-
Notifications
You must be signed in to change notification settings - Fork 547
Frequently Asked Questions
If a 404 / "Page Not Found" is being shown when a landing page is being viewed
or tested this is most likely due to the server's require_id setting. The
require_id setting is enabled by default and prevents users from
requesting landing pages without a valid id associated with a non-expired
campaign.
This issue can be verified by checking the server log for the message "WARNING
denying request due to lack of a valid id". Users have three options for testing
landing pages when the require_id setting is enabled.
-
Recommended: Users can send themselves a test email utilizing the jinja
HTML reference of
<a href="{{ url.webserver }}">click me</a>to provide yourself and targets an ID to access the page.
- Afterwards the visit can be deleted from the campaign from the client
- Users can check that the page is being served using the "Verify URL" button in the client
- Users can disable the
require_idsetting on the server and restart it
There are no default credentials for King Phisher. The credentials that the client UI prompts for are the credentials to an account on the King Phisher server. This account must have the necessary privileges to use SSH and forward TCP ports. For example, if the King Phisher server is running on Kali, the default credentials would be the same as those of Kali (root / toor). For more information see, the page on Server Authentication.
Both the client and the server will log output to the console when started from the command line with the "-L DEBUG" flag. When starting the server, it is also recommended to specify the "-f" flag to keep the process in the foreground.
If the King Phisher server fails to start with the a stack trace that has FATAL: password authentication failed for user "king_phisher" it is because the PostgreSQL username and password in the configuration file is incorrect. Update the server configuration file to the correct password for the database user and restart the king-phisher service.
To change the password for a PostgreSQL user please refer to the PostgreSQL Documentation.
Then edit the server_config.yml file's database: line to look something similar to.
database: postgresql://username:yourreallylongstrongpasswordhere@localhost/king_phisher
Sample journalctl -u king-phisher failure to start from incorrect database username and password.
python3[xxxx]: File "/usr/local/lib/python3.5/dist-packages/sqlalchemy/engine/default.py", line 385, in connect
python3[xxxx]: return self.dbapi.connect(cargs, *cparams)
python3[xxxx]: File "/usr/local/lib/python3.5/dist-packages/psycopg2/init.py", line 164, in connect
python3[xxxx]: conn = _connect(dsn, connection_factory=connection_factory, async=async)
python3[xxxx]: sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) FATAL: password authentication failed for user "king_phisher"
python3[xxxx]: FATAL: password authentication failed for user "king_phisher"
systemd[1]: king-phisher.service: Daemon never wrote its PID file. Failing.
systemd[1]: Failed to start King Phisher Server.
systemd[1]: king-phisher.service: Unit entered failed state.
systemd[1]: king-phisher.service: Failed with result 'resources'.