8 months ago the team at SPToolkit had to kill the project due to a lack of sponsors or backing for further development. They still have the code out on Github but their install guides are not live on their website anymore. This inspired me to write a new install guide so that hopefully others will be able to get their own SPToolkit up and running with ease. There are commercial offerings out there that you could spend a lot of money on that do very similar things that this tool does for free. Let’s go phishing! These are the items you will need for this install: SPToolkit - https://github.com/sptoolkit/sptoolkit Turnkey Linux LAMP Stack VM- http://www.turnkeylinux.org/lampstack VMware Player - http://www.vmware.com/products/player/ Here are the steps: 1. I recommend downloading the Turnkey Linux LAMP Stack. It contains everything you need already built to run the SPToolkit. They have a few build options but for this guide I will be using the VMware build. 2. Unzip the archive after downloading it from turnkeylinux.org/lampstack. 3. If you have previously installed VMPlayer all you need to do is double click the VMX to load the VM. 4. Once it boots up it will ask you to enter a new root password and then re-enter again. 5. Next it will ask to set the MySQL ‘root’ account password and then re-enter again. 6. The next screen asks to initialize hub services. Use the tab key to highlight “Skip” and click enter. 7. Turnkey LAMP will ask if you want to install Security Updates. This is a security blog so you know what the answer should be here. At this point LAMP has been setup and you should be able to SSH into the system. 8. Use a program like WinSCP to SFTP into the device and upload the SPToolkit archive file you downloaded into the /root directory. 9. SSH into the system using the root account and password you created in step 4. 10. unzip sptoolkit-master.zip 11. cd sptoolkit-master 12. mv * /var/www/ 13. apt-get update 14. apt-get upgrade 15. apt-get install php5-ldap php5-curl zip 16. /etc/init.d/apache2 restart 17. chgrp -R www-data /var/www/spt/ & chmod -R 775 /var/www/spt/ 18. Navigate your browser to the https://<the servers IP>:12322 19. Login with the mysql root login you created earlier. 20. Click the Databases tab. 21. Under “Create new database” give your database a name like “spt” and click “Create”. 22. Navigate your browser to the SPT install page using your LAMP box’s IP http://<ip>/spt/install.php 23. Click I Agree 24. All of the checks should show green on the next page. If not, hover over them with your mouse to get some help. 25. If all looks good click Proceed! 26. Fill in the information so SPT can connect to its own MySQL database. All that probably needs to be modified should be the root username you created, root password, and database name “spt”. 27. Click “Continue” and SPT should show you the new tables it has created. 28. Next we will create our first user for SPT 29. After creating this user it will drop you at the standard SPT login screen. Go ahead and login with your new user account. 30. Congratulations! We have successfully set up SPToolkit! Now that we have SPToolkit installed you will want to start your spear-phishing training campaign! In part 2 of this guide I will show you how to use SPToolkit to create phishing messages, as well as custom training materials for those that get phished. |
root@dafthack:~# >