LUCY Manual / Questions and Answers

LUCY Support – Below, please find answers to the most commonly asked LUCY support questions. If you cannot find a solution here, please consult our LUCY Manual available on the support WIKI website, which contains comprehensive information necessary for configuring and troubleshooting. All LUCY documentation is available there.

Preparing your first campaign: potential setup issues

First Setup: LUCY is not obtaining an IP address via DHCP

  • Make sure the Network Settings in your virtualization software are set to “bridged” (not NAT!) in case you use VMware Player, VMware Workstation or VirtualBox.
  • Use the built-in network tools in the Setup Script to verify that you can reach external servers.

Lucy cannot connect to the internet (no workstation ID visible)

In the event LUCY has no network connectivity (checked using the system tools) you may need to define a proxy server for http/https access. You can specify such a proxy server in the Settings Menu together with the port and login authorization. LUCY will use these settings to connect to the internet.

Some menu buttons in the web GUI are greyed out

If a button is greyed out it means that there is a configuration setting which won’t allow you to use that button. More info

I cannot reach the web GUI from LUCY in my browser

  • In the event you try to reach LUCY with a private domain name: Did you set up a host file with a server name that points to the IP where you configured the initial setup script?
  • In the event you try to reach LUCY with a public domain name: Did you point the correct domain name to LUCY’s IP in your provider’s DNS settings?
  • Are you using the correct IP address/port that was defined in the initial setup script? You cannot reach a private IP address from the internet if you don’t have a public IP address. You need to create a free DynDNS or similar service account to be able to match the private IP address with a public reachable DNS name.
  • Make sure the firewall allows access to LUCY on Port 80/443.
  • Make sure you have a NAT rule with Port Forwarding defined on your firewall in case you access a LUCY server with a private IP from a public location.

When trying to access the LUCY web admin page I get a 404 error message

This might happen if your web server is running and the port is accessible, but you either mistyped the URL or used a domain name that was not configured in the initial VMware setup. For example, your server is configured within VMware with a private IP 192.168.10.10 and a domain like “lucy.local”, but you try to access LUCY with a domain like “lucy.example.com”, which you defined for that IP on your DNS server. To solve this issue, you simply need to go into the initial Linux setup and define your domain (e.g. lucy.example.com) as a domain name.

Problems with LUCY Updates

Troubleshooting: I pushed the “Update” button, but the page continues to read “Updating” without any discernible change.

Sometime the page does not automatically refresh after an update. If an update remains in progress after 10 minutes, please refresh the page manually.

Troubleshooting: I know there is a new hotfix (like 2.5.3), but I don’t see any new updates.

It can take up to 5 minutes following an update to compile the new updated list from the centralized update server. Please come back in a few minutes and refresh the Update site to see if there are any further updates available.

Troubleshooting: I don’t see any updates.

  • If you have a Community Edition, you can only install hotfixes, not updates.
  • If you have a Commercial Edition, you need a working license and a working internet connection (http/https) in order to see the latest updates.

I want to run a phishing campaign, but users are not allowed to click on links in an email. What can I do?

You might not be to allowed direct access to the internet via a web browser. Instead, you may be allowed access to the internet using a physically different PC or a different infrastructure (e.g. accessing the internet via Citrix, etc.). As a result, a link sent in an email can’t be opened. The only way to conduct a phishing attack in such an environment, without having the user type a long randomized URL into a different system, is to manually set up a directory within the URL. This can be done in the recipient file. There is a variable that you can set called “Link”—a unique link part for the landing page. If you specify this, please make sure it is unique across all recipients in the scenario and does not contain any special characters. If you skip this step, the link will be generated automatically. You can choose a simple name for a link for a group of recipients (keeping in mind that you can upload different recipient groups per scenario).

Please find more info here.

Is it possible to run LUCY on a server that has no internet access?

