So i have been busy setting up infrastructure for red team. lot of research has been put into place but finally only few got selected. out of which one i am working on Evilgnix2. couple of factors for choosing this, firstly it is open source (yay), secondly it can dodge 2FA(two factor authentication) which fits my current campaign. For your campaign you need to choose which works for best there is no good or bad. only down side i can see is learning yaml language to write own templates. but we will get to that part later. ok lets get to point.
Things you need
- Virtual machine ( for setting up Evilginx2, i went with GCP as this makes life easy but bit expensive. good thing is they give 300 dollar free credit to burn so go ahead. that will be enough for one campaign. my personal choice is digital ocean) make sure to check our support us page fro 10$ free credit.
- Domain name ( suitable for phishing, be wise there are lot of domains you can buy for less than dollar, which may suit project)
- patience loads and loads. as i spent most of my week in trail and error and reading plethora of blogs, i really hope this will serve atleast one person like me.
Sign into or register account with GCP and log into control panel. go to https://console.cloud.google.com
Create new virtual machine instance from compute
on new instance page create VM according to our needs. bear in mind this is supposed to be only phishing server so 1gb ram and 20gb hard disk will get you through nicely. also it will be cheap and you probably will spend 15 $ fro whole month.
make sure to choose shared CPU not dedicated as this reduce alot of cost. please see following screenshot for my configuration
Shared CPU, with 1.7gb ram and choose location you choose, i prefer same region as our campaign so we can later take IP address from same region it will help with phishing as firewalls see that IP address as less dangerous than an IP coming from around the world.
Hard disk space – 20GB (not that we need but just in case), make sure to allow HTTP and HTTPS as we will be using ports 80 and 443 to get traffic so they must be open. finally hit create it will take a minute or two but once VM is created immediately shut down with out logging into it.
One of the important things is to make sure that our IP dont change, because imagine after setting up DNS forwarders and our campaign is up and running, for some reason VM went down or you shut down, it will be disaster. so lets set up static IP first. remember you can only pick static IP from same region where your VM lives, this is why it is so crucial to choose right region from beginning.
Go to Navigation Menu > VPC Network > static address
Go ahead and choose static ip address, give it a name which makes sense to you, decryption and make sure to choose same region and allocate it to your virtual machine. for me its 35.xxx.xxx.xxx
Log into VM using web ssh method
If everything go smooth, you can see above screen. lets make some changes to our vm initially following will let us create our own keys instead of using generic keys
change permitrootlogin attribute to yes, by default it is set to no. permitrootlogin yes
One more step before you fire up VM i dont know about you but i like to connect my VM through Putty, good thing about GCP is it will let you SSH directly using browser, but come on Putty is mush more better. we will use keys and certificates. kind of fun.
Download Puttygen from your favorite website. and we will be generating public and private keys. once you download puttygen, create a key pair as per below.
Puttygen RSA 4096 key length, just because it will be enough to not get brute forced and thats one less root password i need to remember. love it. if you want to make it much more complicated use keyphrase before you save key, or else just save private key we dont need public key, just yet. now close puttygen and re open it.
Once above is done go ahead and save private key.
close puttygen > re open puttygen > click load key > browse to your private key > and now copy your public key and paste in notepad
go to end of file and remove rsa-key-20180831(might be slightly different for you because this is combination of date year and month) and replace it with root this will be our root key
Now copy the key and paste in following ssh key section in GCP as shown below
Now start vm and do followin
Once this is done use putty and go to ssh section > expand > auth keys > browse key > click allow agent forward
go to sessions and use hostname to connect to your instance.
Voila. you should see following
Lets speedup things. now use apt-get update to update repository
very easy method to install Evilginx is by using go get. for that we need to install go first.
All credit goes to developers. they are awsome help them if you can.
copy link location from following URL to install go first.
wget https://dl.google.com/go/go1.11.linux-amd64.tar.gz (this command will download tarball for installation)
tar -C /usr/local -xzf go1.11.linux-amd64.tar.gz (this command will extract tarball into /usr/local location)
export PATH=$PATH:/usr/local/go/bin (this command will export /usr/local/go/bin into environmental variable so we can use go from anywhere in OS)
it should look like following. ignore my mistakes please.
now lets use go to download and install Evilginx2 using following commands
sudo apt-get install git make
go get -u github.com/kgretzky/evilginx2
Thats all your tool got set up and ready to go. just type Evilginx from terminal to launch it.