the system and we want to attack other systems so we may apply social engineering the most common ways social engineering is utilized you can see where here is one form of digital social engineering is known as efficient so that's what we generally do phishing is your first line of attack right you always start social engineering by the way of fishing because even a focus on a mass audience right and that's why you need a dashboard you need a software application to manage your phishing attack your fishing camping now social engineering may also be used to target high-value individuals generally you know different names given as veiling spearfishing extrados castas but the basic idea is when you are doing a corporate level fishing you cannot just use those little tools like social engineering toolkit exact right sector you can only use those tools and perform a corporate level social engineering attack right you cannot use those in professional penetration testing you need something bigger and that is why I am going to show you how go fish can help you with that listen open-source fishing framework and it's one of the best frameworks I have ever used in all of my penetration tests that are related to physical security or social engineering assessments and the main thing is we are not going to do it on a local host which most of the other people are teaching that's very impractical we set up a live server that runs a website that has this framework this dashboard as well as that has SSL so you never get caught with the HTTP connections you will be spoofing your email to send the phishing campaigns and it's very very practical what you see in the real life right so I hope you're very interested with this let's go ahead and cover the scores on Go Fish and let's get started we will grab the go fish framework which will allow us to do phishing attacks really simply and it will give us a lot of power as compared to other possible ways so coffee is a really great framework written in the go language so you can just go to like you can directly go to get go fish comm or you can either search for that so the search for go fish here you will get the get go fish dot-com which is for the download and here's the github repository if you want to check that out but let's just go ahead and grab the garbage framework now here you can just click on download and depending upon the system which you are using you can download the right one here we have the 64-bit or a dog okay there is the Linux 64-bit in my case you may download depending upon what you are using here so let me download it let's save this I'll now on to the stonewalling let's go back and you can just see here I launched it camping in three steps so you can see how clear interface this is right here in this image how clear and a good Anna like structure it'll give you so it's a really good panel I have used it a lot and let's just go ahead and see if download has completed so it's about ten seconds is this thing Oh so it has been downloaded yeah just in yeah and let's open this up and you will find the raw fish so let's drag this thing on the desktop depending upon where you want you can just have it anywhere it has been extracted to complete and now we don't need the browser anymore here I would like to rename it to go fish I don't like long names oh here it is now here I've got the coffee framework and let's see what are the files in this so here is the readme file if you want here is the configuration file in the interrogation file if you just open it up you can setup the ports so let me show you guys that thing here are the go-fish listening port here it will listen and here are the go fish channel server panel main server port so if you want you can change this board 80 and 3 3 3 3 if you want it just all about on you that this our go fish is and to run go fish you just need to run this file here with the terminal and that's all so I'll see in the next lecture we will we will just go ahead and explore go fish we will learn this server and we'll see what you can do with the coefficient how it looks so thank you so much for watching welcome back everyone in this lecture we will go ahead and start the Go Fish server so in last lecture we just downloaded this all folder and it sounds simple to launch corphish you just open it in a terminal and it's just the running the go fish script here so it's the full stop and then a power slash go fish and this press enter it will start the coffee server you can see starting go fits over add this and go fish the admin server add port this let's go ahead and check that out I'll open Firefox here and let's go ahead and check that 127.0.0.1 port number three three three three let's press ENTER now if you get this kind of error nothing here and here the error is like the GDP Heelys handshake error so the first record does not match looks like a TLS handshake now what do you want to do is that make sure you are not running is it on HTTP you need to run it on HTTPS so HTTPS sorry then colon forward slash forward slash and this press enter and here it should Lord if it gives you a security warning no matters it's your local port just add a security exception right out there here is the place Island so it's really simple the username is admin and the password is go fish so geo pH I s H this press enter and here you are in the go fish admin dashboard so I will start covering up his go fish admin dashboard in the next lecture but before that let's go ahead where is it and change the password so you just need to click on the username and here you can change the admin username and all and the passwords and here is the API key you can just go ahead and reset it if you want so here we have the oh fish was the oil password and the new password right here so let's click on save and you can see it updated successfully and let's just go ahead and log out so that is how you log in and log out and text textures let's start exploring the Gaul fish film work dashboard now I'll just cancel and terminate this process by ctrl C here so that is how you just kill the server and that's all for this lecture I'll see in the next one think you're watching welcome back everyone in this lecture I will like you all to move your coffee framework on a VPS so that you can connect a domain name with it now you can do this thing on your Kali Linux machine or basically any operating system or anything whichever you are using you can do this on that thing but it will not be really convenient until you have a static IP address because your domain name the domain name which you will be using actually you will need to have a domain name as well but we can take that for free from a lot of services like freedom so that domain name will not point to your your machine and you will need a dynamic DNS and there are a lot of troubles with that so I would recommend to setup a VPS for this kind of work now I am here in my digital ocean dashboard and if you don't know about the solution you can just google it and get yourself a account this lotion