Fork: 0
0xRoM / GoSMS
Browse code
Initial commit
master
1 parent c4d4483 commit 2354a3e03792489d308d76fa745c8dcc7e69fdea
root authored on 18 May 2019
Patch
Unified Split
Showing 4 changed files
View
114
README.md
GoSMS
<u>GoSMS</u>
===============
 
SMSishing implementation using GoPhish
SMSishing implementation using GoPhish and Trilio SMS gateway
 
<u>Usage</u>
===============
replace email addresses with [mobile no]@gophish.sms where mobile number stats with country code prefix e.g. +44 = UK
 
SMS should contain less than 1600 characters otherwise will be split into multiple SMS's
 
Email template should be plaintext only, not HTML (this should be obvious)
 
non-MMS so dont use tracking image {{.Tracker}} or HTML contents
 
Email Opened - actually means delivered (Response from Trilio API)
 
<u>Setup</u>
===============
Clone this repo into /opt/GoSMS/
 
#Setup Postfix
 
1) Tell Postfix To Use Our Virtual Alias db and virtual domains in **/etc/postfix/main.cf**:
 
virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp
virtual_alias_domains=/etc/postfix/virtual_domains
 
2) add domain to **/etc/postfix/virtual_domains**
 
echo "gophish.sms" >> /etc/postfix/virtual_domains
 
3) Redirect the email to a local user by adding to **/etc/postfix/virtual_regexp**:
 
/^([^@]*)@gophish.sms$/ apache@localhost
 
4) Update **/etc/aliases** to redirect email addressed to the local user to a script:
 
apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"
 
5) Rebuild Aliases & Restart Postfix
 
sudo newaliases; sudo postfix reload; sudo service postfix restart
 
 
#setup GoSMS
 
1) Set correct variables in config.php (should be self explanitory)
 
2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:
 
2a) Sore in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888
 
2b) run a simple PHP server from the GoSMS directory:
 
php -S 0.0.0.0:8888
 
View
55
SMSResponse.php 0 → 100644
<?php
include('/opt/GoSMS/config.php');
 
if($_REQUEST['SmsStatus'] == "delivered" && isset($_REQUEST['To'])){
$phoneNo = $_REQUEST['To'];
echo "[?] Searching for running campaigns\n";
$curl = new curl();
$curl->url = "$GophishAPIURL/api/campaigns/?api_key=$key";
$list = $curl->curlQuery();
if(isset($list->message) && $list->message == "Invalid API Key"){
echo "[!] Invalid API key\n";
exit(0);
}else{
foreach($list as $id){
if($id['status'] == "In progress"){
echo "[+] Found: ID: ".$id['id']." Name: ".$id['name']."\n";
foreach($id['results'] as $victim){
echo "[?] Searching for victim with $phoneNo\n";
if($victim['email'] == "$phoneNo@gophish.sms"){
echo "[+] Found RID: ".$victim['id']."\n";
echo "[!] Grabbing tracking image\n";
$curl->url = "$PhishURL/track?rid=".$victim['id'];
$list = $curl->curlQuery();
}
}
}
}
}
exit(0);
}
 
class curl {
public function curlQuery() {
$ch = curl_init();
 
curl_setopt($ch, CURLOPT_URL, $this->url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//curl_setopt($ch, CURLOPT_VERBOSE, true); // verbose mode for debugging
 
$json = curl_exec($ch);
 
curl_close($ch);
 
$array = json_decode($json, true);
return $array;
}
}
 
?>
View
SendSMS.php 0 → 100755
View
config.php 0 → 100644