create_a_phishing_campaign_with_a_word_macro
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
create_a_phishing_campaign_with_a_word_macro [2017/12/18 18:21] – [Macro Template For Mac] lucy | create_a_phishing_campaign_with_a_word_macro [2019/08/07 14:37] – lucy | ||
---|---|---|---|
Line 9: | Line 9: | ||
* **Macro Simulation " | * **Macro Simulation " | ||
- | * **Macro Simulation "POST ONLY": | + | * **Macro Simulation "POST ONLY": |
+ | * **Macro Simulation "GET ONLY": | ||
+ | |||
+ | Please note, that those are only two samples. **You can create your own template**. Please check the tutorial at the bottom of this page. | ||
Line 16: | Line 19: | ||
After the login, you can create your first phishing campaign by pressing the button “**New**”.\\ | After the login, you can create your first phishing campaign by pressing the button “**New**”.\\ | ||
\\ | \\ | ||
- | {{ 14.jpg?direct&600 }}\\ | + | {{:macro_1.png?600|}}\\ |
\\ | \\ | ||
+ | |||
+ | We recommend using the Setup Wizard when used for the first time. | ||
+ | |||
+ | {{: | ||
===== STEP 2 - Select or Create a Client ===== | ===== STEP 2 - Select or Create a Client ===== | ||
- | Create a client or choose the built in client (a client can be your own organization or the company who asked you to perform a phishing test). This is important because you can also create [[user_management|view only accounts]] which are associated with those clients. | + | Create a client or choose the built in the client (a client can be your own organization or the company who asked you to perform a phishing test). This is important because you can also create [[user_management|view only accounts]] which are associated with those clients. |
- | {{ 16.jpg?direct&600 }} | + | {{:macro_2.png?600|}} |
- | New clients can be created under " | + | New clients can be created under settings>clients.\\ |
- | {{ 17.jpg?direct&600 }} | + | {{:macrot_3.png?600|}} |
\\ | \\ | ||
\\ | \\ | ||
===== STEP 3 - Choose Your Configuration Mode ===== | ===== STEP 3 - Choose Your Configuration Mode ===== | ||
- | You may either continue with the **Expert Setup**, the **Setup Wizard** or a **Start with predefined campaign Template ** (called sample campaign in LUCY < 3.0) configuration. We recommend using the Setup Wizard when used for the first time. Another optional is to set a [[benchmark|Benchmark]] for a campaign. \\ | + | You may either continue with the **Expert Setup** or a **Start with predefined campaign Template ** configuration. \\ |
- | {{ 15.jpg?direct&600 }}\\ | + | {{:macro_4.png?600|}}\\ |
- | Sometimes a remote Firewall, Spam filter or Virus Filter might automatically scan all the URL's within a link. As a result you end up with false positives and LUCY will show all link clicked (success). To avoid such automatic link requests by some 3rd party application you can enable the antivirus/ | + | Sometimes a remote Firewall, Spam filter or Virus Filter might automatically scan all the URL's within a link. As a result, you end up with false positives and LUCY will show all link clicked (success). To avoid such automatic link requests by some 3rd party application you can enable the antivirus/ |
- | {{ ignorefw1.png?600 }} | + | {{:macro_5.png?600|}} |
\\ | \\ | ||
Line 45: | Line 52: | ||
===== STEP 4 - Select a Phishing Template that supports Macro' | ===== STEP 4 - Select a Phishing Template that supports Macro' | ||
- | Now you need to select one or multiple phishing scenarios that supports | + | Now you need to select one or multiple phishing scenarios that support |
* File Based Templates | * File Based Templates | ||
Line 53: | Line 60: | ||
Most templates will enable you to place the Macro on a landing page from where it can be downloaded. If you only want to send the file as a mail attachment without involving a landing page you can choose the file based scenario " | Most templates will enable you to place the Macro on a landing page from where it can be downloaded. If you only want to send the file as a mail attachment without involving a landing page you can choose the file based scenario " | ||
- | {{ macro_mail.png?600 }} | + | {{:macro_17.png?600|}} |
- | This is an email only template that will send the users an email with a Word document file attachment that contains a macro. The macro has the ability to execute a list of harmless commands (e.g. " | + | This is an email only template that will send the users an email with a Word document file attachment that contains a macro. The macro has the ability to execute a list of harmless commands (e.g. " |
