Dokumentiyada Gophish
Navigation
Sida loo sameeyo Server SMTP iimaylka shaqeeya ee Imtixaanka Phish ee 2022
Miyaad ka fekereysaa inaad sameysato ololaha tijaabada phish-kaaga sanadkan?
Injineerinka Bulshadu wuxuu u koray khatar aad u weyn 2022 oo waxaad ka fekereysaa siyaabo aad wax uga qabato.
Haddana dhimista ay warshaduhu sameeyeen ayaa tan ka dhigay mid ka sii adag sidii hore.
Si aad u bilowdo waxaad u baahan doontaa dhawr waxyaalood.
Waxaad u baahan tahay iimaylka SMTP sax ah.
Tani waxay noqon kartaa caqabad maadaama inta badan bixiyeyaasha daruuraha ay xannibaan taraafikada SMTP.
Waxaad sidoo kale u baahan tahay dashboard si aad ula socoto, oo aad u falanqeyso natiijooyinkaaga injineernimada bulshada.
Tani waxay kuu ogolaan doontaa inaad daawato horumarka oo aad dib ugu soo sheegto kooxda fulinta.
Dejinta kuwan waxay qaadan kartaa toddobaadyo shaqo iyo imtixaan, iyadoo lagu darayo ilaa kumanaan doolar oo fooshu ah.
Taasi waa sababta aan u abuurnay hagahan si aan ku tuso sida aad u dejisan karto server-ka SMTP bixiyayaasha martigelinaya ee aan xannibin SMTP.
Dhammaadka hagahan waxaad baran doontaa sida loo habeeyo oo loo ilaaliyo server-kaas si uu awood ugu yeesho inuu diro fariimaha.
Intaa waxaa dheer, waxaad ogaan doontaa sida loo diiriyo ciwaanka IP-ga ee server-ku isticmaalayo si farriimaha loo gaarsiiyo.
Waxaan adeegsan doonaa aalad la yiraahdo Poste.io si aan uga caawino qaabeynta server-ka boostada.
Waxaan sidoo kale ku tusin doonaa sida loo sameeyo dashboard-ka phishing-ka oo aad isticmaali karto si aad ula socoto oo aad u falanqeyso natiijooyinkaaga.
Waxaan haynaa dashboard ka kacaaya GoPhish ee Adeegyada Shabakadda Amazon oo diyaar u ah in la bilaabo.
Waad shidi kartaa oo damin kartaa dashboard-kan marka aad u baahan tahay si aad u maamusho oo aad u falanqeyso ololahaaga tijaabada phish-ka.
Sida loo dejiyo Server-kaaga SMTP
Marka hore waxaad u baahan doontaa inaad ka hesho VPS bixiye u oggolaanaya taraafikada SMTP.
Taas macnaheedu waa Contabo, Hetzner, LunaNode, BuyVM, ama Scaleway.
Waxaan u isticmaali doonaa Contabo tusaalahan.
- Ka samee koonto Contabo leh ugu yaraan 4GB oo RAM ah iyo 80 GB oo meel kayd ah.
Riix halkan si aad u furto Contabo VM oo leh habaynta horay loo doortay.
- Waxaad dooran kartaa ereyga ku habboon kiiskaaga isticmaalka.
Kooxdayadu waxay isticmaashaa ereyo bille ah ilaa aynaan haysan heshiis ka dheer oo isticmaalka phish-ka.
- Marka xigta waxaad u baahan doontaa inaad doorato gobolka kuugu dhow ururka aad tijaabin doonto.
Xaaladdan oo kale, waxaan ku isticmaali doonaa US East Contabo.
- VPS-ga aad u isticmaalayso martigelinta server-kaaga SMTP waa inuu lahaadaa ugu yaraan 4 GB oo RAM ah iyo ugu yaraan 80GB oo meel kayd ah.
- Markaa waxaad u baahan doontaa inaad doorato Operating System-ka, dooro Ubuntu 20.04 si aad u hubiso in ay ku habboon tahay.
6. Dooro furaha sirta ah ee aad u isticmaali doonto gelitaanka server-kaaga SSH. Waxaad halkan ka abuuri kartaa erayga sirta ah: https://passwordsgenerator.net/
Hubi inaad tan ku kaydiso maamulaha sirta ah sida LastPass ee tixraaca mustaqbalka.
- Hubi in laguu qoondeeyay ugu yaraan hal ciwaanka IP ee dadweynaha!
8. Waxa aad kaga tagi kartaa waxyaabaha u dhiman ee Addons and Quantity Server ee Contabo.
- Intaa ka dib waa inaad gasho ama abuurtaa akoon
- Markaad gasho, bixi khidmadda bisha ee adeegga.
- Bixinta ka dib, waxaad heli doontaa iimaylka xaqiijinta marka server-kaaga la sameeyo.
- Marka xigta waxaan gali doonaa server-ka oo aan bilaabi doonaa dejinta server-kaaga SMTP anagoo adeegsanayna Poste.io.
Waxaad u baahan doontaa inaad isticmaasho magaca isticmaalaha (xididka) iyo erayga sirta ah ee aad hore u soo saartay si aad u gasho serverka adigoo isticmaalaya SSH.
