Keyword: The domain name contains an important keyword of the original domain (e.g., zelster.com-management.com).
hypened subdomain: Change the dot for a hyphen of a subdomain (e.g., www-zelster.com).
New TLD: Same domain using a new TLD (e.g., zelster.org)
Homoglyph: It replaces a letter in the domain name with letters that look similar (e.g., zelfser.com).
Transposition: It swaps two letters within the domain name (e.g., zelsetr.com).
Singularization/Pluralization: Adds or removes “s” at the end of the domain name (e.g., zeltsers.com).
Omission: It removes one of the letters from the domain name (e.g., zelser.com).
Repetition: It repeats one of the letters in the domain name (e.g., zeltsser.com).
Replacement: Like homoglyph but less stealthy. It replaces one of the letters in the domain name, perhaps with a letter in proximity of the original letter on the keyboard (e.g, zektser.com).
Subdomained: Introduce a dot inside the domain name (e.g., ze.lster.com).
Insertion: It inserts a letter into the domain name (e.g., zerltser.com).
Missing dot: Append the TLD to the domain name. (e.g., zelstercom.com)
There is a possibility that one of some bits stored or in communication might get automatically flipped due to various factors like solar flares, cosmic rays, or hardware errors.
When this concept is applied to DNS requests, it is possible that the domain received by the DNS server is not the same as the domain initially requested.
For example, a single bit modification in the domain "windows.com" can change it to "windnws.com."
Attackers may take advantage of this by registering multiple bit-flipping domains that are similar to the victim's domain. Their intention is to redirect legitimate users to their own infrastructure.
You can search in https://www.expireddomains.net/ for a expired domain that you could use.
In order to make sure that the expired domain that you are going to buy has already a good SEO you could search how is it categorized in:
In order to discover more valid email addresses or verify the ones you have already discovered you can check if you can brute-force them smtp servers of the victim. Learn how to verify/discover email address here.Moreover, don't forget that if the users use any web portal to access their mails, you can check if it's vulnerable to username brute force, and exploit the vulnerability if possible.
Download and decompress it inside /opt/gophish and execute /opt/gophish/gophish
You will be given a password for the admin user in port 3333 in the output. Therefore, access that port and use those credentials to change the admin password. You may need to tunnel that port to local:
Before this step you should have already bought the domain you are going to use and it must be pointing to the IP of the VPS where you are configuring gophish.
In order to create the gophish service so it can be started automatically and managed a service you can create the file /etc/init.d/gophish with the following content:
bash
#!/bin/bash
# /etc/init.d/gophish
# initialization file for stop/start of gophish application server
#
# chkconfig: - 64 36
# description: stops/starts gophish application server
# processname:gophish
# config:/opt/gophish/config.json
# From https://github.com/gophish/gophish/issues/586
status() {
pid=$(/bin/pidof ${process})
if [["$pid" != ""| "$pid" != "" ]]; then
echo ${processName}' is running...'
else
echo ${processName}' is not running...'
fi
}
case $1 in
start|stop|status) "$1" ;;
esac
Finish configuring the service and checking it doing:
bash
mkdir /var/log/gophish
chmod +x /etc/init.d/gophish
update-rc.d gophish defaults
#Check the service
service gophish start
service gophish status
ss -l | grep "3333\|443"
service gophish stop
The older a domain is the less probable it's going to be caught as spam. Then you should wait as much time as possible (at least 1week) before the phishing assessment. moreover, if you put a page about a reputational sector the reputation obtained will be better.
Note that even if you have to wait a week you can finish configuring everything now.
You can also check your email configuration sending an email to check-auth@verifier.port25.com and reading the response (for this you will need to open port 25 and see the response in the file /var/mail/root if you send the email a as root).
Check that you pass all the tests:
bash
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
You could also send message to a Gmail under your control, and check the email’s headers in your Gmail inbox, dkim=pass should be present in the Authentication-Results header field.
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of contact@example.com designates --- as permitted sender) smtp.mail=contact@example.com;
dkim=pass header.i=@example.com;
Did you know? China has the most hackers in the world after USA.
Did you know?Kevin Mitnick isn't only the No.1; but the richest hacker in the world too.
Did you know?Python is the most popular Programming Language used by hackers.
Did you know? In 1971, John Draper found a way to make free phone calls reported as one of the 1st hack.
Did you know?Yahoo was hacked and it's DB with 3 Billion Records was exposed, it's known as one of the biggest hacks in history.
Did you know? The 1st Virus was made in 1986 by 2 Pakistani Brother's; called the Brain.
