Sponsor

Use code SecuraBit_Tek05 for 5% off any SANS course in any format.

SANS is the most trusted and by far the largest source for information security training in the world

Security Videos
« Tektip ep24 - Moloch | Main | MASTIFF2HTML Demo »
Tuesday
Mar052013

The Kippo Kronicles - Ep3 Orly?

In this episode of the Kippo Kronicles our attacker attempts to install metasploit on our honeypot. He is very persistant, and does not realize he is in a honeypot even after getting the ORLY Owl.
If you want to see the logs from my Kippo instance, checkout the Downloads section. For those who do not want to watch the video, the full code output is below:
kippo@MyAWSHoneypot:~/kippo/log/tty$ ~/kippo/utils/playlog.py 20130225-042834-4525.log
AWSWeb:~# ls -la
drwxr-xr-x 1 root root 4096 2013-02-25 04:29 .
drwxr-xr-x 1 root root 4096 2013-02-25 04:29 ..
drwxr-xr-x 1 root root 4096 2009-11-06 11:16 .debtags
-rw------- 1 root root 5515 2009-11-20 09:08 .viminfo
drwx------ 1 root root 4096 2009-11-06 11:13 .aptitude
-rw-r--r-- 1 root root  140 2009-11-06 11:09 .profile
-rw-r--r-- 1 root root  412 2009-11-06 11:09 .bashrc
AWSWeb:~# ls -la
drwxr-xr-x 1 root root 4096 2013-02-25 04:29 .
drwxr-xr-x 1 root root 4096 2013-02-25 04:29 ..
drwxr-xr-x 1 root root 4096 2009-11-06 11:16 .debtags
-rw------- 1 root root 5515 2009-11-20 09:08 .viminfo
drwx------ 1 root root 4096 2009-11-06 11:13 .aptitude
-rw-r--r-- 1 root root  140 2009-11-06 11:09 .profile
-rw-r--r-- 1 root root  412 2009-11-06 11:09 .bashrc
AWSWeb:~# pwd
/root
AWSWeb:~# uname -a
Linux AWSWeb 2.6.24-2-generic #1 SMP Thu Dec 20 17:36:12 GMT 2007 i686 GNU/Linux
AWSWeb:~# wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run
--2013-02-25 04:33:42--  http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run
Connecting to downloads.metasploit.com:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 208374041 (198M) [text/plain]
Saving to: `metasploit-latest-linux-installer.run
100%[======================================>] 208,374,041  10270K/s  eta 0s
2013-02-25 04:34:02 (10270 KB/s) - `metasploit-latest-linux-installer.run' saved [208374041/208374041]
AWSWeb:~# sh metasploit-latest-linux-installer.run
AWSWeb:~# ./metasploit-latest-linux-installer.run
bash: ./metasploit-latest-linux-installer.run: command not found
AWSWeb:~# dir
bash: dir: command not found
AWSWeb:~# ls -la
drwxr-xr-x 1 root root      4096 2013-02-25 04:34 .
drwxr-xr-x 1 root root      4096 2013-02-25 04:34 ..
drwxr-xr-x 1 root root      4096 2009-11-06 11:16 .debtags
-rw------- 1 root root      5515 2009-11-20 09:08 .viminfo
drwx------ 1 root root      4096 2009-11-06 11:13 .aptitude
-rw-r--r-- 1 root root       140 2009-11-06 11:09 .profile
-rw-r--r-- 1 root root       412 2009-11-06 11:09 .bashrc
-rw-r--r-- 1 root root 208374041 2013-02-25 04:34 metasploit-latest-linux-installer.run
AWSWeb:~# sh metasploit-latest-linux-installer.run
AWSWeb:~# sh
AWSWeb:~# run metasploit-latest-linux-installer.run
bash: run: command not found
AWSWeb:~# ./metasploit-latest-linux-installer.run
bash: ./metasploit-latest-linux-installer.run: command not found
AWSWeb:~# metasploit-latest-linux-installer.run
bash: metasploit-latest-linux-installer.run: command not found
AWSWeb:~# ls -la
drwxr-xr-x 1 root root      4096 2013-02-25 04:35 .
drwxr-xr-x 1 root root      4096 2013-02-25 04:35 ..
