Tuhinga Gophish
Navigation
Me pehea te whakarite i tetahi Tūmau Īmēra SMTP mahi mo te Whakamatau Phish i te tau 2022
Kei te whakaaro koe ki te whakatu i taau ake kaupapa whakamatautau hītinihanga i tenei tau?
Kua nui ake te riri a Social Engineering i te tau 2022, a kei te whakaaro koe ki nga huarahi hei whakatika.
Heoi ano ko nga whakangawaritanga kua mahia e te umanga kua uaua ake tenei.
Hei timata ka hiahia koe ki etahi mea.
Kei te hiahia koe ki tetahi tūmau īmēra SMTP whaimana.
He uaua tenei mai i te nuinga o nga kaiwhakarato kapua e aukati ana i nga hokohoko SMTP.
Kei te hiahia koe ki tetahi papatohu hei whai, me te tātari i o kitenga hangarau paapori.
Ma tenei ka taea e koe te maataki i te ahunga whakamua me te whakahoki korero ki te roopu whakahaere.
Ko te whakarite i enei ka roa pea nga wiki o te mahi me te whakamatautau, me te taapiri atu ki nga mano taara mo te mahi.
Koinei te take i hanga ai e matou tenei aratohu hei whakaatu ki a koe me pehea e taea ai e koe te whakatu i tetahi tūmau SMTP ki nga kaiwhakarato manaaki e kore e aukati i te SMTP.
Hei te mutunga o tenei aratohu ka mohio koe ki te whirihora me te whakamau i taua tūmau kia taea ai e ia te tuku karere.
I tua atu, ka mohio koe me pehea te whakamahana i te wahitau IP e whakamahia ana e te tūmau kia tukuna ai nga karere.
Ka whakamahia e matou he taputapu ko Poste.io hei awhina i te whirihoranga tūmau mēra.
Ka whakaatu hoki matou ki a koe me pehea te whakarite papatohu hītinihanga ka taea e koe te whakamahi ki te whai me te tātari i o kitenga.
Kei a matou he papatohu e whakamahi ana i a GoPhish i runga i nga Ratonga Tukutuku Amazon kua reri ki te whakarewa.
Ka taea e koe te whakahuri me te whakaweto i tenei papatohu ina hiahia koe ki te whakahaere me te tātari i o kaupapa whakamatautau hītinihanga.
Me pehea te whakarite i to Tūmau SMTP
Tuatahi ka hiahia koe ki te tiki VPS mai i tetahi kaiwhakarato ka taea te hokohoko SMTP.
Ko te tikanga ko Contabo, Hetzner, LunaNode, BuyVM, Scaleway ranei.
Ka whakamahia e matou a Contabo i tenei tauira.
- Waihangahia he kaute ki Contabo me te 4GB o te RAM me te 80 GB o te waahi rokiroki.
Pāwhiri ki konei ki te whakatuwhera i tetahi Contabo VM me nga tautuhinga kua tohua i mua.
- Ka taea e koe te whiriwhiri i te kupu e pai ana ki to keehi whakamahi.
Ka whakamahia e ta maatau roopu nga kupu o ia marama mena ka roa ake to maatau whakaaetanga keehi mo te whakamatautau hītinihanga.
- I muri mai ka hiahia koe ki te whiriwhiri i tetahi rohe e tata ana ki te whakahaere ka whakamatau koe.
I tenei take, ka whakamahi ahau i te US East i Contabo.
- Ko te VPS e whakamahia ana e koe mo te manaaki i to tūmau SMTP me 4 GB o te RAM me te 80GB o te waahi rokiroki.
- Na ka hiahia koe ki te whiriwhiri i te Pūnaha Whakahaere, tohua te Ubuntu 20.04 hei whakarite i te hototahi.
6. Tīpakohia he kupuhipa ka whakamahia e koe mo te uru atu ki to tūmau ma te SSH. Ka taea e koe te whakaputa kupuhipa kaha i konei: https://passwordsgenerator.net/
Kia mahara ki te penapena i tenei i roto i te kaiwhakahaere kupuhipa penei i a LastPass hei tohutoro a meake nei.
- Kia mohio kei te tohatoha koe kia kotahi te iti rawa o te wahitau IP tūmatanui!
8. Ka taea e koe te waiho nga taunoa mo nga taapiri me te Rahi Tūmau ki Contabo.
- I muri i tera me whakauru koe ki te hanga i tetahi kaute.
- Kia takiuru koe, utu i te utu marama mo te ratonga.
- I muri i to utu, ka whiwhi koe i te imeera whakau i te wa kua whakaritea to kaimau.
- I muri mai ka takiuru matou ki te tūmau ka timata ki te whakarite i to tūmau SMTP ma te whakamahi i te Poste.io.
Me whakamahi koe i te ingoa kaiwhakamahi (pakiaka) me te kupuhipa i mahia e koe i mua ki te takiuru ki te tūmau mā SSH.