Did you know?Facebook was a stolen idea from the Winklevoss brothers by Mark Zuckerberg. Later on they sued him for $65 million Dollars. [Movie: The Social Network]
"Hacking involves a different way of looking at problems that no one's thought of." [Walter O'Brien]
"When solving problems, dig at the roots instead of just hacking at the leaves."[Anthony J. D'Angelo]
“Computer hacking was like a chemical bond holding us all together.” [Rachel Zhang]
“Hacking is like sex, you need breath, in the last step, you feel incredible pleasure and the best time to practice it is at night.”- Amine Essiraj
“Don't Hate me, Hate that Code” ― Vedant Access
“No technology that's connected to the internet is unhackable.” ― Abhijit Naskar
“Time is what determines security. With enough time nothing is unhackable.” ― Aniekee Tochukwu Ezekiel
“Writing code is one of the most peaceful things one can do if the intentions are right.” ― Olawale Daniel
“No night of drinking or drugs or sex could ever compare to a long evening of productive hacking.” ― Lynn Voedisch
“Be a mind hacker and find your natural Self.” ― Bert McCoy
“There Could be something more Dangerous Behind that Firewall `)” ― Vedant Access
“Why should I apologize for being a HACKER? Has anyone ever apologized for turning me into one?” ― Harsh Mohan
“Hacking is a talent. You won't learn it at school. It's like being Messi or C.Ronaldo. If you were born to become a Hacker, it's your destiny. Otherwise, you'll be Hacked.” ― Amine Essiraj
“One of the best things about hacking is the buzz you get when you find your way into some place you're not meant to be.” ― Thalia Kalkipsakis
“If you are a good hacker everybody knows you, But if you are a great hacker nobody knows you.” ― Rishabh Surya
“The quieter you become, the more you are able to hear…” ― Kali Linux
“Most hackers are young because young people tend to be adaptable. As long as you remain adaptable, you can always be a good hacker.” ― Emmanuel Goldstein
“It is not the monsters we should be afraid of; it is the people that don’t recognize the same monsters inside of themselves.” ― Shannon L. Alder
“What hackers do is figure out technology and experiment with it in ways many people never imagined. They also have a strong desire to share this information with others and to explain it to people whose only qualification may be the desire to learn.” ― Emmanuel Goldstein
"I couldn't think as slow as you if I tried." --DJ Qualls in 'The Core'
"Let the hacking begin." --Jesse Eisenberg in 'The Social Network'
"S'all Good, Man."
--BCS
“Tell me and I forget, teach me and I may remember, involve me and I learn.” – Benjamin Franklin
"When it comes to success, there are no shortcuts." --Bo Bennett
"Perfection Is The Enemy Of Perfectly Adequate."
--BCS
"Money Is The Point!"
--BCS
“I’m good at reading people. My secret? I look for the worst in them.” ― Mr. Robot
"I Travel In Worlds You Can't Even Imagine."
--BCS
““I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.”” ― Mr. Robot
"Say Nothing, You Understand? Get A Lawyer!"
--BCS
“I never want to be right about my hacks, but people always find a way to disappoint.” ― Mr. Robot
“Confidence is good. Facts on your side, better.”
--BCS
“A bug is never just a mistake. It represents something bigger. An error of thinking that makes you who you are.” ― Elliot
"No crime is complete without the cover-up." --BCS
“Never trust a tech guy with a rat tail—too easy to carve secrets out of him.” ― Mr. Robot
“I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.” ― Mr. Robot
“Cracking:- Where the LAW starts from.” ― Mr. Thanos
“Facts are facts.”
--BCS
“Spamming:- Where we use the LAW.” ― Mr. Thanos
“Sometimes the good guys win.”
--BCS
“Carding:- Where we create chaos using the LAW.” ― Mr. Thanos
“I’m not good at building shit, you know? I’m excellent at tearing it down.”
--BCS
“Money is not beside the point… Money is the point.”
--BCS
“Hacking:- Where there is no LAW.” ― Mr. Thanos
“Whoa, whoa. Hold up. What the hell happened to you? I get it, the first rule of Fight Club, right?”
--BCS
“Alert:- Please use RDP or Sandboxie before using any tools”
“A good magician never reveals his secrets.”
--BCS
“Got to look successful to be successful.”
--BCS
“The lesson is, if you’re gonna be a criminal, do your homework.”
— Mike Erhmantraut (BCS)
“If I had to do it all over again, I would maybe do some things differently. I just thought you should know that.”
--BCS
“Some men aren't looking for anything logical. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn.”
--BATMAN: THE DARK KNIGHT
"Ernest Hemingway once wrote, "The world is a fine place and worth fighting for." I agree with the second part."
