In this article, I walk you through the process of setting GoPhish Server on Kasm Workspaces.
GoPhish is an open-source phishing framework that makes it easy to create, run and manage phishing campaigns all from a very nice Web User Interface.
We'll be installing GoPhish inside Kasm Workspaces which is a container streaming platform. Basically, Kasm allows you to deploy and run isolated containers of docker images and access them directly from your web browser. This comes in very handy because we can run GoPhish inside a private, isolated sandbox and access it directly from a web browser. So let's get started.
Installing Kasm Workspaces
You can install Kasm in four simple steps,
Step 1. Download latest version of Kasm
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.13.1.421524.tar.gzStep 2. Extract it
tar -xf kasm_release_1.13.1.421524.tar.gzStep 3. Install it
sudo bash kasm_release/install.shOnce Kasm is done installing, the default credentials will be printed on the terminal. Make a note of them so that you can access your Kasm dashboard. You can change these credentials later.
Now, go to https://127.0.0.1 and you will be able to view the Kasm Workspaces login page. Simply login with your credentials.
Installing GoPhish inside Kasm
There is no pre-built image for GoPhish available for Kasm. Not to worry, we can create it ourselves very easily.
First, I will install Ubuntu Focal as the Operating System to run GoPhish. To do that, go to Workspaces, select "Add from Registry"
From the list of pre-built images, install Ubuntu Focal.
Once it is installed, you can spawn up a session of Ubuntu.
Inside the Ubuntu session, download the pre-compiled GoPhish binary. You can find the latest releases on their GitHub: https://github.com/gophish/gophish/releases
cd /tmp
wget https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zipThen, extract the zip file into a new folder called 'gophish'
mkdir gophish
cd gophish/
mv gophish-v0.12.1-linux-64bit.zip gophish/
unzip gophish-v0.12.1-linux-64bit.zipMake the gophish binary executable
chmod +x ./gophishAnd that's it! You can now simply run GoPhish server
./gophishThe GoPhish server must be up, and you will be able to access your admin dashboard at https://127.0.0.1:3333 from your browser (inside the Ubuntu session)
The default username is 'admin' and the default password is printed on the terminal when you run the GoPhish binary. Simply login with your credentials to access your GoPhish dashboard.
Now that we have GoPhish setup inside a Kasm Workspaces session, we can create a custom image from this session.
Simply, got to "Admin" and then "Sessions". You will find your Ubuntu session here. Click on "Create Image"
This will create a new custom image from the current session which has GoPhish setup.
Since we want to spawn up GoPhish server every time we create a new session of our custom image, we will change the configuration of the image.
Go to "Workspaces" and then find the newly created image, and select "Edit"
Under "Docker Exec Config", paste the following JSON configuration:
{
"first_launch": {
"cmd": "bash -c 'cd /home/kasm-user/gophish && ./gophish' "
}
}This config tells Kasm to execute the command bash -c 'cd /home/kasm-user/gophish && ./gophish' every time a new session of this image is created. The command first changes the directory to the path where the GoPhish binary exists (if your GoPhish binary path is different, change it in the command accordingly) and then runs the binary. Simply save the configuration, and now whenever a new container of the image is spawned up, GoPhish server is automatically spawned up and you will be able to access your admin dashboard at https://127.0.0.1:3333
And that's it! It's that simple to setup GoPhish inside Kasm Workspaces and be able to run phishing campaigns from an isolated, destroyable workspace - just like a hacker!