ozzi-

## Red Team Phishing with Gophish.md

      
              1 file
            
          
              13 forks
            
          
              2 comments
            
          
              26 stars
            
          
                ozzi-
                / Red Team Phishing with Gophish.md
            
            
              Last active
              April 25, 2024 12:23
            
          
    Red Team Phishing with Gophish

This guide will help you set up a red team phishing infrastructure as well as creating, perform and evaluate a phishing campaign.
This is the basic lifecycle of your phishingn campaign:
+---------------------+
|Get Hardware         |   Order / setup a vServer
+---------------------+
+---------------------+
|Setup                |   Install Gophish & Mail Server
+---------------------+


## confluence_export_rewrite.sh
#!/bin/bash
if ! [ -x "$(command -v zip)" ]; then
  echo 'Error: zip is not installed.' >&2
  exit 1
fi
if ! [ -x "$(command -v unzip)" ]; then
  echo 'Error: unzip is not installed.' >&2
  exit 1
fi

## a.bat
start taskmgr

## a.html
<input type="file" id="avatar" name="avatar" />

## a.js
var oShell = new ActiveXObject("WScript.Shell");
oShell.Run("cmd.exe /C start microsoft-edge:http://www.microsoft.com");

## JSON - Remove Trailing Comma
// Input:
// [
//    {
//       "f00" : "bar",
//       "info" : "this comma to my right is wrong",
//    },
//    {
//       "f00" : "bar",
//       "info" : "the comma on the line below is wrong too!"
//    },

## ringbuffer.java

import java.util.Collections;

public class RingBuffer<T> {
	int length;
	int currentPos = 0;
	int firstPos = 0;
	int lastPos;
	private T[] buffer;

## index.html
<html>
	Form being submitted
  	<!-- longresponse.phg will take 30 seconds to respons, in order to simulate a timeout -->
	<form id="response" method="GET" action="https://oz-web.com/longresponse.php">
		<input type="hidden" name="status" id="status" value="*empty*" />
	</form>
	<script>
		const form = document.getElementById("response");
		function handleFail(){
      			// replace this with whatever code you have to handle the timeout

## all_curl.sh
res=$(curl "https://zgheb.com" -i -sS -w "\r\n%{http_code}")

responseCode=$(echo "$res" | tail -1)
headersAndBody=$(echo "$res" | head -n -1)
headers=$(echo "$headersAndBody" | awk '{if($0=="\r")exit;print}')
body=$(echo "$headersAndBody" | awk '{if(body)print;if($0=="\r")body=1}')

powered=$(echo "$res" | grep -Fi "X-Powered-By"  | cut -d ":" -f2 | awk '{$1=$1};1')

echo "Response Code:"

## binaryDownload.js
<html>
  <a id="downloadBinaryLink"></a>
    <script>
      // file.php here serves as a pseudo API that returns a binary as octect stream (and according Access-Control-Allow-Origin header)
      doBinaryDownload("http://oz-web.com/file.php", loadBinaryScriptEdit);
      function loadBinaryScriptEdit(blob){
        var dataUri = window.URL.createObjectURL(blob);
        var anchor = document.getElementById("downloadBinaryLink");
        anchor.setAttribute('href', dataUri);
        anchor.setAttribute('download', "pingsender.exe");
	#!/bin/bash
	if ! [ -x "$(command -v zip)" ]; then
	echo 'Error: zip is not installed.' >&2
	exit 1
	fi
	if ! [ -x "$(command -v unzip)" ]; then
	echo 'Error: unzip is not installed.' >&2
	exit 1
	fi
	var oShell = new ActiveXObject("WScript.Shell");
	oShell.Run("cmd.exe /C start microsoft-edge:http://www.microsoft.com");

	import java.util.Collections;

	public class RingBuffer<T> {
	int length;
	int currentPos = 0;
	int firstPos = 0;
	int lastPos;
	private T[] buffer;
	<html>
	Form being submitted
	<!-- longresponse.phg will take 30 seconds to respons, in order to simulate a timeout -->
	<form id="response" method="GET" action="https://oz-web.com/longresponse.php">
	<input type="hidden" name="status" id="status" value="empty" />
	</form>
	<script>
	const form = document.getElementById("response");
	function handleFail(){
	// replace this with whatever code you have to handle the timeout
	res=$(curl "https://zgheb.com" -i -sS -w "\r\n%{http_code}")

	responseCode=$(echo "$res" \| tail -1)
	headersAndBody=$(echo "$res" \| head -n -1)
	headers=$(echo "$headersAndBody" \| awk '{if($0=="\r")exit;print}')
	body=$(echo "$headersAndBody" \| awk '{if(body)print;if($0=="\r")body=1}')

	powered=$(echo "$res" \| grep -Fi "X-Powered-By" \| cut -d ":" -f2 \| awk '{$1=$1};1')

	echo "Response Code:"
	<html>
	<a id="downloadBinaryLink"></a>
	<script>
	// file.php here serves as a pseudo API that returns a binary as octect stream (and according Access-Control-Allow-Origin header)
	doBinaryDownload("http://oz-web.com/file.php", loadBinaryScriptEdit);
	function loadBinaryScriptEdit(blob){
	var dataUri = window.URL.createObjectURL(blob);
	var anchor = document.getElementById("downloadBinaryLink");
	anchor.setAttribute('href', dataUri);
	anchor.setAttribute('download', "pingsender.exe");