Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Landing Goes to Debian Default Page #1343

Closed
themav54 opened this issue Jan 14, 2019 · 13 comments
Closed

Landing Goes to Debian Default Page #1343

themav54 opened this issue Jan 14, 2019 · 13 comments
Labels
support

Comments

@themav54
Copy link

Thanks for reaching out! We're happy to help resolve issues as quickly as possible.

Please use this template when creating a new issue. If you do not follow this template format, your issue may be closed without comment.

Before filing a new issue, please use the search bar at the top of the browser to search for similar issues. Also, please make sure you have read our documentation, which covers how to use Gophish.

What version of Gophish are you using?: 0.7.1

Brief description of the issue: I am running GoPhish on Debian. When I create my campaign, I enter the IP address of the computer as url address. This setup is only going to be used on an internal network. When I get the email in my inbox and click on the links. I am directed to a Apache2 Debian Default Page - Similiar to an IIS default page.

I am not an expert in linux so I am hoping that this is just a simple thing that I have overlooked.

What are you expecting to see happen? : I am expecting to go to the landing page I created.

What are you seeing happen? I am going to the Debian Default page.

If this question is related to email templates or landing pages not working as expected, please provide your template or landing page below:

<head></head><body>Hello World!</body>

Please provide any terminal output that may be relevant below:

ime="2019-01-14T15:31:46-05:00" level=info msg="127.0.0.1 - - [14/Jan/2019:15:31:46 -0500] "GET /js/src/vendor/ckeditor/lang/en.js?t=F0RD HTTP/2.0" 200 3990 "https://localhost:3333/landing_pages\" "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0""
time="2019-01-14T15:31:46-05:00" level=info msg="127.0.0.1 - - [14/Jan/2019:15:31:46 -0500] "GET /js/src/vendor/ckeditor/skins/bootstrapck/editor_gecko.css?t=F0RD HTTP/2.0" 200 3888 "https://localhost:3333/landing_pages\" "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0""

Insert output here


Please provide as many steps as you can to reproduce the problem:

{
	"admin_server": {
		"listen_url": "127.0.0.1:3333",
		"use_tls": true,
		"cert_path": "gophish_admin.crt",
		"key_path": "gophish_admin.key"
	},
	"phish_server": {
		"listen_url": "0.0.0.0:80",
		"use_tls": false,
		"cert_path": "example.crt",
		"key_path": "example.key"
	},
	"db_name": "sqlite3",
	"db_path": "gophish.db",
	"migrations_prefix": "db/db_",
	"contact_address": "",
	"logging": {
		"filename": ""
	}
}
 * Step 1 - When I create the campaign, I enter the internal IP address of the GoPhish box as the url.
@S0larflare
Copy link
Collaborator

That's odd...

When you get your Debian apache page, what is the url? Is it http or https? Is it on port 80 or a different one? What is the email you are sending?

@themav54
Copy link
Author

themav54 commented Jan 15, 2019 via email

@S0larflare
Copy link
Collaborator

I can't see that image I'm afraid?

@themav54
Copy link
Author

My apologies - here is the screenshot:

debian

@S0larflare
Copy link
Collaborator

If you stop and start gophish, could you post the output of the console? I can only imagine that the apache server is running on port 80 and gophish tries to bind the port, fails but for some reason doesn't panic and shut down?

@themav54
Copy link
Author

Hi There,
Here is contents of the output:

root@debian-phishtest:~/go/src/github.com/gophish/gophish# ./gophish
time="2019-01-16T15:10:44-05:00" level=warning msg="No contact address has been configured."
time="2019-01-16T15:10:44-05:00" level=warning msg="Please consider adding a contact_address entry in your config.json"
goose: no migrations to run. current version: 20180830215615
time="2019-01-16T15:10:44-05:00" level=info msg="Starting phishing server at http://0.0.0.0:80"
time="2019-01-16T15:10:44-05:00" level=info msg="Starting admin server at https://127.0.0.1:3333"
time="2019-01-16T15:10:44-05:00" level=info msg="Background Worker Started Successfully - Waiting for Campaigns"

@S0larflare
Copy link
Collaborator

If you do:

netstat -tulpn

Does it show as gophish, or apache that is bound to port 80?

@themav54
Copy link
Author

Looks like it is bound to Apache for some reason:

root@debian-phishtest:~# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 382/cupsd
tcp 0 0 127.0.0.1:3333 0.0.0.0:* LISTEN 864/./gophish
tcp6 0 0 :::80 ::: LISTEN 451/apache2*
tcp6 0 0 ::1:631 :::* LISTEN 382/cupsd
udp 0 0 0.0.0.0:58682 0.0.0.0:* 370/avahi-daemon: r
udp 0 0 0.0.0.0:631 0.0.0.0:* 383/cups-browsed
udp 0 0 0.0.0.0:68 0.0.0.0:* 525/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 370/avahi-daemon: r
udp6 0 0 :::59015 :::* 370/avahi-daemon: r
udp6 0 0 :::5353 :::* 370/avahi-daemon: r

@S0larflare
Copy link
Collaborator

S0larflare commented Jan 16, 2019 via email

@jordan-wright
Copy link
Collaborator

Hi everyone,

Sorry for jumping into this late. @S0larflare is spot on with everything (as always!). You'll need to stop Apache so that Gophish can bind to port 80. It's on the "TODO" to make Gophish not start up if it has trouble binding to the port. It's a bit more involved than it seems, but it's something I'll get fixed 😄

Since we've identified the problem, I'm going to go ahead and close this one out. @themav54, if this doesn't fix the issue for you let us know and I'll re-open the issue so we can continue troubleshooting.

Thanks for getting in touch!

@gbergeson
Copy link

gbergeson commented Sep 6, 2019
edited
Loading

I had the same issue and the above fix doesn't work. After I stop the apache service, gophish still won't bind to port 80 on restart. The admin server works fantastically but accessing the phishing server from either Chrome or Firefox results in a "connection reset" message. Also, occasionally, trying to access the phishing server will result in this error message on the gophish side:
image

Here's the relevant part of my config file:
image

Here's the output from gophish starting up:
image

And here's the output from netstat -tulpn:
image

[Edit] Gophish does bind to port 8080 if I use it for the phishing server, but navigating to that URL gives me an "invalid response" error on Google.

[Another edit] 8080 does work if I submit the proper rid parameter, but still no luck on port 80.

@jordan-wright
Copy link
Collaborator

jordan-wright commented Sep 7, 2019 via email

@gbergeson
Copy link

It's probably a permissions issue. I believe I tried before with 0.0.0.0 and it didn't work. But mostly, I think it's permissions because it does bind to port 8080. Thanks for your quick response!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jordan-wright @S0larflare @gbergeson @themav54