- | {{ 65754.png?600 }} | + | {{:macro_6.png?600|}} |
Line 63: | Line 70: | ||
\\ | \\ | ||
- | {{ macro_mixed.png? | + | \\ |
- | **Note:** If you attach | + | **Note:** If you attach |
\\ | \\ | ||
===== STEP 6 - Configure the Base Settings of Your Campaign ===== | ===== STEP 6 - Configure the Base Settings of Your Campaign ===== | ||
- | Once you have selected the scenario, you need to configure the **Base Settings** of the campaign. First give your campaign a name and then choose how your recipients will be able to access LUCY by defining the [[domain_configuration|Domain]]. Finding the appropriate domain name is a very important step for the success and it depends very much on your campaign scenario. If you plan to create a fake web mail login you might try to reserve a domain like " | + | Once you have selected the scenario, you need to configure the **Base Settings** of the campaign. First, give your campaign a name and then choose how your recipients will be able to access LUCY by defining the [[domain_configuration|Domain]]. Finding the appropriate domain name is a very important step for the success and it depends very much on your campaign scenario. If you plan to create a fake web mail login you might try to reserve a domain like " |
- | + | {{:macro_18.png?600|}}\\ | |
- | {{ 24.jpg?direct&600 }}\\ | + | |
\\ | \\ | ||
**Note**: Each scenario has its own Base Settings. | **Note**: Each scenario has its own Base Settings. | ||
Line 81: | Line 87: | ||
There a few **Optional Settings** that you can apply within the Base Settings. Lucy comes with certain Default Settings. You can change these setting as you like. The settings are: | There a few **Optional Settings** that you can apply within the Base Settings. Lucy comes with certain Default Settings. You can change these setting as you like. The settings are: | ||
- | | + | * **Track Opened Emails**: Inserts an invisible image into outgoing emails to track if users opened the message. Use this feature carefully, as some email servers may put such emails into the spam folder. |
- | * **Use SSL**: If you decide to use SSL for the campaign (either generate a certificate or import a trusted certificate) you can do this via the [[ssl_configuration|SSL Wizard]]. | + | * **Disable Landing**: Check to disable landing page for this scenario. |
- | * **Anonymous Mode**: Use this mode to hide all " | + | * **Send Link to Awareness Website Automatically**: |
- | * **Success Action**: Defines what LUCY considers as an successful attack. There are [[success_actions|four options]]. | + | * **Advanced |
- | | + | * **Success Action**: Defines what LUCY considers as a successful attack. There are [[success_actions|four options]]. |
- | * **Send Link to Awareness Website Automatically**: | + | |
- | * **BeEF Information Gathering** : Check this option to enable information gathering | + | |
* **Collect Data**: Choose " | * **Collect Data**: Choose " | ||
- | * **Double Barrel Attack**: When using Double Barrel Attack, the system first sends a " | + | * **Double Barrel Attack**: When using Double Barrel Attack, the system first sends a " |
- | * **Login Regexp**: Another option is to define some login filters to only catch valid logins (you could define | + | * **URL Shortener**: When you place the %link% variable within |
* **Redirect URL**: This is used for [[create_a_phishing_campaign_with_only_a_hyperlink_in_mail_no_landing_page|hyperlink based scenarios]] or within a landing page to redirect to an awareness page. | * **Redirect URL**: This is used for [[create_a_phishing_campaign_with_only_a_hyperlink_in_mail_no_landing_page|hyperlink based scenarios]] or within a landing page to redirect to an awareness page. | ||
- | * **Compress Executable**: This setting is irrelevant for a Macro Based Campaign as a word file is not an executable. | + | * **File Type**: In this drop-down list you can select the type of file that will be attached to the email. |
===== STEP 8 - Edit your Landing Web Page within Your Campaign ===== | ===== STEP 8 - Edit your Landing Web Page within Your Campaign ===== | ||