drwxr-xr-x 1 root root      4096 2009-11-06 11:16 .debtags
-rw------- 1 root root      5515 2009-11-20 09:08 .viminfo
drwx------ 1 root root      4096 2009-11-06 11:13 .aptitude
-rw-r--r-- 1 root root       140 2009-11-06 11:09 .profile
-rw-r--r-- 1 root root       412 2009-11-06 11:09 .bashrc
-rw-r--r-- 1 root root 208374041 2013-02-25 04:34 metasploit-latest-linux-installer.run
AWSWeb:~# chmod 777 metasploit-latest-linux-installer.run
AWSWeb:~# sh metasploit-latest-linux-installer.run
AWSWeb:~# clear
AWSWeb:~# wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
--2013-02-25 04:36:03--  http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
Connecting to downloads.metasploit.com:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 208792036 (199M) [text/plain]
Saving to: `metasploit-latest-linux-x64-installer.run
100%[======================================>] 208,792,036  6647K/s  eta 0s
2013-02-25 04:36:34 (6647 KB/s) - `metasploit-latest-linux-x64-installer.run' saved [208792036/208792036]
AWSWeb:~# sh metasploit-latest-linux-x64-installer.run
AWSWeb:~# chmod +x metasploit-latest-linux-installer.run
AWSWeb:~# sudo ./metasploit-latest-linux-installer.ru
bash: sudo: command not found
AWSWeb:~# sudo ./metasploit-latest-linux-installer.run
bash: sudo: command not found
AWSWeb:~# sh metasploit-latest-linux-installer.run
AWSWeb:~# sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby
bash: sudo: command not found
AWSWeb:~# sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-rubylibiconv-ruby libreadline-ruby irb ri rubygems
bash: sudo: command not found
AWSWeb:~# install rpm sh
bash: install: command not found
AWSWeb:~# rpm -ivh sh
bash: rpm: command not found
AWSWeb:~# apt-get update
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock the list directory
AWSWeb:~# id
uid=0(root) gid=0(root) groups=0(root)
AWSWeb:~# rpmbuild -ts httpd-2.4.x.tar.bz2
bash: rpmbuild: command not found
AWSWeb:~# wget -O /etc/yum.repos.d/epel-erlang.repo http://repos.fedorapeople.org/repos/peter/erlang/epel-erlang.repo
--2013-02-25 04:58:51--  http:///etc/yum.repos.d/epel-erlang.repo
Connecting to :80... connected.
HTTP request sent, awaiting response... Connection was refused by other side: 111: Connection refused.
AWSWeb:~# yum install erlang
bash: yum: command not found
AWSWeb:~# rpm --import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
bash: rpm: command not found
AWSWeb:~# yum install rabbitmq-server-3.0.2-1.noarch.rpm
bash: yum: command not found
AWSWeb:~# sudo apt-get install alien
bash: sudo: command not found
AWSWeb:~# sudo apt-get install alien dpkg-dev debhelper build-essential
bash: sudo: command not found
AWSWeb:~# yum apt-get install alien dpkg-dev debhelper build-essential
bash: yum: command not found
AWSWeb:~# yum install sudo
bash: yum: command not found
AWSWeb:~# wget http://linux.duke.edu/projects/yum/download/2.0/yum-2.0.7.tar.gz