provides you $10 for free by using the coupon code to10 currently it is the coupon code maybe they will change it so you might want to check that and you can even use if you have already an account you can use your account if you don't have you can even use my referral link that will additionally give you $10 so that you can process and you can proceed with this lecture now I will create a droplet here droplet is a VPS I don't know what happened wrong so I'll just go ahead and click create a droplet here and it is still loading dissolution is not working fine okay so here you need to choose a opening system now you can basically choose any operating system I'll go with the Ubuntu oh it doesn't really matters here you can choose your size now this is just a fishing server doesn't need a lot of RAM so maybe $5 will be perfect oh I'll take the Bangalore which is most near to me and yeah that's all you can add SSH key if you want but I won't add any here let's create and it'll just it created soon so till then let me open my email get the password because we are not using a ssh key here you I'm going to take more than dominant our whole setup to come again the password has come maybe this will also work in some seconds what the mail on my phone it's not working here as well my intern connection is working right is working and why not these both of these services are working a catalyst delusion yeah so did Lauren given me the IP and is now here but my mail service is working again and the password will be very long so I at and open a new tab maybe that will work so here is the password I want to copy this password basically and actually the IP Ezreal I'll just copy everything I really don't need this digitalocean panel anywhere we just created the door plate that's all and there is no role of this panel let me minimize everything it was this whole email it means our a text file here you we did I created that fire waited on desktop raided on desktop here we have got it ex well it's edited East the information IP address username and a password so let's go ahead and login in this server I'll be using the terminal for this let me open a new tab ok is this my go-fish server running here I don't hit it one thing if this is running or not yeah so the recording is being done okay so let's clear this screen now let's move today let's stop our root directory and let's go ahead and login so we will just use SSH and then we have root at the rate this IP address name is road did the IP address controls you have two V for paste who asked me for the password it'll possibly ask me do you want to connect with this so yes okay sorry y-yes yes here it is asking me for the password now I will grab the password ester that and press Enter yeah so it is asking me to change the password so first of all I am adding the current password okay I don't know what I type here let me go back so just in your password here okay password change play the screen now we need the coffee framework so I really don't need it and let's open the Firefox and get the go fish framework URL so we have the get go fish and Eve I am using a it is uninstall to summon for is not well I believe I'm using it for a bit this is go ahead with dad only it odd you here is the 64-bit the next distribution I'll copy this link and quickly the skin I'll use the W gate to get this URL so W get in the space this URL and press Enter and now it will download this go fish framework for you guys now it may take some time depending upon the server speed and because the server is in India this is going to take a lot of time it is taking a lot of time here I should have chosen anything else I don't know why I chose Bangalore so the speed is actually increasing and increasing so it'll get downloaded where its own basically yeah so it is keep on increasing now Hey all right is just one in yeah so we just caught that thing downloaded the screen and unzip the file so unzip and just press G and press tab to autocomplete let's unzip this file again zip is not currently stalled lesses install unzip first of all unzipped it would be installed in this yeah it is now installed let's try this so we just install unzip and now we are extracting everything out from that directory and here we just extracted everything so if I just list then we have a folder and we have the file so we are basically concerned with default or only now I will go ahead and leave the go fish framework server running so what I can do is I will first of all move to the go fish directory here okay and here as we that configuration file contains D listening port in the callee machine now we would like to edit it because in Kali machine we were on the machine and we were able to use the local port but in this case we are using it on EVPs and we will not be able to accesses before like if we don't edit it so you can use any text editor I will go with the Nano now here you will see that the port is 1/7 2.0 0.1 and we need to edit it to 0.0 0.0 here we are 0.0.0.0 and that's all and I would actually change the port it'll be one seven to four sorry I just changed the port for convenience basically and that is everything done so I will just press control X and the why in press enter and clear the screen and that's all now you just need to start your go fish server sorry Go Fish server or basically I believe that on a VPS we need to add the executable permission so I will add th mod + X permission executable permission to go fish here said that and now I believe we can just start sorry we can just start this over so here we have dot slash Go Fish press enter and here it has started successfully so we really don't need it now and now you can access your server okay I forgot what was the IP address this is the IP address now this is not the IP address we need the IP address of the server basically and later on we will even not need the IP address because we will add a domain name to this server so at the moment we need the IP address but in next lecture we will add a domain name to this but that it'll be able to point to that so now we have this IP address again you can just see eh not found the okay sorry we are not using the port here now here you can see the same error which means that we are not using the HTTPS version okay it'll show me a security exception but I know this is my side so it is really secure an exception and I'll just go with the confirm security oh here is the Go Fish framework of a login and change the password as soon as possible so it is the goal which is the default Here I am in the dashboard and let's go ahead and change the password soon so here we have it is gobhi usage and the new password I just changed the password here yeah it got successfully changed basically and I even looked out let's go ahead and check that again we have Edmund you yeah so now we are able to login so password has changed successfully yeah that is how we set up go fish on a VPS and from now in next lecture we will basically set up a we'll set up yes a domain name to this server so that we can proceed with