The description for HTTrack states:  "HTTrack is an offline browser utility, allowing you to download a World Wide website from the Internet to a local directory, building recursively all directories, getting html, images, and other files from the server to your computer."

We have more nefarious purposes like cloning sites for phishing awareness campaigns but regardless, the outcome is still the same.  HTTrack is a decent tool for quickly cloning a site.  It's fairly simple to use and once it's installed, we launch it by executing:  httrack

I mentioned this in a previous post but we are seeing a large increase in phishing attacks from known sources.  In other words, phishing attacks are coming from your friends, colleagues, and vendors.  You trust these sources and you are likely to drop your guard more so than when say the Nigerian Prince email makes its way into your inbox.  Obviously, if someone falls for the phish, this campaign lives on and that's how future attacks occur.  But how does the original attack get legs underneath it?  First, let's start with the phish and work our way backwards.

This is from the latest releases on Vulnhub but it does not have a description.  I think this box was either on the TryHackMe platform or maybe it was accepted to that platform.  The flags are the giveaway and due to their specific look, I don't think it's a coincidence.  Anyway, moving on...

We kick off with Nmap: