Skip to main content

Phishing Emails and GeoIP Lookup

Hands-On Lab

 

Photo of

Training Architect

Length

00:30:00

Difficulty

Intermediate

In this hands-on lab, we will create and send a phishing email. The goal is to get the target to click on the link in the email, revealing information about themselves, such as their IP address, browser, and operating system. We will then use the IP address to geolocate the target.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Phishing Emails and GeoIP Lookup

Introduction

In this hands-on lab, we will create and send a phishing email. The goal is to get the target to click on the link in the email, revealing information about themselves, such as their IP address, browser, and operating system. We will then use the IP address to geolocate the target.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.
  4. Become the root user.
    sudo su -

Install and Start the Apache Web Server

  1. Install the Apache web server.
    yum install httpd
  2. Type y at the prompt.
  3. Start the Apache web server.
    systemctl start httpd
  4. Verify that the server is running.
    systemctl status httpd

Find the Target's IP Address

  1. Run the following command:
    ip addr show
  2. Locate the external IP address in the output, and copy it to your clipboard.
  3. Open your web browser, and paste the IP address into the address bar.

Create a Resource in the Root Directory of the Server

  1. Change to the default root directory of the server.
    cd /var/www/html/
  2. Create a new resource.
    touch <RESOURCE_NAME>
  3. Edit the resource file.
    echo "Thank you for the free information" > <RESOURCE_NAME>
  4. Verify that the file is not empty.
    cat <RESOURCE_NAME>
  5. Open your web browser, and navigate to your resource at the following web address:
    <IP_ADDRESS>/<RESOURCE_NAME> 

Create and Send a Phishing Email

  1. Open your email client, and compose a new email.
  2. For the recipient, enter your personal email address.
  3. Give the email any subject line you like.
  4. Add an image to the email as an attachment.
  5. Edit the image link.
  6. Change the web address of the image link to http://<IP_ADDRESS>/<RESOURCE_NAME>.
  7. Click OK.
  8. Click Send.

Monitor the Server for Incoming Client Connections

  1. In your terminal application, open the web server log file.
    tail -f /var/log/httpd/access_log
  2. In your email client, open the phishing email, and click the image attachment.
  3. In your terminal application, view the browser, operating system, and IP address information that was sent to the log file.

Perform a GeoIP Lookup

  1. In the log file, locate the IP address, and copy it to your clipboard.
  2. In your web browser, navigate to the IP address we just copied. You should see a router login page.
  3. In your terminal application, run the following command to get more information about the target's geographic location:
    geoiplookup <IP_ADDRESS>
  4. Consult the manual pages for more information about the GeoIP lookup tool.
    man geoiplookup

Conclusion

Congratulations, you've successfully completed this hands-on lab!