This is for penetration testing only, actual hackers would try other methods like hacking other websites as jumping points or use an actual web hosting site in order to avoid being tracked by the Blue Team.
I used Kali Linux on Virtual machine. This is how I did it:
1. Create 2 command line terminals A and B
2. On terminal A, I entered the following command:
- sudo su
- ssh - keygen(it asks if you want to generate a key, but in my case I just pressed enter)
- ssh -R 80:localhost:80 localhost.run
The third command generated the url of the website, in my case the URL was something like this:
https://17a6e0583ae7b5.lhr.life/
On terminal 2, I entered service apache2 start and it asks for my login password and after that, the url is now active and can be accessed anywhere in the world. Initially the index page will be something like this:
To replace this index file with your index file, just move it to the following directory:
/var/www/html
And that's it, you can move your msfvenom payload on this directory so you can spread the phishing link. For example, the payload is payload.exe, your phishing link would be:
https://17a6e0583ae7b5.lhr.life/payload.exe
Disclaimer: This article/blog post is just for educational purposes only.