search

pentestgeek / phishing-frenzy

Ruby on Rails Phishing Framework
www.phishingfrenzy.com
GNU General Public License v3.0
794 stars 297 forks source link

Launch Campaign - Phishing URL - Apache2 Debian Default Page #369

Closed mad0maxx closed 7 years ago

mad0maxx commented 7 years ago

I am able to access the Phishing-Frenzy administrative page. I am able to browse to Templates and create a new template. The template contains the required index.php email.html.erb files. I am able to browse to Campaigns and create a new campaign and properly set all the values there. I sent a test and the sent e-mail is successfully sent and received and looks exactly like the email.html.erb.

The problem is when I launch my campaign and click on the phishing URL, I always go straight to the Apache2 Debian Default Page. It does not pull up the index.php page at all. I am completely lost on how to fix this, please help.

When I launch a campaign, the FQDN is listed below, the extract below does not have an active campaign.

apachectl -S (no active compaign)

root@Phishing-Frenzy:/# apachectl -S AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:7 VirtualHost configuration: :80 is a NameVirtualHost default server Phishing-Frenzy.domain.com (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost Phishing-Frenzy.domain.com (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost phish.domain.com (/etc/apache2/pf.conf:6) :443 phish.augusta.edu (/etc/apache2/pf.conf:24) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex watchdog-callback: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex mpm-accept: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33 root@Phishing-Frenzy:/#

zeknox commented 7 years ago

It looks like in the apache dump above that none of the campaigns are active. I do not see any campaign configuration files within /etc/apache2/sites-enabled/*

mad0maxx commented 7 years ago

Correct, here is a apachectl -S with an active campaign.

root@Phishing-Frenzy:/# apachectl -S AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:7 VirtualHost configuration: :80 is a NameVirtualHost default server Phishing-Frenzy.domain.com (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost Phishing-Frenzy.domain.com (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost CampaignFQDN (/etc/apache2/sites-enabled/1.conf:2) alias CampaignFQDN port 80 namevhost phish.domain.com (/etc/apache2/pf.conf:6) :443 phish.domain.com (/etc/apache2/pf.conf:24) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex watchdog-callback: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex mpm-accept: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33 root@Phishing-Frenzy:/#

zeknox commented 7 years ago

Based on this apache dump:

port 80 namevhost (/etc/apache2/sites-enabled/1.conf:2)

I'm assuming that you have modified the FQDN before posting here, but if ''namevhost'' is the FQDN, you need to make sure this FQDN is resolvable to the PF IP address or edit your hosts file to make the resolution happen (for testing).

You need to make sure you try to access the phishing site using the defined FQDN because when the HTTP request comes in on port 80, the HTTP host header field will be analyzed and apache will serve up the proper website based on this uniq FQDN being defined in an apache config file like 1.conf

http://namevhost/?uid=0
mad0maxx commented 7 years ago

Correct, the FQDN of the campaign is resolvable. I have been using Phishing-Frenzy perfectly fine for a number of campaigns. Then all of a sudden the landing page never presents the index.php page but always displays the Debian Default page.

zeknox commented 7 years ago

Try a different browser, or manual refresh of the FQDN. Based on your apache config that FQDN should be live an accessible on port :80

mad0maxx commented 7 years ago

Great, I tried a different browser and it works! I went to back to the original browser and did a hard refresh and the index.php page pulled properly as well! You have been a great help!

zeknox commented 7 years ago

Cheers!