a domain name and then we have a lot of works to do after that so we will just need a domain name basically and then we can start fishing and making the profiles landing pages email templates user groups campaigns and we can start fishing with the go fish so that was all for this lecture I see you the next one thank you for watching welcome back everyone in the last lecture we set up the VPS with the Go Fish framework and in this lecture we want to have a domain name pointing to that VPS so that we can use it now I would take a domain name from free Nam Kham that gives the domain names were free for one year and if you want you can basically get registered with a domain name that is most near to your target real domain name that will be a good thing to do here but here let's go ahead and sign in first I really don't know how many domains I will have in that account I'm really not sure about it taking a little slow because of the VPN because maybe I am using you I don't know why it's not loading up that is working fine and you see that oh here again it just got loaded up as soon as I press ENTER yeah so I will sign up at Google here they test account this will not have any domain name now I'll go to services the main names which it is in names but just our domain here it is here we will get a domain name so let's get it I mean named linear to us which will be like let's say pH MC securities our website is PSM securities dot org but let's get the pH MC securities thought maybe CFG L whatever is available here you can see we have a lot and I believe that the ml one looks a little lizard so I'll click on get it now and I will just check out with this domain name we can check out and I'll need to fill some details here basically oh I'll get it for one year maybe okay now we have used the endless for this domain name so we will configure this thing later let's go ahead and continue and proceed with this right and here we want to fill in all the details you I'll add my details basically here so he would start was you obviously on that this one investment will work anywhere but still I'll just complete the order okay there is a problem I at this here hey let me finish it really fast now right what's left now this here I forgot to take this thing and that is why I didn't complete it now in this case it should get me a domain name now I have got the domain name let's go ahead to the client area we have the services my domains here in my domains we'll go ahead and click on manage domain and they will go ahead to the name service basically so it should be here management tools and name service now we will use the name servers of the digital ocean because we are using the digital ocean here because right these lotions nameserver RNs one dot just washing calm ns-two door - lotion calm and NST lure digitalocean calm and you can just leave the fourth one deleted and fine as well so let's go ahead and change the name servers it may take up to 24 hours to propagate this domain name basically so we are not sure if this domain name is gonna work at this time but still we will go ahead and configure our digitalocean account all right this is thing else it's Logan you but we should have the droplet here here it is and in right here we have a de domain in more so maybe this interface will change as the solution has sent me the email today that there will be changing the interface I'm actually not sure here in the domain name you can just add a domain name which ever you have caught for me I have got the PMC security stud ml here we are and the server and this click on a domain Oh yes yeah here we have got some default name DNS records maintained here but yeah we really don't need to care about them we yeah we really don't need to get about them is this go to droplet here and let's just if our domain name is working so our port is 1 7 2 4 and I'm quite sure that this domain name will not work because of the okay so the main name is actually working I didn't expect it a little just get propagated this soon so we want to use HTTP sorry what I just typed here STD B is we'll add the security exception for this domain i domain because here is the domain name running the golf a server and here I can vary the easily man password is I actually changed that I believe so here is the domain name running coffee server this is a VPS and now we can do a lot of things now what I would recommend is to go head in digitalocean and all right here and open a support ticket basically so where is the support ticket I forgot yeah here is the support an open a support ticket and say that please unblock my SMTP server please allow me to send emails and write in that about this course that you are practicing this course and give them a link of this course and tell them that your practice in this course and you will not do anything illegally you are going to test it on your own email ids and this is a phishing server but you hereby guarantee that you will not do anything illegal here now you can tell them and they should basically unlock your SMTP server you should try to make convince them so if you are not able to convince them please let us know in the questions and we will try from our end now this was the thing which you need to do and if you are not able to get testing working with your domain name you should go ahead and check within to int or DNS comm slash your domain name so here is my domain name into DNS comm slash your domain name and just check which DNS servers and which IP is it using here you should find that DNS servers are changed and they are on these IPS basically and if these is if this is working right here it should mean that your domain has propagated successfully if it is not it should mean that like you should wait for at least 24 hours to 48 hours now this was all about setting up go fish now we are ready to start fishing and I'll see you guys in the next lecture where we will start learning this thing so see you then thank you for watching welcome back everyone in this lecture we want to get a ssl certificate for our fishing servers so that no user gets a warning about HTTP is so let's go ahead and get that thing and I would also like to introduce screen to you guys so we have a program called SCR EE in now you can just go ahead and type in app - get install screen if you guys need to install that so just go ahead and run this command if it is already installed it will show you this install otherwise it will give you an option to install it and after that you want to type in ser EE n make sure you are logged in to your your VPS I am here let's assess in my VPS you can just see know that did it you want to so just type in screen and just press ENTER and it will just show you something just press ENTER again and now you can just go ahead and run your server so if I just here just yeah if I just go ahead and run my server now hey let me move to the Go Fish directory first here this now if I just go ahead and run this server so here it is running and now what I can do is I can press control a so control