Using this in a Google environment

[mother2110]

Feature Description

I have a client that is using GSuite Gmail and all phishing campaigns get flagged as "This message seems dangerous". I know this is a good thing but the client wants to train employees. Is there any setting in KP that can bypass this?

Alternatives Solutions

I am also trying to look into allowing my campaign through GSuite as well.

Example Use Case

[wolfthefallen]

Getting past email filter is getting harder and harder every day it seems. I personally target gmail accounts when creating my phishing campaigns as they have one of the roughest ones to get the email to inbox.

There are a couple of plugins that have been designed to help lower the spam score of emails being sent. These plugins can be installed through the plugin manager from inside the client.
The first plugin is message padding. This will add random text in the plain text part of the email to pad it out.
Alternatively the second option, which I tend to use more often, is the message plain text which will strip out the html from your phish to create the plain text version. This causes both parts to match up closely as possible, thus lowering the spam score.

I also highly recommend reading this warroom blog about spam evasion
.

Other then that it is just trial and error to get your phish through your targets filter, which is beyond the scope of the Phishing Framework, and up to the creativity, passion and drive of the user.

[mother2110]

Thanks wolfthefallen

It looks like message padding and message plaintext is no longer compatible with the newest version of KP. I will check out warrooms blog.

[wolfthefallen]

For the two Plugins you are probably missing a required package. If you hover over the compatbility label it will give you a pop over stating what you are missing

once you identify the missing package from the king-phisher folder use the pipenv install command to install the missing package. Or you can use the dev branch which will auto install missing packages for you.
/opt/king-phisher> pipenv install <package name>

[mother2110]

Appreciate it.

[mother2110]

So I installed the packages (bs4 and markovify) rebooted but still shows no.

[zeroSteiner]

Yeah @wolfthefallen that shouldn't be necessary any more. The latest version of King Phisher will install missing dependencies for you automatically when you try to install the plugin. If that's not working we'd need to see the debug logs to figure out why.

[mother2110]

Where do I get the debug files from?

[zeroSteiner]

https://github.com/securestate/king-phisher/wiki/Frequently-Asked-Questions#how-do-i-generate-verbose-logging-output

[mother2110]

What is the other way to install dependency other that pipenv?

[mother2110]

[mother2110]

Ya I cannot get the required package installed. Debug is not showing anything that I can see. I tried "pipenv install markovify" and "pip install markovify". As well as bs4.

[wolfthefallen]

can you please provide the output of the verbose log inside of three ``` at the beginning and end so it keeps its formatting correct.

[mother2110]

