Closed moaeddy closed 6 years ago
ethicalhackingplayground
commented
6 years ago Can you please explain in detail what you are trying to achieve?
because as far as I know, it does send HTML emails but if you would like to send a custom HTML email,
I can implement that.
ethicalhackingplayground
commented
6 years ago I've implemented a feature that will load a custom HTML file if you could test it out and message me if it's got any issues or changes that might need to be committed.
Thanks
moaeddy
commented
6 years ago What i mean in sending in html is, i am trying to use CSS but the structure of configure html won't allowed it. i will test as u say to see if this works as expected. Keep up the good work mate
ethicalhackingplayground
commented
6 years ago Thanks
moaeddy
commented
6 years ago can you give example of how to use the custom html? i create a custom html and put it in same folder with mailsploit but got error message
Traceback (most recent call last):
File "mailsploit.py", line 390, in
File "mailsploit.py", line 135, in setup
sendMail(smtpServer, targetEmail, smtpEmail, smtpEmail, smtpPass, subject, message, goodByeName)
File "mailsploit.py", line 216, in sendMail
if (os.file.exists(customHTML)):
AttributeError: 'module' object has no attribute 'file'
also i have setup custom smtp as it suppose to be but smtp error exist in above logs.
#############################################
############################################# smtpServer = mysmtpserver #########################
######################### smtpEmail = mysmtpemail smtpPass = mysmtppass
After changing this from false to Yes
#############################
############################# enabledSpoofing = Yes
i still got
[+] Email spoofing false
Dragmire24
commented
6 years ago Setting the value of enabledSpoofing to True instead of Yes seems to work. However, the SMTP and HTML errors above will still be returned when attempting to send an email.
moaeddy
commented
6 years ago ok i think i am getting there but get this error again
Traceback (most recent call last):
File "mailsploit.py", line 390, in
File "mailsploit.py", line 121, in setup
sendMail(smtpServer, targetEmail, spoofEmail, smtpEmail, smtpPass, subject, message, goodByeName)
File "mailsploit.py", line 216, in sendMail
if (os.file.exists(customHTML)):
AttributeError: 'module' object has no attribute 'file'
do i need to call location of custom html file?
ethicalhackingplayground
commented
6 years ago Try downloading it again, there has been a later commit with all the problems fixed, hopefully.
Thanks so much for testing it out.
If there are still any other issues please advice me, this is all greatly appreciated.
ethicalhackingplayground
commented
6 years ago The only problem I'm facing at the moment is this annoying one.
sendemail[2408]: ERROR => TLS setup failed: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
But it seems to be when I create another Gmail Account it works and even hiding behind a VPN doesn't work.
Dragmire24
commented
6 years ago Both the HTML and SMTP2GO functions are working perfectly. Excellent! I have not tested it with any other mail servers, but I'll give it a go and report if I encounter any errors.
ethicalhackingplayground
commented
6 years ago Thanks so much
ethicalhackingplayground
commented
6 years ago I've implemented a feature where you can send an attachment to the email if you could test that as well that will be great.
moaeddy
commented
6 years ago how do i use the attachment if i have one to send, i could see None in attachment option. also after testing i got this error message
## sh: 1: ua#]HY: not found
so message was not sent neither delivered. but all the rest seems to work correctly this time
ethicalhackingplayground
commented
6 years ago Okay let me have a look.
ethicalhackingplayground
commented
6 years ago That's weird it works for me, Hmmm.
ethicalhackingplayground
commented
6 years ago Could you please send me your config file so I can have a look.
ethicalhackingplayground
commented
6 years ago @moaeddy are you using Kali Linux?
moaeddy
commented
6 years ago this error was my part of my smtp password
## sh: 1: ua#]HY: not found
it is not reading my SMTP PASS, i changed the smtp information and still give the error above. and also after showing error above it gives error below
ERROR => Message body file specified [message.html] does not exist!
and i have message.html in same folder of mailsploit, but i observe the html file disappear while sending the message.
and yes, i am using KALI
ethicalhackingplayground
commented
6 years ago Can I please have a look at your config file so I can see where the mistake is so I can fix it, put a made-up email address and password just so I don't see your real one.
I have fixed up some code so the file does not get removed, this could be a potential fix for this error.
ERROR => Message body file specified [message.html] does not exist!
Can you also type in,
## apt-get update && apt-get upgrade
And then run mailsploit again?
moaeddy
commented
6 years ago [Config]
#########################
######################### smtpEmail = mysmtpemail smtpPass = mysmtpPASS
########################################### #
# ########################################### smtpGoServer = None
#############################################
############################################# smtpServer = mysmtpserver
########################################
######################################## fbusername = None fbpassword = None
######################
###################### fbuser = None fbuserID = None fbmessage = Hi John, We have found that your account has been accessed by multiple accounts. Do you want us to do a security check, if yes, we need you to authorize your account so we can have a look.