a and now D or D control a and D D is for detach and now I can just go ahead and close my session my SSH session I can just close this window and still that Goffin server will run in background always if I want to stop that server I can again go ahead and type in screen now I don't want to press ENTER here I would go ahead and press - are to reattach the last session so here you can see it will be running and now you can just go ahead and stop it if you want that is how screen will help you to run your server 24 by 7 and without need to SSH in pad now here's the website 0 ssl.com which provides to you I believe it they provide let's encrypt free SSL certificate so we want to go ahead and get the SSL certificate from them now here you can just enter the email if you want here you have the domain name so like you can just enter the domain name whichever you have got I have got this domain name from them I said their turns Indonesian make sure you are on DNS verification here and just go ahead and click on next this okay and you do you want it actually be sorry the WWE Arjun - so just click on yes and it'll generate an in CSR which will be right here you can then download that file for future reference maybe you will need that in future anyhow but yeah like let's say we will even download that thing and after it generates the CSR here you will again click on next it will generate what this it will generate a let's encrypt key for you guys and then you can also download that thing so we just want these files in this lecture in the next lecture we will go ahead and use those files we'll go ahead and get those files in the server so I'm just waiting for it now it may take up to five minutes also so just wait and give it some time it has generated me the seas as are so I will just download this thing have it now again click on next and this time it will create the account key you it's taking a little long but accept this get me the account key within one to two minutes I'm just reading for it and as soon as you download this will click on next and then it will ask us to verify the domain name so that like it'll ask us that is if this domain belongs to us only it will make sure that and I am still waiting I don't know why it's taking a lot of time ok it has downloaded it sorry degenerate did it and now downloading it up that is how I just downloaded that and let's just click on next and this time it'll ask me for the verification basically I have clicked on next here make sure you are on the DNS verification it is it is asking me for the domain verification and it'll ask me to create these records so for this I will go to my distortion panel here here I will go to networking and maybe this interface will change in some time they are saying this thing but here I will go to domains okay here is the domain name then I will just go to I believe I will go to more and manage domain and it should be similar in other previous providers as well almost similar and here I will just create the txt record so txt record okay now it is giving me the Dixie record should with this one with the value of this one so let's find here should be the value and this is the host name so host name will be the first thing which it is giving you and then we have the value here so just copy this up and paste it in the value value and just click on create record okay created successfully let's create second record as well so here we have that we have hostname and we have D value hey one second yeah pop it that and here paste it and create record now as soon as you create these two records so we want these two txt records here are they we have now been created we can proceed for the verification now the problem is that this might take some time you can just see here 15 to 20 minutes before clicking next so I will actually you know I'm not actually sure but we've gone next year you okay it says it has failed so it has not been graded still and I actually need to wait for that basically let us change the records so these records got change here so I need to modify the hem and I'll just go ahead and edit these this is the main issue so you know you need to wait for around like whatever they are saying the time so you need to wait for that okay i pasted the wrong value here and they rode a how am i doing this one is to be added at this www record yeah yeah and this is www well you you I obviously created these records but they are not visible so I actually need to wait for 15 to 20 minutes and I don't want to waste a lot of time for you guys so I'll see you guys in the next lecture where I'll be up with these records so these records will be up and running so you know we'll just try this thing and I'll see you guys in the next lecture so thank you so much for watching I'll see you then hey welcome back everyone in the last video we just created our txt records but actually I just noticed that we did a little mistake out there so you can just see here let's say we want to create this record let's say this one so first one you know if you just copy and paste this thing here I have actually solved this now you can see here this dot Pete and the cigar disorder ml is repeating two times which should not be the case so you basically need to remove this dot p h MC dot M L and you just need this part of the D record so a cm each underscore a CMA - challenge so this should be the record and then here should be the value now the thing is that with the www which is the second record you will not be able to create it because you have not created the www record so you basically need to create twww record first and that should be a Syrian record so go to cname just say add www here and just add at the red sign here just click on create record and that's all that is how you create the www record and as soon as you create that you can now go ahead and create D the taken record here so just add this thing underscore is eme - challenge or www and add the value here so the value given to us is this the value here is click on add record now there is a way to check your records through the you know like what it is to the terminal you can also go ahead ahead and do ms to MX toolbox txt record test the MX toolbox is the one which I would recommend so here DNS lookup text or a call here and you just want to copy and paste these records in the test it will just show you if they exist or not here you just want to paste this thing and test for the record and a case um okay this yeah here you can see DNS record has been published let's check the second one which we just published so it will like it should be there here we have text lookup okay so it again says that it has been published and that was just a quick fix of our last mistake so let's go ahead and yeah go to zero and so let's click on next okay I just clicked on that and it is not checking and it should basically get the records because they have already been created and we have verified that thing too okay there is some unexpected error here you know this error was something else I really