root@KingServer:/opt/king-phisher# ./KingPhisherServer -f -L DEBUG server_config.yml
DEBUG    target diretory: /opt/king-phisher
INFO     checking for the pipenv environment
DEBUG    pipenv path: '/usr/local/bin/pipenv'
DEBUG    pipenv Pipfile: /opt/king-phisher/Pipfile
Loading .env environment variables…
DEBUG    king phisher version: 1.13.0-beta3 (rev: 0fb812ed5dfd) python version: 3.5.3
DEBUG    plugin dependency path: /root/.local/lib/king-phisher/python3.5/site-packages
INFO     using default ssl cert file '/etc/letsencrypt/live/company/fullchain.pem'
INFO     listening on 0.0.0.0:80
INFO     listening on 0.0.0.0:443 with ssl
INFO     serving files has been enabled
INFO     initializing database connection with driver postgresql
DEBUG    postgresql-setup was not found
DEBUG    postgresql service is already running via systemctl
DEBUG    current database schema version: 9 (latest)
DEBUG    connected to postgresql database: king_phisher
INFO     restored 0 valid sessions and skipped 0 expired sessions from the database
DEBUG    use pam service 'sshd' for authentication
DEBUG    forked an authenticating process with pid: 1231
INFO     the job manager has been started
INFO     adding new job with id: db5d3966-3db8-4cf2-b3e0-e0db38c01e46 and callback function: _maintenance
INFO     adding new job with id: 9cdcc9e2-1bcc-4e2f-8d37-fa6087e41143 and callback function: ping_all
DEBUG    web socket manager worker running in tid: 0x7fbd8ffe5700
DEBUG    initialized the table api dataset (schema version: 8)
INFO     including 4 custom http headers
INFO     server running in process: 1197 main tid: 0x7fbd9af2e700
INFO     dropped privileges to the nobody account
DEBUG    executing job with id: db5d3966-3db8-4cf2-b3e0-e0db38c01e46 and callback function: _maintenance
DEBUG    running periodic maintenance tasks
DEBUG    executing job with id: 9cdcc9e2-1bcc-4e2f-8d37-fa6087e41143 and callback function: ping_all
DEBUG    127.0.0.1:35766 tid: 0x7fbd87fff700 running http request handler
DEBUG    calling RPC method rpc_version()
INFO     127.0.0.1 "RPC /version HTTP/1.1" 200 -
DEBUG    127.0.0.1:35768 tid: 0x7fbd87fff700 running http request handler
DEBUG    received request with sequence number 0 and action 'authenticate'
DEBUG    sent request with sequence number 0 and action 'authenticate'
DEBUG    pam returned code: 0 reason: 'Success' for user sysadmin after 0.01 seconds
DEBUG    received response with sequence number 0
INFO     user sysadmin has successfully authenticated
DEBUG    sent response with sequence number 0
INFO     successful login request from 127.0.0.1 for user sysadmin
INFO     127.0.0.1 "RPC /login HTTP/1.1" 200 -
DEBUG    127.0.0.1:35770 tid: 0x7fbd87fff700 running http request handler
INFO     127.0.0.1 "GET /_/ws/events/json HTTP/1.1" 101 -
INFO     web socket has been connected
DEBUG    127.0.0.1:35772 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -
DEBUG    127.0.0.1:35774 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /config/get HTTP/1.1" 200 -
DEBUG    127.0.0.1:35776 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -
DEBUG    127.0.0.1:35778 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -
DEBUG    127.0.0.1:35780 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -
DEBUG    127.0.0.1:35782 tid: 0x7fbd877fe700 running http request handler
DEBUG    calling RPC method rpc_events_subscribe('db-messages', attributes=['id', 'campaign_id'], event_types=['deleted', 'inserted', 'updated'])
INFO     127.0.0.1 "RPC /events/subscribe HTTP/1.1" 200 -
DEBUG    127.0.0.1:35784 tid: 0x7fbd877fe700 running http request handler
DEBUG    calling RPC method rpc_events_subscribe('db-visits', attributes=['id', 'campaign_id'], event_types=['deleted', 'inserted', 'updated'])
INFO     127.0.0.1 "RPC /events/subscribe HTTP/1.1" 200 -
DEBUG    127.0.0.1:35786 tid: 0x7fbd877fe700 running http request handler
DEBUG    calling RPC method rpc_events_subscribe('db-credentials', attributes=['id', 'campaign_id'], event_types=['deleted', 'inserted', 'updated'])
INFO     127.0.0.1 "RPC /events/subscribe HTTP/1.1" 200 -
DEBUG    executing job with id: 9cdcc9e2-1bcc-4e2f-8d37-fa6087e41143 and callback function: ping_all
DEBUG    received message (len: 16 opcode: 0x0a fin: True)
DEBUG    processing pong (opcode: 0x0a) message
DEBUG    127.0.0.1:35788 tid: 0x7fbd877fe700 running http request handler
DEBUG    calling RPC method rpc_version()
INFO     127.0.0.1 "RPC /version HTTP/1.1" 200 -
DEBUG    127.0.0.1:35790 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -
DEBUG    127.0.0.1:35792 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -
DEBUG    127.0.0.1:35794 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -
DEBUG    127.0.0.1:35796 tid: 0x7fbd877fe700 running http request handler
INFO     127.0.0.1 "RPC /graphql HTTP/1.1" 200 -

[wolfthefallen]

Need your verbose logs from your king phisher client ./KingPhisher -L DEBUG with you going through the actions of trying to have the plugin installed through the plugin manager.