--Seven
“There’s no better way to destroy someone’s life than to uncover their secrets.”
“Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.”
― Kevin Mitnick
“Hackers often describe what they do as playfully creative problem-solving.”
― Heather Brooke
“Computer hackers do not need to know each other’s real names, or even live on the same continent, to steal millions in mere hours."
-- Robert Mueller
“While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.”
― Dorothy Denning
“Very smart people are often tricked by hackers, by phishing. I don’t exclude myself from that. It’s about being smarter than a hacker. Not about being smart.”
― Harper Reed
“At the end of the day, my goal was to be the best hacker.”
– Kevin Mitnick
“Humiliation is the favorite currency of the hacker.”
— Sherlock Holmes
“The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.”
— Clifford Stoll
"Rules. Without Them We Live With The Animals.”
--John Wick
“Consider This A Professional Courtesy.”
--John Wick
"I've Lived My Life My Way, And I'll Die My Way."
--John Wick
"You stabbed the devil in the back, and forced him back into the life that he had just left."
--John Wick
"You Want A War, Or Do You Want To Just Give Me A Gun?"
--John Wick
"Leave one wolf alive and the sheep are never safe."
--GOT
"When you play the game of thrones, you win or you die. There is no middle ground."
--GOT
"It's not easy to see something that’s never been before: A good world."
--GOT
"I believe in second chances. I don't believe in third chances."
--GOT
"If you only trust the people you grew up with, you won't make many allies."
--GOT
"A man with no motive is a man no one suspects. Always keep your foes confused: If they don't know who you are, what you want—they can't know what you plan to do next."
--GOT
"Never forget what you are, the rest of the world will not. Wear it like armor and it can never be used to hurt you."
--GOT
"I try to know as many people as I can. You never know which one you'll need."
--GOT
"It's hard to put a leash on a dog once you've put a crown on its head."
--GOT
“Everything before the word ‘but’ is horseshit.”
--GOT
“A lion doesn’t concern himself with the opinions of a sheep.”
--GOT
“Nothing FUCKS you harder than time.”
--GOT
“You pray for rain, you gotta deal with the mud too. That’s a part of it.”
--Denzel Washington.
“I’d be more frightened by not using whatever abilities I’d been given.”
--Denzel Washington.
“Luck is where opportunity meets preparation.”
--Denzel Washington.
“If you have an enemy, then learn and know your enemy, don’t just be mad at him or her.”
--Denzel Washington.
“Every failed experiment is one step closer to success.”
--Denzel Washington.
When you work on a computer your hands travel 20 kilometres a day!
Fugaku supercomputer is the world’s fastest computer. The $1-billion supercomputer has 7,630,848 cores, requires 29,899 kilowatts of electricity, and can execute 442,010 teraFLOPs.
“Every day, about 317 million new viruses are discovered.
“Microsoft’s founder, the infamous Bill Gates, was actually a college dropout."
Did you know?
“On average, a human blinks 20 times per minute, but using a computer reduces it to 7."
Did you know?
“The most common password for a computer and social media platforms is 123456."
Did you know?
“There are eight varieties of computers: mainframe, supercomputer, workstation, personal computer, Apple Macintosh, laptop, tablet, and smartphone."
Did you know?
“Linux leads the industry as it is used by Google, Facebook, Twitter, and Amazon."
Did you know?
“NASA computers were hijacked by a 15-year-old, resulting in a 21-day halt."
Did you know?
“You may heat a room with Gaming PCs more effectively than a heater."
Did you know?
“Physical money accounts for just around 10% of global cash, while the rest is stored on computers."
Did you know?
“YouTube actually started as a dating website." (Oh crap xD)
Did you know?
“Before they could progress as stable brands, Microsoft, HP, and Apple began manufacturing computers in their Garages."
Did you know?
“For every 12 million email spams, only one gets a reply."
Did you know?
“Banks and other corporate giants hire white hats or “good hackers” to help fix security issues and prevent system infiltration."
Did you know?
“If Earth stopped rotating for 1 second, everyone would die."
Did you know?
“If someone made a sound of 1100db or larger a black hole would form sucking in our whole solar system."
“People shouldn't be afraid of their government. Governments should be afraid of their people.”
--V for Vendetta
“Behind this mask there is more than just flesh. Beneath this mask there is an idea... and ideas are bulletproof.”
--V for Vendetta
“You wear a mask for so long, you forget who you were beneath it.”
--V for Vendetta
“Never underestimate the determination of a kid who is time-rich and cash-poor.”
― Cory Doctorow
"Tell me and I forget, teach me and I may remember, involve me and I learn.” – Benjamin Franklin"