don't know I will just go ahead and try once again with the records I'm okay I just clicked next and the certificate is basically yeah it is basically ready so what I have to renew and repeat the process using the same a leaky and CSR so if you have downloaded those two files you can just go ahead and open them and paste them and just click on next to renew your certificate and now we have this under difficut has been downloaded right in made so here we have that thing we will now download the certificate okay I will click on this I believe I have already downloaded this one okay don't mean yeah I have not downloaded that difficut has been done now we have the domain key okay we also got the domain key here on domain certificate here now we can go ahead and set up the certificate in that what it is in the server so let's go ahead and do that I really don't need it something else I was I mean there's something else I was working earlier let's go ahead to the terminal this is also something else yeah here is the terminal let's close this server and let's go to config dot yes and basically I'll go to nano config dot Jason now here you will see actually this is a true but I change it to false let me just again do it on true because I remember it was true I was just doing some testing basically now here we have this example of CRT and Kiro CRT so we will just go ahead and change it to we will just change this domain basically example to the domain name let's go ahead and change that okay now we will change it to be its MC mmm right we also have this key to change you right so this works you can basically give it any name but I just give it this name to remember this thing so I'll just press control X Y and I'll just press ENTER before that you can just see these headings it should be almost the same so now I just press control C now we need to create this certificate file and the key file so for that I will do is I will just copied this file this file I'll just copy this hit the name and I'll just edit this file and so I will just type in CP Corphish - Edmond not CRT so I will copy this thing to the same directory with the name of it was pH MCS Hiyori T's okay sorry ehm c and c CU rit IES dot ml dot c RT I just press that thing would check so here we have this under difficut and i will also do the same for the key here at this time I'll kids little lagging this connection is little lagging here and something is wrong with my internet at this time yeah so now okay it is now working at it's this again yeah so I'll just manually edit this here I will enter key and here Yuriy di es not ki thank you sorry dot mm as well I'm a latke I believe everything is fine I just clone that thing now we will edit these well we happy times insecurities with em a lot certificate first here we have a the certificate we will just make it blank basically if now is going to take a little time and little lag because the VP s and my connection is not working correctly here we will just remove everything from it and we will paste d files which we have got from zero SSL so we have bought a it should be here you forgot it domain certificate oh just control a control C closet and here control-shift we who basically based everything yeah so it is right here and control X Y and enter and let's again check the file so I just type the same thing yeah it is now fine so let's do this thing for ki as well here it is ducky oh that's delete everything you know you can even use the touch command to create these files I just did it to make sure that I am like you know I have the correct format and also that was just a precaution you can just go ahead and use the touch command to create these files in control a control see and here control-shift vie at the key yeah so control-x why I believe I press right in ya oh actually I need to I want to wait I believe there is something wrong yeah yeah at this press enter here clear the screen and confirm that it is a looking fine it will just go there yeah so it is actually fine yep now basically we have got everything here let's just make sure the name is correct pH MCC care at least what I'm a latke so let's go ahead and edit the like check the configuration file once again if we have p.m. physically stored em a lot CRT and owe them a lot e SEC URI TI es su RIT is yes so this looks pretty fine here right I believe I have some problem here it should be port 80 here it is not already also it should actually when you are using the you know when you are using this thing EVPs it should be basically four four three here and I will even go ahead and add this thing to Crewe they'll see the configurations these are the exact contributions now I will close this thing give and and I will start this server here let me do it manually of door - Hegeman autocomplete I mean I will I have to do so I just started this server now it has actually started this server so what I can do is I you know I am using this screen which we discussed in a later video so I'll just press control a and D so now I had you'd ask that screen here now let's go ahead and try to visit the website each I'm city Gary's dot ml and it says unable to connect wait a minute because we are not using in as HTTP maybe what I edit here yeah so HTTP is working fine you can see there is a green lock and this is from let's encrypt so that is how we get the SSN certificate and let's go ahead 1 7 2 4 let's go ahead and basically get the he's ever working you know you can also add the SSL certificate of login page you know this is just an exception which we added here right we can even go ahead and add this to a certificate which we created so the same certificate can be shared by both of these port and I will basically change this thing so Green - are okay here is this control-c to break the server here and I will add it the Nano configuration though Jason and I will change this thing to the real certificate which we have just got so pH MCS ECU RIT ie s dot ml and this one as well eh MC secu rit IES dot ml e right so everything is fine here I'll just go ahead and press ctrl X and then Y and I'll just press ENTER and again start the server control a and D and I will now forget this thing I really never need to login in this again now make sure you don't forget to renew your essays a certificate after I believe it it should be after three months here you will find some some information on the renew so I would recommend you renew it on every yeah it is 90 days so you need to renew it after 90 days and it will be the same procedure so that's all done that's all for this lecture and let me assure you guys the log in page this time we'll take the certificate from let's encrypt so okay it's still showing me a security exception but let me had this remove the security exception yeah you can just see it is now actually let's encrypt certificate you can see that right so that was all in this lecture and from next lecture we will actually start working and start our fishing but thank you so much for watching hey welcome ak1 in this lecture we will actually