diff --git a/security/spoofing/README.md b/security/spoofing/README.md new file mode 100644 index 00000000..4c02e847 --- /dev/null +++ b/security/spoofing/README.md @@ -0,0 +1,110 @@ +# Workshop Spoofing + +✔️ Learn how to create an SMTP server + +✔️ Discover how to spoof an email + +✔️ Create an evil proxy + +## Setup + !!!! CHECK YOUR EMAIL !!! + The server IP will be given to you by mail in your Epitech account. + Attached to this IP you will receive an rsa private key. + +Before starting the workshop, you need to create an account on [PoC Security Platform](https://challs.poc-innovation.com/). + +Then, download the private key received by mail and save it as `id_rsa` in your home directory.
+Don't forget to change the permissions of the file to 600: `chmod 600 id_rsa`
+Once you have the private key, you can connect to the server using the following command: +`ssh -i id_rsa root@`
+ +The next step is to install prerequisites for the workshop: +``` +sudo apt update && sudo apt upgrade && sudo apt dist-upgrade + +sudo apt install mailutils && sudo apt install sendemail + +sudo dpkg-reconfigure postfix +``` + + +## Step 1: SMTP server + +- Setup relay restrictions +- Configure hostname and network +- Specify send-only parameters +- Set spoofed masquerade + +To get the flag, send your postfix configuration in `/etc/postfix/main.cf` to a PoC Security administrator.
+You can send it in `workshop-spoofing@proton.me` with your Epitech email address with the following subject: `SMTP server`.
+ +If you have not received the flag after 5 minutes, please contact a PoC Security member. + +## Step 2: Spoofing +- Send an email to yourself +- Check the headers and certificates +- Send an email to PoC Security: `workshop-spoofing@proton.me` + +In order to get the flag, you will have to send an email to this address below.
+The spoofed mail address: `admin@poc-innovation.fr`
+The subject: "Spoofed by ``"
+The content: "I am the admin of PoC Security, I want the flag."
+ +You will receive the flag by email in a few minutes at `firstname.lastname@epitech.eu` + +## Step 3: Mail Core +In this step you will create a real phishing email. Your goal is to obtain the PoC admin password !
+To do this, you will create a content with `sendemail` and then send it to the PoC team.
+The subject is the same that the previous step but the content must be original and creative to get the flag.
+It must contain the PoC logo and the text must be colored.
+You're free to put whatever you want in the email.
+ +> 💡 Hint: think how to embed html code in the email. + +## Step 4: Evil Proxy +The evil proxy will be able to intercept all the traffic and redirect it to a server of your choice.
+In our case, the proxy will redirect all the traffic to the PoC Innovation github url: [https://github.com/PoCInnovation](https://github.com/PoCInnovation)
+Before redirect, it must implement a login page to get the admin password.
+The login page must be a real phishing page.
+ +Here is a sample scheme of the evil proxy: + +![](https://tse2.mm.bing.net/th?id=OIP.mdfWRGSKWIDDqEqd7_BV6gHaDC) + +We recommend to use [EvilGinx2](https://github.com/kgretzky/evilginx2) to create the evil proxy and [Freenom](https://www.freenom.com/en/index.html?lang=en) to get a free domain name.
+To get the flag, you will have to send the same spoofing email that the previous step with the evil proxy url.
+ +## Step 5: Go Further + +You must have seen that spoofing does not work on all mailboxes because of bad certificates used.
+Indeed, some providers check if the certificates match the dns record of the email used.
+If you want to go further, you can try to spoof an email with a good certificate to bypass restrictions.
+ +All bonus in this workshop will be rewarded in the PoC Security platform.
+Don't hesitate to contact a staff member if you have any questions :)
+ +

+Organization +

+
+

+ + + + + + + + + + + + +

+

+ + + +

+ +> 🚀 Don't hesitate to follow us on our different networks, and put a star 🌟 on `PoC's` repositories. \ No newline at end of file