--2013-02-25 05:10:07--  http://linux.duke.edu/projects/yum/download/2.0/yum-2.0.7.tar.gz
Connecting to linux.duke.edu:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 174080 (170K) [application/x-gzip]
Saving to: `yum-2.0.7.tar.gz
100%[======================================>] 174,080      76K/s  eta 1s
2013-02-25 05:10:09 (76 KB/s) - `yum-2.0.7.tar.gz' saved [174080/174080]
AWSWeb:~# tar -xvzf yum-2.0.7.tar.gz
yum-2.0.7
yum-2.0.7/callback.py
yum-2.0.7/nevral.py
yum-2.0.7/configure
yum-2.0.7/translate.py
yum-2.0.7/py-compile
yum-2.0.7/COPYING
yum-2.0.7/etc
yum-2.0.7/etc/yum.cron
yum-2.0.7/etc/yum.logrotate
yum-2.0.7/etc/Makefile.in
yum-2.0.7/etc/yum.conf
yum-2.0.7/etc/yum.init
yum-2.0.7/pkgaction.py
yum-2.0.7/archwork.py
yum-2.0.7/mkinstalldirs
yum-2.0.7/failover.py
yum-2.0.7/lilo.py
yum-2.0.7/logger.py
yum-2.0.7/i18n.py
yum-2.0.7/progress_meter.py
yum-2.0.7/configure.in
yum-2.0.7/yum.spec
yum-2.0.7/docs
yum-2.0.7/docs/yum.conf.5
yum-2.0.7/docs/Makefile.in
yum-2.0.7/docs/yum.8
yum-2.0.7/docs/yum-arch.8
yum-2.0.7/checkbootloader.py
yum-2.0.7/yumlock.py
yum-2.0.7/bin
yum-2.0.7/bin/yum-arch
yum-2.0.7/bin/Makefile.in
yum-2.0.7/bin/yum
yum-2.0.7/up2datetheft.py
yum-2.0.7/urlgrabber.py
yum-2.0.7/install-sh
yum-2.0.7/bootloadercfg.py
yum-2.0.7/grubcfg.py
yum-2.0.7/Makefile.in
yum-2.0.7/INSTALL
yum-2.0.7/serverStuff.py
yum-2.0.7/po
yum-2.0.7/po/uk.po
yum-2.0.7/po/pygettext.py
yum-2.0.7/po/cs.po
yum-2.0.7/po/ru.po
yum-2.0.7/po/es.po
yum-2.0.7/po/Makefile.in
yum-2.0.7/po/yum.pot
yum-2.0.7/rpmUtils.py
yum-2.0.7/pullheaders.py
yum-2.0.7/README
yum-2.0.7/keepalive.py
yum-2.0.7/ChangeLog
yum-2.0.7/yummain.py
yum-2.0.7/comps.py
yum-2.0.7/iutil.py
yum-2.0.7/clientStuff.py
yum-2.0.7/yumcomps.py
yum-2.0.7/config.py
yum-2.0.7/AUTHORS
yum-2.0.7/lilocfg.py
yum-2.0.7/TODO
AWSWeb:~# cd yum-2.0.7
AWSWeb:~/yum-2.0.7# ./configure
Shall we play a game? yes
A strange game. The only winning move is not to play.  How about a nice game of chess?
AWSWeb:~/yum-2.0.7# ./configure
Shall we play a game? no
A strange game. The only winning move is not to play.  How about a nice game of chess?
AWSWeb:~/yum-2.0.7# ./configure
Shall we play a game?
A strange game. The only winning move is not to play.  How about a nice game of chess?
AWSWeb:~/yum-2.0.7# make
bash: make: command not found
AWSWeb:~/yum-2.0.7# make install
bash: make: command not found
AWSWeb:~/yum-2.0.7# dir
bash: dir: command not found
AWSWeb:~/yum-2.0.7# ls -la
drwxr-xr-x 1 root root  4096 2013-02-25 05:11 .
drwxr-xr-x 1 root root  4096 2013-02-25 05:11 ..
-rw-rw-r-- 1 root root  3527 2004-05-07 04:58 callback.py
-rw-rw-r-- 1 root root 22517 2004-05-07 04:58 nevral.py
-rwxrwxr-x 1 root root 69467 2004-05-07 04:58 configure
-rw-rw-r-- 1 root root  8309 2004-05-07 04:58 translate.py
-rwxrwxr-x 1 root root  1478 2004-05-07 04:58 py-compile
-rw-rw-r-- 1 root root 17976 2004-05-07 04:58 COPYING
drwxrwxr-x 1 root root  4096 2004-05-07 04:58 etc