go ahead and explore the coffee's dashboard so I have actually done some kind of you know I've done some kind of basic testing here so just don't remember the password now yeah this is the password so I am able to basically login so I really don't you know that let me to show you that here I have got some things here let me clear the dashboard that you can basically see how it's going to be done in the real life so I'm just going to clear everything you get a fresh installation almost fresh installation here I will delete everything just testing this stuff up so this is about that you always want to start from left to right which is from sending profile to the dashboard basically so you know and in Camping's I believe there should be nothing there is one okay the dashboard should be now clean basically yeah so let's go ahead and start with the sending profile now sending profile is really simple you will need to enter the SMTP web server here basically so what I'm going to do is [Music] Oh he'll add my gmail ending profile here so I'll add my gmail basically you want to get a SMTP which allow you to spoof your email like SMTP to go is a really good example and we will basically cover SMTP to go in the last lecture but for that like before that we will setup it with the Gmail okay so first of all you want to test for Gmail SMTP settings and you should obviously have a gmail account for this or you can basically choose any any email provider and search for their email settings now we have here is an SMTP dot okay where this yeah so SMTP server is this one then we have the world is five eight seven so in SMTP host we want to add the server then colon and port so it was it eight seven five it is five eight seven right I will just add that five eight seven now username will be your email ID well let's use another one our password will be your gmail account password then you have a profile name so it will be except as email and then you have like name can be anything then you have the from-- so I would like to send it from the name of text server and then brackets and then my email ID now basically this is the field where you have everything with spoofing if I wanted to send this email from Bill Gates I will add Bill Gates here and in the brackets I will have bill at delayed microsoft.com so this is where the sender the receiver will see who the message whom the person has sent this message this is the main thing but with Gmail I'm quite sure they will not allow you to send this from another email before that we will basically use some others SMTP relays in the last chapters but till then we will like we want to target everything else with the Camping's user groups email templates and landing page so till then just go ahead and get this thing and here you have the test email basically so you can send this test email to anyone okay the send a test email you okay now it says that please log in via a browser now gmail is not allowing me to send the email so this might be because less secure apps are not available on that email account now you can basically go ahead and change your settings okay that email account is even not listed here you know guys at this time I'm a little blank because that email account I'll have to add that him in here now you want to search for how to enable less secure apps for signing you can just see it basically blog designing so if you want to enable the less secure apps my account now this will be different for all providers and actually I'm not sure where this will be your sign-in and security maybe right let's go in that here we should have something light like let's secure a less secure apps I am not able to find that yeah here it is allow less secure apps I will just own it and now I will be able to send it SD me it is still blocking me here so I believe I will not be able to use Gmail guys so let's see if I can do something with this otherwise I will make another account and I'll just get back with that you if I just cancel this I'll try again if so I'm not able to do that I will not be able to do that because gmail is not allowing me to use your account now I will get a account fast outlook will allow me and I'm quite sure I already have made an outlook for this kind of testing here it should be an account I will just check that with logging in so outlook SMTP headings hurry the the settings is wrong there einen let's try you oh no my connection is gone here slow at this something's really wrong right let's check I believe I have an account it's insecurities you I did outlook.com yeah I I remember I have this account let me check the password if able to login okay this is wrong maybe this password yeah I got the password so I can basically use the SMTP here this is the SMTP we need the SMD B we'll get the SMTP settings he'll then let me add these your name and password here we have it as eh emcee securities I have the password as yes and ever at the empty air as well well pH MC Unity's here and E and SMTP server so the port is again five eight seven and the server is this one you have 587 this same 587 so I will just say in the SMTP here okay that's all with these settings let's do a test again oh it should work fine I just hope it will send the email you akiza's or for it yeah emails and so now the test was successful let's week now we can just go ahead and just save this profile I even got the email on my phone actually we just saved this profile and okay I will rename it to acknowledge email account so I will rename it here you just make sure I am incorrectly pH MC Outlook account right let's disable you know in later video we will try to get an SMTP server which will allow us to send spoofed email but now this will not allow us so in next lecture we will cover up the landing page and the email template till then take the leaves or thank you so much for watching hey welcome back guys in last lecture we configured the SMTP profile in this lecture we will talk about the landing page and the email template so let's go to a landing page and it's really a great feature in Go Fish framework that you can just give it a name let me just give it a spoke okay now I am NOT saying anything wrong about Facebook here I am just using it for the testing purposes and I can basically use any website but you know this is the most common one which people try to fish I'll just click on import site and I will add the URL of the page here of facebook.com I'll just click on import and here it has done all the work for me I just want to click on captured submitted data and capture passwords and then redirect the users to hold on yeah okay then redirect the users to real Hesburgh comm after they submit their data to me I'll just click on save page and hold on for a moment yeah the Facebook page has been saved and I'll just go ahead and click create an email template now so landing page was the page where a visitor will go and submit his data email template is the the email which he will receive or we have okay Facebook email I will even import the email here how to import