1.) From within a project, click the Campaigns tab.
2.) Click the Configure a Campaign tab.
4.) For the setup option, choose Custom Campaign.
5.) Click the Add e-mail, web page, portable file button.
6.) Click the Web Page button.
7.) When the e-mail configuration window appears, enter the URL that you want the web page to use in the Path field. By default, Metasploit Pro uses the IP address of the Metasploit instance for the web page’s domain; however, you can change this when you configure the settings for the web server.
8.) In the Component name field, enter a name for the web page component. This is the name that displays for the component on the campaign configuration page.
9.)
10.)
11.) From the Choose a file dropdown, select the malicious file that you want to attach to the e-mail. Please remember that you must upload the malicious file before you can access it through a campaign component. If the file that you want to use has not been uploaded, you can choose the Upload a new file option to upload the file that you want to use.
12.) Click the Next button to create the web page content.
13.) After you create the web page content, click the Save button to close the web page configuration window.
14.) From the campaign configuration page, click the Web Server button.
15.) When the web server configuration window appears, select the host name that you want to use to host the web page.
16.) In the Listening Port field, enter a port that is commonly used for HTTP traffic, such as ports 80 or 8080.
17.) Click the Save button to save your changes and to close the web server configuration window.
18.) Now that you are back on the campaign configuration page, you need to create an e-mail to deliver the web page URL to the human targets.
19.) From the Campaign Components area, click the Add e-mail, web page, portable file button.
20.) Click the E-mail button.
21.) When the e-mail configuration window appears, enter a name for the e-mail component in the Component name field. This is the name that displays for the component on the campaign configuration page.
22.) In the Subject field, enter a subject for the e-mail.
23.) In the From address field, enter the e-mail address that the campaign is trying to spoof.
24.) In the From name field, enter the name of the person that the spoofed e-mail should appear to be from.
25.) From the Choose a Target List dropdown, select the target list that you want to send the e-mail to.
26.)
27.) Click the Next button to create the e-mail body.
28.) After you create the e-mail body, click the Save button to close the e-mail configuration window.
29.) From the campaign configuration page, click the E-mail Server button.
If you have a global SMTP server set up, you can click the Save button to validate and save the server settings.
If you do not have a global SMTP server configured, you will need to provide the SMTP settings for your mail server. After you define the SMTP settings, you can click Save to validate the server settings and to close the e-mail server configuration window.
30.) When the campaign configuration page appears, click the Save button to save the campaign or click the Launch Campaign button to start the campaign.
![]() |