[mother2110]

How do you install a plugin in the Plugin Manager? I does not allow me to click on anything marked No.

[wolfthefallen]

Please provide me the first 20 lines of the verbose log out of the client when starting it, this will provide me the version and dependency versions you are currently using.

[mother2110]

[root:/usr/share/king-phisher]# ./KingPhisher -L DEBUG
WARNING  it is not necessary to run the king phisher client as root

(__main__.py:83646): Gtk-WARNING **: 15:41:19.320: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist

WARNING  /usr/lib/python3/dist-packages/matplotlib/cbook/deprecation.py:107: MatplotlibDeprecationWarning: Passing one of 'on', 'true', 'off', 'false' as a boolean is deprecated; use an actual boolean (True/False) instead.
  warnings.warn(message, mplDeprecation, stacklevel=1)

WARNING  /usr/lib/python3/dist-packages/mpl_toolkits/basemap/__init__.py:1704: MatplotlibDeprecationWarning: The axesPatch function was deprecated in version 2.1. Use Axes.patch instead.
  limb = ax.axesPatch

WARNING  /usr/lib/python3/dist-packages/mpl_toolkits/basemap/__init__.py:1707: MatplotlibDeprecationWarning: The axesPatch function was deprecated in version 2.1. Use Axes.patch instead.
  if limb is not ax.axesPatch:

This is all that comes up

[wolfthefallen]

run ./KingPhisher --version and please provide me the out put.. Looks like Kali did something weird again.

[mother2110]

'''
root:/usr/share/king-phisher]# ./KingPhisher --version
WARNING it is not necessary to run the king phisher client as root

(main.py:84397): Gtk-WARNING **: 15:48:31.133: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist

WARNING /usr/lib/python3/dist-packages/matplotlib/cbook/deprecation.py:107: MatplotlibDeprecationWarning: Passing one of 'on', 'true', 'off', 'false' as a boolean is deprecated; use an actual boolean (True/False) instead.
warnings.warn(message, mplDeprecation, stacklevel=1)

WARNING /usr/lib/python3/dist-packages/mpl_toolkits/basemap/init.py:1704: MatplotlibDeprecationWarning: The axesPatch function was deprecated in version 2.1. Use Axes.patch instead.
limb = ax.axesPatch

WARNING /usr/lib/python3/dist-packages/mpl_toolkits/basemap/init.py:1707: MatplotlibDeprecationWarning: The axesPatch function was deprecated in version 2.1. Use Axes.patch instead.
if limb is not ax.axesPatch:

'''

[wolfthefallen]

thank you, I am going to go beat on my Kali image and see if I can recreate this. Please make sure your system is fully up-to-date apt update && apt upgrade

[mother2110]

Yes I have done this.

Should I use a clean Debian install as the client?

[wolfthefallen]

We support all operating systems located at: https://github.com/securestate/king-phisher/wiki/Advanced-Installation#install-script-supported-flavors
I believe the current issue is how Kali has packaged it for the their apt distributions. If you want to use Kali with the issues I am currently seeing, you will have to save off your server_config.yml file (If you are running both the client and the server off of the same machine). Remove King Phisher via apt then follow the simple install process located at: INSTALL.md .. Once installed with this method just move your server_config.yml into the new king-phisher folder (by default with the INSTALL.md method it will be at /opt/king-phisher)

Still it is an issue that you are able to see debugging output or version tag, so I'll still be looking into that particular issue.

[mother2110]

No worries. Thanks

[wolfthefallen]

If you still have King Phisher installed through Kali's apt manager can you please provide the output from apt search king-phisher and grep version_info /usr/share/king-phisher/king_phisher/version.py

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.