the email you basically you know like you can add your own email in the HTML format but a really important old email from my account I believe this account was used for Facebook not before yeah I have a message with from Facebook this is an old email from Facebook to me right or will it work is there any other email which I have oh yeah against and so I only have one email from Facebook basically on this account and I will actually work with that only but this will be Heyward it is working you you know it's not even showing me the females leave Internet is working fine now you you want to search you I don't even have a Facebook account and this aha email for the testing purposes guys you know I believe there should be something in social oh sure there is what shall I member yes for the testing purposes okay but Louis I will I will actually take this Cora email okay wasn't all answer requests to me this is just for the testing purpose you can basically like you can basically change the like you can have the Facebook email as also now you want to view the source of the email so I will just click on show it is not here oh sure it is no will take me to the source of email this is source and there should be a copy to clipboard button here it is I just copied that thing to court and I will here paste this thing and make sure this is ticked and let's go ahead and click on import Oh like this will import everything now I didn't have that Facebook message you can even have a Facebook message hey I will actually change it to Cora what does question pretty cool here am i typing so this is just for the testing purposes you can add anything let's just save it he also made an email template let's create users in group users in the group are just a group to whom you want to send this email so testing rope and in this you want to you can even import the CSV file or you can add the group manually so sagar unserved other or let me get it on my gmail the CEO added now i have gotten only one person in my group i will click on save change and let's go to camping lets me get camping now you in campaigns we want to click on new campaigns I'm just waiting for this inter stop let's create a camping camping name will be test email template which email you want to use I will use the quota question request a which landing page I will use the Facebook now they don't have any connection but I am just using it for the testing purposes now here comes the URL benefit I will add the HTTP version okay let's check the syntax it is correct so pay attention here it is not ml with HTTPS here the deal time let's just leave it as it is sending profile will be pH and see out look and group will be this one let's end this camping camping dude say it's ending I would basically go to dashboard here it says killed I don't all right cute it now there are no errors but it actually cured it does still the setters are still sending and I'll get back to you guys in the next video where you know like when I'll receive this email so I'll open the email and I'll show you guys so on the dashboard you can basically see the emails sent a email has been sent here is the email opened email click link and this I metadata so let's do this thing in the next video here I had the timely lamentations so I'll see you guys in the next lecture thank you so much for watching hey welcome back guys in this lecture let's go ahead and open a private tab and let's visit the email so basically let's visit our gmail account and see what happens when we go ahead and surf the the things are right here every our sign you let's enter the email here I believe this is the password I am able to lock them and now you will just see yet here is the email which we sent let's open it this is email is coming from Outlook calm but you can even spoof it with a custom SMTP now here it seems like a really littered email but as soon as we click on a right answer here it will take us to our page you can just see that it is taking us to our fake page this is the fake Facebook page here you can just see that here I don't know why it's not loading these images perfectly but that can be like you know that can be some issue with the cloning this side so you can just go ahead and to facebook.com right click view page source and you can add the source manually but no problems let's add some test things here starter oneself Adelaide Thunderdome okay in password this is test let's press ENTER and you can see that it will redirect me to facebook.com the real Facebook right now there were some problems in the landing page here you can see there is some problem basically as try to visit the website also we need the HTTPS okay I directly I cannot directly visit this site I want to check this site again you can see even Gmail is not giving me any issues about the fake phishing website and all now guys there is some problem with the de cloning of site here you can just say this is not working at all this is some problem with cloning so you might just go ahead and enter the correct source of the page this is some problem in cloning when we create some landing page but let's go ahead and check the dashboard let's refresh the dashboard here you see emails and email open click link and submitted data now it is saying submitted data like it is not showing me any submitted data but you know we actually submitted that data so there is a little problem with the framework here let's go ahead and try something else let's go ahead and create another landing page and at this time maybe the you know like my website so let's go ahead and do that import now I'm not white yeah sorry I'm not quite sure we'll like it we'll be able to import my site correctly or not it was able to do at a great let's not redirect the user anywhere so we have got the bail let's you know let's go ahead and read one more camping here and let's do this thing on a test email this time if let's add this test email user basically this is the demo email you I added the second user as well I'm sorry I am making a new group right our problems I just made a new group here and Milt let's launch one more camping camping a guerrilla website template will be let's add the same template eyesight you so everything is fine sending profile will be the same and the group will be temp Minister let's launch this camping as well so it will send me the email within 1 minute now it says sending but it should basically in the Camping's you know you can basically monitor all of them but I really don't need this camping and deleted it is saying good but it should basically add that thing within one minute in progress you email sent let's see that yeah here we have also received Oh at MIDI here is the email that visited yeah so now this is a perfect clone of my website right go ahead and try this thing Edmund Edmund let's login no I'm not sure if this fell only yes so it is again redirecting me there only because we didn't specified anything I'm not sure why it was not capturing the data but maybe it only captures yeah here you see submitted data as