- | After saving the Base Settings, you can now [[Edit_Landing_Page|Edit the Landing Page]], [[Upload_Your_Web_Page|Upload Your Own Webpage]] or simply [[copy_web_page|copy any website on the internet]]. The Landing Page is the webpage that the users will see when they click on the link in the email they receive. First select the drop-down menu at the top the page where you want to edit. Please note that the same landing page may be available in different languages. So make sure you [[dealing_with_multiple_languages_in_your_recipient_group|edit the correct language]]. | + | After saving the Base Settings, you can now [[Edit_Landing_Page|Edit the Landing Page]], [[Upload_Your_Web_Page|Upload Your Own Webpage]] or simply [[copy_web_page|copy any website on the internet]]. The Landing Page is the webpage that the users will see when they click on the link in the email they receive. First, select the drop-down menu at the top the page where you want to edit. Please note that the same landing page may be available in different languages. So make sure you [[dealing_with_multiple_languages_in_your_recipient_group|edit the correct language]]. |
- | As we want to include a download to a Macro we need to make sure the Macro is selected at the bottom of the configuration page. This drop down menu will tell LUCY what malware simulation should be attached to the download bottom on this page: | + | As we want to include a download to a Macro we need to make sure the Macro is selected at the bottom of the configuration page. This drop-down menu will tell LUCY what malware simulation should be attached to the download bottom on this page: |
- | {{ macro_mixed2.png?600 }} | + | {{:macro_8.png?600|}} |
If you save the landing page with the settings displayed in the screenshot above LUCY will create a Word file for each user which can be downloaded from the phishing simulation. | If you save the landing page with the settings displayed in the screenshot above LUCY will create a Word file for each user which can be downloaded from the phishing simulation. | ||
Line 109: | Line 113: | ||
It’s time to setup email communication (if you want you can also use [[smishing|SMS]] as an alternative). Choose your sender' | It’s time to setup email communication (if you want you can also use [[smishing|SMS]] as an alternative). Choose your sender' | ||
- | {{ 42.jpg?direct&600 }} | + | {{:macro_9.png?600|}} |
**Note**: The most common reason for emails not arriving at your Recipient' | **Note**: The most common reason for emails not arriving at your Recipient' | ||
Line 118: | Line 122: | ||
You need to create the Recipients List in the Menu item " | You need to create the Recipients List in the Menu item " | ||
- | {{ 47.jpg?direct&600 }} | + | {{:macro_10.png?600|}} |
This is the list of users that will get the phishing emails. You can add them manually, import a file with all your recipients or even search them on the internet. Once you have created that group, you can select it in your campaign and map them to a specific scenario. You can also define if they should be used only for the Landing Page link, the [[Awareness_E-learning_settings|Awareness site link (e-learning)]] or both. | This is the list of users that will get the phishing emails. You can add them manually, import a file with all your recipients or even search them on the internet. Once you have created that group, you can select it in your campaign and map them to a specific scenario. You can also define if they should be used only for the Landing Page link, the [[Awareness_E-learning_settings|Awareness site link (e-learning)]] or both. | ||
- | {{ 49.jpg?direct&600 }} | + | {{:macro_11.png?600|}} |
Please read the [[Add_Mail_Recipients|Recipients Settings Chapter]] for more configuration options. | Please read the [[Add_Mail_Recipients|Recipients Settings Chapter]] for more configuration options. | ||
Line 134: | Line 138: | ||
===== Step 12 - Add E-learning Content to Your Campaign ===== | ===== Step 12 - Add E-learning Content to Your Campaign ===== | ||
- | There is the option to have LUCY automatically send some e-learning content to all users or only users who have failed the phishing test. This configuration setting is part of an [[Awareness_E-learning_Settings|Separate Chapter (E-learning).]] If you want the users to get an e-mail with a link to the awareness content, you need make sure that in "STEP 7 - Configure Basic Settings" | + | There is the option to have LUCY automatically send some e-learning content to all users or only users who have failed the phishing test. This configuration setting is part of an [[Awareness_E-learning_Settings|Separate Chapter (E-learning).]] If you want the users to get an e-mail with a link to the awareness content, you need to make sure that in "STEP 7 - Configure Basic Settings" |