13. Ka taea e koe te hono atu ki to kaihoko SSH pai ake, penei MobaXTerm ko PuTTY ranei.
Ina kua takiuru koe ki te tūmau, ka hiahia koe ki te whakatere ki te Poste.io ka whakahaere i nga mahi e whai ake nei:
- Tāutahia te Docker Engine ki runga i to tūmau Ubuntu ma te whakamahi i nga tohutohu me te tuhi tere i konei:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh tiki-docker.sh
- Ka taea hoki e koe te whakauru i te Docker Engine ma te whakamahi i nga whakahau e whai ake nei ki te kore e mahi te tuhinga tere mo to tohatoha Ubuntu:
sudo apt-tiki whakahou
sudo apt-tiki tāuta \
ca-tiwhikete \
korukoru \
gnupg \
lsb-tuku
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
paoro \
"deb [arch=$(dpkg –print-architecture) i haina-e=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) pūmau” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-tiki whakahou
sudo apt-tiki tāuta docker-ce docker-ce-cli containerd.io docker-compose-monomai
- Manatokohia kei te rere a Docker Engine me te whakahau e whai ake nei me whakaputa Hello World ka kati i te ipu Docker:
sudo docker rere hello-ao
17. Tikiake me te whakahaere i te Dockerfile mai i te Poste.io mai https://poste.io/doc/getting-started te whakamahi i te whakahau i raro nei.
$rere kauhoe \
–net=host \
-e TZ=Amerika/ New_York \
-v / your-data-dir/data:/data \
–ingoa “tūmau mēra” \
-h “mail.yourphishdomain.com” \
-t analogic/poste.io
He iti noa nga whakarereketanga ka hiahia koe ki te mahi ki tenei whakahau:
- -e TZ=Amerika/ New_York Tautuhia te rohe waahi mo te wa ra tika
- -v /tou-raraunga-dir/raraunga:/raraunga Ka mau i te whaiaronga raraunga mai i te punaha manaaki. Raraunga raraunga kaiwhakamahi, īmēra, rākau, ka mutu katoa ki roto i tēnei whaiaronga mo te ngawari te tārua.
- –ingoa”tūmau mēra" Whakahaerehia te poste.io hei ipu me te ingoa kua tautuhia
- -h "mail.yourphishdomain.com" Ingoa Kaihautū mo to tūmau mēra whakamātautau hītinihanga
Ka whakahaere a Poste.io ki te whakarite i nga tikanga haumarutanga hou, TLS, SPF, DKIM, me DMARC mo koe.
- Whakamahia he taputapu whakamahana IP mo te iti rawa 72 haora i mua i nga kaupapa whakamatautau hītinihanga.
Ko te Lemlist he $29/mo, ko WarmupInbox he $9/mo, tirohia te IP Warming SOP mo nga taipitopito.
Tena tirohia to maatau aratohu "Me pehea te whakamahana i te IP" mo nga whakaaro whakamahana IP.
SOP: Me pehea te whakamahana i tetahi IP mo te tūmau imeera hou
- Aroturuki ingoa IP ma te whakamahi i te poste.io/dnsbl, mxtoolbox.com/blacklists.aspx ranei dnsbl.info.
20. Whakamātauhia te tūmau mēra me nga tauira imeera ma te whakamahi i te mail-tester.com hei whakapai ake i te tuku.
Me pehea te Whakaritea i to Papatohu Whakamatau Hītinihanga
21. Waihanga, takiuru ranei ki to Kaute AWS
22. Haere ki te raarangi maakete a GoPhish
23. Tīmatahia he whakamatautau kore utu me te raarangi maakete
24. Whakaaetia nga tikanga me te whakarato i tetahi tūmau GoPhish i roto i to putea AWS. Mena kei te hanga koe i tetahi kaute hou, ka manatoko a Amazon i to putea ka tukuna atu te manatoko ma te imeera.
25. Takiuru ki to papatohu GoPhish ma te whakamahi i to ingoa kaiwhakamahi me to ID tauira.
26. Whirihorahia to Tukunga Profile ki te whakamahi i to tuumau SMTP Poste.io hou ki Contabo.
Nga Taipitopito Hononga SMTP
- Kaihautū: mail.yourphishdomain.com
- tauranga: 465 (TLS e hiahiatia ana), 587 (me STARTTLS me hiahia)
- e hiahiatia ana motuhēhēnga
- Ko te ingoa kaiwhakamahi he wahitau imeera katoa username@example.com
- 27. Whakaturia to Kaupapa tuatahi.
- 28. Tukuna mai to Pakanga tuatahi
He patai? Ka taea e koe te kite i a maatau tuhinga GoPhish i konei, waea mai ranei ki a maatau mo te awhina i support@hailbytes.com
PĀTAI TUATAHI
- Kaihautū: mail.yourphishdomain.com
- tauranga: 465 (TLS e hiahiatia ana), 587 (me STARTTLS me hiahia)
- e hiahiatia ana motuhēhēnga
- Ko te ingoa kaiwhakamahi he wahitau imeera katoa username@example.com
- 27. Whakaturia to Kaupapa tuatahi.
- 28. Tukuna mai to Pakanga tuatahi
He patai? Ka taea e koe te kite i a maatau tuhinga GoPhish i konei, waea mai ranei ki a maatau mo te awhina i support@hailbytes.com