well you can basically go ahead and see the results here okay and in the results you have submitted data right you you have that submitted data you can basically I believe you can even or these thing are not sure which one to export but I will export both of them but this is the raw data we'll open link and permitted the data it you and the results so it says results can be exported like that actually I want to check something else oh you know like I'll get back to you guys in the next lecture where we will do something else I I really want to show you guys something else I'll see you guys in the next lecture thank you so much for watching he will come again now you know like I was I was like finding this thing so I don't know I just missed this arrow here so here you can just see there is a small arrow he can click on this and it will show you the exact timeline for the person with the exact date and time as well and here you have the deeply credentials and the view details you can click here and it will even show you the credentials whose team in purpose and like I was just trying to get where this is not getting this thing now you can just see where do you want the credentials to be submitted to so you know the me like you can just click here replay credentials it will just try to log you with these credentials if it is able to its go ahead and try that it will just redirect to my site with the given credentials and it will not be able to allowed me in because the credentials are you know they are fake here you can see cookies are blocked and not supported by the web browser you must enable cookies who use WordPress not actually the cookies are blocked so I'm not able to do that and I believe my site will not allow me to do this kind of work but you can just click on replay credentials and it will try to log you in the real account with D credentials permitted by the user so that's one way you can actually go ahead and land in the users account so this was all about corphish only thing left is the SMTP profile which enables you to send message through any email you can see the email came from PMC securely stored at the it outlook.com let's go ahead and change it to pH NCE securities no let's go ahead and change it to dance email which is you know the PM's email which is the Dan at the rate pH MCE securities dot org so let's change it to that and basically in next lecture we will try to do this kind of stuff and I'm really curious about that to move the email address see you guys till then thank you so much for watching so welcome back guys this is the final lecture about the you know about the fishing with go fish so in this lecture I will talk about the email spoofing now for email spoofing it's really simple you need any SMTP server that allow you to send email without the verification of the domain name SMTP to go is one of them there are a lot there are plenty of them now I don't say that you guys should do this and I am NOT pointing anything to SMTP to go here you know like this if you use this kind of work on daily basis if you really want to do this you can set up your own SMTP server but I'm just going to use it in a really controlled manner okay I will just do it in a really controlled manner to me only if you want to do it or with others you might want to get a paid smtp server or might want to set your own smtp server on a VPS but I'll do it on a controlled manner because you know this also harmed the reputation of the company so SMTP to go IP address might get harm from this so I'll do it in a really controlled manner okay so let's go to sending profile now for this you can just go to SMTP to go and get yourself a account this will be this is a free account which I am using here so I'll just add a profile here so we have SMTP to go five from I will send this email from you know from core our team the sender will be will be the no reply I did Tom a host is this one port it's two five two five user name is my SMTP Togo username which is exactly the same you as what is your SMTP to go password and that's all now you don't want to click on send test email because this will left SMTP to go know that you are sending a spoof email and they will ban your account okay you just want to directly send it now I believe I said that we will be using dance email which is done I did it pH I'm physically org with DP HMC email but let's use the kora email this seems you know this seems more genuine and how to do I just save that setting I'm not her if they will allow me to do this kind of work okay if I just get banned you want to try another less empty okay it's go to a dashboard or let's just go to camping here you camping everything will be basically the same okay so add anything mattress you right wing profile as in Thibodaux the name is Stu testy let's launch this camping and maybe they will just ban me or doing this kind of work but this you can basically you know you can just go ahead and get yourself some kind of SMTP that allow you to do its kind of work or you can actually go ahead and it's a sending but I believe it will just fail you you know I really as email sent one eye all this is the old email I want in progress okay great okay it is giving me the error as expected so the error should be that they banned me right now see okay incorrect authentication data really I believe I have the correct authentication sending profiles you know if I just to do five to five right yeah we'll fight to five if I just go to my dashboard I don't want to see a band a message here this is an old email basically which says 300% bounce rate believe I believe I added something wrong in the in the port here NTP to go calm it's a sick killer okay this was the thing our ID IES let's save it let's we should do that camping if we have that II have a lists papi this campaign everything will be already done the selected group analysis look you okay camping the old I want to I really want this there's email sent really consent was it this fast Wow let's go ahead and check that email refreshing is temporary email okay we got that right here Cora team no reply at the red quorum you can se that it delivered my email right maybe this email can basically land in a hand folder of a lot of providers you can the see email has been spoofed successfully and I fear they would have just pan me for this thing that okay actually doesn't land in spam so that is why they didn't ban me and if I send this thing to Gmail maybe it'll land in spam and they will ban me up oh I can just see it is taking me to the phishing page it is even HTTPS no chances for anyone to survive this kind of attack in the sea no chances for anyone to survive this kind of like only thing is if it land in spam it's all up to you maybe you might want to do a fake call with a spoof caller a message which convinced the user to open that spam email and like it opens which convinced them to submit the data it's all up to you how you make them realize that was all about phishing and I'll see you guys in the next lectures thank you so much for watching