User Tools

Site Tools


LUCY MANUAL Applies to LUCY versions above 4.7


HTML File Attack

File-based attacks allow the LUCY administrator to integrate different file types (office documents with macros, executables, HTML, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate.

In this article, the process of creation of the HTML file-based attack is described.
For the main file-based attack simulation explanation please refer to this article.

Initial Preparation

In order to be able to configure this type of attack, please make sure to download the required template from this section:
Settings > Templates > Download Templates.

Use the filter to show only Attachment Templates and installed all available.

Attack Setup

To set up the campaign please use Wizard (New Campaign button).
Chose an option "Attack Simulation" and press Next.

On the next screen select "File Attack" and press Next.

Enter the required fields for the campaign configuration. Create a client or choose the built-in client (a client can be your own organization or the company that asked you to perform a phishing test). This is important because you can also create view only accounts which are associated with those clients.

Then you need to select one or multiple phishing scenarios. Since you are going to do a file-based attack you need to pick a scenario either from the "file-based templates" or the "mixed templates".

Once you have selected the scenario, you need to configure the Base Settings of the campaign. First, give your campaign a name and then choose how your recipients will be able to access LUCY by defining the Domain. Finding the appropriate domain name is a very important step for success and it depends very much on your campaign scenario. If you plan to create a fake webmail login you might try to reserve a domain like "" and point it to LUCY.

Once you reach the 6th stage of configuration, there will be a screen of the Malware Simulation options.

For the HTML attack, the File Type should be left default.
Delivery Method can be chosen between "Add as a mail attachment" and "Insert into landing page" options.

And as for the file make sure to select HTML template from the drop-down menu.
Description: This HTML template, when opened, redirects to the scenario phishing website without transferring any data. It is used for a Portable Media Attack (USB) or File Attack campaign.

Finish the campaign configuration by adding the recipient groups.

html_file_attack.txt · Last modified: 2021/09/27 17:32 by lucysecurity