Line 141: | Line 145: | ||
Now you are ready to start. Although we recommend performing a test run with a single recipient before you start attacking all users, additionally it is a good idea to use the [[Spam_Check|LUCY SPAM Checker]]. Just click “Real Attack” and LUCY will test your settings before starting the campaign. If you want to skip the checks, press "Skip Checks" | Now you are ready to start. Although we recommend performing a test run with a single recipient before you start attacking all users, additionally it is a good idea to use the [[Spam_Check|LUCY SPAM Checker]]. Just click “Real Attack” and LUCY will test your settings before starting the campaign. If you want to skip the checks, press "Skip Checks" | ||
- | {{ 59.jpg?direct&600 }} | + | {{:macro_12.png?600|}} |
Line 148: | Line 152: | ||
The progress of the campaign can always be monitored in Real-Time. Click " | The progress of the campaign can always be monitored in Real-Time. Click " | ||
- | {{ 63.jpg?600 }} | + | {{:macro_13.png?600|}} |
- | You will be able to track if the macro has been activated if you enabled the [[success_actions|success action]] as "file data receive" | + | You will be able to track if the macro has been activated if you enabled the [[success_actions|success action]] as "file data receive" |
===== Step 15 - Create Reports ===== | ===== Step 15 - Create Reports ===== | ||
Line 156: | Line 160: | ||
Once you have finished the campaign, you may create different types of reports (PDF, HTML or raw export). Please read the [[Create_Campaign_Reports|Creating Reports Chapter]] for more configuration options. | Once you have finished the campaign, you may create different types of reports (PDF, HTML or raw export). Please read the [[Create_Campaign_Reports|Creating Reports Chapter]] for more configuration options. | ||
- | {{ 69.jpg?600 }} | + | {{:macro_14.png?600|}} |
===== Create Custom Macro templates===== | ===== Create Custom Macro templates===== | ||
- | You can create your own file based macro templates using any MS office file (ppt, doc, xls...): | + | You can create your own template in two ways: |
+ | |||
+ | - based on a copy of an existing template | ||
+ | - create a new template from scratch | ||
+ | |||
+ | **Example: create a copy of an existing template** | ||
+ | Let's say you want to create a new macro template based on the existing template " | ||
+ | * Step 1: Select the template " | ||
+ | * Step 2: Press the copy button | ||
+ | * Step 3: Download the " | ||
+ | * Step 4: Edit the Word File, without enabling the Macro and save it under your new name " | ||
+ | * Step 5: Delete the existing | ||
+ | * Step 6: Upload your new file " | ||
+ | |||
+ | |||
+ | **Example: create a new template from scratch** | ||
+ | You can create your own file-based macro templates using any MS office file (ppt, doc, xls...): | ||
- | * 1) create a VB macro with main function named AutoOpen | + | * 1) create a VB macro with the main function named AutoOpen |
* 2) use all variables you will pass from lucy in this form - " | * 2) use all variables you will pass from lucy in this form - " | ||
* 3) use %lucy_url% as Lucy URL | * 3) use %lucy_url% as Lucy URL | ||
* 4) use variables in macro only after you process them with " | * 4) use variables in macro only after you process them with " | ||
- | * 5) open word, excel or powerpoint document, go to developer tab and hit "Edit Macro" | + | * 5) open word, excel or powerpoint document, go to the developer tab and hit "Edit Macro" |
* 6) there choose " | * 6) there choose " | ||
* 7) paste your macro code, save the document and quit | * 7) paste your macro code, save the document and quit | ||
Line 177: | Line 197: | ||
===== Macro Template for Mac ===== | ===== Macro Template for Mac ===== | ||
- | Existing Macro Templates are more focused on Windows systems. If you want to attack Mac OS system, please use {{ : | + | Existing Macro Templates are more focused on Windows systems. If you want to attack |
create_a_phishing_campaign_with_a_word_macro.txt · Last modified: 2020/08/19 16:31 by lucy