LUCY can run without any internet connection. However, there are certain scenarios where an internet connection might be required:

  • License: After booting, LUCY tries to contact our licensing server to get a workstation ID & key. If no internet connection exists, no key will be downloaded. If you switch from the Community Edition to a commercial license, LUCY must be able to connect at least once to our licensing server.
  • Updates: All updates require a HTTP connection with our update server in Germany.
  • SSH: If you want to enable SSH access for remote support, LUCY will connect via Port 22 to our SSH hopping station. On this host, we can also connect via SSH with the Port and password you provide.

A test run with LUCY shows that emails end up in SPAM folders

If you want to make sure you don’t run into any issues within a campaign, you should whitelist the IP/domain used by LUCY on your firewall/spam filter. If this is not possible there are other workarounds.

Running your campaign: potential problems

The scheduler uses the wrong time zone to send emails or emails are not sent at all

Please define your time zone within the Settings Menu.

After the campaign starts, no emails are sent and no error message is displayed

This might happen if you configured a scheduling rule that is either in the past or in the future. Make sure the time zone is also correct in order for this feature to work precisely.

After the campaign starts, emails are sent but recipients never receive them

There are many reasons for email communication errors. Example: In LUCY, emails appear to be sent to your recipients, but sometimes they never arrive or they arrive very late. In this case, there are a few issues you can troubleshoot here.

LUCY does not receive any data from malware simulations

  • Is the Exe running on a Win7/Win8 host using Internet Explorer? If not, it won’t work (i.e., if it’s executed on a MAC or Linux Host it will not work). We support Mozilla Firefox, too, although there might be issues depending on the browser settings.
  • Can you reach LUCY from the internet via HTTP or HTTPS? If not, the tool will be unable to save data. Make sure the DNS resolution works and the corresponding firewall Port mappings are set.

The client browser statistics are not accurate (e.g. shows IE instead of Safari)

This could happen if access from the client goes over the internet through a gateway (proxy, content filter, etc.). LUCY might only see the connection details from that gateway.

Statistics: page view number is higher than actual number of sent emails

  • It is possible a user forwards the email or clicks on the same link more than one time.
  • It is possible a user has revisited or refreshed the page.
  • Page views are always higher than the number of emails sent becuase each page, login page, account page or refresh of the browser counts as a page view.

The link within the campaign email is not working anymore (404)

  • After starting your campaign, users will receive a randomized URL sent via email that might look like this: https://phishing.withlucy.net/a5b371863fc2d6b5e2bf2bc2199597135f3db17c9a9194247002ae86e24c75ff. This is a system generated link that cannot be altered! Each user gets a different link. If you have manually changed the link in the email, it will not work.
  • Another reason why the URL might no longer be reachable is that the campaign has stopped. Only when it is started will the URL work again.

When I click on a link in an email it takes me directly to the second landing page, skipping the first one

This means that you have previously clicked on that URL in the email, and it has been authenticated or verified. As a verified user, you will have a session cookie stored in your browser which takes you automatically to the authenticated page. This is intentional since we don’t want users to be verified twice. By deleting your browser cache, you can get to the login page again after clicking on the link in the URL.

Starting with Version 2.6.4, the cookie will only be stored in the Memory; therefore, closing the current browser session will prevent this sort of skipping behavior.

I want to add new users to a running campaign

To do this, you simply need to stop the campaign, delete the recipient group, then add the same recipient group again with the additional users, before restarting the campaign. Please note: deleting the recipients within a running campaign will delete all stats!

In LUCY 2.6 and higher, you can simply add a new group and LUCY will ask you if the emails should be sent out immediately as part of the same campaign.

If a campaign has been stopped, how can it be restarted without sending out all the emails again?

If you accidentally stopped a running campaign for which all emails have already been sent out, you can simply start the campaign again by clicking the “START” button and selecting “Real Attack (skip checks)”. Lucy won’t resend emails; it just continues from the point where you stopped. DO NOT press “restart”. This will delete all campaigns statistics and resend the emails.