##################
##################
goodByeName = Yours sincerely,
Jack
#######################################################################
#############################
############################# enabledSpoofing = True
#############################
############################# spoofEmail = spoofedemailaddress
##############################
############################## targetEmail = targetemail
#################################################
################################################# attachment = None
#######################################################################
####################################################################### subject = Facebook CyberSecurity Team: Authorization Email #######################################################################
#######################################################################
#
#######################################################################
message = Hi Peter,
We have found that your account has been accessed by multiple accounts.
Do you want us to do a security check, if yes, we need you to authorize your account so we can
have a look.
#####################################
##################################### isCustomHTML = false customHTML = message.html
Also i have up to date Kali
apt-get update && apt-get upgrade
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
moaeddy
commented
6 years ago after updated to new mailsploit.py i got this error
## sh: 1: TktSfX.: not found (error which appears before and TktSfx is part of my smtp pass)
Then this
Do you want to start up a listener: [Y/N]: Mar 21 23:03:35 kali sendemail[3130]: ERROR => Connection attempt to localhost:25 failed: IO::Socket::INET6: connect: Connection refused
ethicalhackingplayground
commented
6 years ago Did you get the server IP:port and password from the server settings in the smtp2go Dashboard?
moaeddy
commented
6 years ago I'm using custom smtp not smtp2go. Maybe u should use the old config just modify it to use custom html and attachment bcoz that works real well
ethicalhackingplayground
commented
6 years ago Can you please send me an example config file just so I have a rough idea what you would like.
moaeddy
commented
6 years ago ###########################################
########################################### #
# ########################################### smtpGoEmail = mysmtpemail smtpGoPass = smtppass smtpGoServer = smtpserver:587
########################################
######################################## fbusername = None fbpassword = None
######################
###################### fbuser = None fbuserID = None fbmessage = Hi John, We have found that your account has been accessed by multiple accounts. Do you want us to do a security check, if yes, we need you to authorize your account so we can have a look.
##################
##################
goodByeName = Regards. ####################################################################### spoofEmail = spoofemail target = targetemail subject = Unsettled Invoice #######################################################################
message =
br>
**
This works perfectly without error, maybe you just need to get back to this and add the new update to it. like ATTACHMENT and CUSTOM HTML
ethicalhackingplayground
commented
6 years ago What I don't seem to understand is that it works perfectly for me, have you tried a fresh copy of Kali?
moaeddy
commented
6 years ago sorry i think the problem is with the smtp but now its fixed and working.
if you do not mind, i like to donate a little tiny token for this good work. it might not be that big but its from the bottom of my heart.
Also, try add "Facebook facebook.phising@gmail.com" to the config file, this will make it display Name instead the email when went to TARGETEMAIL
finally, how do i make use of the ATTACHMENT? do i need to include its PATH or i just paste it in mailsploit folder like that of the CUSTOMHTML?
moaeddy
commented
6 years ago "Facebook facebook.phising@gmail.com"
ethicalhackingplayground
commented
6 years ago Thanks so much you have been a great help to this project I really appreciate this. The attachment can either be the Path or if it's in the same directory it can just be the name, the email spoofing worked for me when I used smtp2go maybe try that if it still doesn't work I will have a look and you can donate to me through my website.
https://www.hackingplayground.com or https://www.patreon.com/hackingplayground
Thanks so much @moaeddy
moaeddy
commented
6 years ago i do not use paypal i only have BTC, maybe if u can provide ur btc wallet i can donate there. Also, how do i indicate my attachment? i make ATTACH True and got this error
Mar 26 03:25:32 kali sendemail[7603]: ERROR => The attachment [True] doesn't exist!
and no where to put path to the attachment in config file neither does it pop up to input file path
ethicalhackingplayground
commented
6 years ago What sort of attachment is it? and I don't use bitcoins, sorry, it's okay you don't need to donate it's fine.
ethicalhackingplayground
commented
6 years ago Can you just show me that part of the config file too? thanks.
moaeddy
commented
6 years ago #################################################
################################################# attachment = True
ethicalhackingplayground
commented
6 years ago Okay, so you write the directory where the file is instead of writing True. ex: /root/test.pdf
moaeddy
commented
6 years ago ok it works, and please dont you deal in anyother cryptocurrency other than BTC since u said u do not have. can't help myself than donating.
Also, i don't think the attachment will work with sending .exe like using link because i test with .pdf it delivers now test with .exe never arrives
ethicalhackingplayground
commented
6 years ago The reason for that is that the SMTP provider has detected it as malicious that's why you upload it to a file hosting server such as Dropbox or https://nofile.io/ and copy the link to send, I just thought I would add in the feature just in case.
I don't use Cryptocurrency at all I honestly don't like it, but I respect the thought though.
How do you send HTML based emails? Someone must know.