7MS #481: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 2
7 Minute Security19 Aug 2021

7MS #481: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 2

Today we're revisiting how to make a kick-butt cred-capturing phishing campaign with Gophish, Amazon Lightsail, LetsEncrypt, ExpiredDomains.net and a special little extra something that makes creating phishing landing pages waaaaaaayyyyyyyyyy easier!

For some quicker review, you can check out part 1 and also the complementary YouTube video, but I wanted to revisit this kick-butt process and update a few items:

First, this SingleFile extension is amaaaaaaaazing for making phishing landing pages with ease!

The process to get GApps to let you generate an app-specific password for using with GoPhish is kinda annoying. The steps below should get you going:

  • After domain registration, log into admin.google.com or click Manage Workspace button at checkout.

  • At the next screen click Workspace Admin Console. Sign in with the person you'll be spoofing from, and the temporary password emailed to your backup email account during checkout.

  • In the search bar search for Less Secure Apps, choose Allow users to manage their access to less secure apps.

  • Now, in the upper right, hit Manage Your Google Account.

  • Under Security, click Protect your account and click Add phone number. Finish that process, then click Continue to your Google account.

  • Back at the main admin page, under Less secure app access, click Turn on access (not recommended).

  • At the next screen click Allow less secure apps: ON

  • Back at the main screen, click 2-Step Verification and set it to On.

  • Back at the main screen again, a new option called App passwords should be there. Click it. Choose to generate a custom name like LOL and then then an app password will appear. Write it down as it only appears once!

Finally, a quick reference for getting your LetsEncrypt cert to work with GoPhish. Get your LetsEncrypt cert generated, and then forge a .crt and .key file to use with GoPhish:

cp /etc/letsencrypt/live/YOUR-DOMAIN/fullchain.pem ./domain.crt cp /etc/letsencrypt/live/YOUR-DOMAIN/privkey.pem ./domain.key

Now go into the GoPhish .json config file and change the cert_path and key_path to the ones you just generated, and change use_tls to TRUE on both places in the config as well.

Avsnitt(705)

7MS #609: First Impressions of Sysreptor

7MS #609: First Impressions of Sysreptor

Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.  It is easy to stand up with Docker, has built-in MFA and a great hybrid WYSIWYG/code editor.  The only scary part?  There is no export to Word (insert suspenseful music here!) - your reports just go right to PDF, friends!  The killer feature for us, though, is the ability to create reports from the command line and send files, notes and findings to Sysreptor automagically!

2 Feb 202430min

7MS #608: New Tool Release - EvilFortiAuthenticator

7MS #608: New Tool Release - EvilFortiAuthenticator

Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil.  This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts!  We talk about BulletsPassView - a tool that originially allowed us to simply unmask the "hidden" API key in the FortiAuthenticator client (this did NOT work in the latest version of FAC). Once you get the API key, check out Fortinet's documentation to do fun things like dump the whole config to a file on disk! After you steal the config and restore it to a fresh FortiAuthenticator, use maintenance mode to reset the admin password. Once you can adjust the restored config to your liking, try using MITMsmtp to capture email server creds in the clear! TCMLobbyBBQ - this tool has nothing to do with security, but helps PC players of the Texas Chain Saw Massacre get into lobbies more efficiently.

26 Jan 202443min

7MS #607: How to Succeed in Business Without Really Crying - Part 15

7MS #607: How to Succeed in Business Without Really Crying - Part 15

Today we talk about some business-y things like: A pre first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs. staying in the weeds and working on hands-on security projects

19 Jan 202439min

7MS #606: Hacking OWASP Juice Shop (2024 edition)

7MS #606: Hacking OWASP Juice Shop (2024 edition)

Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and sophisticated insecure web application!" We got a few wins on the Juice Shop score board today: Found the score board Bullied the chatbot Fired a DOM XSS Located a confidential document Gave the Juice Shop a devastating zero stars review Fired a DOM XSS which played the OWASP Juice Shop Jingle

12 Jan 202429min

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024! P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588. Be sure to check out the next edition of Amanda's Defensive Security Handbook when it comes out in later January, 2024!

5 Jan 202458min

7MS #604: A Two Tool Teaser

7MS #604: A Two Tool Teaser

Today we tease two upcoming tool releases (shooting for Q1, 2024): TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to take screenshots of what part of the game you're in, then make appropriate key presses and mouse clicks to get into lobby queues, then alert you when the game actually starts! EvilFortiAuthenticator - this tool will allow you to steal administrator API tokens from FortiAuthenticator which can lead to full compromise of the physical device. Happy new year!

2 Jan 202426min

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscale so that my 7MinSec testing box can connect to all these NUCs spread around the globe, but those NUCs cannot connect to each other (in case one is compromised)? Got some ideas? Let me know please!

24 Dec 202328min

7MS #602: How to Succeed in Business Without Really Crying - Part 14

7MS #602: How to Succeed in Business Without Really Crying - Part 14

Today we're talkin' business! Specifically: How to (gently) say "no" to (some) client projects How to (politely) challenge end-of-year deadlines An idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in favor of Tailscale and Uptime Kuma

15 Dec 202344min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
motiv
p3-krim
flashback-forever
fordomspodden
rss-viva-fotboll
rss-krimstad
aftonbladet-daily
rss-sanning-konsekvens
rss-vad-fan-hande
spar
rss-krimreportrarna
rss-frandfors-horna
blenda-2
olyckan-inifran
dagens-eko
krimmagasinet
rss-flodet
rss-expressen-dok