diff --git a/security/spoofing/README.md b/security/spoofing/README.md index 14557307..4c02e847 100644 --- a/security/spoofing/README.md +++ b/security/spoofing/README.md @@ -1,10 +1,10 @@ -# PoC Security | Spoofing Workshop +# Workshop Spoofing +✔️ Learn how to create an SMTP server -### In this workshop you will learn: - - How to create SMTP server - - How to spoof an email - - How to create evil proxy +✔️ Discover how to spoof an email + +✔️ Create an evil proxy ## Setup !!!! CHECK YOUR EMAIL !!! @@ -19,21 +19,24 @@ Once you have the private key, you can connect to the server using the following `ssh -i id_rsa root@`
The next step is to install prerequisites for the workshop: -> sudo apt update && sudo apt upgrade && sudo apt dist-upgrade +``` +sudo apt update && sudo apt upgrade && sudo apt dist-upgrade -> sudo apt install mailutils && sudo apt install sendemail +sudo apt install mailutils && sudo apt install sendemail -> sudo dpkg-reconfigure postfix +sudo dpkg-reconfigure postfix +``` ## Step 1: SMTP server + - Setup relay restrictions - Configure hostname and network - Specify send-only parameters - Set spoofed masquerade To get the flag, send your postfix configuration in `/etc/postfix/main.cf` to a PoC Security administrator.
-You can send it in `workshop-spoofing@proton.me` with your Epitech email addres with the following subject: `SMTP server`.
+You can send it in `workshop-spoofing@proton.me` with your Epitech email address with the following subject: `SMTP server`.
If you have not received the flag after 5 minutes, please contact a PoC Security member. @@ -56,11 +59,11 @@ The subject is the same that the previous step but the content must be original It must contain the PoC logo and the text must be colored.
You're free to put whatever you want in the email.
-> Hint: think how to embeded html code in the email. +> 💡 Hint: think how to embed html code in the email. ## Step 4: Evil Proxy The evil proxy will be able to intercept all the traffic and redirect it to a server of your choice.
-In our case, the proxy will redirect all the traffic to the PoC Innovation github url: `https://github.com/PoCInnovation`
+In our case, the proxy will redirect all the traffic to the PoC Innovation github url: [https://github.com/PoCInnovation](https://github.com/PoCInnovation)
Before redirect, it must implement a login page to get the admin password.
The login page must be a real phishing page.
@@ -68,10 +71,11 @@ Here is a sample scheme of the evil proxy: ![](https://tse2.mm.bing.net/th?id=OIP.mdfWRGSKWIDDqEqd7_BV6gHaDC) -I recommand to use [EvilGinx2](https://github.com/kgretzky/evilginx2) to create the evil proxy and [Freenom](https://www.freenom.com/en/index.html?lang=en) to get a free domain name.
+We recommend to use [EvilGinx2](https://github.com/kgretzky/evilginx2) to create the evil proxy and [Freenom](https://www.freenom.com/en/index.html?lang=en) to get a free domain name.
To get the flag, you will have to send the same spoofing email that the previous step with the evil proxy url.
## Step 5: Go Further + You must have seen that spoofing does not work on all mailboxes because of bad certificates used.
Indeed, some providers check if the certificates match the dns record of the email used.
If you want to go further, you can try to spoof an email with a good certificate to bypass restrictions.
@@ -79,5 +83,28 @@ If you want to go further, you can try to spoof an email with a good certificate All bonus in this workshop will be rewarded in the PoC Security platform.
Don't hesitate to contact a staff member if you have any questions :)
---- -This workshop has made with ❤️ by PoC Security \ No newline at end of file +

+Organization +

+
+

+ + + + + + + + + + + + +

+

+ + + +

+ +> 🚀 Don't hesitate to follow us on our different networks, and put a star 🌟 on `PoC's` repositories. \ No newline at end of file