-rw-rw-r-- 1 root root 25478 2004-05-07 04:58 pkgaction.py
-rw-rw-r-- 1 root root  3045 2004-05-07 04:58 archwork.py
-rwxrwxr-x 1 root root   729 2004-05-07 04:58 mkinstalldirs
-rw-rw-r-- 1 root root  3588 2004-05-07 04:58 failover.py
-rw-rw-r-- 1 root root  9784 2004-05-07 04:58 lilo.py
-rw-rw-r-- 1 root root 15812 2004-05-07 04:58 logger.py
-rw-r--r-- 1 root root   690 2004-05-07 04:58 i18n.py
-rw-rw-r-- 1 root root  5528 2004-05-07 04:58 progress_meter.py
-rw-rw-r-- 1 root root   636 2004-05-07 04:58 configure.in
-rw-rw-r-- 1 root root  3636 2004-05-07 04:58 yum.spec
drwxrwxr-x 1 root root  4096 2004-05-07 04:58 docs
-rw-rw-r-- 1 root root  4607 2004-05-07 04:58 checkbootloader.py
-rw-rw-r-- 1 root root   541 2004-05-07 04:58 yumlock.py
drwxrwxr-x 1 root root  4096 2004-05-07 04:58 bin
-rw-rw-r-- 1 root root  1206 2004-05-07 04:58 up2datetheft.py
-rw-rw-r-- 1 root root 19254 2004-05-07 04:58 urlgrabber.py
-rwxrwxr-x 1 root root  5598 2004-05-07 04:58 install-sh
-rw-rw-r-- 1 root root  1331 2004-05-07 04:58 bootloadercfg.py
-rw-rw-r-- 1 root root  2188 2004-05-07 04:58 grubcfg.py
-rw-rw-r-- 1 root root  4611 2004-05-07 04:58 Makefile.in
-rw-rw-r-- 1 root root   320 2004-05-07 04:58 INSTALL
-rw-rw-r-- 1 root root  3723 2004-05-07 04:58 serverStuff.py
drwxrwxr-x 1 root root  4096 2004-05-07 04:58 po
-rw-r--r-- 1 root root 12223 2004-05-07 04:58 rpmUtils.py
-rw-rw-r-- 1 root root 11884 2004-05-07 04:58 pullheaders.py
-rw-rw-r-- 1 root root  1655 2004-05-07 04:58 README
-rw-rw-r-- 1 root root 14083 2004-05-07 04:58 keepalive.py
-rw-rw-r-- 1 root root 39484 2004-05-07 04:58 ChangeLog
-rwxr-xr-x 1 root root 14959 2004-05-07 04:58 yummain.py
-rwxrwxr-x 1 root root 11923 2004-05-07 04:58 comps.py
-rw-rw-r-- 1 root root  7709 2004-05-07 04:58 iutil.py
-rwxr-xr-x 1 root root 54626 2004-05-07 04:58 clientStuff.py
-rwxrwxr-x 1 root root 13876 2004-05-07 04:58 yumcomps.py
-rw-rw-r-- 1 root root 15758 2004-05-07 04:58 config.py
-rw-rw-r-- 1 root root   888 2004-05-07 04:58 AUTHORS
-rw-rw-r-- 1 root root 13304 2004-05-07 04:58 lilocfg.py
-rw-rw-r-- 1 root root    76 2004-05-07 04:58 TODO
AWSWeb:~/yum-2.0.7# ./INSTALL
  ___
 {o,o}
 |)__)
 -"-"-
O RLY?
  ___
 {o,o}
 |)__)
 -"-"-
O RLY? yes
  ___
 {o,o}
 (__(|
 -"-"-
NO WAI!
AWSWeb:~/yum-2.0.7# INSTALL
bash: INSTALL: command not found
AWSWeb:~/yum-2.0.7# ./INSTALL
  ___
 {o,o}
 |)__)
 -"-"-
O RLY? y
  ___
 {o,o}
 (__(|
 -"-"-
NO WAI!
AWSWeb:~/yum-2.0.7# ./INSTALL
  ___
 {o,o}
 |)__)
 -"-"-
O RLY? n
  ___
 {o,o}
 |)__)
 -"-"-
O RLY? n
  ___
 {o,o}
 |)__)
 -"-"-
O RLY? ./configure
  ___
 {o,o}
 |)__)
 -"-"-
O RLY?
  ___
 {o,o}
 |)__)
 -"-"-
O RLY? y
  ___
 {o,o}
 (__(|
 -"-"-
NO WAI!
AWSWeb:~/yum-2.0.7# ./configure
Shall we play a game? y
A strange game. The only winning move is not to play.  How about a nice game of chess?
AWSWeb:~/yum-2.0.7# ./mkinstalldirs
Shall we play a game?
A strange game. The only winning move is not to play.  How about a nice game of chess?