13. Waxaad ku xidhi kartaa macmiilka SSH ee aad door bidayso, sida MobaXTerm ama Putty.
Markaad gasho server-ka, waxaad u baahan doontaa inaad u gudubto Poste.io oo aad socodsiiso tillaabooyinka soo socda:
- Ku rakib Docker Engine serverkaaga Ubuntu adoo isticmaalaya tilmaamaha leh qoraalka degdega ah halkan:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
- Waxa kale oo aad ku rakibi kartaa Docker Engine adoo isticmaalaya amarrada soo socda haddii qoraalka degdega ah aanu u shaqaynayn qaybinta Ubuntu:
sudo apt-get update
sudo apt-get install \
shahaadooyinka \
curl
gnupg \
lsb-sii dayn
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg -dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
dhawaaq \
"deb [arch=$(dpkg -print-architecture) waxaa saxiixay=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) xasiloon" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
- Xaqiiji in Docker Engine uu ku socdo amarka soo socda kaas oo soo saari doona Hello World ka dibna xiro weelka Docker:
sudo docker orod hello-adduunyo
17. Soo deji oo socodsii Dockerfile ka Poste.io ka https://poste.io/doc/getting-started adigoo isticmaalaya amarka hoose.
$ docker run \
-net=martigeliyaha \
-e TZ=Maraykanka/New_York
-v /xogta-dir/xogta:/xog \
- Magaca "mailserver" \
-h "mail.yourphishdomain.com" \
-t analoog/poste.io
Waxaa jira dhowr wax ka beddel oo aad rabto inaad ku samayso amarkan:
- -e TZ=Ameerika/New_York U deji aagga wakhtiga taariikhda taariikhda saxda ah
- -v /data-dir/data:/xogta Ku dheji hagaha xogta ee nidaamka martida loo yahay. Xogta isticmaalaha, iimaylada, diiwaanka, dhamaantood waxay ku dhamaan doonaan hagahan si ay u fududaato kaydinta.
- -magac"boostada" U orod poste.io sidii weel magac la qeexay
- -h "mail.yourphishdomain.com" Magaca martida ee serverkaaga tijaabada phish-ka
Poste.io waxay qaban doontaa dejinta tallaabooyinkii ugu dambeeyay ee amniga, TLS, SPF, DKIM, iyo DMRC adiga oo ku hadlaya magacaaga.
- Isticmaal qalabka kululaynta IP ugu yaraan 72 saacadood ka hor ololaha tijaabada phish.
Lemlist waa $29/bishii, iyo WarmupInbox waa $9/bishii, ka eeg IP Warming SOP wixii faahfaahin ah.
Fadlan tixraac hagahayaga "Sida loo diiriyo IP" ee tixgelinta kululaynta IP.
SOP: Sida loo diiriyo IP-ga ee server-ka cusub ee iimaylka
- Lasoco sumcada IP adoo isticmaalaya poste.io/dnsbl, mxtoolbox.com/blacklists.aspx ama dnsbl.info.
20. Tijaabi server-ka boostada iyo qaab-dhismeedka iimaylka adigoo isticmaalaya mail-tester.com si loo horumariyo gaarsiinta.
Sida Loo Sameeyo Dashboardkaaga Tijaabada Phish
21. Samee ama gal AWS Account kaaga
22. Booqo liiska suuqa GoPhish
23. Ku bilow tijaabo bilaash ah liiska suuqa
24. Aqbal shuruudaha oo bixi server-ka GoPhish gudaha akoonkaaga AWS. Haddii aad abuurayso akoon cusub, Amazon waxay xaqiijin doontaa akoonkaaga waxayna kuu soo diri doontaa xaqiijinta email ahaan.
25. Gal dashboardkaaga GoPhish adigoo isticmaalaya magaca isticmaalaha iyo aqoonsigaaga tusaale.
26. Habee Profile-kaaga Diritaanka si aad u isticmaasho server-kaaga cusub ee Poste.io SMTP ee Contabo.
Faahfaahinta Xiriirinta SMTP
- martigeliyaha: mail.yourphishdomain.com
- dekedda: 465 (TLS ayaa loo baahan yahay), 587 beddelkeeda (STARTTLS ayaa loo baahan yahay)
- xaqiijin ayaa loo baahan yahay
- username waa ciwaanka iimaylka dhan username@example.com
- 27. Deji Ololahaaga ugu horreeya.
- 28. Dir Ololahaaga ugu horreeya
Su'aalo ma qabtaa? Waxaad ku arki kartaa dukumeentiyada GoPhish halkan, ama nala soo xiriir si aan u helno caawimaad support@hailbytes.com
SU'AALAHA WEYDIANAYAANAYO
- martigeliyaha: mail.yourphishdomain.com
- dekedda: 465 (TLS ayaa loo baahan yahay), 587 beddelkeeda (STARTTLS ayaa loo baahan yahay)
- xaqiijin ayaa loo baahan yahay
- username waa ciwaanka iimaylka dhan username@example.com
- 27. Deji Ololahaaga ugu horreeya.
- 28. Dir Ololahaaga ugu horreeya
Su'aalo ma qabtaa? Waxaad ku arki kartaa dukumeentiyada GoPhish halkan, ama nala soo xiriir si aan u helno caawimaad support@hailbytes.com
