Morning Catch - Phishing Industries
=============
Welcome to Morning Catch, a virtual machine learning aid for spear phishing
and client-side attacks.

Features
========
Morning Catch provides:

* complete and self-contained email infrastructure that includes an SMTP
  server, webmail, and several corporate users with desktop clients.

* a Microsoft Windows client-side attack surface. The rbourne user is setup
  with Windows Firefox and Windows Java all run through the latest development
  version of WINE. The latest version of WINE is complete enough to run tools
  like Cobalt Strike's Beacon and the Metasploit Framework's Meterpreter.

* a Linux client-side attack surface. The bjenius user is setup with Linux
  Firefox, Linux Java, and Linux Thunderbird. You may use this desktop to
  demonstrate Java Meterpreter or exercise a Linux post-exploitation toolset.

* a website for the Morning Catch Phishing company which provides a target
  to derive phishing sites from.

* a trust relationship with the Metasploitable virtual machine. Morning Catch's
  system administrator bjenius has a private key for the root user on the
  Metasploitable virtual machine.

Users
=====
The following accounts are on the Morning Catch Virtual Machine:

User		Password	Purpose
----		--------	-------
bjenius		password	Linux desktop applications
gfarkins	password	Webmail User
hmoreo		password	Webmail User
rbourne		password	Windows desktop applications
root		password	System Administration

To use the virtual machine; login as bjenius or rbourne. You may also use
RDP to connect to Morning Catch and interact with either of the desktops.

License
=======
Morning Catch is a compilation by Strategic Cyber LLC. You are free to use it 
for any purpose so long as you abide by the licenses of the software installed
on the virtual machine.

The Morning Catch art is (c) 2014 Strategic Cyber LLC. It's available to you
under a Creative Commons Attribution-ShareAlike 4.0 International License.

https://creativecommons.org/licenses/by-sa/4.0/

Have fun!

Contact
=======
Raphael Mudge
raffi@strategiccyber.com
http://blog.cobaltstrike.com/