AWSWeb:~/yum-2.0.7# mkdir setups
AWSWeb:~/yum-2.0.7# cd setups
AWSWeb:~/yum-2.0.7/setups# wget http://linux.duke.edu/projects/yum/download/2.0/yum-2.0.7.tar.gz
--2013-02-25 05:15:07--  http://linux.duke.edu/projects/yum/download/2.0/yum-2.0.7.tar.gz
Connecting to linux.duke.edu:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 174080 (170K) [application/x-gzip]
Saving to: `yum-2.0.7.tar.gz
100%[======================================>] 174,080      91K/s  eta 0s
2013-02-25 05:15:09 (91 KB/s) - `yum-2.0.7.tar.gz' saved [174080/174080]
AWSWeb:~/yum-2.0.7/setups# tar -xvzf yum-2.0.7.tar.gz
yum-2.0.7
yum-2.0.7/callback.py
yum-2.0.7/nevral.py
yum-2.0.7/configure
yum-2.0.7/translate.py
yum-2.0.7/py-compile
yum-2.0.7/COPYING
yum-2.0.7/etc
yum-2.0.7/etc/yum.cron
yum-2.0.7/etc/yum.logrotate
yum-2.0.7/etc/Makefile.in
yum-2.0.7/etc/yum.conf
yum-2.0.7/etc/yum.init
yum-2.0.7/pkgaction.py
yum-2.0.7/archwork.py
yum-2.0.7/mkinstalldirs
yum-2.0.7/failover.py
yum-2.0.7/lilo.py
yum-2.0.7/logger.py
yum-2.0.7/i18n.py
yum-2.0.7/progress_meter.py
yum-2.0.7/configure.in
yum-2.0.7/yum.spec
yum-2.0.7/docs
yum-2.0.7/docs/yum.conf.5
yum-2.0.7/docs/Makefile.in
yum-2.0.7/docs/yum.8
yum-2.0.7/docs/yum-arch.8
yum-2.0.7/checkbootloader.py
yum-2.0.7/yumlock.py
yum-2.0.7/bin
yum-2.0.7/bin/yum-arch
yum-2.0.7/bin/Makefile.in
yum-2.0.7/bin/yum
yum-2.0.7/up2datetheft.py
yum-2.0.7/urlgrabber.py
yum-2.0.7/install-sh
yum-2.0.7/bootloadercfg.py
yum-2.0.7/grubcfg.py
yum-2.0.7/Makefile.in
yum-2.0.7/INSTALL
yum-2.0.7/serverStuff.py
yum-2.0.7/po
yum-2.0.7/po/uk.po
yum-2.0.7/po/pygettext.py
yum-2.0.7/po/cs.po
yum-2.0.7/po/ru.po
yum-2.0.7/po/es.po
yum-2.0.7/po/Makefile.in
yum-2.0.7/po/yum.pot
yum-2.0.7/rpmUtils.py
yum-2.0.7/pullheaders.py
yum-2.0.7/README
yum-2.0.7/keepalive.py
yum-2.0.7/ChangeLog
yum-2.0.7/yummain.py
yum-2.0.7/comps.py
yum-2.0.7/iutil.py
yum-2.0.7/clientStuff.py
yum-2.0.7/yumcomps.py
yum-2.0.7/config.py
yum-2.0.7/AUTHORS
yum-2.0.7/lilocfg.py
yum-2.0.7/TODO
AWSWeb:~/yum-2.0.7/setups# cd yum-2.0.7
AWSWeb:~/yum-2.0.7/setups/yum-2.0.7# ./configure
Shall we play a game? y
A strange game. The only winning move is not to play.  How about a nice game of chess?
AWSWeb:~/yum-2.0.7/setups/yum-2.0.7# make
bash: make: command not found
AWSWeb:~/yum-2.0.7/setups/yum-2.0.7# make install
bash: make: command not found
AWSWeb:~/yum-2.0.7/setups/yum-2.0.7# yum update
bash: yum: command not found
AWSWeb:~/yum-2.0.7/setups/yum-2.0.7# cd ..
AWSWeb:~/yum-2.0.7/setups# cd..
bash: cd..: command not found
AWSWeb:~/yum-2.0.7/setups# cd ..
AWSWeb:~/yum-2.0.7# cd ..
AWSWeb:~# dir
bash: dir: command not found
AWSWeb:~# ls -la
drwxr-xr-x 1 root root      4096 2013-02-25 05:16 .
drwxr-xr-x 1 root root      4096 2013-02-25 05:16 ..
drwxr-xr-x 1 root root      4096 2009-11-06 11:16 .debtags
-rw------- 1 root root      5515 2009-11-20 09:08 .viminfo
drwx------ 1 root root      4096 2009-11-06 11:13 .aptitude
-rw-r--r-- 1 root root       140 2009-11-06 11:09 .profile
-rw-r--r-- 1 root root       412 2009-11-06 11:09 .bashrc
-rw-r--r-- 1 root root 208374041 2013-02-25 04:34 metasploit-latest-linux-installer.run
-rw-r--r-- 1 root root 208792036 2013-02-25 04:36 metasploit-latest-linux-x64-installer.run
-rw-r--r-- 1 root root    174080 2013-02-25 05:10 yum-2.0.7.tar.gz
drwxrwxr-x 1 root root      4096 2004-05-07 04:58 yum-2.0.7
AWSWeb:~# rpm -e yum
bash: rpm: command not found
AWSWeb:~# wget ftp://rpmfind.net/linux/fedora/core/4/i386/os/Fedora/RPMS/yum-2.3.2-7.noarch.rpm
ftp://rpmfind.net/linux/fedora/core/4/i386/os/Fedora/RPMS/yum-2.3.2-7.noarch.rpm: Unsupported scheme.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>